From 9839360a10d8d36bf802c109263d6800ed0eefb0 Mon Sep 17 00:00:00 2001
From: Andres AG <andres.amayagarcia@arm.com>
Date: Tue, 31 Jan 2017 17:04:45 +0000
Subject: [PATCH 001/578] Fix all.sh check_tools function to handle paths

---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ea9690173..0cda059a5 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -116,7 +116,7 @@ err_msg()
 check_tools()
 {
     for TOOL in "$@"; do
-        if ! `hash "$TOOL" >/dev/null 2>&1`; then
+        if ! `type "$TOOL" >/dev/null 2>&1`; then
             err_msg "$TOOL not found!"
             exit 1
         fi

From 3d8c90711b6ff7ae44d436c78f1bd0f4d06c7666 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 5 Jan 2018 16:24:22 +0000
Subject: [PATCH 002/578] Compute outgoing MAC in temporary buffer for
 MAC-then-Encrypt

A previous commit changed the record encryption function
`ssl_encrypt_buf` to compute the MAC in a temporary buffer
and copying the relevant part of it (which is strictly smaller
if the truncated HMAC extension is used) to the outgoing message
buffer. However, the change was only made in case Encrypt-Then-MAC
was enabled, but not in case of MAC-Then-Encrypt. While this
doesn't constitute a problem, for the sake of uniformity this
commit changes `ssl_encrypt_buf` to compute the MAC in a temporary
buffer in this case, too.
---
 library/ssl_tls.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index abafe4d07..e25b08d26 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1530,6 +1530,8 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
         if( auth_done == 0 )
         {
+            unsigned char mac[MBEDTLS_SSL_MAC_ADD];
+
             /*
              * MAC(MAC_write_key, seq_num +
              *     TLSCipherText.type +
@@ -1552,10 +1554,12 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
             mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 );
             mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc,
                              ssl->out_iv, ssl->out_msglen );
-            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc,
-                             ssl->out_iv + ssl->out_msglen );
+            mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac );
             mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc );
 
+            memcpy( ssl->out_iv + ssl->out_msglen, mac,
+                    ssl->transform_out->maclen );
+
             ssl->out_msglen += ssl->transform_out->maclen;
             auth_done++;
         }

From bb51cb3e14025cd8680cf5d93d36510c8e3d0f45 Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Sun, 7 Jan 2018 18:10:43 +0200
Subject: [PATCH 003/578] remove additional zero byte when writing pub der

Remove `- 1` for setting location of output buffer,
which added a leading zero which cause failure in ASN1 parsing.
Fixes #1257
---
 programs/pkey/key_app_writer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 9d120772a..b273e7daa 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -128,7 +128,7 @@ static int write_public_key( mbedtls_pk_context *key, const char *output_file )
             return( ret );
 
         len = ret;
-        c = output_buf + sizeof(output_buf) - len - 1;
+        c = output_buf + sizeof(output_buf) - len;
     }
 
     if( ( f = fopen( output_file, "w" ) ) == NULL )

From 0afe624fff728862788a480ee12b56291485ca78 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 21 Feb 2018 19:28:12 +0100
Subject: [PATCH 004/578] all.sh: add test with MBEDTLS_DEPRECATED_REMOVED

---
 tests/scripts/all.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d5fc12d0a..4cd5246c5 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -547,6 +547,12 @@ if_build_succeeded tests/ssl-opt.sh -f Default
 msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
 if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
 
+msg "build: cmake, full config + DEPRECATED_REMOVED, clang, C99"
+# No cleanup: tweak the configuration, keep the makefiles
+scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
+scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
+make
+
 msg "test/build: curves.pl (gcc)" # ~ 4 min
 cleanup
 cmake -D CMAKE_BUILD_TYPE:String=Debug .

From df761d5a6bb8deede515f6ab8ca656f8778ec24b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 1 Mar 2018 22:18:14 +0100
Subject: [PATCH 005/578] Fix build with gcc -O -Wall

Fix warnings from gcc -O -Wall about `ret` used uninitialized in
CMAC selftest auxiliary functions. The variable was indeed
uninitialized if the function was called with num_tests=0 (which
never happens).
---
 library/cmac.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/cmac.c b/library/cmac.c
index 9dbff9038..a76313e94 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -832,6 +832,7 @@ static int cmac_test_subkeys( int verbose,
         mbedtls_cipher_free( &ctx );
     }
 
+    ret = 0;
     goto exit;
 
 cleanup:
@@ -887,6 +888,7 @@ static int cmac_test_wth_cipher( int verbose,
         if( verbose != 0 )
             mbedtls_printf( "passed\n" );
     }
+    ret = 0;
 
 exit:
     return( ret );

From b4ef45b4f561f7cf272b9a5cfeb3847027e33ef1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 1 Mar 2018 22:23:50 +0100
Subject: [PATCH 006/578] all.sh: build with -O -Werror in the full config

Build with MBEDTLS_DEPRECATED_REMOVED and MBEDTLS_DEPRECATED_WARNING
separately.

Do these builds with `-O -Werror -Wall -Wextra` to catch a maximum of
issues while we're at it. Do one with gcc and one with clang for
variety. This caught an uninitialized variable warning in cmac.c that
builds without -O didn't catch.
---
 tests/scripts/all.sh | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4cd5246c5..f025e2a64 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -547,11 +547,23 @@ if_build_succeeded tests/ssl-opt.sh -f Default
 msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
 if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
 
-msg "build: cmake, full config + DEPRECATED_REMOVED, clang, C99"
-# No cleanup: tweak the configuration, keep the makefiles
+msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
 scripts/config.pl set MBEDTLS_DEPRECATED_WARNING
+# Build with -O -Wextra to catch a maximum of issues.
+make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
+make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
+
+msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
+# No cleanup, just tweak the configuration and rebuild
+make clean
+scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
 scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED
-make
+# Build with -O -Wextra to catch a maximum of issues.
+make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
+make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
 
 msg "test/build: curves.pl (gcc)" # ~ 4 min
 cleanup

From 533407a266e4a63b7fd4721851dcf1773baf23b2 Mon Sep 17 00:00:00 2001
From: fbrosson <fbrosson@users.noreply.github.com>
Date: Wed, 4 Apr 2018 21:44:29 +0000
Subject: [PATCH 007/578] Use "#!/usr/bin/env perl" as shebang line.

---
 ChangeLog                                  | 2 ++
 scripts/config.pl                          | 2 +-
 scripts/generate_errors.pl                 | 2 +-
 scripts/generate_features.pl               | 2 +-
 scripts/generate_visualc_files.pl          | 2 +-
 scripts/massif_max.pl                      | 2 +-
 scripts/rename.pl                          | 2 +-
 tests/scripts/check-doxy-blocks.pl         | 2 +-
 tests/scripts/curves.pl                    | 2 +-
 tests/scripts/depends-hashes.pl            | 2 +-
 tests/scripts/depends-pkalgs.pl            | 2 +-
 tests/scripts/gen_ctr_drbg.pl              | 2 +-
 tests/scripts/gen_gcm_decrypt.pl           | 2 +-
 tests/scripts/gen_gcm_encrypt.pl           | 2 +-
 tests/scripts/gen_pkcs1_v21_sign_verify.pl | 2 +-
 tests/scripts/key-exchanges.pl             | 2 +-
 tests/scripts/list-enum-consts.pl          | 2 +-
 tests/scripts/recursion.pl                 | 2 +-
 tests/scripts/run-test-suites.pl           | 2 +-
 tests/scripts/test-ref-configs.pl          | 2 +-
 20 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9ee82c685..bed6c9cd9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -93,6 +93,8 @@ Changes
    * Improve robustness of mbedtls_ssl_derive_keys against the use of
      HMAC functions with non-HMAC ciphersuites. Independently contributed
      by Jiayuan Chen in #1377. Fixes #1437.
+   * Change the shebang line in Perl scripts to look up perl in the PATH.
+     Contributed by fbrosson.
 
 = mbed TLS 2.8.0 branch released 2018-03-16
 
diff --git a/scripts/config.pl b/scripts/config.pl
index 5bf27859a..468aeb93e 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # This file is part of mbed TLS (https://tls.mbed.org)
 #
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index ac0fbff05..4f0ad31f1 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # Generate error.c
 #
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 2aa695c54..1bd82ca2a 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 
 use strict;
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 8d36653b4..5e3b9b582 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # Generate files for MS Visual Studio:
 # - for VS6: main project (library) file, individual app files, workspace
diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl
index d1ce4ca7d..4e3342a2c 100755
--- a/scripts/massif_max.pl
+++ b/scripts/massif_max.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # Parse a massif.out.xxx file and output peak total memory usage
 
diff --git a/scripts/rename.pl b/scripts/rename.pl
index c29519eef..fb428098c 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # This file is part of mbed TLS (https://tls.mbed.org)
 #
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index b0fd69635..496769992 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # Detect comment blocks that are likely meant to be doxygen blocks but aren't.
 #
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 004181432..ddc90c580 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # curves.pl
 #
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index 29dcfb00c..f57e7ed88 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # depends-hashes.pl
 #
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 14c92b221..97a43e881 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # depends-pkalgs.pl
 #
diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl
index 66d9b3ab0..08ca5dfa2 100755
--- a/tests/scripts/gen_ctr_drbg.pl
+++ b/tests/scripts/gen_ctr_drbg.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # Based on NIST CTR_DRBG.rsp validation file
 # Only uses AES-256-CTR cases that use a Derivation function
diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl
index 6decac286..03809cb94 100755
--- a/tests/scripts/gen_gcm_decrypt.pl
+++ b/tests/scripts/gen_gcm_decrypt.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # Based on NIST gcmDecryptxxx.rsp validation files
 # Only first 3 of every set used for compile time saving
diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl
index 8adbbcefc..29ec677da 100755
--- a/tests/scripts/gen_gcm_encrypt.pl
+++ b/tests/scripts/gen_gcm_encrypt.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 # Based on NIST gcmEncryptIntIVxxx.rsp validation files
 # Only first 3 of every set used for compile time saving
diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
index 0d7fc7d1e..95c52358a 100755
--- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl
+++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 #
 
 use strict;
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
index d167c67c7..3bf7ae34f 100755
--- a/tests/scripts/key-exchanges.pl
+++ b/tests/scripts/key-exchanges.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # key-exchanges.pl
 #
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
index 633e3fdf9..21c25b33e 100755
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 use warnings;
 use strict;
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index 3ad42b1f8..431e59211 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # Find functions making recursive calls to themselves.
 # (Multiple recursion where a() calls b() which calls a() not covered.)
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index 7e2974bbc..627935888 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # run-test-suites.pl
 #
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index b07329cac..80d5f3875 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+#!/usr/bin/env perl
 
 # test-ref-configs.pl
 #

From fe60132305df0eea16f90aeb8867fe344642a1ca Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysztof.stachowiak@arm.com>
Date: Thu, 5 Apr 2018 16:53:35 +0200
Subject: [PATCH 008/578] Move a buffer size test before the first relevant
 read

---
 library/x509_crt.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index afff4e18b..0885c8e3b 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -574,6 +574,9 @@ static int x509_get_crt_ext( unsigned char **p,
         end_ext_data = *p + len;
 
         /* Get extension ID */
+        if( ( end - *p ) < 1 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
         extn_oid.tag = **p;
 
         if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
@@ -582,10 +585,6 @@ static int x509_get_crt_ext( unsigned char **p,
         extn_oid.p = *p;
         *p += extn_oid.len;
 
-        if( ( end - *p ) < 1 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
         /* Get optional critical */
         if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
             ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )

From 8339c8f5bd50e96ba0d7cc2e5541e15f5c0f0a0c Mon Sep 17 00:00:00 2001
From: Brendan Shanks <brendan@bslabs.net>
Date: Fri, 6 Apr 2018 16:47:43 -0700
Subject: [PATCH 009/578] x509.c: Remove unused includes

Remove unused includes guarded by MBEDTLS_FS_IO, which doesn't appear
anywhere else in the file.
---
 library/x509.c | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/library/x509.c b/library/x509.c
index 371d6da1d..264c7fb0c 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -70,15 +70,6 @@
 #include <time.h>
 #endif
 
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#if !defined(_WIN32)
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#endif
-#endif
-
 #define CHECK(code) if( ( ret = code ) != 0 ){ return( ret ); }
 #define CHECK_RANGE(min, max, val) if( val < min || val > max ){ return( ret ); }
 

From 60bc47dd875b2e2823355b96fbf31bda8a1f2c9b Mon Sep 17 00:00:00 2001
From: Augustin Cavalier <waddlesplash@gmail.com>
Date: Wed, 11 Apr 2018 20:27:32 -0400
Subject: [PATCH 010/578] library: Port to Haiku.

---
 library/CMakeLists.txt | 4 ++++
 library/entropy_poll.c | 3 ++-
 library/net_sockets.c  | 3 ++-
 library/timing.c       | 3 ++-
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 7742c22d2..993244f92 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -95,6 +95,10 @@ if(WIN32)
     set(libs ${libs} ws2_32)
 endif(WIN32)
 
+if(HAIKU)
+	set(libs ${libs} network)
+endif(HAIKU)
+
 if(USE_PKCS11_HELPER_LIBRARY)
     set(libs ${libs} pkcs11-helper)
 endif(USE_PKCS11_HELPER_LIBRARY)
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 67900c46c..c8cf6be16 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -44,7 +44,8 @@
 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
 
 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
+    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
+    !defined(__HAIKU__)
 #error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
 #endif
 
diff --git a/library/net_sockets.c b/library/net_sockets.c
index f99d339ff..e68b3ef05 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -28,7 +28,8 @@
 #if defined(MBEDTLS_NET_C)
 
 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
+    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
+    !defined(__HAIKU__)
 #error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
 #endif
 
diff --git a/library/timing.c b/library/timing.c
index 6a30e5125..3e8139f1f 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -39,7 +39,8 @@
 #if !defined(MBEDTLS_TIMING_ALT)
 
 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__)
+    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
+    !defined(__HAIKU__)
 #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h"
 #endif
 

From 6087f200bffe5f518f2df0883a7fe4b259f994d5 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 4 May 2018 08:34:22 +0200
Subject: [PATCH 011/578] Fix memory leak in mbedtls_x509_csr_parse

---
 library/x509_csr.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/library/x509_csr.c b/library/x509_csr.c
index 26a06db4f..8bb7f3363 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -294,11 +294,9 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
         /*
          * Was PEM encoded, parse the result
          */
-        if( ( ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
-            return( ret );
-
+        ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
         mbedtls_pem_free( &pem );
-        return( 0 );
+        return( ret );
     }
     else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
     {

From 7f3ef2780c1825fbc2270f49c6834502cc8c26e1 Mon Sep 17 00:00:00 2001
From: TabascoEye <tabascoeye@gmail.com>
Date: Fri, 27 Apr 2018 13:14:59 +0200
Subject: [PATCH 012/578] silence "no symbols" warnings on apple clang

fixes #1252
---
 library/CMakeLists.txt | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 6177ca2b4..cd1857c3d 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -96,6 +96,13 @@ if(WIN32)
     set(libs ${libs} ws2_32)
 endif(WIN32)
 
+if(APPLE)
+    SET(CMAKE_C_ARCHIVE_CREATE   "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+    SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+    SET(CMAKE_C_ARCHIVE_FINISH   "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+    SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+endif(APPLE)
+
 if(USE_PKCS11_HELPER_LIBRARY)
     set(libs ${libs} pkcs11-helper)
 endif(USE_PKCS11_HELPER_LIBRARY)

From 0e98e88a223214952e7e75e2a1a38a875fbc13ed Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 23 May 2018 09:19:54 +0100
Subject: [PATCH 013/578] Silence no symbols warn on apple & Makefile

---
 library/Makefile | 34 +++++++++++++++++++++++++---------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/library/Makefile b/library/Makefile
index b155c720e..60e9cbcc4 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -35,16 +35,26 @@ SOEXT_TLS=so.10
 SOEXT_X509=so.0
 SOEXT_CRYPTO=so.2
 
-# Set DLEXT=dylib to compile as a shared library for Mac OS X
 DLEXT ?= so
 
 # Set AR_DASH= (empty string) to use an ar implentation that does not accept
 # the - prefix for command line options (e.g. llvm-ar)
 AR_DASH ?= -
 
-# Windows shared library extension:
+ifdef APPLE_BUILD
+ARFLAGS = $(AR_DASH)Src
+RLFLAGS = -no_warning_for_no_symbols -c
+RL ?= ranlib
+else
+ARFLAGS = $(AR_DASH)src
+endif
+
 ifdef WINDOWS_BUILD
-DLEXT=dll
+# Windows shared library extension:
+DLEXT = dll
+else ifdef APPLE_BUILD
+# Mac OS X shared library extension:
+DLEXT = dylib
 endif
 
 OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
@@ -95,9 +105,11 @@ shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
 # tls
 libmbedtls.a: $(OBJS_TLS)
 	echo "  AR    $@"
-	$(AR) $(AR_DASH)rc $@ $(OBJS_TLS)
+	$(AR) $(ARFLAGS) $@ $(OBJS_TLS)
+ifdef APPLE_BUILD
 	echo "  RL    $@"
-	$(AR) $(AR_DASH)s $@
+	$(RL) $(RLFLAGS) $@
+endif
 
 libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
 	echo "  LD    $@"
@@ -118,9 +130,11 @@ libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
 # x509
 libmbedx509.a: $(OBJS_X509)
 	echo "  AR    $@"
-	$(AR) $(AR_DASH)rc $@ $(OBJS_X509)
+	$(AR) $(ARFLAGS) $@ $(OBJS_X509)
+ifdef APPLE_BUILD
 	echo "  RL    $@"
-	$(AR) $(AR_DASH)s $@
+	$(RL) $(RLFLAGS) $@
+endif
 
 libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
 	echo "  LD    $@"
@@ -141,9 +155,11 @@ libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
 # crypto
 libmbedcrypto.a: $(OBJS_CRYPTO)
 	echo "  AR    $@"
-	$(AR) $(AR_DASH)rc $@ $(OBJS_CRYPTO)
+	$(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
+ifdef APPLE_BUILD
 	echo "  RL    $@"
-	$(AR) $(AR_DASH)s $@
+	$(RL) $(RLFLAGS) $@
+endif
 
 libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
 	echo "  LD    $@"

From 8c754218c5d97aa55ee534063767279a2354732c Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 23 May 2018 09:26:08 +0100
Subject: [PATCH 014/578] Add no symbols warning fix to ChangeLog

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 348864c0e..d86f1e8c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,10 @@ API Changes
      Therefore, mbedtls_platform_zeroize() is moved to the platform module to
      facilitate testing and maintenance.
 
+Bugfix
+   * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix
+     contributed by tabascoeye in pull request #1600.
+
 = mbed TLS 2.9.0 branch released 2018-04-30
 
 Security

From 34b822ce7b1f8765356c189d5a926970af090686 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Sun, 15 May 2016 17:28:08 -0300
Subject: [PATCH 015/578] Initial implementation of ChaCha20

---
 include/mbedtls/chacha20.h                | 169 +++++++
 include/mbedtls/config.h                  |  10 +
 include/mbedtls/error.h                   |   1 +
 library/CMakeLists.txt                    |   1 +
 library/Makefile                          |   3 +-
 library/chacha20.c                        | 551 ++++++++++++++++++++++
 library/error.c                           |   9 +
 library/version_features.c                |   6 +
 programs/test/benchmark.c                 |  14 +-
 scripts/generate_errors.pl                |   2 +-
 tests/CMakeLists.txt                      |   1 +
 tests/Makefile                            |   6 +-
 tests/suites/test_suite_chacha20.data     |   2 +
 tests/suites/test_suite_chacha20.function |  14 +
 14 files changed, 784 insertions(+), 5 deletions(-)
 create mode 100644 include/mbedtls/chacha20.h
 create mode 100644 library/chacha20.c
 create mode 100644 tests/suites/test_suite_chacha20.data
 create mode 100644 tests/suites/test_suite_chacha20.function

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
new file mode 100644
index 000000000..ab10a96a8
--- /dev/null
+++ b/include/mbedtls/chacha20.h
@@ -0,0 +1,169 @@
+/**
+ * \file chacha20.h
+ *
+ * \brief ChaCha20 cipher.
+ *
+ * \author Daniel King <damaki.gh@gmail.com>
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_CHACHA20_H
+#define MBEDTLS_CHACHA20_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_CHACHA20_ALT)
+
+#include <stdint.h>
+#include <stddef.h>
+
+#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */
+
+typedef struct
+{
+    uint32_t initial_state[16];  /*! Holds the initial state (before round operations) */
+    uint32_t working_state[16];  /*! Holds the working state (after round operations) */
+    uint8_t  keystream8[64];     /*! Holds leftover keystream bytes */
+    size_t keystream_bytes_used; /*! Number of keystream bytes currently used */
+}
+mbedtls_chacha20_context;
+
+/**
+ * \brief           Initialize ChaCha20 context
+ *
+ * \param ctx       ChaCha20 context to be initialized
+ */
+void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
+
+/**
+ * \brief           Clear ChaCha20 context
+ *
+ * \param ctx       ChaCha20 context to be cleared
+ */
+void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
+
+/**
+ * \brief           Set the ChaCha20 key.
+ *
+ * \note            The nonce and counter must be set after calling this function,
+ *                  before data can be encrypted/decrypted. The nonce and
+ *                  counter are set by calling mbedtls_chacha20_starts.
+ *
+ * \see             mbedtls_chacha20_starts
+ *
+ * \param ctx       The context to setup.
+ * \param key       Buffer containing the 256-bit key. Must be 32 bytes in length.
+ *
+ * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or key
+ *                  is NULL, or if key_bits is not 128 or 256.
+ *                  Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
+                             const unsigned char key[32] );
+
+/**
+ * \brief           Set the ChaCha20 nonce and initial counter value.
+ *
+ * \note            A ChaCha20 context can be re-used with the same key by
+ *                  calling this function to change the nonce and/or initial
+ *                  counter value.
+ *
+ * \param ctx       The ChaCha20 context.
+ * \param nonce     Buffer containing the 96-bit nonce. Must be 12 bytes in size.
+ * \param counter   Initial counter value to use. This is usually 0.
+ *
+ * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or
+ *                  nonce is NULL.
+ *                  Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
+                             const unsigned char nonce[12],
+                             uint32_t counter );
+
+/**
+ * \brief           Encrypt or decrypt data.
+ *
+ *                  This function is used to both encrypt and decrypt data.
+ *
+ * \note            The \p input and \p output buffers may overlap, but only
+ *                  if input >= output (i.e. only if input points ahead of
+ *                  the output pointer).
+ *
+ * \note            mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be
+ *                  called at least once to setup the context before this function
+ *                  can be called.
+ *
+ * \param ctx       The ChaCha20 context.
+ * \param size      The length (in bytes) to process. This can have any length.
+ * \param input     Buffer containing the input data.
+ * \param output    Buffer containing the output data.
+ *
+ * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
+ *                  output pointers are NULL.
+ *                  Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_process( mbedtls_chacha20_context *ctx,
+                              size_t size,
+                              const unsigned char *input,
+                              unsigned char *output );
+
+#else  /* MBEDTLS_CHACHA20_ALT */
+#include "chacha20_alt.h"
+#endif /* MBEDTLS_CHACHA20_ALT */
+
+/**
+ * \brief           Encrypt or decrypt a message using ChaCha20.
+ *
+ *                  This function is used the same way for encrypting and
+ *                  decrypting data. It's not necessary to specify which
+ *                  operation is being performed.
+ *
+ * \note            The \p input and \p output buffers may overlap, but only
+ *                  if input >= output (i.e. only if input points ahead of
+ *                  the output pointer).
+ *
+ * \param key       Buffer containing the 256-bit key. Must be 32 bytes in length.
+ * \param nonce     Buffer containing the 96-bit nonce. Must be 12 bytes in length.
+ * \param counter   The initial counter value. This is usually 0.
+ * \param data_len  The number of bytes to process.
+ * \param input     Buffer containing the input data (data to encrypt or decrypt).
+ * \param output    Buffer to where the processed data is written.
+ *
+ * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
+ *                  or output is NULL.
+ *                  Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_crypt( const unsigned char key[32],
+                            const unsigned char nonce[12],
+                            uint32_t counter,
+                            size_t data_len,
+                            const unsigned char* input,
+                            unsigned char* output );
+
+/**
+ * \brief           Checkup routine
+ *
+ * \return          0 if successful, or 1 if the test failed
+ */
+int mbedtls_chacha20_self_test( int verbose );
+
+#endif /* MBEDTLS_CHACHA20_H */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 7c9acb230..4c8fc3c36 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -274,6 +274,7 @@
 //#define MBEDTLS_BLOWFISH_ALT
 //#define MBEDTLS_CAMELLIA_ALT
 //#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CHACHA20_ALT
 //#define MBEDTLS_CMAC_ALT
 //#define MBEDTLS_DES_ALT
 //#define MBEDTLS_DHM_ALT
@@ -1861,6 +1862,15 @@
  */
 #define MBEDTLS_CERTS_C
 
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 stream cipher.
+ *
+ * Module:  library/chacha20.c
+ */
+#define MBEDTLS_CHACHA20_C
+
 /**
  * \def MBEDTLS_CIPHER_C
  *
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 8b4d3a875..ace0c47a6 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -76,6 +76,7 @@
  * SHA1      1                  0x0035-0x0035
  * SHA256    1                  0x0037-0x0037
  * SHA512    1                  0x0039-0x0039
+ * CHACHA20  1                  0x003B-0x003B
  *
  * High-level module nr (3 bits - 0x0...-0x7...)
  * Name      ID  Nr of Errors
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 6177ca2b4..78bab7fc7 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -13,6 +13,7 @@ set(src_crypto
     blowfish.c
     camellia.c
     ccm.c
+    chacha20.c
     cipher.c
     cipher_wrap.c
     cmac.c
diff --git a/library/Makefile b/library/Makefile
index b155c720e..4fab59846 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -50,7 +50,8 @@ endif
 OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 		asn1parse.o	asn1write.o	base64.o	\
 		bignum.o	blowfish.o	camellia.o	\
-		ccm.o		cipher.o	cipher_wrap.o	\
+		ccm.o		chacha20.o			\
+		cipher.o	cipher_wrap.o			\
 		cmac.o		ctr_drbg.o	des.o		\
 		dhm.o		ecdh.o		ecdsa.o		\
 		ecjpake.o	ecp.o				\
diff --git a/library/chacha20.c b/library/chacha20.c
new file mode 100644
index 000000000..75fd9e915
--- /dev/null
+++ b/library/chacha20.c
@@ -0,0 +1,551 @@
+/**
+ * \file chacha20.c
+ *
+ * \brief ChaCha20 cipher.
+ *
+ * \author Daniel King <damaki.gh@gmail.com>
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#include "mbedtls/chacha20.h"
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_CHACHA20_C)
+
+#if !defined(MBEDTLS_CHACHA20_ALT)
+
+#include <stddef.h>
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#define BYTES_TO_U32_LE( data, offset )                   \
+    ( (uint32_t)data[offset] |                            \
+      (uint32_t)( (uint32_t)data[(offset) + 1] << 8 )  |  \
+      (uint32_t)( (uint32_t)data[(offset) + 2] << 16 ) |  \
+      (uint32_t)( (uint32_t)data[(offset) + 3] << 24 )    \
+    )
+
+#define ROTL32( value, amount ) ( (uint32_t)( value << amount ) | ( value >> ( 32 - amount ) ) )
+
+#define CHACHA20_CTR_INDEX ( 12U )
+
+#define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U )
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/**
+ * \brief           ChaCha20 quarter round operation.
+ *
+ *                  The quarter round is defined as follows (from RFC 7539):
+ *                      1.  a += b; d ^= a; d <<<= 16;
+ *                      2.  c += d; b ^= c; b <<<= 12;
+ *                      3.  a += b; d ^= a; d <<<= 8;
+ *                      4.  c += d; b ^= c; b <<<= 7;
+ *
+ * \param state     ChaCha20 state to modify.
+ * \param a         The index of 'a' in the state.
+ * \param b         The index of 'b' in the state.
+ * \param c         The index of 'c' in the state.
+ * \param d         The index of 'd' in the state.
+ */
+static inline void mbedtls_chacha20_quarter_round( uint32_t state[16],
+                                                   size_t a,
+                                                   size_t b,
+                                                   size_t c,
+                                                   size_t d )
+{
+    /* a += b; d ^= a; d <<<= 16; */
+    state[a] += state[b];
+    state[d] ^= state[a];
+    state[d] = ROTL32( state[d], 16 );
+
+    /* c += d; b ^= c; b <<<= 12 */
+    state[c] += state[d];
+    state[b] ^= state[c];
+    state[b] = ROTL32( state[b], 12 );
+
+    /* a += b; d ^= a; d <<<= 8; */
+    state[a] += state[b];
+    state[d] ^= state[a];
+    state[d] = ROTL32( state[d], 8 );
+
+    /* c += d; b ^= c; b <<<= 7; */
+    state[c] += state[d];
+    state[b] ^= state[c];
+    state[b] = ROTL32( state[b], 7 );
+}
+
+/**
+ * \brief           Perform the ChaCha20 inner block operation.
+ *
+ *                  This function performs two rounds: the column round and the
+ *                  diagonal round.
+ *
+ * \param state     The ChaCha20 state to update.
+ */
+static void mbedtls_chacha20_inner_block( uint32_t state[16] )
+{
+    mbedtls_chacha20_quarter_round( state, 0, 4, 8,  12 );
+    mbedtls_chacha20_quarter_round( state, 1, 5, 9,  13 );
+    mbedtls_chacha20_quarter_round( state, 2, 6, 10, 14 );
+    mbedtls_chacha20_quarter_round( state, 3, 7, 11, 15 );
+
+    mbedtls_chacha20_quarter_round( state, 0, 5, 10, 15 );
+    mbedtls_chacha20_quarter_round( state, 1, 6, 11, 12 );
+    mbedtls_chacha20_quarter_round( state, 2, 7, 8,  13 );
+    mbedtls_chacha20_quarter_round( state, 3, 4, 9,  14 );
+}
+
+/**
+ * \brief               Generates a keystream block.
+ *
+ * \param initial_state The initial ChaCha20 state (containing the key, nonce, counter).
+ * \param working_state This state is used as a temporary working area.
+ * \param keystream     Generated keystream bytes are written to this buffer.
+ */
+static void mbedtls_chacha20_block( mbedtls_chacha20_context *ctx,
+                                    unsigned char keystream[64] )
+{
+    size_t i;
+    size_t offset;
+
+    memcpy( ctx->working_state,
+            ctx->initial_state,
+            sizeof(ctx->initial_state) );
+
+    for ( i = 0U; i < 10U; i++ )
+    {
+        mbedtls_chacha20_inner_block( ctx->working_state );
+    }
+
+    ctx->working_state[0]  += ctx->initial_state[0];
+    ctx->working_state[1]  += ctx->initial_state[1];
+    ctx->working_state[2]  += ctx->initial_state[2];
+    ctx->working_state[3]  += ctx->initial_state[3];
+    ctx->working_state[4]  += ctx->initial_state[4];
+    ctx->working_state[5]  += ctx->initial_state[5];
+    ctx->working_state[6]  += ctx->initial_state[6];
+    ctx->working_state[7]  += ctx->initial_state[7];
+    ctx->working_state[8]  += ctx->initial_state[8];
+    ctx->working_state[9]  += ctx->initial_state[9];
+    ctx->working_state[10] += ctx->initial_state[10];
+    ctx->working_state[11] += ctx->initial_state[11];
+    ctx->working_state[12] += ctx->initial_state[12];
+    ctx->working_state[13] += ctx->initial_state[13];
+    ctx->working_state[14] += ctx->initial_state[14];
+    ctx->working_state[15] += ctx->initial_state[15];
+
+    for ( i = 0U; i < 16; i++ )
+    {
+        offset = i * 4U;
+
+        keystream[offset     ] = (unsigned char)  ctx->working_state[i];
+        keystream[offset + 1U] = (unsigned char)( ctx->working_state[i] >> 8  );
+        keystream[offset + 2U] = (unsigned char)( ctx->working_state[i] >> 16 );
+        keystream[offset + 3U] = (unsigned char)( ctx->working_state[i] >> 24 );
+    }
+}
+
+void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
+{
+    if ( ctx != NULL )
+    {
+        mbedtls_zeroize( ctx->initial_state, sizeof( ctx->initial_state ) );
+        mbedtls_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
+        mbedtls_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+
+        /* Initially, there's no keystream bytes available */
+        ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
+    }
+}
+
+void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
+{
+    if ( ctx != NULL )
+    {
+        mbedtls_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
+    }
+}
+
+int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
+                            const unsigned char key[32] )
+{
+    if ( ( ctx == NULL ) || ( key == NULL ) )
+    {
+        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    }
+
+    /* ChaCha20 constants - the string "expand 32-byte k" */
+    ctx->initial_state[0] = 0x61707865;
+    ctx->initial_state[1] = 0x3320646e;
+    ctx->initial_state[2] = 0x79622d32;
+    ctx->initial_state[3] = 0x6b206574;
+
+    /* Set key */
+    ctx->initial_state[4]  = BYTES_TO_U32_LE( key, 0 );
+    ctx->initial_state[5]  = BYTES_TO_U32_LE( key, 4 );
+    ctx->initial_state[6]  = BYTES_TO_U32_LE( key, 8 );
+    ctx->initial_state[7]  = BYTES_TO_U32_LE( key, 12 );
+    ctx->initial_state[8]  = BYTES_TO_U32_LE( key, 16 );
+    ctx->initial_state[9]  = BYTES_TO_U32_LE( key, 20 );
+    ctx->initial_state[10] = BYTES_TO_U32_LE( key, 24 );
+    ctx->initial_state[11] = BYTES_TO_U32_LE( key, 28 );
+
+    return( 0 );
+}
+
+int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
+                             const unsigned char nonce[12],
+                             uint32_t counter )
+{
+    if ( ( ctx == NULL ) || ( nonce == NULL ) )
+    {
+        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    }
+
+    /* Counter */
+    ctx->initial_state[12] = counter;
+
+    /* Nonce */
+    ctx->initial_state[13] = BYTES_TO_U32_LE( nonce, 0 );
+    ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
+    ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );
+
+    return( 0 );
+}
+
+int mbedtls_chacha20_process( mbedtls_chacha20_context *ctx,
+                              size_t size,
+                              const unsigned char *input,
+                              unsigned char *output )
+{
+    size_t offset = 0U;
+    size_t i;
+
+    if ( ( ctx == NULL ) || ( input == NULL ) || ( output == NULL ) )
+    {
+        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    }
+
+    /* Use leftover keystream bytes, if available */
+    while ( ( size > 0U ) && ( ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) )
+    {
+        output[offset] = input[offset] ^ ctx->keystream8[ctx->keystream_bytes_used];
+
+        ctx->keystream_bytes_used++;
+        offset++;
+        size--;
+    }
+
+    /* Process full blocks */
+    while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
+    {
+        mbedtls_chacha20_block( ctx, &output[offset] );
+
+        for ( i = 0U; i < 64U; i += 8U )
+        {
+            output[offset + i     ] ^= input[offset + i     ];
+            output[offset + i + 1U] ^= input[offset + i + 1U];
+            output[offset + i + 2U] ^= input[offset + i + 2U];
+            output[offset + i + 3U] ^= input[offset + i + 3U];
+            output[offset + i + 4U] ^= input[offset + i + 4U];
+            output[offset + i + 5U] ^= input[offset + i + 5U];
+            output[offset + i + 6U] ^= input[offset + i + 6U];
+            output[offset + i + 7U] ^= input[offset + i + 7U];
+        }
+
+        /* Increment counter */
+        ctx->initial_state[CHACHA20_CTR_INDEX]++;
+
+        offset += 64U;
+        size   -= 64U;
+    }
+
+    /* Last (partial) block */
+    if ( size > 0U )
+    {
+        mbedtls_chacha20_block( ctx, ctx->keystream8 );
+
+        for ( i = 0U; i < size; i++)
+        {
+            output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
+        }
+
+        ctx->keystream_bytes_used = size;
+
+        /* Increment counter */
+        ctx->initial_state[CHACHA20_CTR_INDEX]++;
+    }
+
+    return 0;
+}
+
+#endif /* !MBEDTLS_CHACHA20_ALT */
+
+int mbedtls_chacha20_crypt( const unsigned char key[32],
+                            const unsigned char nonce[12],
+                            uint32_t counter,
+                            size_t data_len,
+                            const unsigned char* input,
+                            unsigned char* output )
+{
+    mbedtls_chacha20_context ctx;
+    int result;
+
+    mbedtls_chacha20_init( &ctx );
+
+    result = mbedtls_chacha20_setkey( &ctx, key );
+    if ( result != 0 )
+        goto cleanup;
+
+    result = mbedtls_chacha20_starts( &ctx, nonce, counter );
+    if ( result != 0 )
+        goto cleanup;
+
+    result = mbedtls_chacha20_process( &ctx, data_len, input, output );
+
+cleanup:
+    mbedtls_chacha20_free( &ctx );
+    return result;
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+static const unsigned char test_keys[2][32] =
+{
+    {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    },
+    {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+    }
+};
+
+static const unsigned char test_nonces[2][12] =
+{
+    {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00
+    },
+    {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x02
+    }
+};
+
+static const uint32_t test_counters[2] =
+{
+    0U,
+    1U
+};
+
+static const unsigned char test_input[2][375] =
+{
+    {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    },
+    {
+        0x41, 0x6e, 0x79, 0x20, 0x73, 0x75, 0x62, 0x6d,
+        0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x20, 0x74,
+        0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, 0x49, 0x45,
+        0x54, 0x46, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6e,
+        0x64, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x74,
+        0x68, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x74, 0x72,
+        0x69, 0x62, 0x75, 0x74, 0x6f, 0x72, 0x20, 0x66,
+        0x6f, 0x72, 0x20, 0x70, 0x75, 0x62, 0x6c, 0x69,
+        0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61,
+        0x73, 0x20, 0x61, 0x6c, 0x6c, 0x20, 0x6f, 0x72,
+        0x20, 0x70, 0x61, 0x72, 0x74, 0x20, 0x6f, 0x66,
+        0x20, 0x61, 0x6e, 0x20, 0x49, 0x45, 0x54, 0x46,
+        0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
+        0x74, 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x20,
+        0x6f, 0x72, 0x20, 0x52, 0x46, 0x43, 0x20, 0x61,
+        0x6e, 0x64, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x73,
+        0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+        0x20, 0x6d, 0x61, 0x64, 0x65, 0x20, 0x77, 0x69,
+        0x74, 0x68, 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65,
+        0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
+        0x20, 0x6f, 0x66, 0x20, 0x61, 0x6e, 0x20, 0x49,
+        0x45, 0x54, 0x46, 0x20, 0x61, 0x63, 0x74, 0x69,
+        0x76, 0x69, 0x74, 0x79, 0x20, 0x69, 0x73, 0x20,
+        0x63, 0x6f, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72,
+        0x65, 0x64, 0x20, 0x61, 0x6e, 0x20, 0x22, 0x49,
+        0x45, 0x54, 0x46, 0x20, 0x43, 0x6f, 0x6e, 0x74,
+        0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e,
+        0x22, 0x2e, 0x20, 0x53, 0x75, 0x63, 0x68, 0x20,
+        0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
+        0x74, 0x73, 0x20, 0x69, 0x6e, 0x63, 0x6c, 0x75,
+        0x64, 0x65, 0x20, 0x6f, 0x72, 0x61, 0x6c, 0x20,
+        0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
+        0x74, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x49, 0x45,
+        0x54, 0x46, 0x20, 0x73, 0x65, 0x73, 0x73, 0x69,
+        0x6f, 0x6e, 0x73, 0x2c, 0x20, 0x61, 0x73, 0x20,
+        0x77, 0x65, 0x6c, 0x6c, 0x20, 0x61, 0x73, 0x20,
+        0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x20,
+        0x61, 0x6e, 0x64, 0x20, 0x65, 0x6c, 0x65, 0x63,
+        0x74, 0x72, 0x6f, 0x6e, 0x69, 0x63, 0x20, 0x63,
+        0x6f, 0x6d, 0x6d, 0x75, 0x6e, 0x69, 0x63, 0x61,
+        0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x6d, 0x61,
+        0x64, 0x65, 0x20, 0x61, 0x74, 0x20, 0x61, 0x6e,
+        0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x6f,
+        0x72, 0x20, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x2c,
+        0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x61,
+        0x72, 0x65, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65,
+        0x73, 0x73, 0x65, 0x64, 0x20, 0x74, 0x6f
+    }
+};
+
+static const unsigned char test_output[2][375] =
+{
+    {
+        0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90,
+        0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28,
+        0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a,
+        0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7,
+        0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d,
+        0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37,
+        0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c,
+        0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86
+    },
+    {
+        0xa3, 0xfb, 0xf0, 0x7d, 0xf3, 0xfa, 0x2f, 0xde,
+        0x4f, 0x37, 0x6c, 0xa2, 0x3e, 0x82, 0x73, 0x70,
+        0x41, 0x60, 0x5d, 0x9f, 0x4f, 0x4f, 0x57, 0xbd,
+        0x8c, 0xff, 0x2c, 0x1d, 0x4b, 0x79, 0x55, 0xec,
+        0x2a, 0x97, 0x94, 0x8b, 0xd3, 0x72, 0x29, 0x15,
+        0xc8, 0xf3, 0xd3, 0x37, 0xf7, 0xd3, 0x70, 0x05,
+        0x0e, 0x9e, 0x96, 0xd6, 0x47, 0xb7, 0xc3, 0x9f,
+        0x56, 0xe0, 0x31, 0xca, 0x5e, 0xb6, 0x25, 0x0d,
+        0x40, 0x42, 0xe0, 0x27, 0x85, 0xec, 0xec, 0xfa,
+        0x4b, 0x4b, 0xb5, 0xe8, 0xea, 0xd0, 0x44, 0x0e,
+        0x20, 0xb6, 0xe8, 0xdb, 0x09, 0xd8, 0x81, 0xa7,
+        0xc6, 0x13, 0x2f, 0x42, 0x0e, 0x52, 0x79, 0x50,
+        0x42, 0xbd, 0xfa, 0x77, 0x73, 0xd8, 0xa9, 0x05,
+        0x14, 0x47, 0xb3, 0x29, 0x1c, 0xe1, 0x41, 0x1c,
+        0x68, 0x04, 0x65, 0x55, 0x2a, 0xa6, 0xc4, 0x05,
+        0xb7, 0x76, 0x4d, 0x5e, 0x87, 0xbe, 0xa8, 0x5a,
+        0xd0, 0x0f, 0x84, 0x49, 0xed, 0x8f, 0x72, 0xd0,
+        0xd6, 0x62, 0xab, 0x05, 0x26, 0x91, 0xca, 0x66,
+        0x42, 0x4b, 0xc8, 0x6d, 0x2d, 0xf8, 0x0e, 0xa4,
+        0x1f, 0x43, 0xab, 0xf9, 0x37, 0xd3, 0x25, 0x9d,
+        0xc4, 0xb2, 0xd0, 0xdf, 0xb4, 0x8a, 0x6c, 0x91,
+        0x39, 0xdd, 0xd7, 0xf7, 0x69, 0x66, 0xe9, 0x28,
+        0xe6, 0x35, 0x55, 0x3b, 0xa7, 0x6c, 0x5c, 0x87,
+        0x9d, 0x7b, 0x35, 0xd4, 0x9e, 0xb2, 0xe6, 0x2b,
+        0x08, 0x71, 0xcd, 0xac, 0x63, 0x89, 0x39, 0xe2,
+        0x5e, 0x8a, 0x1e, 0x0e, 0xf9, 0xd5, 0x28, 0x0f,
+        0xa8, 0xca, 0x32, 0x8b, 0x35, 0x1c, 0x3c, 0x76,
+        0x59, 0x89, 0xcb, 0xcf, 0x3d, 0xaa, 0x8b, 0x6c,
+        0xcc, 0x3a, 0xaf, 0x9f, 0x39, 0x79, 0xc9, 0x2b,
+        0x37, 0x20, 0xfc, 0x88, 0xdc, 0x95, 0xed, 0x84,
+        0xa1, 0xbe, 0x05, 0x9c, 0x64, 0x99, 0xb9, 0xfd,
+        0xa2, 0x36, 0xe7, 0xe8, 0x18, 0xb0, 0x4b, 0x0b,
+        0xc3, 0x9c, 0x1e, 0x87, 0x6b, 0x19, 0x3b, 0xfe,
+        0x55, 0x69, 0x75, 0x3f, 0x88, 0x12, 0x8c, 0xc0,
+        0x8a, 0xaa, 0x9b, 0x63, 0xd1, 0xa1, 0x6f, 0x80,
+        0xef, 0x25, 0x54, 0xd7, 0x18, 0x9c, 0x41, 0x1f,
+        0x58, 0x69, 0xca, 0x52, 0xc5, 0xb8, 0x3f, 0xa3,
+        0x6f, 0xf2, 0x16, 0xb9, 0xc1, 0xd3, 0x00, 0x62,
+        0xbe, 0xbc, 0xfd, 0x2d, 0xc5, 0xbc, 0xe0, 0x91,
+        0x19, 0x34, 0xfd, 0xa7, 0x9a, 0x86, 0xf6, 0xe6,
+        0x98, 0xce, 0xd7, 0x59, 0xc3, 0xff, 0x9b, 0x64,
+        0x77, 0x33, 0x8f, 0x3d, 0xa4, 0xf9, 0xcd, 0x85,
+        0x14, 0xea, 0x99, 0x82, 0xcc, 0xaf, 0xb3, 0x41,
+        0xb2, 0x38, 0x4d, 0xd9, 0x02, 0xf3, 0xd1, 0xab,
+        0x7a, 0xc6, 0x1d, 0xd2, 0x9c, 0x6f, 0x21, 0xba,
+        0x5b, 0x86, 0x2f, 0x37, 0x30, 0xe3, 0x7c, 0xfd,
+        0xc4, 0xfd, 0x80, 0x6c, 0x22, 0xf2, 0x21
+    }
+};
+
+static const size_t test_lengths[2] =
+{
+    64U,
+    375U
+};
+
+int mbedtls_chacha20_self_test( int verbose )
+{
+    unsigned char output[381];
+    size_t i;
+    int result;
+
+    for ( i = 0U; i < 2U; i++ )
+    {
+        result = mbedtls_chacha20_crypt( test_keys[i],
+                                         test_nonces[i],
+                                         test_counters[i],
+                                         test_lengths[i],
+                                         test_input[i],
+                                         output );
+        if ( result != 0)
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "ChaCha20 test %zi error code: %i\n", i, result );
+            }
+
+            return( -1 );
+        }
+
+        if ( 0 != memcmp( output, test_output[i], test_lengths[i] ) )
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "ChaCha20 test %zi failed\n", i );
+            }
+
+            return( -1 );
+        }
+    }
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* !MBEDTLS_CHACHA20_C */
diff --git a/library/error.c b/library/error.c
index 222d85b62..2aaf359ef 100644
--- a/library/error.c
+++ b/library/error.c
@@ -69,6 +69,10 @@
 #include "mbedtls/ccm.h"
 #endif
 
+#if defined(MBEDTLS_CHACHA20_C)
+#include "mbedtls/chacha20.h"
+#endif
+
 #if defined(MBEDTLS_CIPHER_C)
 #include "mbedtls/cipher.h"
 #endif
@@ -653,6 +657,11 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
         mbedtls_snprintf( buf, buflen, "CCM - CCM hardware accelerator failed" );
 #endif /* MBEDTLS_CCM_C */
 
+#if defined(MBEDTLS_CHACHA20_C)
+    if( use_ret == -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "CHACHA20 - Invalid input parameter(s)" );
+#endif /* MBEDTLS_CHACHA20_C */
+
 #if defined(MBEDTLS_CMAC_C)
     if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) )
         mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" );
diff --git a/library/version_features.c b/library/version_features.c
index a452caf5e..febd506b7 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -99,6 +99,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_CCM_ALT)
     "MBEDTLS_CCM_ALT",
 #endif /* MBEDTLS_CCM_ALT */
+#if defined(MBEDTLS_CHACHA20_ALT)
+    "MBEDTLS_CHACHA20_ALT",
+#endif /* MBEDTLS_CHACHA20_ALT */
 #if defined(MBEDTLS_CMAC_ALT)
     "MBEDTLS_CMAC_ALT",
 #endif /* MBEDTLS_CMAC_ALT */
@@ -537,6 +540,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_CERTS_C)
     "MBEDTLS_CERTS_C",
 #endif /* MBEDTLS_CERTS_C */
+#if defined(MBEDTLS_CHACHA20_C)
+    "MBEDTLS_CHACHA20_C",
+#endif /* MBEDTLS_CHACHA20_C */
 #if defined(MBEDTLS_CIPHER_C)
     "MBEDTLS_CIPHER_C",
 #endif /* MBEDTLS_CIPHER_C */
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index cecf3e363..bc473cf86 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -59,6 +59,7 @@ int main( void )
 #include "mbedtls/aes.h"
 #include "mbedtls/blowfish.h"
 #include "mbedtls/camellia.h"
+#include "mbedtls/chacha20.h"
 #include "mbedtls/gcm.h"
 #include "mbedtls/ccm.h"
 #include "mbedtls/cmac.h"
@@ -93,7 +94,7 @@ int main( void )
 
 #define OPTIONS                                                         \
     "md4, md5, ripemd160, sha1, sha256, sha512,\n"                      \
-    "arc4, des3, des, camellia, blowfish,\n"                            \
+    "arc4, des3, des, camellia, blowfish, chacha20,\n"                  \
     "aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,\n"                 \
     "havege, ctr_drbg, hmac_drbg\n"                                     \
     "rsa, dhm, ecdsa, ecdh.\n"
@@ -229,7 +230,7 @@ typedef struct {
     char md4, md5, ripemd160, sha1, sha256, sha512,
          arc4, des3, des,
          aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,
-         camellia, blowfish,
+         camellia, blowfish, chacha20,
          havege, ctr_drbg, hmac_drbg,
          rsa, dhm, ecdsa, ecdh;
 } todo_list;
@@ -286,6 +287,8 @@ int main( int argc, char *argv[] )
                 todo.camellia = 1;
             else if( strcmp( argv[i], "blowfish" ) == 0 )
                 todo.blowfish = 1;
+            else if( strcmp( argv[i], "chacha20" ) == 0 )
+                todo.chacha20 = 1;
             else if( strcmp( argv[i], "havege" ) == 0 )
                 todo.havege = 1;
             else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
@@ -520,6 +523,13 @@ int main( int argc, char *argv[] )
     }
 #endif
 
+#if defined(MBEDTLS_CHACHA20_C)
+    if ( todo.chacha20 )
+    {
+        TIME_AND_TSC( "ChaCha20", mbedtls_chacha20_crypt( buf, buf, 0U, BUFSIZE, buf, buf ) );
+    }
+#endif
+
 #if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
     if( todo.blowfish )
     {
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index ac0fbff05..36ee60b72 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -30,7 +30,7 @@ if( @ARGV ) {
 my $error_format_file = $data_dir.'/error.fmt';
 
 my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH
-                            CAMELLIA CCM CMAC CTR_DRBG DES
+                            CAMELLIA CCM CHACHA20 CMAC CTR_DRBG DES
                             ENTROPY GCM HMAC_DRBG MD2 MD4 MD5
                             NET OID PADLOCK PBKDF2 RIPEMD160
                             SHA1 SHA256 SHA512 THREADING XTEA );
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 16e19a927..1525bc2a3 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -54,6 +54,7 @@ add_test_suite(base64)
 add_test_suite(blowfish)
 add_test_suite(camellia)
 add_test_suite(ccm)
+add_test_suite(chacha20)
 add_test_suite(cipher cipher.aes)
 add_test_suite(cipher cipher.arc4)
 add_test_suite(cipher cipher.blowfish)
diff --git a/tests/Makefile b/tests/Makefile
index d85617fdc..233259b7a 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -50,7 +50,7 @@ APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_arc4$(EXEXT)		test_suite_asn1write$(EXEXT)	\
 	test_suite_base64$(EXEXT)	test_suite_blowfish$(EXEXT)	\
 	test_suite_camellia$(EXEXT)	test_suite_ccm$(EXEXT)		\
-	test_suite_cmac$(EXEXT)						\
+	test_suite_chacha20$(EXEXT)	test_suite_cmac$(EXEXT)		\
 	test_suite_cipher.aes$(EXEXT)					\
 	test_suite_cipher.arc4$(EXEXT)	test_suite_cipher.ccm$(EXEXT)	\
 	test_suite_cipher.gcm$(EXEXT)					\
@@ -237,6 +237,10 @@ test_suite_ccm$(EXEXT): test_suite_ccm.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_chacha20$(EXEXT): test_suite_chacha20.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_cmac$(EXEXT): test_suite_cmac.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_chacha20.data b/tests/suites/test_suite_chacha20.data
new file mode 100644
index 000000000..79f0408a2
--- /dev/null
+++ b/tests/suites/test_suite_chacha20.data
@@ -0,0 +1,2 @@
+ChaCha20 Selftest
+chacha20_self_test:
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
new file mode 100644
index 000000000..2825a6148
--- /dev/null
+++ b/tests/suites/test_suite_chacha20.function
@@ -0,0 +1,14 @@
+/* BEGIN_HEADER */
+#include "mbedtls/chacha20.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_CHACHA20_C
+ * END_DEPENDENCIES
+ */
+/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
+void chacha20_self_test()
+{
+    TEST_ASSERT( mbedtls_chacha20_self_test( 0 ) == 0 );
+}
+/* END_CASE */
\ No newline at end of file

From bd92062269997a882e6214360da21307fc0bae9b Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Sun, 15 May 2016 19:56:20 -0300
Subject: [PATCH 016/578] Add ChaCha20 to the Cipher module

---
 include/mbedtls/chacha20.h                   |   2 +-
 include/mbedtls/cipher.h                     |   4 +-
 library/chacha20.c                           |   4 +-
 library/cipher.c                             |  31 ++++++
 library/cipher_wrap.c                        |  73 ++++++++++++
 tests/CMakeLists.txt                         |   1 +
 tests/Makefile                               |   9 ++
 tests/suites/test_suite_cipher.chacha20.data | 111 +++++++++++++++++++
 8 files changed, 231 insertions(+), 4 deletions(-)
 create mode 100644 tests/suites/test_suite_cipher.chacha20.data

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index ab10a96a8..d23618ee0 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -121,7 +121,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
  *                  output pointers are NULL.
  *                  Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_chacha20_process( mbedtls_chacha20_context *ctx,
+int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
                               size_t size,
                               const unsigned char *input,
                               unsigned char *output );
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 3ee2ab7db..c5a50c0d2 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -86,6 +86,7 @@ typedef enum {
     MBEDTLS_CIPHER_ID_CAMELLIA,  /**< The Camellia cipher. */
     MBEDTLS_CIPHER_ID_BLOWFISH,  /**< The Blowfish cipher. */
     MBEDTLS_CIPHER_ID_ARC4,      /**< The RC4 cipher. */
+    MBEDTLS_CIPHER_ID_CHACHA20,  /**< The Chacha20 cipher. */
 } mbedtls_cipher_id_t;
 
 /**
@@ -145,6 +146,7 @@ typedef enum {
     MBEDTLS_CIPHER_CAMELLIA_128_CCM,     /**< Camellia cipher with 128-bit CCM mode. */
     MBEDTLS_CIPHER_CAMELLIA_192_CCM,     /**< Camellia cipher with 192-bit CCM mode. */
     MBEDTLS_CIPHER_CAMELLIA_256_CCM,     /**< Camellia cipher with 256-bit CCM mode. */
+    MBEDTLS_CIPHER_CHACHA20,             /**< Chacha20 stream cipher. */
 } mbedtls_cipher_type_t;
 
 /** Supported cipher modes. */
@@ -190,7 +192,7 @@ enum {
 /** Maximum length of any IV, in Bytes. */
 #define MBEDTLS_MAX_IV_LENGTH      16
 /** Maximum block size of any cipher, in Bytes. */
-#define MBEDTLS_MAX_BLOCK_LENGTH   16
+#define MBEDTLS_MAX_BLOCK_LENGTH   64
 
 /**
  * Base cipher information (opaque struct).
diff --git a/library/chacha20.c b/library/chacha20.c
index 75fd9e915..8206a3bf0 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -245,7 +245,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     return( 0 );
 }
 
-int mbedtls_chacha20_process( mbedtls_chacha20_context *ctx,
+int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
                               size_t size,
                               const unsigned char *input,
                               unsigned char *output )
@@ -333,7 +333,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
     if ( result != 0 )
         goto cleanup;
 
-    result = mbedtls_chacha20_process( &ctx, data_len, input, output );
+    result = mbedtls_chacha20_update( &ctx, data_len, input, output );
 
 cleanup:
     mbedtls_chacha20_free( &ctx );
diff --git a/library/cipher.c b/library/cipher.c
index a5cd61cdf..68d0c10ff 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -46,6 +46,10 @@
 #include "mbedtls/ccm.h"
 #endif
 
+#if defined(MBEDTLS_CHACHA20_C)
+#include "mbedtls/chacha20.h"
+#endif
+
 #if defined(MBEDTLS_CMAC_C)
 #include "mbedtls/cmac.h"
 #endif
@@ -231,6 +235,18 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
 
+#if defined(MBEDTLS_CHACHA20_C)
+    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
+    {
+        if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
+                                           iv,
+                                           0U ) ) /* Initial counter value */
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+    }
+#endif
+
     memcpy( ctx->iv, iv, actual_iv_size );
     ctx->iv_size = actual_iv_size;
 
@@ -314,6 +330,16 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
 
+
+#if defined(MBEDTLS_CHACHA20_C)
+    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
+    {
+        *olen = ilen;
+        return mbedtls_chacha20_update( (mbedtls_chacha20_context*) ctx->cipher_ctx,
+                                         ilen, input, output );
+    }
+#endif
+
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
     {
@@ -646,6 +672,11 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
         return( 0 );
     }
 
+    if ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type )
+    {
+        return( 0 );
+    }
+
     if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
     {
         if( ctx->unprocessed_len != 0 )
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index dc76af8ff..f4e7964df 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -53,6 +53,10 @@
 #include "mbedtls/blowfish.h"
 #endif
 
+#if defined(MBEDTLS_CHACHA20_C)
+#include "mbedtls/chacha20.h"
+#endif
+
 #if defined(MBEDTLS_GCM_C)
 #include "mbedtls/gcm.h"
 #endif
@@ -1283,6 +1287,71 @@ static const mbedtls_cipher_info_t arc4_128_info = {
 };
 #endif /* MBEDTLS_ARC4_C */
 
+#if defined(MBEDTLS_CHACHA20_C)
+
+static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
+                                 unsigned int key_bitlen )
+{
+    if( key_bitlen != 256U )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    return( 0 );
+}
+
+static void * chacha20_ctx_alloc( void )
+{
+    mbedtls_chacha20_context *ctx;
+    ctx = mbedtls_calloc( 1, sizeof( mbedtls_chacha20_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    mbedtls_chacha20_init( ctx );
+
+    return( ctx );
+}
+
+static void chacha20_ctx_free( void *ctx )
+{
+    mbedtls_chacha20_free( (mbedtls_chacha20_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t chacha20_base_info = {
+    MBEDTLS_CIPHER_ID_CHACHA20,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    chacha20_setkey_wrap,
+    chacha20_setkey_wrap,
+    chacha20_ctx_alloc,
+    chacha20_ctx_free
+};
+static const mbedtls_cipher_info_t chacha20_info = {
+    MBEDTLS_CIPHER_CHACHA20,
+    MBEDTLS_MODE_NONE,
+    256,
+    "CHACHA20",
+    12,
+    0,
+    64,
+    &chacha20_base_info
+};
+#endif /* MBEDTLS_CHACHA20_C */
+
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
 static int null_crypt_stream( void *ctx, size_t length,
                               const unsigned char *input,
@@ -1438,6 +1507,10 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
 #endif
 #endif /* MBEDTLS_DES_C */
 
+#if defined(MBEDTLS_CHACHA20_C)
+    { MBEDTLS_CIPHER_CHACHA20,             &chacha20_info },
+#endif
+
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
     { MBEDTLS_CIPHER_NULL,                 &null_cipher_info },
 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 1525bc2a3..3821657ae 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -60,6 +60,7 @@ add_test_suite(cipher cipher.arc4)
 add_test_suite(cipher cipher.blowfish)
 add_test_suite(cipher cipher.camellia)
 add_test_suite(cipher cipher.ccm)
+add_test_suite(cipher cipher.chacha20)
 add_test_suite(cipher cipher.des)
 add_test_suite(cipher cipher.gcm)
 add_test_suite(cipher cipher.null)
diff --git a/tests/Makefile b/tests/Makefile
index 233259b7a..34a0a8915 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -53,6 +53,7 @@ APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_chacha20$(EXEXT)	test_suite_cmac$(EXEXT)		\
 	test_suite_cipher.aes$(EXEXT)					\
 	test_suite_cipher.arc4$(EXEXT)	test_suite_cipher.ccm$(EXEXT)	\
+	test_suite_cipher.chacha20$(EXEXT)				\
 	test_suite_cipher.gcm$(EXEXT)					\
 	test_suite_cipher.blowfish$(EXEXT)				\
 	test_suite_cipher.camellia$(EXEXT)				\
@@ -125,6 +126,10 @@ test_suite_cipher.ccm.c : suites/test_suite_cipher.function suites/test_suite_ci
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.ccm
 
+test_suite_cipher.chacha20.c : suites/test_suite_cipher.function suites/test_suite_cipher.chacha20.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
+	echo "  Gen   $@"
+	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.chacha20
+
 test_suite_cipher.gcm.c : suites/test_suite_cipher.function suites/test_suite_cipher.gcm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.gcm
@@ -257,6 +262,10 @@ test_suite_cipher.ccm$(EXEXT): test_suite_cipher.ccm.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_cipher.chacha20$(EXEXT): test_suite_cipher.chacha20.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_cipher.gcm$(EXEXT): test_suite_cipher.gcm.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data
new file mode 100644
index 000000000..5f3e07d0b
--- /dev/null
+++ b/tests/suites/test_suite_cipher.chacha20.data
@@ -0,0 +1,111 @@
+Decrypt empty buffer
+depends_on:MBEDTLS_CHACHA20_C:
+dec_empty_buf:
+
+ChaCha20 Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:0:-1
+
+ChaCha20 Encrypt and decrypt 1 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:1:-1
+
+ChaCha20 Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:2:-1
+
+ChaCha20 Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:7:-1
+
+ChaCha20 Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:8:-1
+
+ChaCha20 Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:9:-1
+
+ChaCha20 Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:15:-1
+
+ChaCha20 Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:16:-1
+
+ChaCha20 Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:17:-1
+
+ChaCha20 Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:31:-1
+
+ChaCha20 Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:32:-1
+
+ChaCha20 Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:33:-1
+
+ChaCha20 Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:47:-1
+
+ChaCha20 Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:48:-1
+
+ChaCha20 Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:49:-1
+
+ChaCha20 Encrypt and decrypt 0 bytes in multiple parts 1
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:0:0:-1:0:0:0:0
+
+ChaCha20 Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:1:0:-1:1:0:1:0
+
+ChaCha20 Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:0:1:-1:0:1:0:1
+
+ChaCha20 Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:0:-1:16:0:16:0
+
+ChaCha20 Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:0:16:-1:0:16:0:16
+
+ChaCha20 Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:1:15:-1:1:15:1:15
+
+ChaCha20 Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:15:1:-1:15:1:15:1
+
+ChaCha20 Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:15:7:-1:15:7:15:7
+
+ChaCha20 Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:7:15:-1:7:15:7:15
+
+ChaCha20 Encrypt and decrypt 22 bytes in multiple parts 3
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:6:-1:16:6:16:6
+
+ChaCha20 Encrypt and decrypt 22 bytes in multiple parts 4
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:6:16:-1:6:16:6:16
+
+ChaCha20 Encrypt and decrypt 32 bytes in multiple parts
+depends_on:MBEDTLS_CHACHA20_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20:256:16:16:-1:16:16:16:16

From adc32c0b507e706b076b0978d63d8c5d99cbd474 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Mon, 16 May 2016 18:25:45 -0300
Subject: [PATCH 017/578] Add Poly1305 authenticator algorithm (RFC 7539)

Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
---
 include/mbedtls/config.h                  |  10 +
 include/mbedtls/error.h                   |   1 +
 include/mbedtls/poly1305.h                | 142 ++++++
 library/CMakeLists.txt                    |   1 +
 library/Makefile                          |  10 +-
 library/error.c                           |   9 +
 library/poly1305.c                        | 518 ++++++++++++++++++++++
 library/version_features.c                |   6 +
 programs/test/benchmark.c                 |  14 +-
 scripts/generate_errors.pl                |   2 +-
 tests/CMakeLists.txt                      |   1 +
 tests/Makefile                            |   5 +
 tests/suites/test_suite_poly1305.data     |  51 +++
 tests/suites/test_suite_poly1305.function |  35 ++
 14 files changed, 798 insertions(+), 7 deletions(-)
 create mode 100644 include/mbedtls/poly1305.h
 create mode 100644 library/poly1305.c
 create mode 100644 tests/suites/test_suite_poly1305.data
 create mode 100644 tests/suites/test_suite_poly1305.function

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 4c8fc3c36..7d0960a29 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -283,6 +283,7 @@
 //#define MBEDTLS_MD2_ALT
 //#define MBEDTLS_MD4_ALT
 //#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_POLY1305_ALT
 //#define MBEDTLS_RIPEMD160_ALT
 //#define MBEDTLS_RSA_ALT
 //#define MBEDTLS_SHA1_ALT
@@ -2398,6 +2399,15 @@
  */
 #define MBEDTLS_PLATFORM_C
 
+/**
+ * \def MBEDTLS_POLY1305_C
+ *
+ * Enable the Poly1305 MAC algorithm.
+ *
+ * Module:  library/poly1305.c
+ */
+#define MBEDTLS_POLY1305_C
+
 /**
  * \def MBEDTLS_RIPEMD160_C
  *
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index ace0c47a6..feeda79ed 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -77,6 +77,7 @@
  * SHA256    1                  0x0037-0x0037
  * SHA512    1                  0x0039-0x0039
  * CHACHA20  1                  0x003B-0x003B
+ * POLY1305  1                  0x0041-0x0041
  *
  * High-level module nr (3 bits - 0x0...-0x7...)
  * Name      ID  Nr of Errors
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
new file mode 100644
index 000000000..1aa55aeee
--- /dev/null
+++ b/include/mbedtls/poly1305.h
@@ -0,0 +1,142 @@
+/**
+ * \file poly1305.h
+ *
+ * \brief Poly1305 authenticator algorithm.
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_POLY1305_H
+#define MBEDTLS_POLY1305_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+
+#if !defined(MBEDTLS_POLY1305_ALT)
+
+#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0041 /**< Invalid input parameter(s). */
+
+typedef struct
+{
+    uint32_t r[4];      /** Stores the value for 'r' (low 128 bits of the key) */
+    uint32_t s[4];      /** Stores the value for 's' (high 128 bits of the key) */
+    uint32_t acc[5];    /** Accumulator number */
+    uint8_t queue[16];  /** Stores partial block data */
+    size_t queue_len;   /** Number of bytes stored in 'queue'. Always less than 16 */
+}
+mbedtls_poly1305_context;
+
+/**
+ * \brief               Initialize a Poly1305 context
+ *
+ * \param ctx           The Poly1305 context to be initialized
+ */
+void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
+
+/**
+ * \brief               Clear a Poly1305 context
+ *
+ * \param ctx           The Poly1305 context to be cleared
+ */
+void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
+
+/**
+ * \brief               Set the Poly1305 authentication key.
+ *
+ * \warning             The key should be unique, and \b MUST be
+ *                      unpredictable for each invocation of Poly1305.
+ *
+ * \param ctx           The Poly1305 context.
+ * \param key           Buffer containing the 256-bit key.
+ *
+ * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if ctx
+ *                      or key are NULL.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_poly1305_setkey( mbedtls_poly1305_context *ctx,
+                             const unsigned char key[32] );
+
+/**
+ * \brief               Process data with Poly1305.
+ *
+ *                      This function can be called multiple times to process
+ *                      a stream of data.
+ *
+ * \param ctx           The Poly1305 context.
+ * \param ilen          The input length (in bytes). Any value is accepted.
+ * \param input         Buffer containing the input data to Process.
+ *
+ * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if ctx
+ *                      or input are NULL.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
+                             size_t ilen,
+                             const unsigned char *input );
+
+/**
+ * \brief               Generate the Poly1305 MAC.
+ *
+ * \param ctx           The Poly1305 context.
+ * \param mac           Buffer to where the MAC is written. Must be big enough
+ *                      to hold the 16-byte MAC.
+ *
+ * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if ctx
+ *                      or mac are NULL.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
+                             unsigned char mac[16] );
+
+#else  /* MBEDTLS_POLY1305_ALT */
+#include "poly1305_alt.h"
+#endif /* MBEDTLS_POLY1305_ALT */
+
+/**
+ * \brief               Generate the Poly1305 MAC of some data with the given key.
+ *
+ * \warning             The key should be unique, and \b MUST be
+ *                      unpredictable for each invocation of Poly1305.
+ *
+ * \param key           Buffer containing the 256-bit (32 bytes) key.
+ * \param ilen          The length of the input data (in bytes).
+ * \param input         Buffer containing the input data to process.
+ * \param mac           Buffer to where the 128-bit (16 bytes) MAC is written.
+ *
+ * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if key,
+ *                      input, or mac are NULL.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_poly1305_mac( const unsigned char key[32],
+                          size_t ilen,
+                          const unsigned char *input,
+                          unsigned char mac[16] );
+
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_poly1305_self_test( int verbose );
+
+#endif /* MBEDTLS_POLY1305_H */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 78bab7fc7..251b6c625 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -48,6 +48,7 @@ set(src_crypto
     pkwrite.c
     platform.c
     platform_util.c
+    poly1305.c
     ripemd160.c
     rsa.c
     rsa_internal.c
diff --git a/library/Makefile b/library/Makefile
index 4fab59846..5fd693b25 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -63,11 +63,11 @@ OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 		padlock.o	pem.o		pk.o		\
 		pk_wrap.o	pkcs12.o	pkcs5.o		\
 		pkparse.o	pkwrite.o	platform.o	\
-		platform_util.o	ripemd160.o	rsa_internal.o	\
-		rsa.o 		sha1.o		sha256.o	\
-		sha512.o	threading.o	timing.o	\
-		version.o	version_features.o		\
-		xtea.o
+		platform_util.o	poly1305.o			\
+		ripemd160.o	rsa_internal.o	rsa.o  		\
+		sha1.o		sha256.o	sha512.o	\
+		threading.o	timing.o	version.o	\
+		version_features.o		xtea.o
 
 OBJS_X509=	certs.o		pkcs11.o	x509.o		\
 		x509_create.o	x509_crl.o	x509_crt.o	\
diff --git a/library/error.c b/library/error.c
index 2aaf359ef..12bd2101b 100644
--- a/library/error.c
+++ b/library/error.c
@@ -153,6 +153,10 @@
 #include "mbedtls/pkcs5.h"
 #endif
 
+#if defined(MBEDTLS_POLY1305_C)
+#include "mbedtls/poly1305.h"
+#endif
+
 #if defined(MBEDTLS_RIPEMD160_C)
 #include "mbedtls/ripemd160.h"
 #endif
@@ -774,6 +778,11 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
         mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
 #endif /* MBEDTLS_PADLOCK_C */
 
+#if defined(MBEDTLS_POLY1305_C)
+    if( use_ret == -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" );
+#endif /* MBEDTLS_POLY1305_C */
+
 #if defined(MBEDTLS_RIPEMD160_C)
     if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) )
         mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
diff --git a/library/poly1305.c b/library/poly1305.c
new file mode 100644
index 000000000..9a61a85ce
--- /dev/null
+++ b/library/poly1305.c
@@ -0,0 +1,518 @@
+/**
+ * \file poly1305.c
+ *
+ * \brief Poly1305 authentication algorithm.
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_POLY1305_C)
+
+#if !defined(MBEDTLS_POLY1305_ALT)
+
+#include "mbedtls/poly1305.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
+
+#define BYTES_TO_U32_LE( data, offset )                   \
+    ( (uint32_t)data[offset] |                            \
+      (uint32_t)( (uint32_t)data[(offset) + 1] << 8 )  |  \
+      (uint32_t)( (uint32_t)data[(offset) + 2] << 16 ) |  \
+      (uint32_t)( (uint32_t)data[(offset) + 3] << 24 )    \
+    )
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/**
+ * \brief                   Process blocks with Poly1305.
+ *
+ * \param ctx               The Poly1305 context.
+ * \param nblocks           Number of blocks to process. Note that this function
+ *                          only processes full blocks.
+ * \param input             Buffer containing the input block(s).
+ * \param needs_padding     Set to 0 if the padding bit has already been applied
+ *                          to the input data before calling this function.
+ *                          Otherwise, set this parameter to 1.
+ */
+static void mbedtls_poly1305_process( mbedtls_poly1305_context *ctx,
+                                      size_t nblocks,
+                                      const unsigned char *input,
+                                      uint32_t needs_padding )
+{
+    uint64_t d0, d1, d2, d3;
+    uint32_t acc0, acc1, acc2, acc3, acc4;
+    uint32_t r0, r1, r2, r3;
+    uint32_t rs1, rs2, rs3;
+    size_t offset  = 0U;
+    size_t i;
+
+    r0 = ctx->r[0];
+    r1 = ctx->r[1];
+    r2 = ctx->r[2];
+    r3 = ctx->r[3];
+
+    rs1 = r1 + ( r1 >> 2U );
+    rs2 = r2 + ( r2 >> 2U );
+    rs3 = r3 + ( r3 >> 2U );
+
+    acc0 = ctx->acc[0];
+    acc1 = ctx->acc[1];
+    acc2 = ctx->acc[2];
+    acc3 = ctx->acc[3];
+    acc4 = ctx->acc[4];
+
+    /* Process full blocks */
+    for ( i = 0U; i < nblocks; i++ )
+    {
+        /* Compute: acc += block */
+        /* Note that the input block is treated as a 128-bit little-endian integer */
+        d0   = (uint64_t)acc0 + BYTES_TO_U32_LE( input, offset + 0  );
+        d1   = (uint64_t)acc1 + BYTES_TO_U32_LE( input, offset + 4  ) + ( d0 >> 32U );
+        d2   = (uint64_t)acc2 + BYTES_TO_U32_LE( input, offset + 8  ) + ( d1 >> 32U );
+        d3   = (uint64_t)acc3 + BYTES_TO_U32_LE( input, offset + 12 ) + ( d2 >> 32U );
+        acc0 = (uint32_t)d0;
+        acc1 = (uint32_t)d1;
+        acc2 = (uint32_t)d2;
+        acc3 = (uint32_t)d3;
+        acc4 += (uint32_t)( d3 >> 32U ) + needs_padding;
+
+        /* Compute: acc *= r */
+        d0 = ( (uint64_t)acc0 * r0  ) +
+             ( (uint64_t)acc1 * rs3 ) +
+             ( (uint64_t)acc2 * rs2 ) +
+             ( (uint64_t)acc3 * rs1 );
+        d1 = ( (uint64_t)acc0 * r1  ) +
+             ( (uint64_t)acc1 * r0  ) +
+             ( (uint64_t)acc2 * rs3 ) +
+             ( (uint64_t)acc3 * rs2 ) +
+             ( (uint64_t)acc4 * rs1 );
+        d2 = ( (uint64_t)acc0 * r2  ) +
+             ( (uint64_t)acc1 * r1  ) +
+             ( (uint64_t)acc2 * r0  ) +
+             ( (uint64_t)acc3 * rs3 ) +
+             ( (uint64_t)acc4 * rs2 );
+        d3 = ( (uint64_t)acc0 * r3  ) +
+             ( (uint64_t)acc1 * r2  ) +
+             ( (uint64_t)acc2 * r1  ) +
+             ( (uint64_t)acc3 * r0  ) +
+             ( (uint64_t)acc4 * rs3 );
+        acc4 *= r0;
+
+        /* Compute: acc %= (2^130 - 5) (partial remainder) */
+        d1 += ( d0 >> 32 );
+        d2 += ( d1 >> 32 );
+        d3 += ( d2 >> 32 );
+        acc0 = (uint32_t)d0;
+        acc1 = (uint32_t)d1;
+        acc2 = (uint32_t)d2;
+        acc3 = (uint32_t)d3;
+        acc4 = (uint32_t)( d3 >> 32 ) + acc4;
+
+        d0 = (uint64_t)acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU );
+        acc4 &= 3U;
+        acc0 = (uint32_t)d0;
+        d0 = (uint64_t)acc1 + ( d0 >> 32U );
+        acc1 = (uint32_t)d0;
+        d0 = (uint64_t)acc2 + ( d0 >> 32U );
+        acc2 = (uint32_t)d0;
+        d0 = (uint64_t)acc3 + ( d0 >> 32U );
+        acc3 = (uint32_t)d0;
+        d0 = (uint64_t)acc4 + ( d0 >> 32U );
+        acc4 = (uint32_t)d0;
+
+        offset    += POLY1305_BLOCK_SIZE_BYTES;
+    }
+
+    ctx->acc[0] = acc0;
+    ctx->acc[1] = acc1;
+    ctx->acc[2] = acc2;
+    ctx->acc[3] = acc3;
+    ctx->acc[4] = acc4;
+}
+
+/**
+ * \brief                   Compute the Poly1305 MAC
+ *
+ * \param ctx               The Poly1305 context.
+ * \param mac               The buffer to where the MAC is written. Must be
+ *                          big enough to contain the 16-byte MAC.
+ */
+static void mbedtls_poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
+                                          unsigned char mac[16] )
+{
+    uint64_t d;
+    uint32_t g0, g1, g2, g3, g4;
+    uint32_t acc0, acc1, acc2, acc3, acc4;
+    uint32_t mask;
+    uint32_t mask_inv;
+
+    acc0 = ctx->acc[0];
+    acc1 = ctx->acc[1];
+    acc2 = ctx->acc[2];
+    acc3 = ctx->acc[3];
+    acc4 = ctx->acc[4];
+
+    /* Before adding 's' we need to ensure that the accumulator is mod 2^130 - 5.
+     * We do this by calculating acc - (2^130 - 5), then checking if
+     * the 131st bit is set. If it is, then reduce: acc -= (2^130 - 5)
+     */
+
+    /* Calculate acc + -(2^130 - 5) */
+    d  = ( (uint64_t)acc0 + 5U );
+    g0 = (uint32_t)d;
+    d  = ( (uint64_t)acc1 + ( d >> 32 ) );
+    g1 = (uint32_t)d;
+    d  = ( (uint64_t)acc2 + ( d >> 32 ) );
+    g2 = (uint32_t)d;
+    d  = ( (uint64_t)acc3 + ( d >> 32 ) );
+    g3 = (uint32_t)d;
+    g4 = acc4 + (uint32_t)( d >> 32U );
+
+    /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */
+    mask = (uint32_t)0U - ( g4 >> 2U );
+    mask_inv = ~mask;
+
+    /* If 131st bit is set then acc=g, otherwise, acc is unmodified */
+    acc0 = ( acc0 & mask_inv ) | ( g0 & mask );
+    acc1 = ( acc1 & mask_inv ) | ( g1 & mask );
+    acc2 = ( acc2 & mask_inv ) | ( g2 & mask );
+    acc3 = ( acc3 & mask_inv ) | ( g3 & mask );
+
+    /* Add 's' */
+    d = (uint64_t)acc0 + ctx->s[0];
+    acc0 = (uint32_t)d;
+    d = (uint64_t)acc1 + ctx->s[1] + ( d >> 32U );
+    acc1 = (uint32_t)d;
+    d = (uint64_t)acc2 + ctx->s[2] + ( d >> 32U );
+    acc2 = (uint32_t)d;
+    acc3 += ctx->s[3] + (uint32_t)( d >> 32U );
+
+    /* Compute MAC (128 least significant bits of the accumulator) */
+    mac[0]  = (uint8_t)acc0;
+    mac[1]  = (uint8_t)( acc0 >> 8  );
+    mac[2]  = (uint8_t)( acc0 >> 16 );
+    mac[3]  = (uint8_t)( acc0 >> 24 );
+    mac[4]  = (uint8_t)acc1;
+    mac[5]  = (uint8_t)( acc1 >> 8  );
+    mac[6]  = (uint8_t)( acc1 >> 16 );
+    mac[7]  = (uint8_t)( acc1 >> 24 );
+    mac[8]  = (uint8_t)acc2;
+    mac[9]  = (uint8_t)( acc2 >> 8  );
+    mac[10] = (uint8_t)( acc2 >> 16 );
+    mac[11] = (uint8_t)( acc2 >> 24 );
+    mac[12] = (uint8_t)acc3;
+    mac[13] = (uint8_t)( acc3 >> 8  );
+    mac[14] = (uint8_t)( acc3 >> 16 );
+    mac[15] = (uint8_t)( acc3 >> 24 );
+}
+
+void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
+{
+    if ( ctx != NULL )
+    {
+        mbedtls_zeroize( ctx, sizeof(mbedtls_poly1305_context) );
+    }
+}
+
+void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
+{
+    if ( ctx != NULL )
+    {
+        mbedtls_zeroize( ctx, sizeof(mbedtls_poly1305_context) );
+    }
+}
+
+int mbedtls_poly1305_setkey( mbedtls_poly1305_context *ctx,
+                             const unsigned char key[32] )
+{
+    if ( ctx == NULL )
+    {
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    }
+
+    /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
+    ctx->r[0] = BYTES_TO_U32_LE( key, 0 )  & 0x0FFFFFFFU;
+    ctx->r[1] = BYTES_TO_U32_LE( key, 4 )  & 0x0FFFFFFCU;
+    ctx->r[2] = BYTES_TO_U32_LE( key, 8 )  & 0x0FFFFFFCU;
+    ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU;
+
+    ctx->s[0] = BYTES_TO_U32_LE( key, 16 );
+    ctx->s[1] = BYTES_TO_U32_LE( key, 20 );
+    ctx->s[2] = BYTES_TO_U32_LE( key, 24 );
+    ctx->s[3] = BYTES_TO_U32_LE( key, 28 );
+
+    /* Initial accumulator state */
+    ctx->acc[0] = 0U;
+    ctx->acc[1] = 0U;
+    ctx->acc[2] = 0U;
+    ctx->acc[3] = 0U;
+
+    return 0;
+}
+
+int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
+                             size_t ilen,
+                             const unsigned char* input )
+{
+    size_t offset    = 0U;
+    size_t remaining = ilen;
+    size_t queue_free_len;
+    size_t nblocks;
+
+    if ( ( ctx == NULL ) || ( input == NULL ) )
+    {
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    }
+
+    if ( ctx->queue_len > 0U )
+    {
+        queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
+
+        if ( ilen < queue_free_len )
+        {
+            /* Not enough data to complete the block.
+             * Store this data with the other leftovers.
+             */
+            memcpy( &ctx->queue[ctx->queue_len],
+                    input,
+                    ilen );
+
+            ctx->queue_len += ilen;
+
+            remaining = 0U;
+        }
+        else
+        {
+            /* Enough data to produce a complete block */
+            memcpy( &ctx->queue[ctx->queue_len],
+                    input,
+                    queue_free_len );
+
+            ctx->queue_len = 0U;
+
+            mbedtls_poly1305_process( ctx,
+                                      1U,
+                                      ctx->queue,
+                                      1U ); /* add padding bit */
+
+            offset    += queue_free_len;
+            remaining -= queue_free_len;
+        }
+    }
+
+    if ( remaining >= POLY1305_BLOCK_SIZE_BYTES )
+    {
+        nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
+
+        mbedtls_poly1305_process( ctx, nblocks, &input[offset], 1U );
+
+        offset += nblocks * POLY1305_BLOCK_SIZE_BYTES;
+        remaining %= POLY1305_BLOCK_SIZE_BYTES;
+    }
+
+    if ( remaining > 0U )
+    {
+        /* Store partial block */
+        ctx->queue_len = remaining;
+        memcpy( ctx->queue, &input[offset], remaining );
+    }
+
+    return( 0 );
+}
+
+int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
+                             unsigned char mac[16] )
+{
+    if ( ( ctx == NULL ) || ( mac == NULL ) )
+    {
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    }
+
+    /* Process any leftover data */
+    if ( ctx->queue_len > 0U )
+    {
+        /* Add padding bit */
+        ctx->queue[ctx->queue_len] = 1U;
+        ctx->queue_len++;
+
+        /* Pad with zeroes */
+        memset( &ctx->queue[ctx->queue_len],
+                0,
+                POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
+
+        mbedtls_poly1305_process( ctx,
+                                  1U,           /* Process 1 block */
+                                  ctx->queue,
+                                  0U );         /* Don't add padding bit (it was just added above) */
+    }
+
+    mbedtls_poly1305_compute_mac( ctx, mac );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_POLY1305_ALT */
+
+int mbedtls_poly1305_mac( const unsigned char key[32],
+                           size_t ilen,
+                           const unsigned char *input,
+                           unsigned char mac[16] )
+{
+    mbedtls_poly1305_context ctx;
+    int result;
+
+    mbedtls_poly1305_init( &ctx );
+
+    result = mbedtls_poly1305_setkey( &ctx, key );
+    if ( result != 0 )
+        goto cleanup;
+
+    result = mbedtls_poly1305_update( &ctx, ilen, input );
+    if ( result != 0 )
+        goto cleanup;
+
+    result = mbedtls_poly1305_finish( &ctx, mac );
+
+cleanup:
+    mbedtls_poly1305_free( &ctx );
+    return( 0 );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+static const unsigned char test_keys[2][32] =
+{
+    {
+        0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
+        0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
+        0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
+        0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b
+    },
+    {
+        0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
+        0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
+        0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
+        0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
+    }
+};
+
+static const unsigned char test_data[2][127] =
+{
+    {
+        0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72,
+        0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f,
+        0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65,
+        0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f,
+        0x75, 0x70
+    },
+    {
+        0x27, 0x54, 0x77, 0x61, 0x73, 0x20, 0x62, 0x72,
+        0x69, 0x6c, 0x6c, 0x69, 0x67, 0x2c, 0x20, 0x61,
+        0x6e, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
+        0x6c, 0x69, 0x74, 0x68, 0x79, 0x20, 0x74, 0x6f,
+        0x76, 0x65, 0x73, 0x0a, 0x44, 0x69, 0x64, 0x20,
+        0x67, 0x79, 0x72, 0x65, 0x20, 0x61, 0x6e, 0x64,
+        0x20, 0x67, 0x69, 0x6d, 0x62, 0x6c, 0x65, 0x20,
+        0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x77,
+        0x61, 0x62, 0x65, 0x3a, 0x0a, 0x41, 0x6c, 0x6c,
+        0x20, 0x6d, 0x69, 0x6d, 0x73, 0x79, 0x20, 0x77,
+        0x65, 0x72, 0x65, 0x20, 0x74, 0x68, 0x65, 0x20,
+        0x62, 0x6f, 0x72, 0x6f, 0x67, 0x6f, 0x76, 0x65,
+        0x73, 0x2c, 0x0a, 0x41, 0x6e, 0x64, 0x20, 0x74,
+        0x68, 0x65, 0x20, 0x6d, 0x6f, 0x6d, 0x65, 0x20,
+        0x72, 0x61, 0x74, 0x68, 0x73, 0x20, 0x6f, 0x75,
+        0x74, 0x67, 0x72, 0x61, 0x62, 0x65, 0x2e
+    }
+};
+
+static const size_t test_data_len[2] =
+{
+    34U,
+    127U
+};
+
+static const unsigned char test_mac[2][16] =
+{
+    {
+        0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
+        0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9
+    },
+    {
+        0x45, 0x41, 0x66, 0x9a, 0x7e, 0xaa, 0xee, 0x61,
+        0xe7, 0x08, 0xdc, 0x7c, 0xbc, 0xc5, 0xeb, 0x62
+    }
+};
+
+int mbedtls_poly1305_self_test( int verbose )
+{
+    uint8_t mac[16];
+    size_t i;
+    int result;
+
+    for ( i = 0U; i < 2U; i++ )
+    {
+        result = mbedtls_poly1305_mac( test_keys[i],
+                                        test_data_len[i],
+                                        test_data[i],
+                                        mac );
+        if ( result != 0 )
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "Poly1305 test %zi error code: %i\n", i, result );
+            }
+
+            return( -1 );
+        }
+
+        if ( memcmp( mac, test_mac[i], 16U ) != 0 )
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "Poly1305 test %zi failed\n", i );
+            }
+
+            return( -1 );
+        }
+    }
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_POLY1305_C */
diff --git a/library/version_features.c b/library/version_features.c
index febd506b7..babf2c782 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -168,6 +168,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_SHA512_PROCESS_ALT)
     "MBEDTLS_SHA512_PROCESS_ALT",
 #endif /* MBEDTLS_SHA512_PROCESS_ALT */
+#if defined(MBEDTLS_POLY1305_ALT)
+    "MBEDTLS_POLY1305_ALT",
+#endif /* MBEDTLS_POLY1305_ALT */
 #if defined(MBEDTLS_DES_SETKEY_ALT)
     "MBEDTLS_DES_SETKEY_ALT",
 #endif /* MBEDTLS_DES_SETKEY_ALT */
@@ -639,6 +642,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_PLATFORM_C)
     "MBEDTLS_PLATFORM_C",
 #endif /* MBEDTLS_PLATFORM_C */
+#if defined(MBEDTLS_POLY1305_C)
+    "MBEDTLS_POLY1305_C",
+#endif /* MBEDTLS_POLY1305_C */
 #if defined(MBEDTLS_RIPEMD160_C)
     "MBEDTLS_RIPEMD160_C",
 #endif /* MBEDTLS_RIPEMD160_C */
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index bc473cf86..c41966586 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -63,6 +63,7 @@ int main( void )
 #include "mbedtls/gcm.h"
 #include "mbedtls/ccm.h"
 #include "mbedtls/cmac.h"
+#include "mbedtls/poly1305.h"
 #include "mbedtls/havege.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/hmac_drbg.h"
@@ -95,7 +96,8 @@ int main( void )
 #define OPTIONS                                                         \
     "md4, md5, ripemd160, sha1, sha256, sha512,\n"                      \
     "arc4, des3, des, camellia, blowfish, chacha20,\n"                  \
-    "aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,\n"                 \
+    "aes_cbc, aes_gcm, aes_ccm,\n"                                      \
+    "aes_cmac, des3_cmac, poly1305\n"                                   \
     "havege, ctr_drbg, hmac_drbg\n"                                     \
     "rsa, dhm, ecdsa, ecdh.\n"
 
@@ -231,6 +233,7 @@ typedef struct {
          arc4, des3, des,
          aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,
          camellia, blowfish, chacha20,
+         poly1305,
          havege, ctr_drbg, hmac_drbg,
          rsa, dhm, ecdsa, ecdh;
 } todo_list;
@@ -289,6 +292,8 @@ int main( int argc, char *argv[] )
                 todo.blowfish = 1;
             else if( strcmp( argv[i], "chacha20" ) == 0 )
                 todo.chacha20 = 1;
+            else if( strcmp( argv[i], "poly1305" ) == 0 )
+                todo.poly1305 = 1;
             else if( strcmp( argv[i], "havege" ) == 0 )
                 todo.havege = 1;
             else if( strcmp( argv[i], "ctr_drbg" ) == 0 )
@@ -530,6 +535,13 @@ int main( int argc, char *argv[] )
     }
 #endif
 
+#if defined(MBEDTLS_POLY1305_C)
+    if ( todo.poly1305 )
+    {
+        TIME_AND_TSC( "Poly1305", mbedtls_poly1305_mac( buf, BUFSIZE, buf, buf ) );
+    }
+#endif
+
 #if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
     if( todo.blowfish )
     {
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 36ee60b72..1dac39bf1 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -32,7 +32,7 @@ my $error_format_file = $data_dir.'/error.fmt';
 my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH
                             CAMELLIA CCM CHACHA20 CMAC CTR_DRBG DES
                             ENTROPY GCM HMAC_DRBG MD2 MD4 MD5
-                            NET OID PADLOCK PBKDF2 RIPEMD160
+                            NET OID PADLOCK PBKDF2 POLY1305 RIPEMD160
                             SHA1 SHA256 SHA512 THREADING XTEA );
 my @high_level_modules = qw( CIPHER DHM ECP MD
                              PEM PK PKCS12 PKCS5
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 3821657ae..82f155419 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -98,6 +98,7 @@ add_test_suite(pkcs5)
 add_test_suite(pk)
 add_test_suite(pkparse)
 add_test_suite(pkwrite)
+add_test_suite(poly1305)
 add_test_suite(shax)
 add_test_suite(ssl)
 add_test_suite(timing)
diff --git a/tests/Makefile b/tests/Makefile
index 34a0a8915..90b2028f5 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -82,6 +82,7 @@ APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_pkcs1_v21$(EXEXT)	test_suite_pkcs5$(EXEXT)	\
 	test_suite_pkparse$(EXEXT)	test_suite_pkwrite$(EXEXT)	\
 	test_suite_pk$(EXEXT)						\
+	test_suite_poly1305$(EXEXT)					\
 	test_suite_rsa$(EXEXT)		test_suite_shax$(EXEXT)		\
 	test_suite_ssl$(EXEXT)		test_suite_timing$(EXEXT)			\
 	test_suite_x509parse$(EXEXT)	test_suite_x509write$(EXEXT)	\
@@ -414,6 +415,10 @@ test_suite_pk$(EXEXT): test_suite_pk.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_poly1305$(EXEXT): test_suite_poly1305.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_rsa$(EXEXT): test_suite_rsa.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_poly1305.data b/tests/suites/test_suite_poly1305.data
new file mode 100644
index 000000000..f259e848b
--- /dev/null
+++ b/tests/suites/test_suite_poly1305.data
@@ -0,0 +1,51 @@
+Poly1305 RFC 7539 Example And Test Vector
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"85d6be7857556d337f4452fe42d506a80103808afb0db2fd4abff6af4149f51b":"a8061dc1305136c6c22b8baf0c0127a9":"43727970746f6772617068696320466f72756d2052657365617263682047726f7570"
+
+Poly1305 RFC 7539 Test Vector #1
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+
+Poly1305 RFC 7539 Test Vector #2
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0000000000000000000000000000000036e5f6b5c5e06070f0efca96227a863e":"36e5f6b5c5e06070f0efca96227a863e":"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f"
+
+Poly1305 RFC 7539 Test Vector #3
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"36e5f6b5c5e06070f0efca96227a863e00000000000000000000000000000000":"f3477e7cd95417af89a6b8794c310cf0":"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f"
+
+Poly1305 RFC 7539 Test Vector #4
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"4541669a7eaaee61e708dc7cbcc5eb62":"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e"
+
+Poly1305 RFC 7539 Test Vector #5
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0200000000000000000000000000000000000000000000000000000000000000":"03000000000000000000000000000000":"ffffffffffffffffffffffffffffffff"
+
+Poly1305 RFC 7539 Test Vector #6
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"02000000000000000000000000000000ffffffffffffffffffffffffffffffff":"03000000000000000000000000000000":"02000000000000000000000000000000"
+
+Poly1305 RFC 7539 Test Vector #7
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0100000000000000000000000000000000000000000000000000000000000000":"05000000000000000000000000000000":"fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff11000000000000000000000000000000"
+
+Poly1305 RFC 7539 Test Vector #8
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0100000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe01010101010101010101010101010101"
+
+Poly1305 RFC 7539 Test Vector #9
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0200000000000000000000000000000000000000000000000000000000000000":"faffffffffffffffffffffffffffffff":"fdffffffffffffffffffffffffffffff"
+
+Poly1305 RFC 7539 Test Vector #10
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0100000000000000040000000000000000000000000000000000000000000000":"14000000000000005500000000000000":"e33594d7505e43b900000000000000003394d7505e4379cd01000000000000000000000000000000000000000000000001000000000000000000000000000000"
+
+Poly1305 RFC 7539 Test Vector #11
+depends_on:MBEDTLS_POLY1305_C
+mbedtls_poly1305:"0100000000000000040000000000000000000000000000000000000000000000":"13000000000000000000000000000000":"e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000"
+
+Poly1305 Selftest
+depends_on:MBEDTLS_SELF_TEST:MBEDTLS_POLY1305_C
+poly1305_selftest:
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
new file mode 100644
index 000000000..af69a0312
--- /dev/null
+++ b/tests/suites/test_suite_poly1305.function
@@ -0,0 +1,35 @@
+/* BEGIN_HEADER */
+#include "mbedtls/poly1305.h"
+#include <stddef.h>
+/* END_HEADER */
+
+/* BEGIN_CASE depends_on:MBEDTLS_POLY1305_C */
+void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src_string  )
+{
+    unsigned char src_str[10000];
+    unsigned char mac_str[100];
+    unsigned char key[32];
+    unsigned char mac[16];
+    size_t src_len;
+
+    memset(src_str, 0x00, 10000);
+    memset(mac_str, 0x00, 100);
+    memset(key,     0x00, 32);
+    memset(mac,     0x00, 16);
+
+    src_len = unhexify( src_str, hex_src_string );
+    unhexify( key, hex_key_string );
+
+    mbedtls_poly1305_mac( key, src_len, src_str, mac );
+    hexify( mac_str, mac, 16 );
+
+    TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_POLY1305_C:MBEDTLS_SELF_TEST */
+void poly1305_selftest()
+{
+    TEST_ASSERT( mbedtls_poly1305_self_test( 0 ) == 0 );
+}
+/* END_CASE */

From b8025c58265e3fe89d123900477818c57b94434c Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Tue, 17 May 2016 14:43:01 -0300
Subject: [PATCH 018/578] Implement AEAD-ChaCha20-Poly1305.

This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
---
 include/mbedtls/aead_chacha20_poly1305.h      | 224 +++++++++
 include/mbedtls/chacha20.h                    |  21 +
 include/mbedtls/config.h                      |  23 +
 include/mbedtls/error.h                       |   1 +
 library/CMakeLists.txt                        |   1 +
 library/Makefile                              |   3 +-
 library/aead_chacha20_poly1305.c              | 463 ++++++++++++++++++
 library/chacha20.c                            |  96 ++--
 library/error.c                               |  11 +
 library/version_features.c                    |   3 +
 scripts/generate_errors.pl                    |   3 +-
 tests/CMakeLists.txt                          |   1 +
 tests/Makefile                                |   8 +-
 .../test_suite_aead_chacha20_poly1305.data    |  19 +
 ...test_suite_aead_chacha20_poly1305.function | 109 +++++
 15 files changed, 954 insertions(+), 32 deletions(-)
 create mode 100644 include/mbedtls/aead_chacha20_poly1305.h
 create mode 100644 library/aead_chacha20_poly1305.c
 create mode 100644 tests/suites/test_suite_aead_chacha20_poly1305.data
 create mode 100644 tests/suites/test_suite_aead_chacha20_poly1305.function

diff --git a/include/mbedtls/aead_chacha20_poly1305.h b/include/mbedtls/aead_chacha20_poly1305.h
new file mode 100644
index 000000000..a1ccf319e
--- /dev/null
+++ b/include/mbedtls/aead_chacha20_poly1305.h
@@ -0,0 +1,224 @@
+/**
+ * \file aead_chacha20_poly1305.h
+ *
+ * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_AEAD_CHACHA20_POLY1305_H
+#define MBEDTLS_AEAD_CHACHA20_POLY1305_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if !defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
+
+#include "chacha20.h"
+#include "poly1305.h"
+
+#define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state */
+
+typedef enum
+{
+    MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
+    MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT
+}
+mbedtls_aead_chacha20_poly1305_mode_t;
+
+typedef struct
+{
+    mbedtls_chacha20_context chacha20_ctx;      /** ChaCha20 context */
+    mbedtls_poly1305_context poly1305_ctx;      /** Poly1305 context */
+    uint64_t aad_len;                           /** Length (bytes) of the Additional Authenticated Data */
+    uint64_t ciphertext_len;                    /** Length (bytes) of the ciphertext */
+    int state;                                  /** Current state of the context */
+    mbedtls_aead_chacha20_poly1305_mode_t mode; /** Cipher mode (encrypt or decrypt) */
+}
+mbedtls_aead_chacha20_poly1305_context;
+
+/**
+ * \brief               Initialize ChaCha20-Poly1305 context
+ *
+ * \param ctx           ChaCha20-Poly1305 context to be initialized
+ */
+void mbedtls_aead_chacha20_poly1305_init( mbedtls_aead_chacha20_poly1305_context *ctx );
+
+/**
+ * \brief               Clear ChaCha20-Poly1305 context
+ *
+ * \param ctx           ChaCha20-Poly1305 context to be cleared
+ */
+void mbedtls_aead_chacha20_poly1305_free( mbedtls_aead_chacha20_poly1305_context *ctx );
+
+/**
+ * \brief               Set the ChaCha20-Poly1305 symmetric encryption key.
+ *
+ * \param ctx           The ChaCha20-Poly1305 context.
+ * \param key           The 256-bit (32 bytes) key.
+ *
+ * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ *                      if \p ctx or \p key are NULL.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_aead_chacha20_poly1305_setkey( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                           const unsigned char key[32] );
+
+/**
+ * \brief               Setup ChaCha20-Poly1305 context for encryption or decryption.
+ *
+ * \note                If the context is being used for AAD only (no data to
+ *                      encrypt or decrypt) then \p mode can be set to any value.
+ *
+ * \param ctx           The ChaCha20-Poly1305 context.
+ * \param nonce         The nonce/IV to use for the message. This must be unique
+ *                      for every message encrypted under the same key.
+ * \param mode          Specifies whether the context is used to encrypt or
+ *                      decrypt data.
+ *
+ * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ *                      if \p ctx or \p mac are NULL.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                           const unsigned char nonce[12],
+                                           mbedtls_aead_chacha20_poly1305_mode_t mode );
+
+/**
+ * \brief               Process additional authenticated data (AAD).
+ *
+ *                      This function processes data that is authenticated, but
+ *                      not encrypted.
+ *
+ * \note                This function is called before data is encrypted/decrypted.
+ *                      I.e. call this function to process the AAD before calling
+ *                      mbedtls_aead_chacha20_poly1305_update.
+ *
+ *                      You may call this function multiple times to process
+ *                      an arbitrary amount of AAD. It is permitted to call
+ *                      this function 0 times, if no AAD is used.
+ *
+ *                      This function cannot be called any more if data has
+ *                      been processed by mbedtls_aead_chacha20_poly1305_update,
+ *                      or if the context has been finished.
+ *
+ * \param ctx           The ChaCha20-Poly1305 context.
+ * \param aad_len       The length (in bytes) of the AAD. The length has no
+ *                      restrictions.
+ * \param aad           Buffer containing the AAD.
+ *
+ * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ *                      if \p ctx or \p aad are NULL.
+ *                      MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
+ *                      the context has not been setup, the context has been
+ *                      finished, or if the AAD has been finished.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                               size_t aad_len,
+                                               const unsigned char *aad );
+
+/**
+ * \brief               Encrypt/decrypt data.
+ *
+ *                      The direction (encryption or decryption) depends on the
+ *                      mode that was given when calling
+ *                      mbedtls_aead_chacha20_poly1305_starts.
+ *
+ *                      You may call this function multiple times to process
+ *                      an arbitrary amount of data. It is permitted to call
+ *                      this function 0 times, if no data is to be encrypted
+ *                      or decrypted.
+ *
+ * \param ctx           The ChaCha20-Poly1305 context.
+ * \param len           The length (in bytes) of the data to encrypt or decrypt.
+ * \param input         Buffer containing the data to encrypt or decrypt.
+ * \param output        Buffer to where the encrypted or decrypted data is written.
+ *
+ * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ *                      if \p ctx, \p input, or \p output are NULL.
+ *                      MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
+ *                      the context has not been setup, or if the context has been
+ *                      finished.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                            size_t len,
+                                            const unsigned char *input,
+                                            unsigned char *output );
+
+/**
+ * \brief               Compute the ChaCha20-Poly1305 MAC.
+ *
+ * \param ctx           The ChaCha20-Poly1305 context.
+ * \param mac           Buffer to where the 128-bit (16 bytes) MAC is written.
+ *
+ * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ *                      if \p ctx or \p mac are NULL.
+ *                      MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
+ *                      the context has not been setup.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                           unsigned char mac[16] );
+
+#else /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+#include "aead_chacha20_poly1305_alt.h"
+#endif /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+
+/**
+ * \brief               Encrypt or decrypt data, and produce a MAC with ChaCha20-Poly1305.
+ *
+ * \param key           The 256-bit (32 bytes) encryption key to use.
+ * \param nonce         The 96-bit (12 bytes) nonce/IV to use.
+ * \param mode          Specifies whether the data in the \p input buffer is to
+ *                      be encrypted or decrypted. If there is no data to encrypt
+ *                      or decrypt (i.e. \p ilen is 0) then the value of this
+ *                      parameter does not matter.
+ * \param aad_len       The length (in bytes) of the AAD data to process.
+ * \param aad           Buffer containing the additional authenticated data (AAD).
+ * \param ilen          The length (in bytes) of the data to encrypt or decrypt.
+ * \param input         Buffer containing the data to encrypt or decrypt.
+ * \param output        Buffer to where the encrypted or decrypted data is written.
+ * \param mac           Buffer to where the computed 128-bit (16 bytes) MAC is written.
+ *
+ * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ *                      if one or more of the required parameters are NULL.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_aead_chacha20_poly1305_crypt_and_mac( const unsigned char key[32],
+                                                  const unsigned char nonce[12],
+                                                  mbedtls_aead_chacha20_poly1305_mode_t mode,
+                                                  size_t aad_len,
+                                                  const unsigned char *aad,
+                                                  size_t ilen,
+                                                  const unsigned char *input,
+                                                  unsigned char *output,
+                                                  unsigned char mac[16] );
+
+/**
+ * \brief               Checkup routine
+ *
+ * \return              0 if successful, or 1 if the test failed
+ */
+int mbedtls_aead_chacha20_poly1305_self_test( int verbose );
+
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_H */
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index d23618ee0..ab87f66b9 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -99,6 +99,27 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
                              const unsigned char nonce[12],
                              uint32_t counter );
 
+/**
+ * \brief           Generates a block of keystream bytes for a specific counter value.
+ *
+ *                  This function uses the key and nonce previously set in
+ *                  the context (via mbedtls_chacha20_setkey and
+ *                  mbedtls_chacha20_starts), but ignores the previously
+ *                  set counter and uses the counter given as the parameter to
+ *                  this function.
+ *
+ * \param ctx       The ChaCha20 context. This context is not modified.
+ * \param counter   The counter value to use.
+ * \param keystream Buffer to where the generated keystream bytes are written.
+ *
+ * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or keystream are
+ *                  NULL.
+ *                  Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
+                                      uint32_t counter,
+                                      unsigned char keystream[64] );
+
 /**
  * \brief           Encrypt or decrypt data.
  *
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 7d0960a29..22d465cda 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -269,6 +269,7 @@
  *            digests and ciphers instead.
  *
  */
+//#define MBEDTLS_AEAD_CHACHA20_POLY1305_ALT
 //#define MBEDTLS_AES_ALT
 //#define MBEDTLS_ARC4_ALT
 //#define MBEDTLS_BLOWFISH_ALT
@@ -1688,6 +1689,17 @@
  */
 #define MBEDTLS_AES_C
 
+/**
+ * \def MBEDTLS_AEAD_CHACHA20_POLY1305_C
+ *
+ * Enable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module:  library/aead_chacha20_poly1305.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#define MBEDTLS_AEAD_CHACHA20_POLY1305_C
+
 /**
  * \def MBEDTLS_ARC4_C
  *
@@ -1837,6 +1849,16 @@
  */
 #define MBEDTLS_CAMELLIA_C
 
+/**
+ * \def MBEDTLS_CHACHA20_C
+ *
+ * Enable the ChaCha20 block cipher.
+ *
+ * Module:  library/chacha20.c
+ * Caller:  library/aead_chacha20_poly1305.c
+ */
+#define MBEDTLS_CHACHA20_C
+
 /**
  * \def MBEDTLS_CCM_C
  *
@@ -2405,6 +2427,7 @@
  * Enable the Poly1305 MAC algorithm.
  *
  * Module:  library/poly1305.c
+ * Caller:  library/aead_chacha20_poly1305.c
  */
 #define MBEDTLS_POLY1305_C
 
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index feeda79ed..72b7f18ff 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -78,6 +78,7 @@
  * SHA512    1                  0x0039-0x0039
  * CHACHA20  1                  0x003B-0x003B
  * POLY1305  1                  0x0041-0x0041
+ * AEAD_CHACHA20_POLY1305 2     0x0047-0x0049
  *
  * High-level module nr (3 bits - 0x0...-0x7...)
  * Name      ID  Nr of Errors
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 251b6c625..b8f663d9c 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -3,6 +3,7 @@ option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
 option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
 
 set(src_crypto
+    aead_chacha20_poly1305.c
     aes.c
     aesni.c
     arc4.c
diff --git a/library/Makefile b/library/Makefile
index 5fd693b25..de4bd5c42 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -47,7 +47,8 @@ ifdef WINDOWS_BUILD
 DLEXT=dll
 endif
 
-OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
+OBJS_CRYPTO=	aead_chacha20_poly1305.o	\
+		aes.o		aesni.o		arc4.o		\
 		asn1parse.o	asn1write.o	base64.o	\
 		bignum.o	blowfish.o	camellia.o	\
 		ccm.o		chacha20.o			\
diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
new file mode 100644
index 000000000..ab29dfa1b
--- /dev/null
+++ b/library/aead_chacha20_poly1305.c
@@ -0,0 +1,463 @@
+/**
+ * \file aead_chacha20_poly1305.c
+ *
+ * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
+ *
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+
+#include "mbedtls/aead_chacha20_poly1305.h"
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST */
+
+#if !defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
+
+#define AEAD_CHACHA20_POLY1305_STATE_INIT       ( 0 )
+#define AEAD_CHACHA20_POLY1305_STATE_AAD        ( 1 )
+#define AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
+#define AEAD_CHACHA20_POLY1305_STATE_FINISHED   ( 3 )
+
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
+}
+
+/**
+ * \brief           Adds padding bytes (zeroes) to pad the AAD for Poly1305.
+ *
+ * \param ctx       The ChaCha20-Poly1305 context.
+ */
+static void mbedtls_aead_chacha20_poly1305_pad_aad( mbedtls_aead_chacha20_poly1305_context *ctx )
+{
+    uint32_t partial_block_len = (uint32_t)( ctx->aad_len % 16U );
+    unsigned char zeroes[15];
+
+    if ( partial_block_len > 0U )
+    {
+        memset( zeroes, 0, sizeof(zeroes) );
+        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx,
+                                       16U - partial_block_len,
+                                       zeroes );
+    }
+}
+
+/**
+ * \brief           Adds padding bytes (zeroes) to pad the ciphertext for Poly1305.
+ *
+ * \param ctx       The ChaCha20-Poly1305 context.
+ */
+static void mbedtls_aead_chacha20_poly1305_pad_ciphertext( mbedtls_aead_chacha20_poly1305_context *ctx )
+{
+    uint32_t partial_block_len = (uint32_t)( ctx->ciphertext_len % 16U );
+    unsigned char zeroes[15];
+
+    if ( partial_block_len > 0U )
+    {
+        memset( zeroes, 0, sizeof(zeroes) );
+        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx,
+                                       16U - partial_block_len,
+                                       zeroes );
+    }
+}
+
+void mbedtls_aead_chacha20_poly1305_init( mbedtls_aead_chacha20_poly1305_context *ctx )
+{
+    if ( ctx != NULL )
+    {
+        mbedtls_chacha20_init( &ctx->chacha20_ctx );
+        mbedtls_poly1305_init( &ctx->poly1305_ctx );
+        ctx->aad_len        = 0U;
+        ctx->ciphertext_len = 0U;
+        ctx->state          = AEAD_CHACHA20_POLY1305_STATE_INIT;
+        ctx->mode           = MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT;
+    }
+}
+
+void mbedtls_aead_chacha20_poly1305_free( mbedtls_aead_chacha20_poly1305_context *ctx )
+{
+    if ( ctx != NULL )
+    {
+        mbedtls_chacha20_free( &ctx->chacha20_ctx );
+        mbedtls_poly1305_free( &ctx->poly1305_ctx );
+        ctx->aad_len        = 0U;
+        ctx->ciphertext_len = 0U;
+        ctx->state          = AEAD_CHACHA20_POLY1305_STATE_INIT;
+        ctx->mode           = MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT;
+    }
+}
+
+int mbedtls_aead_chacha20_poly1305_setkey( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                           const unsigned char key[32] )
+{
+    int result;
+
+    if ( ( ctx == NULL ) || ( key == NULL ) )
+    {
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+    }
+
+    result = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
+
+    return( result );
+}
+
+int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                           const unsigned char nonce[12],
+                                           mbedtls_aead_chacha20_poly1305_mode_t mode  )
+{
+    int result;
+    unsigned char poly1305_key[64];
+
+    if ( ( ctx == NULL ) || ( nonce == NULL ) )
+    {
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+    }
+
+    result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 1U );
+    if ( result != 0 )
+        goto cleanup;
+
+    /* Generate the Poly1305 key by getting the ChaCha20 keystream output with counter = 0.
+     * Only the first 256-bits (32 bytes) of the key is used for Poly1305.
+     * The other 256 bits are discarded.
+     */
+    result = mbedtls_chacha20_keystream_block( &ctx->chacha20_ctx, 0U, poly1305_key );
+    if ( result != 0 )
+        goto cleanup;
+
+    result = mbedtls_poly1305_setkey( &ctx->poly1305_ctx, poly1305_key );
+
+    if ( result == 0 )
+    {
+        ctx->aad_len        = 0U;
+        ctx->ciphertext_len = 0U;
+        ctx->state          = AEAD_CHACHA20_POLY1305_STATE_AAD;
+        ctx->mode           = mode;
+    }
+
+cleanup:
+    mbedtls_zeroize( poly1305_key, 64U );
+    return( result );
+}
+
+int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                               size_t aad_len,
+                                               const unsigned char *aad )
+{
+    if ( ( ctx == NULL ) || ( aad == NULL ) )
+    {
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+    }
+    else if ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD )
+    {
+        return (MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
+    }
+
+    ctx->aad_len += aad_len;
+
+    return ( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad_len, aad ) );
+}
+
+int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                           size_t len,
+                                           const unsigned char *input,
+                                           unsigned char *output )
+{
+    if ( ( ctx == NULL ) || ( input == NULL ) || ( output == NULL ) )
+    {
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+    }
+    else if ( ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD ) &&
+              ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT ) )
+    {
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
+    }
+
+    if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_AAD )
+    {
+        ctx->state = AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT;
+
+        mbedtls_aead_chacha20_poly1305_pad_aad( ctx );
+    }
+
+    ctx->ciphertext_len += len;
+
+    if ( ctx->mode == MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT )
+    {
+        /* Note: the following functions return an error only if one or more of
+         *       the input pointers are NULL. Since we have checked their validity
+         *       above, we can safety ignore the return value.
+         */
+        (void)mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
+        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, len, output );
+    }
+    else /* DECRYPT */
+    {
+        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, len, input );
+        (void)mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
+    }
+
+    return( 0 );
+}
+
+int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_context *ctx,
+                                           unsigned char mac[16] )
+{
+    unsigned char len_block[16];
+
+    if ( ( ctx == NULL ) || ( mac == NULL ) )
+    {
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+    }
+    else if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_INIT )
+    {
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
+    }
+
+    if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_AAD )
+    {
+        mbedtls_aead_chacha20_poly1305_pad_aad( ctx );
+    }
+    else if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT )
+    {
+        mbedtls_aead_chacha20_poly1305_pad_ciphertext( ctx );
+    }
+
+    ctx->state = AEAD_CHACHA20_POLY1305_STATE_FINISHED;
+
+    /* The lengths of the AAD and ciphertext are processed by
+     * Poly1305 as the final 128-bit block, encoded as little-endian integers.
+     */
+    len_block[0]  = (unsigned char)ctx->aad_len;
+    len_block[1]  = (unsigned char)( ctx->aad_len >> 8 );
+    len_block[2]  = (unsigned char)( ctx->aad_len >> 16 );
+    len_block[3]  = (unsigned char)( ctx->aad_len >> 24 );
+    len_block[4]  = (unsigned char)( ctx->aad_len >> 32 );
+    len_block[5]  = (unsigned char)( ctx->aad_len >> 40 );
+    len_block[6]  = (unsigned char)( ctx->aad_len >> 48 );
+    len_block[7]  = (unsigned char)( ctx->aad_len >> 56 );
+    len_block[8]  = (unsigned char)ctx->ciphertext_len;
+    len_block[9]  = (unsigned char)( ctx->ciphertext_len >> 8 );
+    len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
+    len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
+    len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
+    len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
+    len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
+    len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
+
+    (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, 16U, len_block );
+    (void)mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+
+int mbedtls_aead_chacha20_poly1305_crypt_and_mac ( const unsigned char key[32],
+                                                    const unsigned char nonce[12],
+                                                    mbedtls_aead_chacha20_poly1305_mode_t mode,
+                                                    size_t aad_len,
+                                                    const unsigned char *aad,
+                                                    size_t ilen,
+                                                    const unsigned char *input,
+                                                    unsigned char *output,
+                                                    unsigned char mac[16] )
+{
+    mbedtls_aead_chacha20_poly1305_context ctx;
+    int result;
+
+    mbedtls_aead_chacha20_poly1305_init( &ctx );
+
+    result = mbedtls_aead_chacha20_poly1305_setkey( &ctx, key );
+    if ( result != 0 )
+        goto cleanup;
+
+    result = mbedtls_aead_chacha20_poly1305_starts( &ctx, nonce, mode );
+    if ( result != 0 )
+        goto cleanup;
+
+    result = mbedtls_aead_chacha20_poly1305_update_aad( &ctx, aad_len, aad );
+    if ( result != 0 )
+            goto cleanup;
+
+    result = mbedtls_aead_chacha20_poly1305_update( &ctx, ilen, input, output );
+    if ( result != 0 )
+            goto cleanup;
+
+    result = mbedtls_aead_chacha20_poly1305_finish( &ctx, mac );
+
+cleanup:
+    mbedtls_aead_chacha20_poly1305_free( &ctx );
+    return( result );
+}
+
+#if defined(MBEDTLS_SELF_TEST)
+
+static const unsigned char test_key[1][32] =
+{
+    {
+        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+    }
+};
+
+static const unsigned char test_nonce[1][12] =
+{
+    {
+        0x07, 0x00, 0x00, 0x00,                         /* 32-bit common part */
+        0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47  /* 64-bit IV */
+    }
+};
+
+static const unsigned char test_aad[1][12] =
+{
+    {
+        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
+        0xc4, 0xc5, 0xc6, 0xc7
+    }
+};
+
+static const size_t test_aad_len[1] =
+{
+    12U
+};
+
+static const unsigned char test_input[1][114] =
+{
+    {
+        0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
+        0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
+        0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+        0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
+        0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
+        0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+        0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
+        0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
+        0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+        0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
+        0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
+        0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
+        0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
+        0x74, 0x2e
+    }
+};
+
+static const unsigned char test_output[1][114] =
+{
+    {
+        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
+        0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
+        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+        0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
+        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
+        0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
+        0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
+        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+        0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
+        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
+        0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
+        0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
+        0x61, 0x16
+    }
+};
+
+static const size_t test_input_len[1] =
+{
+    114U
+};
+
+static const unsigned char test_mac[1][16] =
+{
+    {
+        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
+        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
+    }
+};
+
+int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
+{
+    size_t i;
+    int result;
+    unsigned char output[200];
+    unsigned char mac[16];
+
+    for ( i = 0U; i < 1U; i++ )
+    {
+        result = mbedtls_aead_chacha20_poly1305_crypt_and_mac( test_key[i],
+                                                               test_nonce[i],
+                                                               MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
+                                                               test_aad_len[i],
+                                                               test_aad[i],
+                                                               test_input_len[i],
+                                                               test_input[i],
+                                                               output,
+                                                               mac );
+        if ( result != 0 )
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "ChaCha20-Poly1305 test %zi error code: %i\n", i, result );
+            }
+            return( -1 );
+        }
+
+        if ( memcmp( output, test_output[i], test_input_len[i] ) != 0 )
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "ChaCha20-Poly1305 test %zi failure (wrong output)\n", i );
+            }
+            return( -1 );
+        }
+
+        if ( memcmp( mac, test_mac[i], 16U ) != 0 )
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "ChaCha20-Poly1305 test %zi failure (wrong MAC)\n", i );
+            }
+            return( -1 );
+        }
+    }
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
diff --git a/library/chacha20.c b/library/chacha20.c
index 8206a3bf0..b20c7ad55 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -134,46 +134,47 @@ static void mbedtls_chacha20_inner_block( uint32_t state[16] )
  * \param working_state This state is used as a temporary working area.
  * \param keystream     Generated keystream bytes are written to this buffer.
  */
-static void mbedtls_chacha20_block( mbedtls_chacha20_context *ctx,
+static void mbedtls_chacha20_block( const uint32_t initial_state[16],
+                                    uint32_t working_state[16],
                                     unsigned char keystream[64] )
 {
     size_t i;
     size_t offset;
 
-    memcpy( ctx->working_state,
-            ctx->initial_state,
-            sizeof(ctx->initial_state) );
+    memcpy( working_state,
+            initial_state,
+            CHACHA20_BLOCK_SIZE_BYTES );
 
     for ( i = 0U; i < 10U; i++ )
     {
-        mbedtls_chacha20_inner_block( ctx->working_state );
+        mbedtls_chacha20_inner_block( working_state );
     }
 
-    ctx->working_state[0]  += ctx->initial_state[0];
-    ctx->working_state[1]  += ctx->initial_state[1];
-    ctx->working_state[2]  += ctx->initial_state[2];
-    ctx->working_state[3]  += ctx->initial_state[3];
-    ctx->working_state[4]  += ctx->initial_state[4];
-    ctx->working_state[5]  += ctx->initial_state[5];
-    ctx->working_state[6]  += ctx->initial_state[6];
-    ctx->working_state[7]  += ctx->initial_state[7];
-    ctx->working_state[8]  += ctx->initial_state[8];
-    ctx->working_state[9]  += ctx->initial_state[9];
-    ctx->working_state[10] += ctx->initial_state[10];
-    ctx->working_state[11] += ctx->initial_state[11];
-    ctx->working_state[12] += ctx->initial_state[12];
-    ctx->working_state[13] += ctx->initial_state[13];
-    ctx->working_state[14] += ctx->initial_state[14];
-    ctx->working_state[15] += ctx->initial_state[15];
+    working_state[0]  += initial_state[0];
+    working_state[1]  += initial_state[1];
+    working_state[2]  += initial_state[2];
+    working_state[3]  += initial_state[3];
+    working_state[4]  += initial_state[4];
+    working_state[5]  += initial_state[5];
+    working_state[6]  += initial_state[6];
+    working_state[7]  += initial_state[7];
+    working_state[8]  += initial_state[8];
+    working_state[9]  += initial_state[9];
+    working_state[10] += initial_state[10];
+    working_state[11] += initial_state[11];
+    working_state[12] += initial_state[12];
+    working_state[13] += initial_state[13];
+    working_state[14] += initial_state[14];
+    working_state[15] += initial_state[15];
 
     for ( i = 0U; i < 16; i++ )
     {
         offset = i * 4U;
 
-        keystream[offset     ] = (unsigned char)  ctx->working_state[i];
-        keystream[offset + 1U] = (unsigned char)( ctx->working_state[i] >> 8  );
-        keystream[offset + 2U] = (unsigned char)( ctx->working_state[i] >> 16 );
-        keystream[offset + 3U] = (unsigned char)( ctx->working_state[i] >> 24 );
+        keystream[offset     ] = (unsigned char)  working_state[i];
+        keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8  );
+        keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
+        keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
     }
 }
 
@@ -245,6 +246,43 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     return( 0 );
 }
 
+int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
+                                      uint32_t counter,
+                                      unsigned char keystream[64] )
+{
+    uint32_t initial_state[16];
+    uint32_t working_state[16];
+
+    if ( ( ctx == NULL ) || ( keystream == NULL ) )
+    {
+        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    }
+
+    initial_state[0]  = ctx->initial_state[0];
+    initial_state[1]  = ctx->initial_state[1];
+    initial_state[2]  = ctx->initial_state[2];
+    initial_state[3]  = ctx->initial_state[3];
+    initial_state[4]  = ctx->initial_state[4];
+    initial_state[5]  = ctx->initial_state[5];
+    initial_state[6]  = ctx->initial_state[6];
+    initial_state[7]  = ctx->initial_state[7];
+    initial_state[8]  = ctx->initial_state[8];
+    initial_state[9]  = ctx->initial_state[9];
+    initial_state[10] = ctx->initial_state[10];
+    initial_state[11] = ctx->initial_state[11];
+    initial_state[12] = counter;
+    initial_state[13] = ctx->initial_state[13];
+    initial_state[14] = ctx->initial_state[14];
+    initial_state[15] = ctx->initial_state[15];
+
+    mbedtls_chacha20_block( initial_state, working_state, keystream );
+
+    mbedtls_zeroize( initial_state, sizeof(initial_state) );
+    mbedtls_zeroize( working_state, sizeof(working_state) );
+
+    return ( 0 );
+}
+
 int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
                               size_t size,
                               const unsigned char *input,
@@ -271,7 +309,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     /* Process full blocks */
     while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
     {
-        mbedtls_chacha20_block( ctx, &output[offset] );
+        mbedtls_chacha20_block( ctx->initial_state, ctx->working_state, &output[offset] );
 
         for ( i = 0U; i < 64U; i += 8U )
         {
@@ -288,14 +326,14 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
         /* Increment counter */
         ctx->initial_state[CHACHA20_CTR_INDEX]++;
 
-        offset += 64U;
-        size   -= 64U;
+        offset += CHACHA20_BLOCK_SIZE_BYTES;
+        size   -= CHACHA20_BLOCK_SIZE_BYTES;
     }
 
     /* Last (partial) block */
     if ( size > 0U )
     {
-        mbedtls_chacha20_block( ctx, ctx->keystream8 );
+        mbedtls_chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
 
         for ( i = 0U; i < size; i++)
         {
diff --git a/library/error.c b/library/error.c
index 12bd2101b..d0a75ca5a 100644
--- a/library/error.c
+++ b/library/error.c
@@ -41,6 +41,10 @@
 
 #include <stdio.h>
 
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#include "mbedtls/aead_chacha20_poly1305.h"
+#endif
+
 #if defined(MBEDTLS_AES_C)
 #include "mbedtls/aes.h"
 #endif
@@ -575,6 +579,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
     // Low level error codes
     //
     // BEGIN generated code
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    if( use_ret == -(MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "AEAD_CHACHA20_POLY1305 - Invalid input parameter(s)" );
+    if( use_ret == -(MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE) )
+        mbedtls_snprintf( buf, buflen, "AEAD_CHACHA20_POLY1305 - The requested operation is not permitted in the current state" );
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+
 #if defined(MBEDTLS_AES_C)
     if( use_ret == -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH) )
         mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
diff --git a/library/version_features.c b/library/version_features.c
index babf2c782..64aa9f641 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -516,6 +516,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_AES_C)
     "MBEDTLS_AES_C",
 #endif /* MBEDTLS_AES_C */
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    "MBEDTLS_AEAD_CHACHA20_POLY1305_C",
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 #if defined(MBEDTLS_ARC4_C)
     "MBEDTLS_ARC4_C",
 #endif /* MBEDTLS_ARC4_C */
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 1dac39bf1..b5d141322 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -29,7 +29,7 @@ if( @ARGV ) {
 
 my $error_format_file = $data_dir.'/error.fmt';
 
-my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH
+my @low_level_modules = qw( AEAD_CHACHA20_POLY1305 AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH
                             CAMELLIA CCM CHACHA20 CMAC CTR_DRBG DES
                             ENTROPY GCM HMAC_DRBG MD2 MD4 MD5
                             NET OID PADLOCK PBKDF2 POLY1305 RIPEMD160
@@ -88,6 +88,7 @@ foreach my $line (@matches)
     $module_name = "BIGNUM" if ($module_name eq "MPI");
     $module_name = "CTR_DRBG" if ($module_name eq "CTR");
     $module_name = "HMAC_DRBG" if ($module_name eq "HMAC");
+    $module_name = "AEAD_CHACHA20_POLY1305" if ($module_name eq "AEAD");
 
     my $define_name = $module_name;
     $define_name = "X509_USE,X509_CREATE" if ($define_name eq "X509");
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 82f155419..03797ec32 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -44,6 +44,7 @@ if(MSVC)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
 endif(MSVC)
 
+add_test_suite(aead_chacha20_poly1305)
 add_test_suite(aes aes.ecb)
 add_test_suite(aes aes.cbc)
 add_test_suite(aes aes.cfb)
diff --git a/tests/Makefile b/tests/Makefile
index 90b2028f5..4a23e64cc 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -45,7 +45,8 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
-APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
+APPS = test_suite_aead_chacha20_poly1305$(EXEXT)			\
+	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_aes.cfb$(EXEXT)	test_suite_aes.rest$(EXEXT)	\
 	test_suite_arc4$(EXEXT)		test_suite_asn1write$(EXEXT)	\
 	test_suite_base64$(EXEXT)	test_suite_blowfish$(EXEXT)	\
@@ -203,6 +204,11 @@ test_suite_hmac_drbg.pr.c : suites/test_suite_hmac_drbg.function suites/test_sui
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites $* $*
 
+
+test_suite_aead_chacha20_poly1305$(EXEXT): test_suite_aead_chacha20_poly1305.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_aes.ecb$(EXEXT): test_suite_aes.ecb.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_aead_chacha20_poly1305.data b/tests/suites/test_suite_aead_chacha20_poly1305.data
new file mode 100644
index 000000000..1cbfa24da
--- /dev/null
+++ b/tests/suites/test_suite_aead_chacha20_poly1305.data
@@ -0,0 +1,19 @@
+ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+mbedtls_aead_chacha20_poly1305_enc:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600691"
+
+ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+mbedtls_aead_chacha20_poly1305_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600691"
+
+ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Encrypt)
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+mbedtls_aead_chacha20_poly1305_enc:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38"
+
+ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt)
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+mbedtls_aead_chacha20_poly1305_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"eead9d67890cbb22392336fea1851f38"
+
+ChaCha20-Poly1305 Selftest
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C:MBEDTLS_SELF_TEST
+aead_chacha20_poly1305_selftest:
diff --git a/tests/suites/test_suite_aead_chacha20_poly1305.function b/tests/suites/test_suite_aead_chacha20_poly1305.function
new file mode 100644
index 000000000..6abd05414
--- /dev/null
+++ b/tests/suites/test_suite_aead_chacha20_poly1305.function
@@ -0,0 +1,109 @@
+/* BEGIN_HEADER */
+#include "mbedtls/aead_chacha20_poly1305.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
+void mbedtls_aead_chacha20_poly1305_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
+{
+    unsigned char key_str[32];
+    unsigned char nonce_str[12];
+    unsigned char aad_str[10000];
+    unsigned char input_str[10000];
+    unsigned char output_str[10000];
+    unsigned char mac_str[16];
+    unsigned char output[10000];
+    unsigned char mac[16];
+    size_t input_len;
+    size_t output_len;
+    size_t aad_len;
+    size_t key_len;
+    size_t nonce_len;
+    size_t mac_len;
+
+    memset( key_str,     0x00, 32    );
+    memset( nonce_str,   0x00, 12    );
+    memset( aad_str,     0x00, 10000 );
+    memset( input_str,   0x00, 10000 );
+    memset( output_str,  0x00, 10000 );
+    memset( mac_str,     0x00, 16    );
+
+    aad_len    = unhexify( aad_str,    hex_aad_string    );
+    input_len  = unhexify( input_str,  hex_input_string  );
+    output_len = unhexify( output_str, hex_output_string );
+    key_len    = unhexify( key_str,    hex_key_string    );
+    nonce_len  = unhexify( nonce_str,  hex_nonce_string  );
+    mac_len    = unhexify( mac_str,    hex_mac_string    );
+
+    TEST_ASSERT( key_len   == 32 );
+    TEST_ASSERT( nonce_len == 12 );
+    TEST_ASSERT( mac_len   == 16 );
+
+    mbedtls_aead_chacha20_poly1305_crypt_and_mac( key_str, nonce_str,
+                                                  MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
+                                                  aad_len, aad_str,
+                                                  input_len, input_str, output,
+                                                  mac );
+
+    TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
+    TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_aead_chacha20_poly1305_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
+{
+    unsigned char key_str[32];
+    unsigned char nonce_str[12];
+    unsigned char aad_str[10000];
+    unsigned char input_str[10000];
+    unsigned char output_str[10000];
+    unsigned char mac_str[16];
+    unsigned char output[10000];
+    unsigned char mac[16];
+    size_t input_len;
+    size_t output_len;
+    size_t aad_len;
+    size_t key_len;
+    size_t nonce_len;
+    size_t mac_len;
+
+    memset( key_str,     0x00, 32    );
+    memset( nonce_str,   0x00, 12    );
+    memset( aad_str,     0x00, 10000 );
+    memset( input_str,   0x00, 10000 );
+    memset( output_str,  0x00, 10000 );
+    memset( mac_str,     0x00, 16    );
+
+    aad_len    = unhexify( aad_str,    hex_aad_string    );
+    input_len  = unhexify( input_str,  hex_input_string  );
+    output_len = unhexify( output_str, hex_output_string );
+    key_len    = unhexify( key_str,    hex_key_string    );
+    nonce_len  = unhexify( nonce_str,  hex_nonce_string  );
+    mac_len    = unhexify( mac_str,    hex_mac_string    );
+
+    TEST_ASSERT( key_len   == 32 );
+    TEST_ASSERT( nonce_len == 12 );
+    TEST_ASSERT( mac_len   == 16 );
+
+    mbedtls_aead_chacha20_poly1305_crypt_and_mac( key_str, nonce_str,
+                                                  MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT,
+                                                  aad_len, aad_str,
+                                                  input_len, input_str, output,
+                                                  mac );
+
+    TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
+    TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
+void aead_chacha20_poly1305_selftest()
+{
+    TEST_ASSERT( mbedtls_aead_chacha20_poly1305_self_test( 1 ) == 0 );
+}
+/* END_CASE */

From a310c5e42baf0ca4192228be1f04ca95491b57b4 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Tue, 17 May 2016 15:56:26 -0300
Subject: [PATCH 019/578] Allow some parameters to be NULL if the length is 0.

This change permits users of the ChaCha20/Poly1305 algorithms
(and the AEAD construction thereof) to pass NULL pointers for
data that they do not need, and avoids the need to provide a valid
buffer for data that is not used.
---
 include/mbedtls/aead_chacha20_poly1305.h |  6 ++++++
 include/mbedtls/chacha20.h               |  2 ++
 include/mbedtls/poly1305.h               |  1 +
 library/aead_chacha20_poly1305.c         | 12 +++++++++++-
 library/chacha20.c                       |  7 ++++++-
 library/poly1305.c                       |  9 +++++++--
 6 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/aead_chacha20_poly1305.h b/include/mbedtls/aead_chacha20_poly1305.h
index a1ccf319e..6c8e420b5 100644
--- a/include/mbedtls/aead_chacha20_poly1305.h
+++ b/include/mbedtls/aead_chacha20_poly1305.h
@@ -124,6 +124,7 @@ int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_contex
  * \param aad_len       The length (in bytes) of the AAD. The length has no
  *                      restrictions.
  * \param aad           Buffer containing the AAD.
+ *                      This pointer can be NULL if aad_len == 0.
  *
  * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
  *                      if \p ctx or \p aad are NULL.
@@ -151,7 +152,9 @@ int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_co
  * \param ctx           The ChaCha20-Poly1305 context.
  * \param len           The length (in bytes) of the data to encrypt or decrypt.
  * \param input         Buffer containing the data to encrypt or decrypt.
+ *                      This pointer can be NULL if len == 0.
  * \param output        Buffer to where the encrypted or decrypted data is written.
+ *                      This pointer can be NULL if len == 0.
  *
  * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
  *                      if \p ctx, \p input, or \p output are NULL.
@@ -195,9 +198,12 @@ int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_contex
  *                      parameter does not matter.
  * \param aad_len       The length (in bytes) of the AAD data to process.
  * \param aad           Buffer containing the additional authenticated data (AAD).
+ *                      This pointer can be NULL if aad_len == 0.
  * \param ilen          The length (in bytes) of the data to encrypt or decrypt.
  * \param input         Buffer containing the data to encrypt or decrypt.
+ *                      This pointer can be NULL if ilen == 0.
  * \param output        Buffer to where the encrypted or decrypted data is written.
+ *                      This pointer can be NULL if ilen == 0.
  * \param mac           Buffer to where the computed 128-bit (16 bytes) MAC is written.
  *
  * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index ab87f66b9..ccce12270 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -136,7 +136,9 @@ int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
  * \param ctx       The ChaCha20 context.
  * \param size      The length (in bytes) to process. This can have any length.
  * \param input     Buffer containing the input data.
+ *                  This pointer can be NULL if size == 0.
  * \param output    Buffer containing the output data.
+ *                  This pointer can be NULL if size == 0.
  *
  * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
  *                  output pointers are NULL.
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 1aa55aeee..ea9364a3c 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -85,6 +85,7 @@ int mbedtls_poly1305_setkey( mbedtls_poly1305_context *ctx,
  * \param ctx           The Poly1305 context.
  * \param ilen          The input length (in bytes). Any value is accepted.
  * \param input         Buffer containing the input data to Process.
+ *                      This pointer can be NULL if ilen == 0.
  *
  * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if ctx
  *                      or input are NULL.
diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
index ab29dfa1b..2dea5c9c5 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/aead_chacha20_poly1305.c
@@ -174,10 +174,15 @@ int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_co
                                                size_t aad_len,
                                                const unsigned char *aad )
 {
-    if ( ( ctx == NULL ) || ( aad == NULL ) )
+    if ( ctx == NULL )
     {
         return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
     }
+    else if ( ( aad_len > 0U ) && ( aad == NULL ) )
+    {
+        /* aad pointer is allowed to be NULL if aad_len == 0 */
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+    }
     else if ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD )
     {
         return (MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
@@ -197,6 +202,11 @@ int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_contex
     {
         return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
     }
+    else if ( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
+    {
+        /* input and output pointers are allowed to be NULL if len == 0 */
+        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+    }
     else if ( ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD ) &&
               ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT ) )
     {
diff --git a/library/chacha20.c b/library/chacha20.c
index b20c7ad55..351124541 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -291,10 +291,15 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     size_t offset = 0U;
     size_t i;
 
-    if ( ( ctx == NULL ) || ( input == NULL ) || ( output == NULL ) )
+    if ( ctx == NULL )
     {
         return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
     }
+    else if ( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
+    {
+        /* input and output pointers are allowed to be NULL only if size == 0 */
+        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    }
 
     /* Use leftover keystream bytes, if available */
     while ( ( size > 0U ) && ( ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) )
diff --git a/library/poly1305.c b/library/poly1305.c
index 9a61a85ce..f9bdf2c93 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -293,12 +293,17 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
     size_t queue_free_len;
     size_t nblocks;
 
-    if ( ( ctx == NULL ) || ( input == NULL ) )
+    if ( ctx == NULL )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
+    else if ( ( ilen > 0U ) && ( input == NULL ) )
+    {
+        /* input pointer is allowed to be NULL only if ilen == 0 */
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    }
 
-    if ( ctx->queue_len > 0U )
+    if ( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
     {
         queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
 

From 8fe4701abe99a765837e9c995376528e0edff4ac Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Tue, 17 May 2016 20:33:28 -0300
Subject: [PATCH 020/578] Add ChaCha20+Poly1305 to the Cipher module

---
 include/mbedtls/cipher.h                      |  19 +-
 library/cipher.c                              | 191 ++++++++++++++++--
 library/cipher_wrap.c                         |  73 +++++++
 library/version_features.c                    |  12 +-
 tests/CMakeLists.txt                          |   1 +
 tests/Makefile                                |   9 +
 ...t_suite_cipher.aead_chacha20_poly1305.data | 111 ++++++++++
 7 files changed, 391 insertions(+), 25 deletions(-)
 create mode 100644 tests/suites/test_suite_cipher.aead_chacha20_poly1305.data

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index c5a50c0d2..f954ccec3 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -37,7 +37,7 @@
 
 #include <stddef.h>
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
 #define MBEDTLS_CIPHER_MODE_AEAD
 #endif
 
@@ -147,6 +147,7 @@ typedef enum {
     MBEDTLS_CIPHER_CAMELLIA_192_CCM,     /**< Camellia cipher with 192-bit CCM mode. */
     MBEDTLS_CIPHER_CAMELLIA_256_CCM,     /**< Camellia cipher with 256-bit CCM mode. */
     MBEDTLS_CIPHER_CHACHA20,             /**< Chacha20 stream cipher. */
+    MBEDTLS_CIPHER_CHACHA20_POLY1305,    /**< Chacha20-Poly1305 AEAD cipher. */
 } mbedtls_cipher_type_t;
 
 /** Supported cipher modes. */
@@ -562,11 +563,11 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
  */
 int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
 /**
  * \brief               This function adds additional data for AEAD ciphers.
- *                      Only supported with GCM. Must be called
- *                      exactly once, after mbedtls_cipher_reset().
+ *                      Currently supported with GCM and ChaCha20+Poly1305.
+ *                      Must be called exactly once, after mbedtls_cipher_reset().
  *
  * \param ctx           The generic cipher context.
  * \param ad            The additional data to use.
@@ -577,7 +578,7 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
  */
 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len );
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
 /**
  * \brief               The generic cipher update function. It encrypts or
@@ -635,10 +636,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
 int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
                    unsigned char *output, size_t *olen );
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
 /**
  * \brief               This function writes a tag for AEAD ciphers.
- *                      Only supported with GCM.
+ *                      Currently supported with GCM and ChaCha20+Poly1305.
  *                      Must be called after mbedtls_cipher_finish().
  *
  * \param ctx           The generic cipher context.
@@ -653,7 +654,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
 
 /**
  * \brief               This function checks the tag for AEAD ciphers.
- *                      Only supported with GCM.
+ *                      Currently supported with GCM and ChaCha20+Poly1305.
  *                      Must be called after mbedtls_cipher_finish().
  *
  * \param ctx           The generic cipher context.
@@ -665,7 +666,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
  */
 int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
                       const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
 /**
  * \brief               The generic all-in-one encryption/decryption function,
diff --git a/library/cipher.c b/library/cipher.c
index 68d0c10ff..b51a40bcc 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -38,6 +38,10 @@
 #include <stdlib.h>
 #include <string.h>
 
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#include "mbedtls/aead_chacha20_poly1305.h"
+#endif
+
 #if defined(MBEDTLS_GCM_C)
 #include "mbedtls/gcm.h"
 #endif
@@ -65,6 +69,22 @@
 #define MBEDTLS_CIPHER_MODE_STREAM
 #endif
 
+/* Compare the contents of two buffers in constant time.
+ * Returns 0 if the contents are bitwise identical, otherwise returns
+ * a non-zero value. */
+static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t len )
+{
+    const unsigned char *p1 = (const unsigned char*) v1;
+    const unsigned char *p2 = (const unsigned char*) v2;
+    size_t i;
+    unsigned char diff;
+
+    for( diff = 0, i = 0; i < len; i++ )
+        diff |= p1[i] ^ p2[i];
+
+    return (int)diff;
+}
+
 static int supported_init = 0;
 
 const int *mbedtls_cipher_list( void )
@@ -263,22 +283,45 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
     return( 0 );
 }
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
+#if defined(MBEDTLS_GCM_C)
     if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
     {
         return mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
                            ctx->iv, ctx->iv_size, ad, ad_len );
     }
+#endif
+
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
+    {
+        int result;
+        mbedtls_aead_chacha20_poly1305_mode_t mode;
+
+        mode = ( ctx->operation == MBEDTLS_ENCRYPT )
+                ? MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT
+                : MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT;
+
+        result = mbedtls_aead_chacha20_poly1305_starts( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                        ctx->iv,
+                                                        mode );
+        if ( result != 0 )
+            return( result );
+
+        return mbedtls_aead_chacha20_poly1305_update_aad( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                          ad_len, ad );
+    }
+#endif
 
     return( 0 );
 }
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
 int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
                    size_t ilen, unsigned char *output, size_t *olen )
@@ -340,6 +383,21 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
     }
 #endif
 
+    if( input == output &&
+       ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
+    {
+        *olen = ilen;
+        return mbedtls_aead_chacha20_poly1305_update( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                      ilen, input, output );
+    }
+#endif
+
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
     {
@@ -672,7 +730,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
         return( 0 );
     }
 
-    if ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type )
+    if ( ( MBEDTLS_CIPHER_CHACHA20          == ctx->cipher_info->type ) ||
+         ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) )
     {
         return( 0 );
     }
@@ -788,7 +847,7 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
 }
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
 int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
                       unsigned char *tag, size_t tag_len )
 {
@@ -798,8 +857,22 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
     if( MBEDTLS_ENCRYPT != ctx->operation )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
+#if defined(MBEDTLS_GCM_C)
     if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
         return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len );
+#endif
+
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
+    {
+        /* Don't allow truncated MAC for Poly1305 */
+        if ( tag_len != 16U )
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+        return mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                      tag );
+    }
+#endif
 
     return( 0 );
 }
@@ -807,6 +880,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
 int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
                       const unsigned char *tag, size_t tag_len )
 {
+    unsigned char check_tag[16];
     int ret;
 
     if( NULL == ctx || NULL == ctx->cipher_info ||
@@ -815,12 +889,9 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
 
+#if defined(MBEDTLS_GCM_C)
     if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
     {
-        unsigned char check_tag[16];
-        size_t i;
-        int diff;
-
         if( tag_len > sizeof( check_tag ) )
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
@@ -831,18 +902,38 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
         }
 
         /* Check the tag in "constant-time" */
-        for( diff = 0, i = 0; i < tag_len; i++ )
-            diff |= tag[i] ^ check_tag[i];
-
-        if( diff != 0 )
+        if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
             return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
 
         return( 0 );
     }
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
+    {
+        /* Don't allow truncated MAC for Poly1305 */
+        if ( tag_len != sizeof( check_tag ) )
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+        ret = mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                     check_tag );
+        if ( ret != 0 )
+        {
+            return( ret );
+        }
+
+        /* Check the tag in "constant-time" */
+        if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
+            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
+
+        return( 0 );
+    }
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
     return( 0 );
 }
-#endif /* MBEDTLS_GCM_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
 /*
  * Packet-oriented wrapper for non-AEAD modes
@@ -901,6 +992,39 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
                                      tag, tag_len ) );
     }
 #endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
+    {
+        int ret;
+
+        if ( ( iv_len != ctx->cipher_info->iv_size ) ||
+             ( tag_len != 16U ) ) /* Truncated MAC is not allowed for Poly1305 */
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        *olen = ilen;
+
+        ret = mbedtls_aead_chacha20_poly1305_starts( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                     iv, MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT );
+        if ( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_aead_chacha20_poly1305_update_aad( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                         ad_len, ad );
+        if ( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_aead_chacha20_poly1305_update( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                     ilen, input, output );
+        if ( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                     tag );
+        return( ret );
+    }
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
     return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }
@@ -947,6 +1071,47 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
         return( ret );
     }
 #endif /* MBEDTLS_CCM_C */
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
+    {
+        unsigned char check_tag[16];
+        int ret;
+
+        if ( ( iv_len != ctx->cipher_info->iv_size ) ||
+             ( tag_len != 16U ) ) /* Truncated MAC is not allowed for Poly1305 */
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        *olen = ilen;
+
+        ret = mbedtls_aead_chacha20_poly1305_starts( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                     iv, MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT );
+        if ( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_aead_chacha20_poly1305_update_aad( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                         ad_len, ad );
+        if ( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_aead_chacha20_poly1305_update( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                     ilen, input, output );
+        if ( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+                                                     check_tag );
+        if ( ret != 0 )
+            return( ret );
+
+        /* Compare the tag in constant time */
+        if ( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
+            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
+
+        return( 0 );
+    }
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
     return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index f4e7964df..d8c5f0611 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -33,6 +33,10 @@
 
 #include "mbedtls/cipher_internal.h"
 
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#include "mbedtls/aead_chacha20_poly1305.h"
+#endif
+
 #if defined(MBEDTLS_AES_C)
 #include "mbedtls/aes.h"
 #endif
@@ -1352,6 +1356,71 @@ static const mbedtls_cipher_info_t chacha20_info = {
 };
 #endif /* MBEDTLS_CHACHA20_C */
 
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+
+static int aead_chacha20_poly1305_setkey_wrap( void *ctx, const unsigned char *key,
+                                               unsigned int key_bitlen )
+{
+    if( key_bitlen != 256U )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if ( 0 != mbedtls_aead_chacha20_poly1305_setkey( (mbedtls_aead_chacha20_poly1305_context*)ctx, key ) )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    return( 0 );
+}
+
+static void * aead_chacha20_poly1305_ctx_alloc( void )
+{
+    mbedtls_aead_chacha20_poly1305_context *ctx;
+    ctx = mbedtls_calloc( 1, sizeof( mbedtls_aead_chacha20_poly1305_context ) );
+
+    if( ctx == NULL )
+        return( NULL );
+
+    mbedtls_aead_chacha20_poly1305_init( ctx );
+
+    return( ctx );
+}
+
+static void aead_chacha20_poly1305_ctx_free( void *ctx )
+{
+    mbedtls_aead_chacha20_poly1305_free( (mbedtls_aead_chacha20_poly1305_context *) ctx );
+    mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t aead_chacha20_poly1305_base_info = {
+    MBEDTLS_CIPHER_ID_CHACHA20,
+    NULL,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+    NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+    NULL,
+#endif
+    aead_chacha20_poly1305_setkey_wrap,
+    aead_chacha20_poly1305_setkey_wrap,
+    aead_chacha20_poly1305_ctx_alloc,
+    aead_chacha20_poly1305_ctx_free
+};
+static const mbedtls_cipher_info_t aead_chacha20_poly1305_info = {
+    MBEDTLS_CIPHER_CHACHA20_POLY1305,
+    MBEDTLS_MODE_NONE,
+    256,
+    "CHACHA20-POLY1305",
+    12,
+    0,
+    64,
+    &aead_chacha20_poly1305_base_info
+};
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
 static int null_crypt_stream( void *ctx, size_t length,
                               const unsigned char *input,
@@ -1511,6 +1580,10 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
     { MBEDTLS_CIPHER_CHACHA20,             &chacha20_info },
 #endif
 
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    { MBEDTLS_CIPHER_CHACHA20_POLY1305,    &aead_chacha20_poly1305_info },
+#endif
+
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
     { MBEDTLS_CIPHER_NULL,                 &null_cipher_info },
 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
diff --git a/library/version_features.c b/library/version_features.c
index 64aa9f641..b73410c6a 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -84,6 +84,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_TIMING_ALT)
     "MBEDTLS_TIMING_ALT",
 #endif /* MBEDTLS_TIMING_ALT */
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
+    "MBEDTLS_AEAD_CHACHA20_POLY1305_ALT",
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
 #if defined(MBEDTLS_AES_ALT)
     "MBEDTLS_AES_ALT",
 #endif /* MBEDTLS_AES_ALT */
@@ -126,6 +129,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_MD5_ALT)
     "MBEDTLS_MD5_ALT",
 #endif /* MBEDTLS_MD5_ALT */
+#if defined(MBEDTLS_POLY1305_ALT)
+    "MBEDTLS_POLY1305_ALT",
+#endif /* MBEDTLS_POLY1305_ALT */
 #if defined(MBEDTLS_RIPEMD160_ALT)
     "MBEDTLS_RIPEMD160_ALT",
 #endif /* MBEDTLS_RIPEMD160_ALT */
@@ -168,9 +174,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_SHA512_PROCESS_ALT)
     "MBEDTLS_SHA512_PROCESS_ALT",
 #endif /* MBEDTLS_SHA512_PROCESS_ALT */
-#if defined(MBEDTLS_POLY1305_ALT)
-    "MBEDTLS_POLY1305_ALT",
-#endif /* MBEDTLS_POLY1305_ALT */
 #if defined(MBEDTLS_DES_SETKEY_ALT)
     "MBEDTLS_DES_SETKEY_ALT",
 #endif /* MBEDTLS_DES_SETKEY_ALT */
@@ -540,6 +543,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_CAMELLIA_C)
     "MBEDTLS_CAMELLIA_C",
 #endif /* MBEDTLS_CAMELLIA_C */
+#if defined(MBEDTLS_CHACHA20_C)
+    "MBEDTLS_CHACHA20_C",
+#endif /* MBEDTLS_CHACHA20_C */
 #if defined(MBEDTLS_CCM_C)
     "MBEDTLS_CCM_C",
 #endif /* MBEDTLS_CCM_C */
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 03797ec32..c7d9fad3c 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -56,6 +56,7 @@ add_test_suite(blowfish)
 add_test_suite(camellia)
 add_test_suite(ccm)
 add_test_suite(chacha20)
+add_test_suite(cipher cipher.aead_chacha20_poly1305)
 add_test_suite(cipher cipher.aes)
 add_test_suite(cipher cipher.arc4)
 add_test_suite(cipher cipher.blowfish)
diff --git a/tests/Makefile b/tests/Makefile
index 4a23e64cc..e6ff26cf3 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -52,6 +52,7 @@ APPS = test_suite_aead_chacha20_poly1305$(EXEXT)			\
 	test_suite_base64$(EXEXT)	test_suite_blowfish$(EXEXT)	\
 	test_suite_camellia$(EXEXT)	test_suite_ccm$(EXEXT)		\
 	test_suite_chacha20$(EXEXT)	test_suite_cmac$(EXEXT)		\
+	test_suite_cipher.aead_chacha20_poly1305$(EXEXT)		\
 	test_suite_cipher.aes$(EXEXT)					\
 	test_suite_cipher.arc4$(EXEXT)	test_suite_cipher.ccm$(EXEXT)	\
 	test_suite_cipher.chacha20$(EXEXT)				\
@@ -116,6 +117,10 @@ test_suite_aes.rest.c : suites/test_suite_aes.function suites/test_suite_aes.res
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.rest
 
+test_suite_cipher.aead_chacha20_poly1305.c : suites/test_suite_cipher.function suites/test_suite_cipher.aead_chacha20_poly1305.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
+	echo "  Gen   $@"
+	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.aead_chacha20_poly1305
+
 test_suite_cipher.aes.c : suites/test_suite_cipher.function suites/test_suite_cipher.aes.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.aes
@@ -261,6 +266,10 @@ test_suite_cipher.aes$(EXEXT): test_suite_cipher.aes.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_cipher.aead_chacha20_poly1305$(EXEXT): test_suite_cipher.aead_chacha20_poly1305.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_cipher.arc4$(EXEXT): test_suite_cipher.arc4.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_cipher.aead_chacha20_poly1305.data b/tests/suites/test_suite_cipher.aead_chacha20_poly1305.data
new file mode 100644
index 000000000..9cd1ed021
--- /dev/null
+++ b/tests/suites/test_suite_cipher.aead_chacha20_poly1305.data
@@ -0,0 +1,111 @@
+Decrypt empty buffer
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C:
+dec_empty_buf:
+
+ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:0:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 1 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:1:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 2 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:2:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 7 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:7:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 8 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:8:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 9 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:9:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 15 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:15:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 16 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:16:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 17 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:17:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 31 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:31:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 32 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:32:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 33 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:33:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 47 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:47:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 48 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:48:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 49 bytes
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:49:-1
+
+ChaCha20+Poly1305 Encrypt and decrypt 0 bytes in multiple parts 1
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:0:0:-1:0:0:0:0
+
+ChaCha20+Poly1305 Encrypt and decrypt 1 bytes in multiple parts 1
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:1:0:-1:1:0:1:0
+
+ChaCha20+Poly1305 Encrypt and decrypt 1 bytes in multiple parts 2
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:0:1:-1:0:1:0:1
+
+ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 1
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:0:-1:16:0:16:0
+
+ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 2
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:0:16:-1:0:16:0:16
+
+ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 3
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:1:15:-1:1:15:1:15
+
+ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 4
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:15:1:-1:15:1:15:1
+
+ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 1
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:15:7:-1:15:7:15:7
+
+ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 2
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:7:15:-1:7:15:7:15
+
+ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 3
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:6:-1:16:6:16:6
+
+ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 4
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:6:16:-1:6:16:6:16
+
+ChaCha20+Poly1305 Encrypt and decrypt 32 bytes in multiple parts
+depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:16:-1:16:16:16:16

From dedf4a3e7b61c2d791f8b01164bcb31e6f7d750a Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Wed, 18 May 2016 10:07:53 -0300
Subject: [PATCH 021/578] Adjust verbose self-test output to match other
 ciphers.

---
 library/aead_chacha20_poly1305.c | 21 ++++++++++++++++++---
 library/chacha20.c               | 19 +++++++++++++++++--
 library/poly1305.c               | 19 +++++++++++++++++--
 3 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
index 2dea5c9c5..3aa8d637d 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/aead_chacha20_poly1305.c
@@ -428,6 +428,11 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
 
     for ( i = 0U; i < 1U; i++ )
     {
+        if ( verbose != 0 )
+        {
+            mbedtls_printf( "  ChaCha20-Poly1305 test %zi ", i );
+        }
+
         result = mbedtls_aead_chacha20_poly1305_crypt_and_mac( test_key[i],
                                                                test_nonce[i],
                                                                MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
@@ -441,7 +446,7 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "ChaCha20-Poly1305 test %zi error code: %i\n", i, result );
+                mbedtls_printf( "error code: %i\n", result );
             }
             return( -1 );
         }
@@ -450,7 +455,7 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "ChaCha20-Poly1305 test %zi failure (wrong output)\n", i );
+                mbedtls_printf( "failure (wrong output)\n" );
             }
             return( -1 );
         }
@@ -459,10 +464,20 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "ChaCha20-Poly1305 test %zi failure (wrong MAC)\n", i );
+                mbedtls_printf( "failure (wrong MAC)\n" );
             }
             return( -1 );
         }
+
+        if ( verbose != 0 )
+        {
+            mbedtls_printf( "passed\n" );
+        }
+    }
+
+    if( verbose != 0 )
+    {
+        mbedtls_printf( "\n" );
     }
 
     return( 0 );
diff --git a/library/chacha20.c b/library/chacha20.c
index 351124541..f3ddd9b96 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -559,6 +559,11 @@ int mbedtls_chacha20_self_test( int verbose )
 
     for ( i = 0U; i < 2U; i++ )
     {
+        if ( verbose != 0 )
+        {
+            mbedtls_printf( "  ChaCha20 test %zi ", i );
+        }
+
         result = mbedtls_chacha20_crypt( test_keys[i],
                                          test_nonces[i],
                                          test_counters[i],
@@ -569,7 +574,7 @@ int mbedtls_chacha20_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "ChaCha20 test %zi error code: %i\n", i, result );
+                mbedtls_printf( "error code: %i\n", result );
             }
 
             return( -1 );
@@ -579,11 +584,21 @@ int mbedtls_chacha20_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "ChaCha20 test %zi failed\n", i );
+                mbedtls_printf( "failed\n" );
             }
 
             return( -1 );
         }
+
+        if ( verbose != 0 )
+        {
+            mbedtls_printf( "passed\n" );
+        }
+    }
+
+    if( verbose != 0 )
+    {
+        mbedtls_printf( "\n" );
     }
 
     return( 0 );
diff --git a/library/poly1305.c b/library/poly1305.c
index f9bdf2c93..d7c9ce160 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -490,6 +490,11 @@ int mbedtls_poly1305_self_test( int verbose )
 
     for ( i = 0U; i < 2U; i++ )
     {
+        if ( verbose != 0 )
+        {
+            mbedtls_printf( "  Poly1305 test %zi ", i );
+        }
+
         result = mbedtls_poly1305_mac( test_keys[i],
                                         test_data_len[i],
                                         test_data[i],
@@ -498,7 +503,7 @@ int mbedtls_poly1305_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "Poly1305 test %zi error code: %i\n", i, result );
+                mbedtls_printf( "error code: %i\n", result );
             }
 
             return( -1 );
@@ -508,11 +513,21 @@ int mbedtls_poly1305_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "Poly1305 test %zi failed\n", i );
+                mbedtls_printf( "failed\n" );
             }
 
             return( -1 );
         }
+
+        if ( verbose != 0 )
+        {
+            mbedtls_printf( "passed\n" );
+        }
+    }
+
+    if( verbose != 0 )
+    {
+        mbedtls_printf( "\n" );
     }
 
     return( 0 );

From 4d8f87b1cada5041fa60012dcb502cd452a2bc42 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Wed, 18 May 2016 10:09:28 -0300
Subject: [PATCH 022/578] Add ChaCha20/Poly1305 ciphers to the selftest program

---
 programs/test/selftest.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 72a37342f..57f9924ce 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -44,6 +44,9 @@
 #include "mbedtls/des.h"
 #include "mbedtls/aes.h"
 #include "mbedtls/camellia.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/aead_chacha20_poly1305.h"
 #include "mbedtls/base64.h"
 #include "mbedtls/bignum.h"
 #include "mbedtls/rsa.h"
@@ -207,6 +210,15 @@ const selftest_t selftests[] =
 #if defined(MBEDTLS_CMAC_C)
     {"cmac", mbedtls_cmac_self_test},
 #endif
+#if defined(MBEDTLS_CHACHA20_C)
+    {"chacha20", mbedtls_chacha20_self_test},
+#endif
+#if defined(MBEDTLS_POLY1305_C)
+    {"poly1305", mbedtls_poly1305_self_test},
+#endif
+#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+    {"chacha20-poly1305", mbedtls_aead_chacha20_poly1305_self_test},
+#endif
 #if defined(MBEDTLS_BASE64_C)
     {"base64", mbedtls_base64_self_test},
 #endif

From 6155cc82ba04a53e0cef88aed72bf9fc081a46b3 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Wed, 18 May 2016 11:51:22 -0300
Subject: [PATCH 023/578] Add ChaCha20 test vectors from RFC 7539

---
 tests/suites/test_suite_chacha20.data     | 24 +++++++++++++
 tests/suites/test_suite_chacha20.function | 41 +++++++++++++++++++++++
 2 files changed, 65 insertions(+)

diff --git a/tests/suites/test_suite_chacha20.data b/tests/suites/test_suite_chacha20.data
index 79f0408a2..86094604b 100644
--- a/tests/suites/test_suite_chacha20.data
+++ b/tests/suites/test_suite_chacha20.data
@@ -1,2 +1,26 @@
+ChaCha20 RFC 7539 Example and Test Vector (Encrypt)
+chacha20_crypt:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":1:"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"6e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d"
+
+ChaCha20 RFC 7539 Example and Test Vector (Decrypt)
+chacha20_crypt:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":1:"6e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
+
+ChaCha20 RFC 7539 Test Vector #1 (Encrypt)
+chacha20_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":0:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
+
+ChaCha20 RFC 7539 Test Vector #1 (Decrypt)
+chacha20_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":0:"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+
+ChaCha20 RFC 7539 Test Vector #2 (Encrypt)
+chacha20_crypt:"0000000000000000000000000000000000000000000000000000000000000001":"000000000000000000000002":1:"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f":"a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
+
+ChaCha20 RFC 7539 Test Vector #2 (Decrypt)
+chacha20_crypt:"0000000000000000000000000000000000000000000000000000000000000001":"000000000000000000000002":1:"a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221":"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f"
+
+ChaCha20 RFC 7539 Test Vector #3 (Encrypt)
+chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000000000000000002":42:"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e":"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
+
+ChaCha20 RFC 7539 Test Vector #3 (Decrypt)
+chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000000000000000002":42:"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1":"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e"
+
 ChaCha20 Selftest
 chacha20_self_test:
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 2825a6148..75d2d0fc9 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -6,6 +6,47 @@
  * depends_on:MBEDTLS_CHACHA20_C
  * END_DEPENDENCIES
  */
+
+/* BEGIN_CASE */
+void chacha20_crypt( char *hex_key_string,
+                     char *hex_nonce_string,
+                     int counter,
+                     char *hex_src_string,
+                     char *hex_dst_string )
+{
+    unsigned char key_str[100];
+    unsigned char nonce_str[100];
+    unsigned char src_str[10000];
+    unsigned char dst_str[10000];
+    unsigned char output[10000];
+    size_t key_len;
+    size_t nonce_len;
+    size_t src_len;
+    size_t dst_len;
+
+    memset(key_str, 0x00, 100);
+    memset(nonce_str, 0x00, 100);
+    memset(src_str, 0x00, 10000);
+    memset(dst_str, 0x00, 10000);
+    memset(output, 0x00, 10000);
+
+    key_len   = unhexify( key_str, hex_key_string );
+    nonce_len = unhexify( nonce_str, hex_nonce_string );
+    src_len   = unhexify( src_str, hex_src_string );
+    dst_len   = unhexify( dst_str, hex_dst_string );
+
+    TEST_ASSERT( src_len   == dst_len );
+    TEST_ASSERT( key_len   == 32U );
+    TEST_ASSERT( nonce_len == 12U );
+
+    TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 );
+
+    hexify( dst_str, output, src_len );
+
+    TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0);
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void chacha20_self_test()
 {

From dca6abb24bae3694325c61dcf0bf3c2c4e0c1047 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Wed, 18 May 2016 12:04:41 -0300
Subject: [PATCH 024/578] Fix test suite when GCM Is disabled, but
 AEAD_ChaCha20_Poly1305 is enabled.

---
 tests/suites/test_suite_cipher.function | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 8f1109ee8..e5a252fdb 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -60,7 +60,7 @@ void cipher_null_args( )
     TEST_ASSERT( mbedtls_cipher_reset( NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( mbedtls_cipher_update_ad( NULL, buf, 0 )
                  == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_cipher_update_ad( &ctx, buf, 0 )
@@ -77,7 +77,7 @@ void cipher_null_args( )
     TEST_ASSERT( mbedtls_cipher_finish( &ctx, buf, &olen )
                  == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( mbedtls_cipher_write_tag( NULL, buf, olen )
                  == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_cipher_write_tag( &ctx, buf, olen )
@@ -195,7 +195,7 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
 #endif
@@ -215,7 +215,7 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
     TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
     total_len += outlen;
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
 #endif
 
@@ -236,7 +236,7 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
     TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
     total_len += outlen;
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
 #endif
 
@@ -292,7 +292,7 @@ void enc_fail( int cipher_id, int pad_mode, int key_len,
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
     TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) );
 #endif
 
@@ -340,7 +340,7 @@ void dec_empty_buf()
 
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
 #endif
 
@@ -416,7 +416,7 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
 
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) );
 #endif
@@ -484,7 +484,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     unsigned char ad[200];
     unsigned char tag[20];
     size_t key_len, iv_len, cipher_len, clear_len;
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     size_t ad_len, tag_len;
 #endif
     mbedtls_cipher_context_t ctx;
@@ -505,7 +505,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     iv_len = unhexify( iv, hex_iv );
     cipher_len = unhexify( cipher, hex_cipher );
     clear_len = unhexify( clear, hex_clear );
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     ad_len = unhexify( ad, hex_ad );
     tag_len = unhexify( tag, hex_tag );
 #else
@@ -525,7 +525,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
     TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, iv_len ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad, ad_len ) );
 #endif
 
@@ -536,7 +536,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
                                                  &outlen ) );
     total_len += outlen;
-#if defined(MBEDTLS_GCM_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
     TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag, tag_len ) );
 #endif
 

From 16b04ce641b0ecb98a0500e2534ff51687d1ba17 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Wed, 18 May 2016 13:38:22 -0300
Subject: [PATCH 025/578] Fix unused function warning under certain
 configurations.

I refactored some code into the function mbedtls_constant_time_memcmp
in commit 7aad291 but this function is only used by GCM and
AEAD_ChaCha20_Poly1305 to check the tags. So this function is now
only enabled if either of these two ciphers is enabled.
---
 library/cipher.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/cipher.c b/library/cipher.c
index b51a40bcc..71fa6f535 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -69,9 +69,13 @@
 #define MBEDTLS_CIPHER_MODE_STREAM
 #endif
 
+
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
 /* Compare the contents of two buffers in constant time.
  * Returns 0 if the contents are bitwise identical, otherwise returns
- * a non-zero value. */
+ * a non-zero value.
+ * This is currently only used by GCM and ChaCha20+Poly1305.
+ */
 static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t len )
 {
     const unsigned char *p1 = (const unsigned char*) v1;
@@ -84,6 +88,7 @@ static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t
 
     return (int)diff;
 }
+#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
 
 static int supported_init = 0;
 

From b6897f67a4e584a69154ffe6c828a8f1bdf6ef32 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Thu, 19 May 2016 09:57:59 -0300
Subject: [PATCH 026/578] Correct signedness of printf specifier in self tests

---
 library/aead_chacha20_poly1305.c | 2 +-
 library/chacha20.c               | 2 +-
 library/poly1305.c               | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
index 3aa8d637d..dac96ae34 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/aead_chacha20_poly1305.c
@@ -430,7 +430,7 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
     {
         if ( verbose != 0 )
         {
-            mbedtls_printf( "  ChaCha20-Poly1305 test %zi ", i );
+            mbedtls_printf( "  ChaCha20-Poly1305 test %zu ", i );
         }
 
         result = mbedtls_aead_chacha20_poly1305_crypt_and_mac( test_key[i],
diff --git a/library/chacha20.c b/library/chacha20.c
index f3ddd9b96..437e38069 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -561,7 +561,7 @@ int mbedtls_chacha20_self_test( int verbose )
     {
         if ( verbose != 0 )
         {
-            mbedtls_printf( "  ChaCha20 test %zi ", i );
+            mbedtls_printf( "  ChaCha20 test %zu ", i );
         }
 
         result = mbedtls_chacha20_crypt( test_keys[i],
diff --git a/library/poly1305.c b/library/poly1305.c
index d7c9ce160..004d8574a 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -492,7 +492,7 @@ int mbedtls_poly1305_self_test( int verbose )
     {
         if ( verbose != 0 )
         {
-            mbedtls_printf( "  Poly1305 test %zi ", i );
+            mbedtls_printf( "  Poly1305 test %zu ", i );
         }
 
         result = mbedtls_poly1305_mac( test_keys[i],

From e6e7968c3ab2111a7f5cad51fd9ae45a608d5752 Mon Sep 17 00:00:00 2001
From: Daniel King <damaki.gh@gmail.com>
Date: Tue, 24 May 2016 11:16:17 -0300
Subject: [PATCH 027/578] Minor style and formatting fixes.

This change corrects some minor style violations, mostly for spacing
around parentheses.
---
 library/aead_chacha20_poly1305.c |  68 ++++++------
 library/chacha20.c               |  30 +++---
 library/poly1305.c               | 176 +++++++++++++++----------------
 3 files changed, 137 insertions(+), 137 deletions(-)

diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
index dac96ae34..8d7b63a70 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/aead_chacha20_poly1305.c
@@ -59,15 +59,15 @@ static void mbedtls_zeroize( void *v, size_t n ) {
  */
 static void mbedtls_aead_chacha20_poly1305_pad_aad( mbedtls_aead_chacha20_poly1305_context *ctx )
 {
-    uint32_t partial_block_len = (uint32_t)( ctx->aad_len % 16U );
+    uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
     unsigned char zeroes[15];
 
     if ( partial_block_len > 0U )
     {
-        memset( zeroes, 0, sizeof(zeroes) );
-        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                       16U - partial_block_len,
-                                       zeroes );
+        memset( zeroes, 0, sizeof( zeroes ) );
+        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
+                                        16U - partial_block_len,
+                                        zeroes );
     }
 }
 
@@ -78,15 +78,15 @@ static void mbedtls_aead_chacha20_poly1305_pad_aad( mbedtls_aead_chacha20_poly13
  */
 static void mbedtls_aead_chacha20_poly1305_pad_ciphertext( mbedtls_aead_chacha20_poly1305_context *ctx )
 {
-    uint32_t partial_block_len = (uint32_t)( ctx->ciphertext_len % 16U );
+    uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
     unsigned char zeroes[15];
 
     if ( partial_block_len > 0U )
     {
-        memset( zeroes, 0, sizeof(zeroes) );
-        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                       16U - partial_block_len,
-                                       zeroes );
+        memset( zeroes, 0, sizeof( zeroes ) );
+        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
+                                        16U - partial_block_len,
+                                        zeroes );
     }
 }
 
@@ -185,12 +185,12 @@ int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_co
     }
     else if ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD )
     {
-        return (MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
+        return(MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
     }
 
     ctx->aad_len += aad_len;
 
-    return ( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad_len, aad ) );
+    return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad_len, aad ) );
 }
 
 int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_context *ctx,
@@ -228,13 +228,13 @@ int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_contex
          *       the input pointers are NULL. Since we have checked their validity
          *       above, we can safety ignore the return value.
          */
-        (void)mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
-        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, len, output );
+        (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
+        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len, output );
     }
     else /* DECRYPT */
     {
-        (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, len, input );
-        (void)mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
+        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len, input );
+        (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
     }
 
     return( 0 );
@@ -268,25 +268,25 @@ int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_contex
     /* The lengths of the AAD and ciphertext are processed by
      * Poly1305 as the final 128-bit block, encoded as little-endian integers.
      */
-    len_block[0]  = (unsigned char)ctx->aad_len;
-    len_block[1]  = (unsigned char)( ctx->aad_len >> 8 );
-    len_block[2]  = (unsigned char)( ctx->aad_len >> 16 );
-    len_block[3]  = (unsigned char)( ctx->aad_len >> 24 );
-    len_block[4]  = (unsigned char)( ctx->aad_len >> 32 );
-    len_block[5]  = (unsigned char)( ctx->aad_len >> 40 );
-    len_block[6]  = (unsigned char)( ctx->aad_len >> 48 );
-    len_block[7]  = (unsigned char)( ctx->aad_len >> 56 );
-    len_block[8]  = (unsigned char)ctx->ciphertext_len;
-    len_block[9]  = (unsigned char)( ctx->ciphertext_len >> 8 );
-    len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
-    len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
-    len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
-    len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
-    len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
-    len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
+    len_block[0]  = (unsigned char) ctx->aad_len;
+    len_block[1]  = (unsigned char) ( ctx->aad_len >> 8 );
+    len_block[2]  = (unsigned char) ( ctx->aad_len >> 16 );
+    len_block[3]  = (unsigned char) ( ctx->aad_len >> 24 );
+    len_block[4]  = (unsigned char) ( ctx->aad_len >> 32 );
+    len_block[5]  = (unsigned char) ( ctx->aad_len >> 40 );
+    len_block[6]  = (unsigned char) ( ctx->aad_len >> 48 );
+    len_block[7]  = (unsigned char) ( ctx->aad_len >> 56 );
+    len_block[8]  = (unsigned char) ctx->ciphertext_len;
+    len_block[9]  = (unsigned char) ( ctx->ciphertext_len >> 8 );
+    len_block[10] = (unsigned char) ( ctx->ciphertext_len >> 16 );
+    len_block[11] = (unsigned char) ( ctx->ciphertext_len >> 24 );
+    len_block[12] = (unsigned char) ( ctx->ciphertext_len >> 32 );
+    len_block[13] = (unsigned char) ( ctx->ciphertext_len >> 40 );
+    len_block[14] = (unsigned char) ( ctx->ciphertext_len >> 48 );
+    len_block[15] = (unsigned char) ( ctx->ciphertext_len >> 56 );
 
-    (void)mbedtls_poly1305_update( &ctx->poly1305_ctx, 16U, len_block );
-    (void)mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
+    (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, 16U, len_block );
+    (void) mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
 
     return( 0 );
 }
diff --git a/library/chacha20.c b/library/chacha20.c
index 437e38069..4c2d8ef9a 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -46,14 +46,14 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
-#define BYTES_TO_U32_LE( data, offset )                   \
-    ( (uint32_t)data[offset] |                            \
-      (uint32_t)( (uint32_t)data[(offset) + 1] << 8 )  |  \
-      (uint32_t)( (uint32_t)data[(offset) + 2] << 16 ) |  \
-      (uint32_t)( (uint32_t)data[(offset) + 3] << 24 )    \
+#define BYTES_TO_U32_LE( data, offset )                           \
+    ( (uint32_t) data[offset]                                     \
+          | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 )   \
+          | (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 )  \
+          | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 )  \
     )
 
-#define ROTL32( value, amount ) ( (uint32_t)( value << amount ) | ( value >> ( 32 - amount ) ) )
+#define ROTL32( value, amount ) ( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) )
 
 #define CHACHA20_CTR_INDEX ( 12U )
 
@@ -171,10 +171,10 @@ static void mbedtls_chacha20_block( const uint32_t initial_state[16],
     {
         offset = i * 4U;
 
-        keystream[offset     ] = (unsigned char)  working_state[i];
-        keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8  );
-        keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
-        keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
+        keystream[offset     ] = (unsigned char)   working_state[i];
+        keystream[offset + 1U] = (unsigned char) ( working_state[i] >> 8  );
+        keystream[offset + 2U] = (unsigned char) ( working_state[i] >> 16 );
+        keystream[offset + 3U] = (unsigned char) ( working_state[i] >> 24 );
     }
 }
 
@@ -277,10 +277,10 @@ int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
 
     mbedtls_chacha20_block( initial_state, working_state, keystream );
 
-    mbedtls_zeroize( initial_state, sizeof(initial_state) );
-    mbedtls_zeroize( working_state, sizeof(working_state) );
+    mbedtls_zeroize( initial_state, sizeof( initial_state ) );
+    mbedtls_zeroize( working_state, sizeof( working_state ) );
 
-    return ( 0 );
+    return( 0 );
 }
 
 int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
@@ -351,7 +351,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
         ctx->initial_state[CHACHA20_CTR_INDEX]++;
     }
 
-    return 0;
+    return( 0 );
 }
 
 #endif /* !MBEDTLS_CHACHA20_ALT */
@@ -380,7 +380,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
 
 cleanup:
     mbedtls_chacha20_free( &ctx );
-    return result;
+    return( result );
 }
 
 #if defined(MBEDTLS_SELF_TEST)
diff --git a/library/poly1305.c b/library/poly1305.c
index 004d8574a..842a4d464 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -45,11 +45,11 @@
 
 #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
 
-#define BYTES_TO_U32_LE( data, offset )                   \
-    ( (uint32_t)data[offset] |                            \
-      (uint32_t)( (uint32_t)data[(offset) + 1] << 8 )  |  \
-      (uint32_t)( (uint32_t)data[(offset) + 2] << 16 ) |  \
-      (uint32_t)( (uint32_t)data[(offset) + 3] << 24 )    \
+#define BYTES_TO_U32_LE( data, offset )                           \
+    ( (uint32_t) data[offset]                                     \
+          | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 )   \
+          | (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 )  \
+          | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 )  \
     )
 
 /* Implementation that should never be optimized out by the compiler */
@@ -100,59 +100,59 @@ static void mbedtls_poly1305_process( mbedtls_poly1305_context *ctx,
     {
         /* Compute: acc += block */
         /* Note that the input block is treated as a 128-bit little-endian integer */
-        d0   = (uint64_t)acc0 + BYTES_TO_U32_LE( input, offset + 0  );
-        d1   = (uint64_t)acc1 + BYTES_TO_U32_LE( input, offset + 4  ) + ( d0 >> 32U );
-        d2   = (uint64_t)acc2 + BYTES_TO_U32_LE( input, offset + 8  ) + ( d1 >> 32U );
-        d3   = (uint64_t)acc3 + BYTES_TO_U32_LE( input, offset + 12 ) + ( d2 >> 32U );
-        acc0 = (uint32_t)d0;
-        acc1 = (uint32_t)d1;
-        acc2 = (uint32_t)d2;
-        acc3 = (uint32_t)d3;
-        acc4 += (uint32_t)( d3 >> 32U ) + needs_padding;
+        d0   = (uint64_t) acc0 + BYTES_TO_U32_LE( input, offset + 0  );
+        d1   = (uint64_t) acc1 + BYTES_TO_U32_LE( input, offset + 4  ) + ( d0 >> 32U );
+        d2   = (uint64_t) acc2 + BYTES_TO_U32_LE( input, offset + 8  ) + ( d1 >> 32U );
+        d3   = (uint64_t) acc3 + BYTES_TO_U32_LE( input, offset + 12 ) + ( d2 >> 32U );
+        acc0 = (uint32_t) d0;
+        acc1 = (uint32_t) d1;
+        acc2 = (uint32_t) d2;
+        acc3 = (uint32_t) d3;
+        acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding;
 
         /* Compute: acc *= r */
-        d0 = ( (uint64_t)acc0 * r0  ) +
-             ( (uint64_t)acc1 * rs3 ) +
-             ( (uint64_t)acc2 * rs2 ) +
-             ( (uint64_t)acc3 * rs1 );
-        d1 = ( (uint64_t)acc0 * r1  ) +
-             ( (uint64_t)acc1 * r0  ) +
-             ( (uint64_t)acc2 * rs3 ) +
-             ( (uint64_t)acc3 * rs2 ) +
-             ( (uint64_t)acc4 * rs1 );
-        d2 = ( (uint64_t)acc0 * r2  ) +
-             ( (uint64_t)acc1 * r1  ) +
-             ( (uint64_t)acc2 * r0  ) +
-             ( (uint64_t)acc3 * rs3 ) +
-             ( (uint64_t)acc4 * rs2 );
-        d3 = ( (uint64_t)acc0 * r3  ) +
-             ( (uint64_t)acc1 * r2  ) +
-             ( (uint64_t)acc2 * r1  ) +
-             ( (uint64_t)acc3 * r0  ) +
-             ( (uint64_t)acc4 * rs3 );
+        d0 = ( (uint64_t) acc0 * r0  ) +
+             ( (uint64_t) acc1 * rs3 ) +
+             ( (uint64_t) acc2 * rs2 ) +
+             ( (uint64_t) acc3 * rs1 );
+        d1 = ( (uint64_t) acc0 * r1  ) +
+             ( (uint64_t) acc1 * r0  ) +
+             ( (uint64_t) acc2 * rs3 ) +
+             ( (uint64_t) acc3 * rs2 ) +
+             ( (uint64_t) acc4 * rs1 );
+        d2 = ( (uint64_t) acc0 * r2  ) +
+             ( (uint64_t) acc1 * r1  ) +
+             ( (uint64_t) acc2 * r0  ) +
+             ( (uint64_t) acc3 * rs3 ) +
+             ( (uint64_t) acc4 * rs2 );
+        d3 = ( (uint64_t) acc0 * r3  ) +
+             ( (uint64_t) acc1 * r2  ) +
+             ( (uint64_t) acc2 * r1  ) +
+             ( (uint64_t) acc3 * r0  ) +
+             ( (uint64_t) acc4 * rs3 );
         acc4 *= r0;
 
         /* Compute: acc %= (2^130 - 5) (partial remainder) */
         d1 += ( d0 >> 32 );
         d2 += ( d1 >> 32 );
         d3 += ( d2 >> 32 );
-        acc0 = (uint32_t)d0;
-        acc1 = (uint32_t)d1;
-        acc2 = (uint32_t)d2;
-        acc3 = (uint32_t)d3;
-        acc4 = (uint32_t)( d3 >> 32 ) + acc4;
+        acc0 = (uint32_t) d0;
+        acc1 = (uint32_t) d1;
+        acc2 = (uint32_t) d2;
+        acc3 = (uint32_t) d3;
+        acc4 = (uint32_t) ( d3 >> 32 ) + acc4;
 
-        d0 = (uint64_t)acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU );
+        d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU );
         acc4 &= 3U;
-        acc0 = (uint32_t)d0;
-        d0 = (uint64_t)acc1 + ( d0 >> 32U );
-        acc1 = (uint32_t)d0;
-        d0 = (uint64_t)acc2 + ( d0 >> 32U );
-        acc2 = (uint32_t)d0;
-        d0 = (uint64_t)acc3 + ( d0 >> 32U );
-        acc3 = (uint32_t)d0;
-        d0 = (uint64_t)acc4 + ( d0 >> 32U );
-        acc4 = (uint32_t)d0;
+        acc0 = (uint32_t) d0;
+        d0 = (uint64_t) acc1 + ( d0 >> 32U );
+        acc1 = (uint32_t) d0;
+        d0 = (uint64_t) acc2 + ( d0 >> 32U );
+        acc2 = (uint32_t) d0;
+        d0 = (uint64_t) acc3 + ( d0 >> 32U );
+        acc3 = (uint32_t) d0;
+        d0 = (uint64_t) acc4 + ( d0 >> 32U );
+        acc4 = (uint32_t) d0;
 
         offset    += POLY1305_BLOCK_SIZE_BYTES;
     }
@@ -192,18 +192,18 @@ static void mbedtls_poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
      */
 
     /* Calculate acc + -(2^130 - 5) */
-    d  = ( (uint64_t)acc0 + 5U );
-    g0 = (uint32_t)d;
-    d  = ( (uint64_t)acc1 + ( d >> 32 ) );
-    g1 = (uint32_t)d;
-    d  = ( (uint64_t)acc2 + ( d >> 32 ) );
-    g2 = (uint32_t)d;
-    d  = ( (uint64_t)acc3 + ( d >> 32 ) );
-    g3 = (uint32_t)d;
-    g4 = acc4 + (uint32_t)( d >> 32U );
+    d  = ( (uint64_t) acc0 + 5U );
+    g0 = (uint32_t) d;
+    d  = ( (uint64_t) acc1 + ( d >> 32 ) );
+    g1 = (uint32_t) d;
+    d  = ( (uint64_t) acc2 + ( d >> 32 ) );
+    g2 = (uint32_t) d;
+    d  = ( (uint64_t) acc3 + ( d >> 32 ) );
+    g3 = (uint32_t) d;
+    g4 = acc4 + (uint32_t) ( d >> 32U );
 
     /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */
-    mask = (uint32_t)0U - ( g4 >> 2U );
+    mask = (uint32_t) 0U - ( g4 >> 2U );
     mask_inv = ~mask;
 
     /* If 131st bit is set then acc=g, otherwise, acc is unmodified */
@@ -213,38 +213,38 @@ static void mbedtls_poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
     acc3 = ( acc3 & mask_inv ) | ( g3 & mask );
 
     /* Add 's' */
-    d = (uint64_t)acc0 + ctx->s[0];
-    acc0 = (uint32_t)d;
-    d = (uint64_t)acc1 + ctx->s[1] + ( d >> 32U );
-    acc1 = (uint32_t)d;
-    d = (uint64_t)acc2 + ctx->s[2] + ( d >> 32U );
-    acc2 = (uint32_t)d;
-    acc3 += ctx->s[3] + (uint32_t)( d >> 32U );
+    d = (uint64_t) acc0 + ctx->s[0];
+    acc0 = (uint32_t) d;
+    d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U );
+    acc1 = (uint32_t) d;
+    d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U );
+    acc2 = (uint32_t) d;
+    acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
 
     /* Compute MAC (128 least significant bits of the accumulator) */
-    mac[0]  = (uint8_t)acc0;
-    mac[1]  = (uint8_t)( acc0 >> 8  );
-    mac[2]  = (uint8_t)( acc0 >> 16 );
-    mac[3]  = (uint8_t)( acc0 >> 24 );
-    mac[4]  = (uint8_t)acc1;
-    mac[5]  = (uint8_t)( acc1 >> 8  );
-    mac[6]  = (uint8_t)( acc1 >> 16 );
-    mac[7]  = (uint8_t)( acc1 >> 24 );
-    mac[8]  = (uint8_t)acc2;
-    mac[9]  = (uint8_t)( acc2 >> 8  );
-    mac[10] = (uint8_t)( acc2 >> 16 );
-    mac[11] = (uint8_t)( acc2 >> 24 );
-    mac[12] = (uint8_t)acc3;
-    mac[13] = (uint8_t)( acc3 >> 8  );
-    mac[14] = (uint8_t)( acc3 >> 16 );
-    mac[15] = (uint8_t)( acc3 >> 24 );
+    mac[0]  = (unsigned char) acc0;
+    mac[1]  = (unsigned char) ( acc0 >> 8  );
+    mac[2]  = (unsigned char) ( acc0 >> 16 );
+    mac[3]  = (unsigned char) ( acc0 >> 24 );
+    mac[4]  = (unsigned char) acc1;
+    mac[5]  = (unsigned char) ( acc1 >> 8  );
+    mac[6]  = (unsigned char) ( acc1 >> 16 );
+    mac[7]  = (unsigned char) ( acc1 >> 24 );
+    mac[8]  = (unsigned char) acc2;
+    mac[9]  = (unsigned char) ( acc2 >> 8  );
+    mac[10] = (unsigned char) ( acc2 >> 16 );
+    mac[11] = (unsigned char) ( acc2 >> 24 );
+    mac[12] = (unsigned char) acc3;
+    mac[13] = (unsigned char) ( acc3 >> 8  );
+    mac[14] = (unsigned char) ( acc3 >> 16 );
+    mac[15] = (unsigned char) ( acc3 >> 24 );
 }
 
 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
 {
     if ( ctx != NULL )
     {
-        mbedtls_zeroize( ctx, sizeof(mbedtls_poly1305_context) );
+        mbedtls_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
     }
 }
 
@@ -252,7 +252,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
 {
     if ( ctx != NULL )
     {
-        mbedtls_zeroize( ctx, sizeof(mbedtls_poly1305_context) );
+        mbedtls_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
     }
 }
 
@@ -281,7 +281,7 @@ int mbedtls_poly1305_setkey( mbedtls_poly1305_context *ctx,
     ctx->acc[2] = 0U;
     ctx->acc[3] = 0U;
 
-    return 0;
+    return( 0 );
 }
 
 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
@@ -484,7 +484,7 @@ static const unsigned char test_mac[2][16] =
 
 int mbedtls_poly1305_self_test( int verbose )
 {
-    uint8_t mac[16];
+    unsigned char mac[16];
     size_t i;
     int result;
 
@@ -496,9 +496,9 @@ int mbedtls_poly1305_self_test( int verbose )
         }
 
         result = mbedtls_poly1305_mac( test_keys[i],
-                                        test_data_len[i],
-                                        test_data[i],
-                                        mac );
+                                       test_data_len[i],
+                                       test_data[i],
+                                       mac );
         if ( result != 0 )
         {
             if ( verbose != 0 )

From ce8314f5f0856bc72e0bd26c83770086712d969b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 3 May 2018 12:49:58 +0200
Subject: [PATCH 028/578] Add ChangeLog entry for new features.

Fixes #346
---
 ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 348864c0e..10dd8689c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Features
+   * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
+   authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
+   Daniel King (#485).
+
 API Changes
    * Extend the platform module with a util component that contains
      functionality shared by multiple Mbed TLS modules. At this stage

From 95d0bdbd84817cb4defeb8030b8b2fc39f5d54b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 09:58:35 +0200
Subject: [PATCH 029/578] Adapt the _ALT style to our new standard

- in .h files: only put the context declaration inside the #ifdef _ALT
  (this was changed in 2.9.0, ie after the original PR)
- in .c file: only leave selftest out of _ALT: even though some function are
  trivial to build from other parts, alt implementors might want to go another
way about them (for efficiency or other reasons)
---
 include/mbedtls/aead_chacha20_poly1305.h | 18 +++++++++---------
 include/mbedtls/chacha20.h               | 12 ++++++------
 include/mbedtls/poly1305.h               | 12 ++++++------
 library/aead_chacha20_poly1305.c         |  4 ++--
 library/chacha20.c                       |  4 ++--
 library/poly1305.c                       |  4 ++--
 6 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/include/mbedtls/aead_chacha20_poly1305.h b/include/mbedtls/aead_chacha20_poly1305.h
index 6c8e420b5..6f7ab6f7f 100644
--- a/include/mbedtls/aead_chacha20_poly1305.h
+++ b/include/mbedtls/aead_chacha20_poly1305.h
@@ -29,11 +29,6 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if !defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
-
-#include "chacha20.h"
-#include "poly1305.h"
-
 #define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
 #define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state */
 
@@ -44,6 +39,11 @@ typedef enum
 }
 mbedtls_aead_chacha20_poly1305_mode_t;
 
+#if !defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
+
+#include "chacha20.h"
+#include "poly1305.h"
+
 typedef struct
 {
     mbedtls_chacha20_context chacha20_ctx;      /** ChaCha20 context */
@@ -55,6 +55,10 @@ typedef struct
 }
 mbedtls_aead_chacha20_poly1305_context;
 
+#else /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+#include "aead_chacha20_poly1305_alt.h"
+#endif /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+
 /**
  * \brief               Initialize ChaCha20-Poly1305 context
  *
@@ -183,10 +187,6 @@ int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_contex
 int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_context *ctx,
                                            unsigned char mac[16] );
 
-#else /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
-#include "aead_chacha20_poly1305_alt.h"
-#endif /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
-
 /**
  * \brief               Encrypt or decrypt data, and produce a MAC with ChaCha20-Poly1305.
  *
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index ccce12270..a2856a7e4 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -31,13 +31,13 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if !defined(MBEDTLS_CHACHA20_ALT)
-
 #include <stdint.h>
 #include <stddef.h>
 
 #define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */
 
+#if !defined(MBEDTLS_CHACHA20_ALT)
+
 typedef struct
 {
     uint32_t initial_state[16];  /*! Holds the initial state (before round operations) */
@@ -47,6 +47,10 @@ typedef struct
 }
 mbedtls_chacha20_context;
 
+#else  /* MBEDTLS_CHACHA20_ALT */
+#include "chacha20_alt.h"
+#endif /* MBEDTLS_CHACHA20_ALT */
+
 /**
  * \brief           Initialize ChaCha20 context
  *
@@ -149,10 +153,6 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
                               const unsigned char *input,
                               unsigned char *output );
 
-#else  /* MBEDTLS_CHACHA20_ALT */
-#include "chacha20_alt.h"
-#endif /* MBEDTLS_CHACHA20_ALT */
-
 /**
  * \brief           Encrypt or decrypt a message using ChaCha20.
  *
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index ea9364a3c..915f8ab0d 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -32,10 +32,10 @@
 #include <stdint.h>
 #include <stddef.h>
 
-#if !defined(MBEDTLS_POLY1305_ALT)
-
 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0041 /**< Invalid input parameter(s). */
 
+#if !defined(MBEDTLS_POLY1305_ALT)
+
 typedef struct
 {
     uint32_t r[4];      /** Stores the value for 'r' (low 128 bits of the key) */
@@ -46,6 +46,10 @@ typedef struct
 }
 mbedtls_poly1305_context;
 
+#else  /* MBEDTLS_POLY1305_ALT */
+#include "poly1305_alt.h"
+#endif /* MBEDTLS_POLY1305_ALT */
+
 /**
  * \brief               Initialize a Poly1305 context
  *
@@ -109,10 +113,6 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
                              unsigned char mac[16] );
 
-#else  /* MBEDTLS_POLY1305_ALT */
-#include "poly1305_alt.h"
-#endif /* MBEDTLS_POLY1305_ALT */
-
 /**
  * \brief               Generate the Poly1305 MAC of some data with the given key.
  *
diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
index 8d7b63a70..2e07f1ed4 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/aead_chacha20_poly1305.c
@@ -291,8 +291,6 @@ int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_contex
     return( 0 );
 }
 
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
-
 int mbedtls_aead_chacha20_poly1305_crypt_and_mac ( const unsigned char key[32],
                                                     const unsigned char nonce[12],
                                                     mbedtls_aead_chacha20_poly1305_mode_t mode,
@@ -331,6 +329,8 @@ cleanup:
     return( result );
 }
 
+#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+
 #if defined(MBEDTLS_SELF_TEST)
 
 static const unsigned char test_key[1][32] =
diff --git a/library/chacha20.c b/library/chacha20.c
index 4c2d8ef9a..5d2c3e5bf 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -354,8 +354,6 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     return( 0 );
 }
 
-#endif /* !MBEDTLS_CHACHA20_ALT */
-
 int mbedtls_chacha20_crypt( const unsigned char key[32],
                             const unsigned char nonce[12],
                             uint32_t counter,
@@ -383,6 +381,8 @@ cleanup:
     return( result );
 }
 
+#endif /* !MBEDTLS_CHACHA20_ALT */
+
 #if defined(MBEDTLS_SELF_TEST)
 
 static const unsigned char test_keys[2][32] =
diff --git a/library/poly1305.c b/library/poly1305.c
index 842a4d464..6acbc7fa5 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -390,8 +390,6 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
     return( 0 );
 }
 
-#endif /* MBEDTLS_POLY1305_ALT */
-
 int mbedtls_poly1305_mac( const unsigned char key[32],
                            size_t ilen,
                            const unsigned char *input,
@@ -417,6 +415,8 @@ cleanup:
     return( 0 );
 }
 
+#endif /* MBEDTLS_POLY1305_ALT */
+
 #if defined(MBEDTLS_SELF_TEST)
 
 static const unsigned char test_keys[2][32] =

From 823b7a0ce7f8f4e1b4e7381ad1d38176bb52823a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 10:10:30 +0200
Subject: [PATCH 030/578] Add missing extern "C" guard to new headers

---
 include/mbedtls/aead_chacha20_poly1305.h | 8 ++++++++
 include/mbedtls/chacha20.h               | 8 ++++++++
 include/mbedtls/poly1305.h               | 8 ++++++++
 3 files changed, 24 insertions(+)

diff --git a/include/mbedtls/aead_chacha20_poly1305.h b/include/mbedtls/aead_chacha20_poly1305.h
index 6f7ab6f7f..21c3158b0 100644
--- a/include/mbedtls/aead_chacha20_poly1305.h
+++ b/include/mbedtls/aead_chacha20_poly1305.h
@@ -32,6 +32,10 @@
 #define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
 #define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 typedef enum
 {
     MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
@@ -227,4 +231,8 @@ int mbedtls_aead_chacha20_poly1305_crypt_and_mac( const unsigned char key[32],
  */
 int mbedtls_aead_chacha20_poly1305_self_test( int verbose );
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_H */
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index a2856a7e4..f88bd28b7 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -36,6 +36,10 @@
 
 #define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if !defined(MBEDTLS_CHACHA20_ALT)
 
 typedef struct
@@ -189,4 +193,8 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
  */
 int mbedtls_chacha20_self_test( int verbose );
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MBEDTLS_CHACHA20_H */
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 915f8ab0d..c911b9fde 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -34,6 +34,10 @@
 
 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0041 /**< Invalid input parameter(s). */
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if !defined(MBEDTLS_POLY1305_ALT)
 
 typedef struct
@@ -140,4 +144,8 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
  */
 int mbedtls_poly1305_self_test( int verbose );
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* MBEDTLS_POLY1305_H */

From b7e99006f9c85df28a9f15464e1fd5ed28559028 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 10:14:18 +0200
Subject: [PATCH 031/578] Avoid using %zu in selftest functions

This is a C99 feature and unfortunately we can't rely on it yet considering
the set of toolchain (versions) we want to support.
---
 library/aead_chacha20_poly1305.c | 4 ++--
 library/chacha20.c               | 4 ++--
 library/poly1305.c               | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
index 2e07f1ed4..f00380c0b 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/aead_chacha20_poly1305.c
@@ -421,7 +421,7 @@ static const unsigned char test_mac[1][16] =
 
 int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
 {
-    size_t i;
+    unsigned i;
     int result;
     unsigned char output[200];
     unsigned char mac[16];
@@ -430,7 +430,7 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
     {
         if ( verbose != 0 )
         {
-            mbedtls_printf( "  ChaCha20-Poly1305 test %zu ", i );
+            mbedtls_printf( "  ChaCha20-Poly1305 test %u ", i );
         }
 
         result = mbedtls_aead_chacha20_poly1305_crypt_and_mac( test_key[i],
diff --git a/library/chacha20.c b/library/chacha20.c
index 5d2c3e5bf..28133a675 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -554,14 +554,14 @@ static const size_t test_lengths[2] =
 int mbedtls_chacha20_self_test( int verbose )
 {
     unsigned char output[381];
-    size_t i;
+    unsigned i;
     int result;
 
     for ( i = 0U; i < 2U; i++ )
     {
         if ( verbose != 0 )
         {
-            mbedtls_printf( "  ChaCha20 test %zu ", i );
+            mbedtls_printf( "  ChaCha20 test %u ", i );
         }
 
         result = mbedtls_chacha20_crypt( test_keys[i],
diff --git a/library/poly1305.c b/library/poly1305.c
index 6acbc7fa5..5a096586d 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -485,14 +485,14 @@ static const unsigned char test_mac[2][16] =
 int mbedtls_poly1305_self_test( int verbose )
 {
     unsigned char mac[16];
-    size_t i;
+    unsigned i;
     int result;
 
     for ( i = 0U; i < 2U; i++ )
     {
         if ( verbose != 0 )
         {
-            mbedtls_printf( "  Poly1305 test %zu ", i );
+            mbedtls_printf( "  Poly1305 test %u ", i );
         }
 
         result = mbedtls_poly1305_mac( test_keys[i],

From 4edd51babec6fa560c3197805d3d4ff946c2b85e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 10:21:56 +0200
Subject: [PATCH 032/578] Rename poly1305_setkey() to poly1305_starts()

For consistency with the existing CMAC and HMAC APIs
---
 include/mbedtls/poly1305.h       | 2 +-
 library/aead_chacha20_poly1305.c | 2 +-
 library/poly1305.c               | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index c911b9fde..f69191578 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -81,7 +81,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
  *                      or key are NULL.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_poly1305_setkey( mbedtls_poly1305_context *ctx,
+int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] );
 
 /**
diff --git a/library/aead_chacha20_poly1305.c b/library/aead_chacha20_poly1305.c
index f00380c0b..04180081a 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/aead_chacha20_poly1305.c
@@ -155,7 +155,7 @@ int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_contex
     if ( result != 0 )
         goto cleanup;
 
-    result = mbedtls_poly1305_setkey( &ctx->poly1305_ctx, poly1305_key );
+    result = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
 
     if ( result == 0 )
     {
diff --git a/library/poly1305.c b/library/poly1305.c
index 5a096586d..66f932c4f 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -256,7 +256,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
     }
 }
 
-int mbedtls_poly1305_setkey( mbedtls_poly1305_context *ctx,
+int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] )
 {
     if ( ctx == NULL )
@@ -400,7 +400,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
 
     mbedtls_poly1305_init( &ctx );
 
-    result = mbedtls_poly1305_setkey( &ctx, key );
+    result = mbedtls_poly1305_starts( &ctx, key );
     if ( result != 0 )
         goto cleanup;
 

From dca3a5d8842d50833c2f5bc5ad225aefeeb874b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 10:43:27 +0200
Subject: [PATCH 033/578] Rename aead_chacha20_poly1305 to chachapoly

While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
---
 ...{aead_chacha20_poly1305.h => chachapoly.h} | 106 +++++------
 include/mbedtls/cipher.h                      |  10 +-
 include/mbedtls/config.h                      |  12 +-
 include/mbedtls/error.h                       |   2 +-
 library/CMakeLists.txt                        |   2 +-
 library/Makefile                              |   5 +-
 ...{aead_chacha20_poly1305.c => chachapoly.c} | 166 +++++++++---------
 library/cipher.c                              |  70 ++++----
 library/cipher_wrap.c                         |  45 ++---
 library/error.c                               |  22 +--
 library/version_features.c                    |  12 +-
 programs/test/selftest.c                      |   6 +-
 scripts/generate_errors.pl                    |   5 +-
 tests/CMakeLists.txt                          |   4 +-
 tests/Makefile                                |  32 ++--
 .../test_suite_aead_chacha20_poly1305.data    |  19 --
 tests/suites/test_suite_chachapoly.data       |  19 ++
 ...unction => test_suite_chachapoly.function} |  32 ++--
 ...data => test_suite_cipher.chachapoly.data} |  56 +++---
 tests/suites/test_suite_cipher.function       |  24 +--
 visualc/VS2010/mbedTLS.vcxproj                |   6 +
 21 files changed, 330 insertions(+), 325 deletions(-)
 rename include/mbedtls/{aead_chacha20_poly1305.h => chachapoly.h} (64%)
 rename library/{aead_chacha20_poly1305.c => chachapoly.c} (64%)
 delete mode 100644 tests/suites/test_suite_aead_chacha20_poly1305.data
 create mode 100644 tests/suites/test_suite_chachapoly.data
 rename tests/suites/{test_suite_aead_chacha20_poly1305.function => test_suite_chachapoly.function} (67%)
 rename tests/suites/{test_suite_cipher.aead_chacha20_poly1305.data => test_suite_cipher.chachapoly.data} (74%)

diff --git a/include/mbedtls/aead_chacha20_poly1305.h b/include/mbedtls/chachapoly.h
similarity index 64%
rename from include/mbedtls/aead_chacha20_poly1305.h
rename to include/mbedtls/chachapoly.h
index 21c3158b0..810675ddd 100644
--- a/include/mbedtls/aead_chacha20_poly1305.h
+++ b/include/mbedtls/chachapoly.h
@@ -1,5 +1,5 @@
 /**
- * \file aead_chacha20_poly1305.h
+ * \file chachapoly.h
  *
  * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
  *
@@ -20,8 +20,8 @@
  *
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
-#ifndef MBEDTLS_AEAD_CHACHA20_POLY1305_H
-#define MBEDTLS_AEAD_CHACHA20_POLY1305_H
+#ifndef MBEDTLS_CHACHAPOLY_H
+#define MBEDTLS_CHACHAPOLY_H
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
@@ -29,8 +29,8 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
-#define MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state */
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state */
 
 #ifdef __cplusplus
 extern "C" {
@@ -38,12 +38,12 @@ extern "C" {
 
 typedef enum
 {
-    MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
-    MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT
+    MBEDTLS_CHACHAPOLY_ENCRYPT,
+    MBEDTLS_CHACHAPOLY_DECRYPT
 }
-mbedtls_aead_chacha20_poly1305_mode_t;
+mbedtls_chachapoly_mode_t;
 
-#if !defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
+#if !defined(MBEDTLS_CHACHAPOLY_ALT)
 
 #include "chacha20.h"
 #include "poly1305.h"
@@ -55,27 +55,27 @@ typedef struct
     uint64_t aad_len;                           /** Length (bytes) of the Additional Authenticated Data */
     uint64_t ciphertext_len;                    /** Length (bytes) of the ciphertext */
     int state;                                  /** Current state of the context */
-    mbedtls_aead_chacha20_poly1305_mode_t mode; /** Cipher mode (encrypt or decrypt) */
+    mbedtls_chachapoly_mode_t mode; /** Cipher mode (encrypt or decrypt) */
 }
-mbedtls_aead_chacha20_poly1305_context;
+mbedtls_chachapoly_context;
 
-#else /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
-#include "aead_chacha20_poly1305_alt.h"
-#endif /* !MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+#else /* !MBEDTLS_CHACHAPOLY_ALT */
+#include "chachapoly_alt.h"
+#endif /* !MBEDTLS_CHACHAPOLY_ALT */
 
 /**
  * \brief               Initialize ChaCha20-Poly1305 context
  *
  * \param ctx           ChaCha20-Poly1305 context to be initialized
  */
-void mbedtls_aead_chacha20_poly1305_init( mbedtls_aead_chacha20_poly1305_context *ctx );
+void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
 
 /**
  * \brief               Clear ChaCha20-Poly1305 context
  *
  * \param ctx           ChaCha20-Poly1305 context to be cleared
  */
-void mbedtls_aead_chacha20_poly1305_free( mbedtls_aead_chacha20_poly1305_context *ctx );
+void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
 
 /**
  * \brief               Set the ChaCha20-Poly1305 symmetric encryption key.
@@ -83,12 +83,12 @@ void mbedtls_aead_chacha20_poly1305_free( mbedtls_aead_chacha20_poly1305_context
  * \param ctx           The ChaCha20-Poly1305 context.
  * \param key           The 256-bit (32 bytes) key.
  *
- * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
  *                      if \p ctx or \p key are NULL.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_aead_chacha20_poly1305_setkey( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                           const unsigned char key[32] );
+int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
+                               const unsigned char key[32] );
 
 /**
  * \brief               Setup ChaCha20-Poly1305 context for encryption or decryption.
@@ -102,13 +102,13 @@ int mbedtls_aead_chacha20_poly1305_setkey( mbedtls_aead_chacha20_poly1305_contex
  * \param mode          Specifies whether the context is used to encrypt or
  *                      decrypt data.
  *
- * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
  *                      if \p ctx or \p mac are NULL.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                           const unsigned char nonce[12],
-                                           mbedtls_aead_chacha20_poly1305_mode_t mode );
+int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
+                               const unsigned char nonce[12],
+                               mbedtls_chachapoly_mode_t mode );
 
 /**
  * \brief               Process additional authenticated data (AAD).
@@ -118,14 +118,14 @@ int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_contex
  *
  * \note                This function is called before data is encrypted/decrypted.
  *                      I.e. call this function to process the AAD before calling
- *                      mbedtls_aead_chacha20_poly1305_update.
+ *                      mbedtls_chachapoly_update.
  *
  *                      You may call this function multiple times to process
  *                      an arbitrary amount of AAD. It is permitted to call
  *                      this function 0 times, if no AAD is used.
  *
  *                      This function cannot be called any more if data has
- *                      been processed by mbedtls_aead_chacha20_poly1305_update,
+ *                      been processed by mbedtls_chachapoly_update,
  *                      or if the context has been finished.
  *
  * \param ctx           The ChaCha20-Poly1305 context.
@@ -134,23 +134,23 @@ int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_contex
  * \param aad           Buffer containing the AAD.
  *                      This pointer can be NULL if aad_len == 0.
  *
- * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
  *                      if \p ctx or \p aad are NULL.
- *                      MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
+ *                      MBEDTLS_ERR_CHACHAPOLY_BAD_STATE is returned if
  *                      the context has not been setup, the context has been
  *                      finished, or if the AAD has been finished.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                               size_t aad_len,
-                                               const unsigned char *aad );
+int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
+                                   size_t aad_len,
+                                   const unsigned char *aad );
 
 /**
  * \brief               Encrypt/decrypt data.
  *
  *                      The direction (encryption or decryption) depends on the
  *                      mode that was given when calling
- *                      mbedtls_aead_chacha20_poly1305_starts.
+ *                      mbedtls_chachapoly_starts.
  *
  *                      You may call this function multiple times to process
  *                      an arbitrary amount of data. It is permitted to call
@@ -164,17 +164,17 @@ int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_co
  * \param output        Buffer to where the encrypted or decrypted data is written.
  *                      This pointer can be NULL if len == 0.
  *
- * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
  *                      if \p ctx, \p input, or \p output are NULL.
- *                      MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
+ *                      MBEDTLS_ERR_CHACHAPOLY_BAD_STATE is returned if
  *                      the context has not been setup, or if the context has been
  *                      finished.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                            size_t len,
-                                            const unsigned char *input,
-                                            unsigned char *output );
+int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
+                               size_t len,
+                               const unsigned char *input,
+                               unsigned char *output );
 
 /**
  * \brief               Compute the ChaCha20-Poly1305 MAC.
@@ -182,14 +182,14 @@ int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_contex
  * \param ctx           The ChaCha20-Poly1305 context.
  * \param mac           Buffer to where the 128-bit (16 bytes) MAC is written.
  *
- * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
  *                      if \p ctx or \p mac are NULL.
- *                      MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE is returned if
+ *                      MBEDTLS_ERR_CHACHAPOLY_BAD_STATE is returned if
  *                      the context has not been setup.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                           unsigned char mac[16] );
+int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
+                               unsigned char mac[16] );
 
 /**
  * \brief               Encrypt or decrypt data, and produce a MAC with ChaCha20-Poly1305.
@@ -210,29 +210,29 @@ int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_contex
  *                      This pointer can be NULL if ilen == 0.
  * \param mac           Buffer to where the computed 128-bit (16 bytes) MAC is written.
  *
- * \return              MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA is returned
+ * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
  *                      if one or more of the required parameters are NULL.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_aead_chacha20_poly1305_crypt_and_mac( const unsigned char key[32],
-                                                  const unsigned char nonce[12],
-                                                  mbedtls_aead_chacha20_poly1305_mode_t mode,
-                                                  size_t aad_len,
-                                                  const unsigned char *aad,
-                                                  size_t ilen,
-                                                  const unsigned char *input,
-                                                  unsigned char *output,
-                                                  unsigned char mac[16] );
+int mbedtls_chachapoly_crypt_and_mac( const unsigned char key[32],
+                                      const unsigned char nonce[12],
+                                      mbedtls_chachapoly_mode_t mode,
+                                      size_t aad_len,
+                                      const unsigned char *aad,
+                                      size_t ilen,
+                                      const unsigned char *input,
+                                      unsigned char *output,
+                                      unsigned char mac[16] );
 
 /**
  * \brief               Checkup routine
  *
  * \return              0 if successful, or 1 if the test failed
  */
-int mbedtls_aead_chacha20_poly1305_self_test( int verbose );
+int mbedtls_chachapoly_self_test( int verbose );
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_H */
+#endif /* MBEDTLS_CHACHAPOLY_H */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index f954ccec3..ac1f564fb 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -37,7 +37,7 @@
 
 #include <stddef.h>
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 #define MBEDTLS_CIPHER_MODE_AEAD
 #endif
 
@@ -563,7 +563,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
  */
 int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /**
  * \brief               This function adds additional data for AEAD ciphers.
  *                      Currently supported with GCM and ChaCha20+Poly1305.
@@ -578,7 +578,7 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
  */
 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 /**
  * \brief               The generic cipher update function. It encrypts or
@@ -636,7 +636,7 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
 int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
                    unsigned char *output, size_t *olen );
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /**
  * \brief               This function writes a tag for AEAD ciphers.
  *                      Currently supported with GCM and ChaCha20+Poly1305.
@@ -666,7 +666,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
  */
 int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
                       const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 /**
  * \brief               The generic all-in-one encryption/decryption function,
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 22d465cda..69d2b63b5 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -269,7 +269,7 @@
  *            digests and ciphers instead.
  *
  */
-//#define MBEDTLS_AEAD_CHACHA20_POLY1305_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
 //#define MBEDTLS_AES_ALT
 //#define MBEDTLS_ARC4_ALT
 //#define MBEDTLS_BLOWFISH_ALT
@@ -1690,15 +1690,15 @@
 #define MBEDTLS_AES_C
 
 /**
- * \def MBEDTLS_AEAD_CHACHA20_POLY1305_C
+ * \def MBEDTLS_CHACHAPOLY_C
  *
  * Enable the ChaCha20-Poly1305 AEAD algorithm.
  *
- * Module:  library/aead_chacha20_poly1305.c
+ * Module:  library/chachapoly.c
  *
  * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
  */
-#define MBEDTLS_AEAD_CHACHA20_POLY1305_C
+#define MBEDTLS_CHACHAPOLY_C
 
 /**
  * \def MBEDTLS_ARC4_C
@@ -1855,7 +1855,7 @@
  * Enable the ChaCha20 block cipher.
  *
  * Module:  library/chacha20.c
- * Caller:  library/aead_chacha20_poly1305.c
+ * Caller:  library/chachapoly.c
  */
 #define MBEDTLS_CHACHA20_C
 
@@ -2427,7 +2427,7 @@
  * Enable the Poly1305 MAC algorithm.
  *
  * Module:  library/poly1305.c
- * Caller:  library/aead_chacha20_poly1305.c
+ * Caller:  library/chachapoly.c
  */
 #define MBEDTLS_POLY1305_C
 
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 72b7f18ff..e056975a2 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -78,7 +78,7 @@
  * SHA512    1                  0x0039-0x0039
  * CHACHA20  1                  0x003B-0x003B
  * POLY1305  1                  0x0041-0x0041
- * AEAD_CHACHA20_POLY1305 2     0x0047-0x0049
+ * CHACHAPOLY 2                 0x0047-0x0049
  *
  * High-level module nr (3 bits - 0x0...-0x7...)
  * Name      ID  Nr of Errors
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index b8f663d9c..582769baf 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -3,7 +3,6 @@ option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
 option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
 
 set(src_crypto
-    aead_chacha20_poly1305.c
     aes.c
     aesni.c
     arc4.c
@@ -15,6 +14,7 @@ set(src_crypto
     camellia.c
     ccm.c
     chacha20.c
+    chachapoly.c
     cipher.c
     cipher_wrap.c
     cmac.c
diff --git a/library/Makefile b/library/Makefile
index de4bd5c42..a4c6e35b5 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -47,11 +47,10 @@ ifdef WINDOWS_BUILD
 DLEXT=dll
 endif
 
-OBJS_CRYPTO=	aead_chacha20_poly1305.o	\
-		aes.o		aesni.o		arc4.o		\
+OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 		asn1parse.o	asn1write.o	base64.o	\
 		bignum.o	blowfish.o	camellia.o	\
-		ccm.o		chacha20.o			\
+		ccm.o		chacha20.o	chachapoly.o	\
 		cipher.o	cipher_wrap.o			\
 		cmac.o		ctr_drbg.o	des.o		\
 		dhm.o		ecdh.o		ecdsa.o		\
diff --git a/library/aead_chacha20_poly1305.c b/library/chachapoly.c
similarity index 64%
rename from library/aead_chacha20_poly1305.c
rename to library/chachapoly.c
index 04180081a..3ba19542e 100644
--- a/library/aead_chacha20_poly1305.c
+++ b/library/chachapoly.c
@@ -1,5 +1,5 @@
 /**
- * \file aead_chacha20_poly1305.c
+ * \file chachapoly.c
  *
  * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
  *
@@ -26,9 +26,9 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
 
-#include "mbedtls/aead_chacha20_poly1305.h"
+#include "mbedtls/chachapoly.h"
 #include <string.h>
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -40,12 +40,12 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
-#if !defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
+#if !defined(MBEDTLS_CHACHAPOLY_ALT)
 
-#define AEAD_CHACHA20_POLY1305_STATE_INIT       ( 0 )
-#define AEAD_CHACHA20_POLY1305_STATE_AAD        ( 1 )
-#define AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
-#define AEAD_CHACHA20_POLY1305_STATE_FINISHED   ( 3 )
+#define CHACHAPOLY_STATE_INIT       ( 0 )
+#define CHACHAPOLY_STATE_AAD        ( 1 )
+#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
+#define CHACHAPOLY_STATE_FINISHED   ( 3 )
 
 /* Implementation that should never be optimized out by the compiler */
 static void mbedtls_zeroize( void *v, size_t n ) {
@@ -57,7 +57,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static void mbedtls_aead_chacha20_poly1305_pad_aad( mbedtls_aead_chacha20_poly1305_context *ctx )
+static void mbedtls_chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
 {
     uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
     unsigned char zeroes[15];
@@ -76,7 +76,7 @@ static void mbedtls_aead_chacha20_poly1305_pad_aad( mbedtls_aead_chacha20_poly13
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static void mbedtls_aead_chacha20_poly1305_pad_ciphertext( mbedtls_aead_chacha20_poly1305_context *ctx )
+static void mbedtls_chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
 {
     uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
     unsigned char zeroes[15];
@@ -90,7 +90,7 @@ static void mbedtls_aead_chacha20_poly1305_pad_ciphertext( mbedtls_aead_chacha20
     }
 }
 
-void mbedtls_aead_chacha20_poly1305_init( mbedtls_aead_chacha20_poly1305_context *ctx )
+void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
 {
     if ( ctx != NULL )
     {
@@ -98,12 +98,12 @@ void mbedtls_aead_chacha20_poly1305_init( mbedtls_aead_chacha20_poly1305_context
         mbedtls_poly1305_init( &ctx->poly1305_ctx );
         ctx->aad_len        = 0U;
         ctx->ciphertext_len = 0U;
-        ctx->state          = AEAD_CHACHA20_POLY1305_STATE_INIT;
-        ctx->mode           = MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT;
+        ctx->state          = CHACHAPOLY_STATE_INIT;
+        ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
     }
 }
 
-void mbedtls_aead_chacha20_poly1305_free( mbedtls_aead_chacha20_poly1305_context *ctx )
+void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
 {
     if ( ctx != NULL )
     {
@@ -111,19 +111,19 @@ void mbedtls_aead_chacha20_poly1305_free( mbedtls_aead_chacha20_poly1305_context
         mbedtls_poly1305_free( &ctx->poly1305_ctx );
         ctx->aad_len        = 0U;
         ctx->ciphertext_len = 0U;
-        ctx->state          = AEAD_CHACHA20_POLY1305_STATE_INIT;
-        ctx->mode           = MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT;
+        ctx->state          = CHACHAPOLY_STATE_INIT;
+        ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
     }
 }
 
-int mbedtls_aead_chacha20_poly1305_setkey( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                           const unsigned char key[32] )
+int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
+                               const unsigned char key[32] )
 {
     int result;
 
     if ( ( ctx == NULL ) || ( key == NULL ) )
     {
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
 
     result = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
@@ -131,16 +131,16 @@ int mbedtls_aead_chacha20_poly1305_setkey( mbedtls_aead_chacha20_poly1305_contex
     return( result );
 }
 
-int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                           const unsigned char nonce[12],
-                                           mbedtls_aead_chacha20_poly1305_mode_t mode  )
+int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
+                               const unsigned char nonce[12],
+                               mbedtls_chachapoly_mode_t mode  )
 {
     int result;
     unsigned char poly1305_key[64];
 
     if ( ( ctx == NULL ) || ( nonce == NULL ) )
     {
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
 
     result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 1U );
@@ -161,7 +161,7 @@ int mbedtls_aead_chacha20_poly1305_starts( mbedtls_aead_chacha20_poly1305_contex
     {
         ctx->aad_len        = 0U;
         ctx->ciphertext_len = 0U;
-        ctx->state          = AEAD_CHACHA20_POLY1305_STATE_AAD;
+        ctx->state          = CHACHAPOLY_STATE_AAD;
         ctx->mode           = mode;
     }
 
@@ -170,22 +170,22 @@ cleanup:
     return( result );
 }
 
-int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                               size_t aad_len,
-                                               const unsigned char *aad )
+int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
+                                   size_t aad_len,
+                                   const unsigned char *aad )
 {
     if ( ctx == NULL )
     {
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
     else if ( ( aad_len > 0U ) && ( aad == NULL ) )
     {
         /* aad pointer is allowed to be NULL if aad_len == 0 */
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
-    else if ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD )
+    else if ( ctx->state != CHACHAPOLY_STATE_AAD )
     {
-        return(MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
+        return(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
     ctx->aad_len += aad_len;
@@ -193,36 +193,36 @@ int mbedtls_aead_chacha20_poly1305_update_aad( mbedtls_aead_chacha20_poly1305_co
     return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad_len, aad ) );
 }
 
-int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                           size_t len,
-                                           const unsigned char *input,
-                                           unsigned char *output )
+int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
+                               size_t len,
+                               const unsigned char *input,
+                               unsigned char *output )
 {
     if ( ( ctx == NULL ) || ( input == NULL ) || ( output == NULL ) )
     {
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
     else if ( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
     {
         /* input and output pointers are allowed to be NULL if len == 0 */
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
-    else if ( ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_AAD ) &&
-              ( ctx->state != AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT ) )
+    else if ( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
+              ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
     {
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
-    if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_AAD )
+    if ( ctx->state == CHACHAPOLY_STATE_AAD )
     {
-        ctx->state = AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT;
+        ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
 
-        mbedtls_aead_chacha20_poly1305_pad_aad( ctx );
+        mbedtls_chachapoly_pad_aad( ctx );
     }
 
     ctx->ciphertext_len += len;
 
-    if ( ctx->mode == MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT )
+    if ( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
     {
         /* Note: the following functions return an error only if one or more of
          *       the input pointers are NULL. Since we have checked their validity
@@ -240,30 +240,30 @@ int mbedtls_aead_chacha20_poly1305_update( mbedtls_aead_chacha20_poly1305_contex
     return( 0 );
 }
 
-int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_context *ctx,
-                                           unsigned char mac[16] )
+int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
+                               unsigned char mac[16] )
 {
     unsigned char len_block[16];
 
     if ( ( ctx == NULL ) || ( mac == NULL ) )
     {
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
-    else if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_INIT )
+    else if ( ctx->state == CHACHAPOLY_STATE_INIT )
     {
-        return( MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
-    if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_AAD )
+    if ( ctx->state == CHACHAPOLY_STATE_AAD )
     {
-        mbedtls_aead_chacha20_poly1305_pad_aad( ctx );
+        mbedtls_chachapoly_pad_aad( ctx );
     }
-    else if ( ctx->state == AEAD_CHACHA20_POLY1305_STATE_CIPHERTEXT )
+    else if ( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
     {
-        mbedtls_aead_chacha20_poly1305_pad_ciphertext( ctx );
+        mbedtls_chachapoly_pad_ciphertext( ctx );
     }
 
-    ctx->state = AEAD_CHACHA20_POLY1305_STATE_FINISHED;
+    ctx->state = CHACHAPOLY_STATE_FINISHED;
 
     /* The lengths of the AAD and ciphertext are processed by
      * Poly1305 as the final 128-bit block, encoded as little-endian integers.
@@ -291,45 +291,45 @@ int mbedtls_aead_chacha20_poly1305_finish( mbedtls_aead_chacha20_poly1305_contex
     return( 0 );
 }
 
-int mbedtls_aead_chacha20_poly1305_crypt_and_mac ( const unsigned char key[32],
-                                                    const unsigned char nonce[12],
-                                                    mbedtls_aead_chacha20_poly1305_mode_t mode,
-                                                    size_t aad_len,
-                                                    const unsigned char *aad,
-                                                    size_t ilen,
-                                                    const unsigned char *input,
-                                                    unsigned char *output,
-                                                    unsigned char mac[16] )
+int mbedtls_chachapoly_crypt_and_mac ( const unsigned char key[32],
+                                       const unsigned char nonce[12],
+                                       mbedtls_chachapoly_mode_t mode,
+                                       size_t aad_len,
+                                       const unsigned char *aad,
+                                       size_t ilen,
+                                       const unsigned char *input,
+                                       unsigned char *output,
+                                       unsigned char mac[16] )
 {
-    mbedtls_aead_chacha20_poly1305_context ctx;
+    mbedtls_chachapoly_context ctx;
     int result;
 
-    mbedtls_aead_chacha20_poly1305_init( &ctx );
+    mbedtls_chachapoly_init( &ctx );
 
-    result = mbedtls_aead_chacha20_poly1305_setkey( &ctx, key );
+    result = mbedtls_chachapoly_setkey( &ctx, key );
     if ( result != 0 )
         goto cleanup;
 
-    result = mbedtls_aead_chacha20_poly1305_starts( &ctx, nonce, mode );
+    result = mbedtls_chachapoly_starts( &ctx, nonce, mode );
     if ( result != 0 )
         goto cleanup;
 
-    result = mbedtls_aead_chacha20_poly1305_update_aad( &ctx, aad_len, aad );
+    result = mbedtls_chachapoly_update_aad( &ctx, aad_len, aad );
     if ( result != 0 )
             goto cleanup;
 
-    result = mbedtls_aead_chacha20_poly1305_update( &ctx, ilen, input, output );
+    result = mbedtls_chachapoly_update( &ctx, ilen, input, output );
     if ( result != 0 )
             goto cleanup;
 
-    result = mbedtls_aead_chacha20_poly1305_finish( &ctx, mac );
+    result = mbedtls_chachapoly_finish( &ctx, mac );
 
 cleanup:
-    mbedtls_aead_chacha20_poly1305_free( &ctx );
+    mbedtls_chachapoly_free( &ctx );
     return( result );
 }
 
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+#endif /* MBEDTLS_CHACHAPOLY_ALT */
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -419,7 +419,7 @@ static const unsigned char test_mac[1][16] =
     }
 };
 
-int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
+int mbedtls_chachapoly_self_test( int verbose )
 {
     unsigned i;
     int result;
@@ -433,15 +433,15 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
             mbedtls_printf( "  ChaCha20-Poly1305 test %u ", i );
         }
 
-        result = mbedtls_aead_chacha20_poly1305_crypt_and_mac( test_key[i],
-                                                               test_nonce[i],
-                                                               MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
-                                                               test_aad_len[i],
-                                                               test_aad[i],
-                                                               test_input_len[i],
-                                                               test_input[i],
-                                                               output,
-                                                               mac );
+        result = mbedtls_chachapoly_crypt_and_mac( test_key[i],
+                                                   test_nonce[i],
+                                                   MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                                   test_aad_len[i],
+                                                   test_aad[i],
+                                                   test_input_len[i],
+                                                   test_input[i],
+                                                   output,
+                                                   mac );
         if ( result != 0 )
         {
             if ( verbose != 0 )
@@ -485,4 +485,4 @@ int mbedtls_aead_chacha20_poly1305_self_test( int verbose )
 
 #endif /* MBEDTLS_SELF_TEST */
 
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_CHACHAPOLY_C */
diff --git a/library/cipher.c b/library/cipher.c
index 71fa6f535..acc986fa8 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -38,8 +38,8 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
-#include "mbedtls/aead_chacha20_poly1305.h"
+#if defined(MBEDTLS_CHACHAPOLY_C)
+#include "mbedtls/chachapoly.h"
 #endif
 
 #if defined(MBEDTLS_GCM_C)
@@ -70,7 +70,7 @@
 #endif
 
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /* Compare the contents of two buffers in constant time.
  * Returns 0 if the contents are bitwise identical, otherwise returns
  * a non-zero value.
@@ -88,7 +88,7 @@ static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t
 
     return (int)diff;
 }
-#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 static int supported_init = 0;
 
@@ -288,7 +288,7 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
     return( 0 );
 }
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len )
 {
@@ -303,30 +303,30 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
     }
 #endif
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
     if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
     {
         int result;
-        mbedtls_aead_chacha20_poly1305_mode_t mode;
+        mbedtls_chachapoly_mode_t mode;
 
         mode = ( ctx->operation == MBEDTLS_ENCRYPT )
-                ? MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT
-                : MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT;
+                ? MBEDTLS_CHACHAPOLY_ENCRYPT
+                : MBEDTLS_CHACHAPOLY_DECRYPT;
 
-        result = mbedtls_aead_chacha20_poly1305_starts( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                         ctx->iv,
                                                         mode );
         if ( result != 0 )
             return( result );
 
-        return mbedtls_aead_chacha20_poly1305_update_aad( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        return mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                           ad_len, ad );
     }
 #endif
 
     return( 0 );
 }
-#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
                    size_t ilen, unsigned char *output, size_t *olen )
@@ -394,11 +394,11 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
     if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
     {
         *olen = ilen;
-        return mbedtls_aead_chacha20_poly1305_update( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                       ilen, input, output );
     }
 #endif
@@ -852,7 +852,7 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_ciph
 }
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
                       unsigned char *tag, size_t tag_len )
 {
@@ -867,14 +867,14 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
         return mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, tag, tag_len );
 #endif
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
     if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
     {
         /* Don't allow truncated MAC for Poly1305 */
         if ( tag_len != 16U )
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-        return mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        return mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                       tag );
     }
 #endif
@@ -914,14 +914,14 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
     }
 #endif /* MBEDTLS_GCM_C */
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
     if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
     {
         /* Don't allow truncated MAC for Poly1305 */
         if ( tag_len != sizeof( check_tag ) )
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-        ret = mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        ret = mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                      check_tag );
         if ( ret != 0 )
         {
@@ -934,11 +934,11 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
 
         return( 0 );
     }
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_CHACHAPOLY_C */
 
     return( 0 );
 }
-#endif /* MBEDTLS_GCM_C || MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 /*
  * Packet-oriented wrapper for non-AEAD modes
@@ -997,7 +997,7 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
                                      tag, tag_len ) );
     }
 #endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
     if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
     {
         int ret;
@@ -1010,26 +1010,26 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
 
         *olen = ilen;
 
-        ret = mbedtls_aead_chacha20_poly1305_starts( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
-                                                     iv, MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT );
+        ret = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
+                                                     iv, MBEDTLS_CHACHAPOLY_ENCRYPT );
         if ( ret != 0 )
             return( ret );
 
-        ret = mbedtls_aead_chacha20_poly1305_update_aad( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        ret = mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                          ad_len, ad );
         if ( ret != 0 )
             return( ret );
 
-        ret = mbedtls_aead_chacha20_poly1305_update( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        ret = mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                      ilen, input, output );
         if ( ret != 0 )
             return( ret );
 
-        ret = mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        ret = mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                      tag );
         return( ret );
     }
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_CHACHAPOLY_C */
 
     return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }
@@ -1076,7 +1076,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
         return( ret );
     }
 #endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
     if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
     {
         unsigned char check_tag[16];
@@ -1090,22 +1090,22 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
 
         *olen = ilen;
 
-        ret = mbedtls_aead_chacha20_poly1305_starts( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
-                                                     iv, MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT );
+        ret = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
+                                                     iv, MBEDTLS_CHACHAPOLY_DECRYPT );
         if ( ret != 0 )
             return( ret );
 
-        ret = mbedtls_aead_chacha20_poly1305_update_aad( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        ret = mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                          ad_len, ad );
         if ( ret != 0 )
             return( ret );
 
-        ret = mbedtls_aead_chacha20_poly1305_update( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        ret = mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                      ilen, input, output );
         if ( ret != 0 )
             return( ret );
 
-        ret = mbedtls_aead_chacha20_poly1305_finish( (mbedtls_aead_chacha20_poly1305_context*) ctx->cipher_ctx,
+        ret = mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
                                                      check_tag );
         if ( ret != 0 )
             return( ret );
@@ -1116,7 +1116,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
 
         return( 0 );
     }
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_CHACHAPOLY_C */
 
     return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
 }
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index d8c5f0611..5c8082850 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -33,8 +33,8 @@
 
 #include "mbedtls/cipher_internal.h"
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
-#include "mbedtls/aead_chacha20_poly1305.h"
+#if defined(MBEDTLS_CHACHAPOLY_C)
+#include "mbedtls/chachapoly.h"
 #endif
 
 #if defined(MBEDTLS_AES_C)
@@ -1356,40 +1356,41 @@ static const mbedtls_cipher_info_t chacha20_info = {
 };
 #endif /* MBEDTLS_CHACHA20_C */
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_CHACHAPOLY_C)
 
-static int aead_chacha20_poly1305_setkey_wrap( void *ctx, const unsigned char *key,
-                                               unsigned int key_bitlen )
+static int chachapoly_setkey_wrap( void *ctx,
+                                   const unsigned char *key,
+                                   unsigned int key_bitlen )
 {
     if( key_bitlen != 256U )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-    if ( 0 != mbedtls_aead_chacha20_poly1305_setkey( (mbedtls_aead_chacha20_poly1305_context*)ctx, key ) )
+    if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
     return( 0 );
 }
 
-static void * aead_chacha20_poly1305_ctx_alloc( void )
+static void * chachapoly_ctx_alloc( void )
 {
-    mbedtls_aead_chacha20_poly1305_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_aead_chacha20_poly1305_context ) );
+    mbedtls_chachapoly_context *ctx;
+    ctx = mbedtls_calloc( 1, sizeof( mbedtls_chachapoly_context ) );
 
     if( ctx == NULL )
         return( NULL );
 
-    mbedtls_aead_chacha20_poly1305_init( ctx );
+    mbedtls_chachapoly_init( ctx );
 
     return( ctx );
 }
 
-static void aead_chacha20_poly1305_ctx_free( void *ctx )
+static void chachapoly_ctx_free( void *ctx )
 {
-    mbedtls_aead_chacha20_poly1305_free( (mbedtls_aead_chacha20_poly1305_context *) ctx );
+    mbedtls_chachapoly_free( (mbedtls_chachapoly_context *) ctx );
     mbedtls_free( ctx );
 }
 
-static const mbedtls_cipher_base_t aead_chacha20_poly1305_base_info = {
+static const mbedtls_cipher_base_t chachapoly_base_info = {
     MBEDTLS_CIPHER_ID_CHACHA20,
     NULL,
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -1404,12 +1405,12 @@ static const mbedtls_cipher_base_t aead_chacha20_poly1305_base_info = {
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif
-    aead_chacha20_poly1305_setkey_wrap,
-    aead_chacha20_poly1305_setkey_wrap,
-    aead_chacha20_poly1305_ctx_alloc,
-    aead_chacha20_poly1305_ctx_free
+    chachapoly_setkey_wrap,
+    chachapoly_setkey_wrap,
+    chachapoly_ctx_alloc,
+    chachapoly_ctx_free
 };
-static const mbedtls_cipher_info_t aead_chacha20_poly1305_info = {
+static const mbedtls_cipher_info_t chachapoly_info = {
     MBEDTLS_CIPHER_CHACHA20_POLY1305,
     MBEDTLS_MODE_NONE,
     256,
@@ -1417,9 +1418,9 @@ static const mbedtls_cipher_info_t aead_chacha20_poly1305_info = {
     12,
     0,
     64,
-    &aead_chacha20_poly1305_base_info
+    &chachapoly_base_info
 };
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#endif /* MBEDTLS_CHACHAPOLY_C */
 
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
 static int null_crypt_stream( void *ctx, size_t length,
@@ -1580,8 +1581,8 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
     { MBEDTLS_CIPHER_CHACHA20,             &chacha20_info },
 #endif
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
-    { MBEDTLS_CIPHER_CHACHA20_POLY1305,    &aead_chacha20_poly1305_info },
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    { MBEDTLS_CIPHER_CHACHA20_POLY1305,    &chachapoly_info },
 #endif
 
 #if defined(MBEDTLS_CIPHER_NULL_CIPHER)
diff --git a/library/error.c b/library/error.c
index d0a75ca5a..aeef9303a 100644
--- a/library/error.c
+++ b/library/error.c
@@ -41,10 +41,6 @@
 
 #include <stdio.h>
 
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
-#include "mbedtls/aead_chacha20_poly1305.h"
-#endif
-
 #if defined(MBEDTLS_AES_C)
 #include "mbedtls/aes.h"
 #endif
@@ -77,6 +73,10 @@
 #include "mbedtls/chacha20.h"
 #endif
 
+#if defined(MBEDTLS_CHACHAPOLY_C)
+#include "mbedtls/chachapoly.h"
+#endif
+
 #if defined(MBEDTLS_CIPHER_C)
 #include "mbedtls/cipher.h"
 #endif
@@ -579,13 +579,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
     // Low level error codes
     //
     // BEGIN generated code
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
-    if( use_ret == -(MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_INPUT_DATA) )
-        mbedtls_snprintf( buf, buflen, "AEAD_CHACHA20_POLY1305 - Invalid input parameter(s)" );
-    if( use_ret == -(MBEDTLS_ERR_AEAD_CHACHA20_POLY1305_BAD_STATE) )
-        mbedtls_snprintf( buf, buflen, "AEAD_CHACHA20_POLY1305 - The requested operation is not permitted in the current state" );
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
-
 #if defined(MBEDTLS_AES_C)
     if( use_ret == -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH) )
         mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
@@ -677,6 +670,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
         mbedtls_snprintf( buf, buflen, "CHACHA20 - Invalid input parameter(s)" );
 #endif /* MBEDTLS_CHACHA20_C */
 
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA) )
+        mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Invalid input parameter(s)" );
+    if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE) )
+        mbedtls_snprintf( buf, buflen, "CHACHAPOLY - The requested operation is not permitted in the current state" );
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
 #if defined(MBEDTLS_CMAC_C)
     if( use_ret == -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED) )
         mbedtls_snprintf( buf, buflen, "CMAC - CMAC hardware accelerator failed" );
diff --git a/library/version_features.c b/library/version_features.c
index b73410c6a..cce1a384e 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -84,9 +84,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_TIMING_ALT)
     "MBEDTLS_TIMING_ALT",
 #endif /* MBEDTLS_TIMING_ALT */
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_ALT)
-    "MBEDTLS_AEAD_CHACHA20_POLY1305_ALT",
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_ALT */
+#if defined(MBEDTLS_CHACHAPOLY_ALT)
+    "MBEDTLS_CHACHAPOLY_ALT",
+#endif /* MBEDTLS_CHACHAPOLY_ALT */
 #if defined(MBEDTLS_AES_ALT)
     "MBEDTLS_AES_ALT",
 #endif /* MBEDTLS_AES_ALT */
@@ -519,9 +519,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_AES_C)
     "MBEDTLS_AES_C",
 #endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
-    "MBEDTLS_AEAD_CHACHA20_POLY1305_C",
-#endif /* MBEDTLS_AEAD_CHACHA20_POLY1305_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    "MBEDTLS_CHACHAPOLY_C",
+#endif /* MBEDTLS_CHACHAPOLY_C */
 #if defined(MBEDTLS_ARC4_C)
     "MBEDTLS_ARC4_C",
 #endif /* MBEDTLS_ARC4_C */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 57f9924ce..13fa98cdb 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -46,7 +46,7 @@
 #include "mbedtls/camellia.h"
 #include "mbedtls/chacha20.h"
 #include "mbedtls/poly1305.h"
-#include "mbedtls/aead_chacha20_poly1305.h"
+#include "mbedtls/chachapoly.h"
 #include "mbedtls/base64.h"
 #include "mbedtls/bignum.h"
 #include "mbedtls/rsa.h"
@@ -216,8 +216,8 @@ const selftest_t selftests[] =
 #if defined(MBEDTLS_POLY1305_C)
     {"poly1305", mbedtls_poly1305_self_test},
 #endif
-#if defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
-    {"chacha20-poly1305", mbedtls_aead_chacha20_poly1305_self_test},
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    {"chacha20-poly1305", mbedtls_chachapoly_self_test},
 #endif
 #if defined(MBEDTLS_BASE64_C)
     {"base64", mbedtls_base64_self_test},
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index b5d141322..811648a07 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -29,8 +29,8 @@ if( @ARGV ) {
 
 my $error_format_file = $data_dir.'/error.fmt';
 
-my @low_level_modules = qw( AEAD_CHACHA20_POLY1305 AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH
-                            CAMELLIA CCM CHACHA20 CMAC CTR_DRBG DES
+my @low_level_modules = qw( AES ARC4 ASN1 BASE64 BIGNUM BLOWFISH
+                            CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
                             ENTROPY GCM HMAC_DRBG MD2 MD4 MD5
                             NET OID PADLOCK PBKDF2 POLY1305 RIPEMD160
                             SHA1 SHA256 SHA512 THREADING XTEA );
@@ -88,7 +88,6 @@ foreach my $line (@matches)
     $module_name = "BIGNUM" if ($module_name eq "MPI");
     $module_name = "CTR_DRBG" if ($module_name eq "CTR");
     $module_name = "HMAC_DRBG" if ($module_name eq "HMAC");
-    $module_name = "AEAD_CHACHA20_POLY1305" if ($module_name eq "AEAD");
 
     my $define_name = $module_name;
     $define_name = "X509_USE,X509_CREATE" if ($define_name eq "X509");
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index c7d9fad3c..96305386c 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -44,7 +44,6 @@ if(MSVC)
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
 endif(MSVC)
 
-add_test_suite(aead_chacha20_poly1305)
 add_test_suite(aes aes.ecb)
 add_test_suite(aes aes.cbc)
 add_test_suite(aes aes.cfb)
@@ -56,13 +55,14 @@ add_test_suite(blowfish)
 add_test_suite(camellia)
 add_test_suite(ccm)
 add_test_suite(chacha20)
-add_test_suite(cipher cipher.aead_chacha20_poly1305)
+add_test_suite(chachapoly)
 add_test_suite(cipher cipher.aes)
 add_test_suite(cipher cipher.arc4)
 add_test_suite(cipher cipher.blowfish)
 add_test_suite(cipher cipher.camellia)
 add_test_suite(cipher cipher.ccm)
 add_test_suite(cipher cipher.chacha20)
+add_test_suite(cipher cipher.chachapoly)
 add_test_suite(cipher cipher.des)
 add_test_suite(cipher cipher.gcm)
 add_test_suite(cipher cipher.null)
diff --git a/tests/Makefile b/tests/Makefile
index e6ff26cf3..f9d976864 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -45,14 +45,14 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
-APPS = test_suite_aead_chacha20_poly1305$(EXEXT)			\
-	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
+APPS = 	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_aes.cfb$(EXEXT)	test_suite_aes.rest$(EXEXT)	\
 	test_suite_arc4$(EXEXT)		test_suite_asn1write$(EXEXT)	\
 	test_suite_base64$(EXEXT)	test_suite_blowfish$(EXEXT)	\
 	test_suite_camellia$(EXEXT)	test_suite_ccm$(EXEXT)		\
-	test_suite_chacha20$(EXEXT)	test_suite_cmac$(EXEXT)		\
-	test_suite_cipher.aead_chacha20_poly1305$(EXEXT)		\
+	test_suite_chacha20$(EXEXT)	test_suite_chachapoly$(EXEXT)	\
+	test_suite_cmac$(EXEXT)						\
+	test_suite_cipher.chachapoly$(EXEXT)				\
 	test_suite_cipher.aes$(EXEXT)					\
 	test_suite_cipher.arc4$(EXEXT)	test_suite_cipher.ccm$(EXEXT)	\
 	test_suite_cipher.chacha20$(EXEXT)				\
@@ -117,10 +117,6 @@ test_suite_aes.rest.c : suites/test_suite_aes.function suites/test_suite_aes.res
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.rest
 
-test_suite_cipher.aead_chacha20_poly1305.c : suites/test_suite_cipher.function suites/test_suite_cipher.aead_chacha20_poly1305.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.aead_chacha20_poly1305
-
 test_suite_cipher.aes.c : suites/test_suite_cipher.function suites/test_suite_cipher.aes.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.aes
@@ -137,6 +133,10 @@ test_suite_cipher.chacha20.c : suites/test_suite_cipher.function suites/test_sui
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.chacha20
 
+test_suite_cipher.chachapoly.c : suites/test_suite_cipher.function suites/test_suite_cipher.chachapoly.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
+	echo "  Gen   $@"
+	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.chachapoly
+
 test_suite_cipher.gcm.c : suites/test_suite_cipher.function suites/test_suite_cipher.gcm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.gcm
@@ -210,10 +210,6 @@ test_suite_hmac_drbg.pr.c : suites/test_suite_hmac_drbg.function suites/test_sui
 	perl scripts/generate_code.pl suites $* $*
 
 
-test_suite_aead_chacha20_poly1305$(EXEXT): test_suite_aead_chacha20_poly1305.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 test_suite_aes.ecb$(EXEXT): test_suite_aes.ecb.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -258,6 +254,10 @@ test_suite_chacha20$(EXEXT): test_suite_chacha20.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_chachapoly$(EXEXT): test_suite_chachapoly.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_cmac$(EXEXT): test_suite_cmac.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -266,10 +266,6 @@ test_suite_cipher.aes$(EXEXT): test_suite_cipher.aes.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-test_suite_cipher.aead_chacha20_poly1305$(EXEXT): test_suite_cipher.aead_chacha20_poly1305.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 test_suite_cipher.arc4$(EXEXT): test_suite_cipher.arc4.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -282,6 +278,10 @@ test_suite_cipher.chacha20$(EXEXT): test_suite_cipher.chacha20.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_cipher.chachapoly$(EXEXT): test_suite_cipher.chachapoly.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_cipher.gcm$(EXEXT): test_suite_cipher.gcm.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_aead_chacha20_poly1305.data b/tests/suites/test_suite_aead_chacha20_poly1305.data
deleted file mode 100644
index 1cbfa24da..000000000
--- a/tests/suites/test_suite_aead_chacha20_poly1305.data
+++ /dev/null
@@ -1,19 +0,0 @@
-ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
-mbedtls_aead_chacha20_poly1305_enc:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600691"
-
-ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
-mbedtls_aead_chacha20_poly1305_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600691"
-
-ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Encrypt)
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
-mbedtls_aead_chacha20_poly1305_enc:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38"
-
-ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt)
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
-mbedtls_aead_chacha20_poly1305_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"eead9d67890cbb22392336fea1851f38"
-
-ChaCha20-Poly1305 Selftest
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C:MBEDTLS_SELF_TEST
-aead_chacha20_poly1305_selftest:
diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data
new file mode 100644
index 000000000..08129aa37
--- /dev/null
+++ b/tests/suites/test_suite_chachapoly.data
@@ -0,0 +1,19 @@
+ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
+depends_on:MBEDTLS_CHACHAPOLY_C
+mbedtls_chachapoly_enc:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600691"
+
+ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
+depends_on:MBEDTLS_CHACHAPOLY_C
+mbedtls_chachapoly_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600691"
+
+ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Encrypt)
+depends_on:MBEDTLS_CHACHAPOLY_C
+mbedtls_chachapoly_enc:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38"
+
+ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt)
+depends_on:MBEDTLS_CHACHAPOLY_C
+mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"eead9d67890cbb22392336fea1851f38"
+
+ChaCha20-Poly1305 Selftest
+depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SELF_TEST
+chachapoly_selftest:
diff --git a/tests/suites/test_suite_aead_chacha20_poly1305.function b/tests/suites/test_suite_chachapoly.function
similarity index 67%
rename from tests/suites/test_suite_aead_chacha20_poly1305.function
rename to tests/suites/test_suite_chachapoly.function
index 6abd05414..fb1a738f0 100644
--- a/tests/suites/test_suite_aead_chacha20_poly1305.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -1,14 +1,14 @@
 /* BEGIN_HEADER */
-#include "mbedtls/aead_chacha20_poly1305.h"
+#include "mbedtls/chachapoly.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+ * depends_on:MBEDTLS_CHACHAPOLY_C
  * END_DEPENDENCIES
  */
 
 /* BEGIN_CASE */
-void mbedtls_aead_chacha20_poly1305_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
+void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
 {
     unsigned char key_str[32];
     unsigned char nonce_str[12];
@@ -43,11 +43,11 @@ void mbedtls_aead_chacha20_poly1305_enc( char *hex_key_string, char *hex_nonce_s
     TEST_ASSERT( nonce_len == 12 );
     TEST_ASSERT( mac_len   == 16 );
 
-    mbedtls_aead_chacha20_poly1305_crypt_and_mac( key_str, nonce_str,
-                                                  MBEDTLS_AEAD_CHACHA20_POLY1305_ENCRYPT,
-                                                  aad_len, aad_str,
-                                                  input_len, input_str, output,
-                                                  mac );
+    mbedtls_chachapoly_crypt_and_mac( key_str, nonce_str,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      aad_len, aad_str,
+                                      input_len, input_str, output,
+                                      mac );
 
     TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
     TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
@@ -55,7 +55,7 @@ void mbedtls_aead_chacha20_poly1305_enc( char *hex_key_string, char *hex_nonce_s
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_aead_chacha20_poly1305_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
+void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
 {
     unsigned char key_str[32];
     unsigned char nonce_str[12];
@@ -90,11 +90,11 @@ void mbedtls_aead_chacha20_poly1305_dec( char *hex_key_string, char *hex_nonce_s
     TEST_ASSERT( nonce_len == 12 );
     TEST_ASSERT( mac_len   == 16 );
 
-    mbedtls_aead_chacha20_poly1305_crypt_and_mac( key_str, nonce_str,
-                                                  MBEDTLS_AEAD_CHACHA20_POLY1305_DECRYPT,
-                                                  aad_len, aad_str,
-                                                  input_len, input_str, output,
-                                                  mac );
+    mbedtls_chachapoly_crypt_and_mac( key_str, nonce_str,
+                                      MBEDTLS_CHACHAPOLY_DECRYPT,
+                                      aad_len, aad_str,
+                                      input_len, input_str, output,
+                                      mac );
 
     TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
     TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
@@ -102,8 +102,8 @@ void mbedtls_aead_chacha20_poly1305_dec( char *hex_key_string, char *hex_nonce_s
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void aead_chacha20_poly1305_selftest()
+void chachapoly_selftest()
 {
-    TEST_ASSERT( mbedtls_aead_chacha20_poly1305_self_test( 1 ) == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_cipher.aead_chacha20_poly1305.data b/tests/suites/test_suite_cipher.chachapoly.data
similarity index 74%
rename from tests/suites/test_suite_cipher.aead_chacha20_poly1305.data
rename to tests/suites/test_suite_cipher.chachapoly.data
index 9cd1ed021..de5b3d648 100644
--- a/tests/suites/test_suite_cipher.aead_chacha20_poly1305.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -1,111 +1,111 @@
 Decrypt empty buffer
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C:
+depends_on:MBEDTLS_CHACHAPOLY_C:
 dec_empty_buf:
 
 ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:0:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 1 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:1:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 2 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:2:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 7 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:7:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 8 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:8:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 9 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:9:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 15 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:15:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 16 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:16:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 17 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:17:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 31 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:31:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 32 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:32:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 33 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:33:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 47 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:47:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 48 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:48:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 49 bytes
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:"CHACHA20-POLY1305":256:49:-1
 
 ChaCha20+Poly1305 Encrypt and decrypt 0 bytes in multiple parts 1
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:0:0:-1:0:0:0:0
 
 ChaCha20+Poly1305 Encrypt and decrypt 1 bytes in multiple parts 1
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:1:0:-1:1:0:1:0
 
 ChaCha20+Poly1305 Encrypt and decrypt 1 bytes in multiple parts 2
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:0:1:-1:0:1:0:1
 
 ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 1
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:0:-1:16:0:16:0
 
 ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 2
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:0:16:-1:0:16:0:16
 
 ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 3
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:1:15:-1:1:15:1:15
 
 ChaCha20+Poly1305 Encrypt and decrypt 16 bytes in multiple parts 4
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:15:1:-1:15:1:15:1
 
 ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 1
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:15:7:-1:15:7:15:7
 
 ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 2
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:7:15:-1:7:15:7:15
 
 ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 3
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:6:-1:16:6:16:6
 
 ChaCha20+Poly1305 Encrypt and decrypt 22 bytes in multiple parts 4
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:6:16:-1:6:16:6:16
 
 ChaCha20+Poly1305 Encrypt and decrypt 32 bytes in multiple parts
-depends_on:MBEDTLS_AEAD_CHACHA20_POLY1305_C
+depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:16:-1:16:16:16:16
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index e5a252fdb..92462e52b 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -60,7 +60,7 @@ void cipher_null_args( )
     TEST_ASSERT( mbedtls_cipher_reset( NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( mbedtls_cipher_update_ad( NULL, buf, 0 )
                  == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_cipher_update_ad( &ctx, buf, 0 )
@@ -77,7 +77,7 @@ void cipher_null_args( )
     TEST_ASSERT( mbedtls_cipher_finish( &ctx, buf, &olen )
                  == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( mbedtls_cipher_write_tag( NULL, buf, olen )
                  == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_cipher_write_tag( &ctx, buf, olen )
@@ -195,7 +195,7 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
 #endif
@@ -215,7 +215,7 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
     TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
     total_len += outlen;
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
 #endif
 
@@ -236,7 +236,7 @@ void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
     TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
     total_len += outlen;
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
 #endif
 
@@ -292,7 +292,7 @@ void enc_fail( int cipher_id, int pad_mode, int key_len,
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
     TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) );
 #endif
 
@@ -340,7 +340,7 @@ void dec_empty_buf()
 
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
 #endif
 
@@ -416,7 +416,7 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) );
 #endif
@@ -484,7 +484,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     unsigned char ad[200];
     unsigned char tag[20];
     size_t key_len, iv_len, cipher_len, clear_len;
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     size_t ad_len, tag_len;
 #endif
     mbedtls_cipher_context_t ctx;
@@ -505,7 +505,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     iv_len = unhexify( iv, hex_iv );
     cipher_len = unhexify( cipher, hex_cipher );
     clear_len = unhexify( clear, hex_clear );
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     ad_len = unhexify( ad, hex_ad );
     tag_len = unhexify( tag, hex_tag );
 #else
@@ -525,7 +525,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
     TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, iv_len ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad, ad_len ) );
 #endif
 
@@ -536,7 +536,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
                                                  &outlen ) );
     total_len += outlen;
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_AEAD_CHACHA20_POLY1305_C)
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
     TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag, tag_len ) );
 #endif
 
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 802cce719..b04935a6d 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -158,6 +158,8 @@
     <ClInclude Include="..\..\include\mbedtls\camellia.h" />
     <ClInclude Include="..\..\include\mbedtls\ccm.h" />
     <ClInclude Include="..\..\include\mbedtls\certs.h" />
+    <ClInclude Include="..\..\include\mbedtls\chacha20.h" />
+    <ClInclude Include="..\..\include\mbedtls\chachapoly.h" />
     <ClInclude Include="..\..\include\mbedtls\check_config.h" />
     <ClInclude Include="..\..\include\mbedtls\cipher.h" />
     <ClInclude Include="..\..\include\mbedtls\cipher_internal.h" />
@@ -198,6 +200,7 @@
     <ClInclude Include="..\..\include\mbedtls\platform.h" />
     <ClInclude Include="..\..\include\mbedtls\platform_time.h" />
     <ClInclude Include="..\..\include\mbedtls\platform_util.h" />
+    <ClInclude Include="..\..\include\mbedtls\poly1305.h" />
     <ClInclude Include="..\..\include\mbedtls\ripemd160.h" />
     <ClInclude Include="..\..\include\mbedtls\rsa.h" />
     <ClInclude Include="..\..\include\mbedtls\rsa_internal.h" />
@@ -231,6 +234,8 @@
     <ClCompile Include="..\..\library\camellia.c" />
     <ClCompile Include="..\..\library\ccm.c" />
     <ClCompile Include="..\..\library\certs.c" />
+    <ClCompile Include="..\..\library\chacha20.c" />
+    <ClCompile Include="..\..\library\chachapoly.c" />
     <ClCompile Include="..\..\library\cipher.c" />
     <ClCompile Include="..\..\library\cipher_wrap.c" />
     <ClCompile Include="..\..\library\cmac.c" />
@@ -268,6 +273,7 @@
     <ClCompile Include="..\..\library\pkwrite.c" />
     <ClCompile Include="..\..\library\platform.c" />
     <ClCompile Include="..\..\library\platform_util.c" />
+    <ClCompile Include="..\..\library\poly1305.c" />
     <ClCompile Include="..\..\library\ripemd160.c" />
     <ClCompile Include="..\..\library\rsa.c" />
     <ClCompile Include="..\..\library\rsa_internal.c" />

From 502f189253fe65d66df7e11000da7f0056379155 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 11:57:05 +0200
Subject: [PATCH 034/578] ChaCha20: allow in-place en/decryption

All other ciphers so far allow this. In particular, the TLS layer depends on
this, despite what's documented in the Cipher layer, see
https://github.com/ARMmbed/mbedtls/issues/1085
https://github.com/ARMmbed/mbedtls/issues/1087

Also, this can be useful for implementing chachapoly without depending on the
semi-internal function keystream_block(), see next commit.
---
 include/mbedtls/chacha20.h |  5 ++---
 library/chacha20.c         | 27 +++++++++++++--------------
 2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index f88bd28b7..7999702f5 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -133,9 +133,8 @@ int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
  *
  *                  This function is used to both encrypt and decrypt data.
  *
- * \note            The \p input and \p output buffers may overlap, but only
- *                  if input >= output (i.e. only if input points ahead of
- *                  the output pointer).
+ * \note            The \p input and \p output pointers must either be equal or
+ *                  point to non-overlapping buffers.
  *
  * \note            mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be
  *                  called at least once to setup the context before this function
diff --git a/library/chacha20.c b/library/chacha20.c
index 28133a675..1abb96ef9 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -314,23 +314,22 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     /* Process full blocks */
     while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
     {
-        mbedtls_chacha20_block( ctx->initial_state, ctx->working_state, &output[offset] );
+        /* Generate new keystream block and increment counter */
+        mbedtls_chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
+        ctx->initial_state[CHACHA20_CTR_INDEX]++;
 
         for ( i = 0U; i < 64U; i += 8U )
         {
-            output[offset + i     ] ^= input[offset + i     ];
-            output[offset + i + 1U] ^= input[offset + i + 1U];
-            output[offset + i + 2U] ^= input[offset + i + 2U];
-            output[offset + i + 3U] ^= input[offset + i + 3U];
-            output[offset + i + 4U] ^= input[offset + i + 4U];
-            output[offset + i + 5U] ^= input[offset + i + 5U];
-            output[offset + i + 6U] ^= input[offset + i + 6U];
-            output[offset + i + 7U] ^= input[offset + i + 7U];
+            output[offset + i      ] = input[offset + i      ] ^ ctx->keystream8[i      ];
+            output[offset + i + 1U ] = input[offset + i + 1U ] ^ ctx->keystream8[i + 1U ];
+            output[offset + i + 2U ] = input[offset + i + 2U ] ^ ctx->keystream8[i + 2U ];
+            output[offset + i + 3U ] = input[offset + i + 3U ] ^ ctx->keystream8[i + 3U ];
+            output[offset + i + 4U ] = input[offset + i + 4U ] ^ ctx->keystream8[i + 4U ];
+            output[offset + i + 5U ] = input[offset + i + 5U ] ^ ctx->keystream8[i + 5U ];
+            output[offset + i + 6U ] = input[offset + i + 6U ] ^ ctx->keystream8[i + 6U ];
+            output[offset + i + 7U ] = input[offset + i + 7U ] ^ ctx->keystream8[i + 7U ];
         }
 
-        /* Increment counter */
-        ctx->initial_state[CHACHA20_CTR_INDEX]++;
-
         offset += CHACHA20_BLOCK_SIZE_BYTES;
         size   -= CHACHA20_BLOCK_SIZE_BYTES;
     }
@@ -338,7 +337,9 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     /* Last (partial) block */
     if ( size > 0U )
     {
+        /* Generate new keystream block and increment counter */
         mbedtls_chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
+        ctx->initial_state[CHACHA20_CTR_INDEX]++;
 
         for ( i = 0U; i < size; i++)
         {
@@ -347,8 +348,6 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
 
         ctx->keystream_bytes_used = size;
 
-        /* Increment counter */
-        ctx->initial_state[CHACHA20_CTR_INDEX]++;
     }
 
     return( 0 );

From 56206c4db19f472b8429e71d3ae2570072bb5dac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 12:18:34 +0200
Subject: [PATCH 035/578] Remove semi-internal chacha20_keystrem_block()

It's actually easy to implement chachapoly without it, so let's not clutter
the API (and avoid adding a burden to alt implementers).
---
 include/mbedtls/chacha20.h | 21 ---------------------
 library/chacha20.c         | 37 -------------------------------------
 library/chachapoly.c       |  8 ++++++--
 3 files changed, 6 insertions(+), 60 deletions(-)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 7999702f5..d32da1b77 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -107,27 +107,6 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
                              const unsigned char nonce[12],
                              uint32_t counter );
 
-/**
- * \brief           Generates a block of keystream bytes for a specific counter value.
- *
- *                  This function uses the key and nonce previously set in
- *                  the context (via mbedtls_chacha20_setkey and
- *                  mbedtls_chacha20_starts), but ignores the previously
- *                  set counter and uses the counter given as the parameter to
- *                  this function.
- *
- * \param ctx       The ChaCha20 context. This context is not modified.
- * \param counter   The counter value to use.
- * \param keystream Buffer to where the generated keystream bytes are written.
- *
- * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or keystream are
- *                  NULL.
- *                  Otherwise, 0 is returned to indicate success.
- */
-int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
-                                      uint32_t counter,
-                                      unsigned char keystream[64] );
-
 /**
  * \brief           Encrypt or decrypt data.
  *
diff --git a/library/chacha20.c b/library/chacha20.c
index 1abb96ef9..5ede4553c 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -246,43 +246,6 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     return( 0 );
 }
 
-int mbedtls_chacha20_keystream_block( const mbedtls_chacha20_context *ctx,
-                                      uint32_t counter,
-                                      unsigned char keystream[64] )
-{
-    uint32_t initial_state[16];
-    uint32_t working_state[16];
-
-    if ( ( ctx == NULL ) || ( keystream == NULL ) )
-    {
-        return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
-    }
-
-    initial_state[0]  = ctx->initial_state[0];
-    initial_state[1]  = ctx->initial_state[1];
-    initial_state[2]  = ctx->initial_state[2];
-    initial_state[3]  = ctx->initial_state[3];
-    initial_state[4]  = ctx->initial_state[4];
-    initial_state[5]  = ctx->initial_state[5];
-    initial_state[6]  = ctx->initial_state[6];
-    initial_state[7]  = ctx->initial_state[7];
-    initial_state[8]  = ctx->initial_state[8];
-    initial_state[9]  = ctx->initial_state[9];
-    initial_state[10] = ctx->initial_state[10];
-    initial_state[11] = ctx->initial_state[11];
-    initial_state[12] = counter;
-    initial_state[13] = ctx->initial_state[13];
-    initial_state[14] = ctx->initial_state[14];
-    initial_state[15] = ctx->initial_state[15];
-
-    mbedtls_chacha20_block( initial_state, working_state, keystream );
-
-    mbedtls_zeroize( initial_state, sizeof( initial_state ) );
-    mbedtls_zeroize( working_state, sizeof( working_state ) );
-
-    return( 0 );
-}
-
 int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
                               size_t size,
                               const unsigned char *input,
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 3ba19542e..35ae99e11 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -143,15 +143,19 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
         return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
 
-    result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 1U );
+    /* Set counter = 0, will be update to 1 when generating Poly1305 key */
+    result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
     if ( result != 0 )
         goto cleanup;
 
     /* Generate the Poly1305 key by getting the ChaCha20 keystream output with counter = 0.
+     * This is the same as encrypting a buffer of zeroes.
      * Only the first 256-bits (32 bytes) of the key is used for Poly1305.
      * The other 256 bits are discarded.
      */
-    result = mbedtls_chacha20_keystream_block( &ctx->chacha20_ctx, 0U, poly1305_key );
+    memset( poly1305_key, 0, sizeof( poly1305_key ) );
+    result = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
+                                      poly1305_key, poly1305_key );
     if ( result != 0 )
         goto cleanup;
 

From 346b8d5050dd66875d1ae15ebff94b25b9694092 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 7 May 2018 12:56:36 +0200
Subject: [PATCH 036/578] chachapoly: split crypt_and_mac() to match GCM API

In addition to making the APIs of the various AEAD modules more consistent
with each other, it's useful to have an auth_decrypt() function so that we can
safely check the tag ourselves, as the user might otherwise do it in an
insecure way (or even forget to do it altogether).
---
 include/mbedtls/chachapoly.h                | 51 ++++++++---
 library/chachapoly.c                        | 93 +++++++++++++++------
 tests/suites/test_suite_chachapoly.function | 37 +++++---
 3 files changed, 133 insertions(+), 48 deletions(-)

diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 810675ddd..e7413b36f 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -31,6 +31,8 @@
 
 #define MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
 #define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state */
+#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED    -0x00049 /**< Authenticated decryption failed: data was not authentic. */
+
 
 #ifdef __cplusplus
 extern "C" {
@@ -192,37 +194,64 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
                                unsigned char mac[16] );
 
 /**
- * \brief               Encrypt or decrypt data, and produce a MAC with ChaCha20-Poly1305.
+ * \brief               Encrypt or decrypt data, and produce a MAC (tag) with ChaCha20-Poly1305.
  *
- * \param key           The 256-bit (32 bytes) encryption key to use.
- * \param nonce         The 96-bit (12 bytes) nonce/IV to use.
+ * \param ctx           The ChachaPoly context.
  * \param mode          Specifies whether the data in the \p input buffer is to
  *                      be encrypted or decrypted. If there is no data to encrypt
  *                      or decrypt (i.e. \p ilen is 0) then the value of this
  *                      parameter does not matter.
- * \param aad_len       The length (in bytes) of the AAD data to process.
+ * \param length        The length (in bytes) of the data to encrypt or decrypt.
+ * \param nonce         The 96-bit (12 bytes) nonce/IV to use.
  * \param aad           Buffer containing the additional authenticated data (AAD).
  *                      This pointer can be NULL if aad_len == 0.
- * \param ilen          The length (in bytes) of the data to encrypt or decrypt.
+ * \param aad_len       The length (in bytes) of the AAD data to process.
  * \param input         Buffer containing the data to encrypt or decrypt.
  *                      This pointer can be NULL if ilen == 0.
  * \param output        Buffer to where the encrypted or decrypted data is written.
  *                      This pointer can be NULL if ilen == 0.
- * \param mac           Buffer to where the computed 128-bit (16 bytes) MAC is written.
+ * \param tag           Buffer to where the computed 128-bit (16 bytes) MAC is written.
  *
  * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
  *                      if one or more of the required parameters are NULL.
  *                      Otherwise, 0 is returned to indicate success.
  */
-int mbedtls_chachapoly_crypt_and_mac( const unsigned char key[32],
-                                      const unsigned char nonce[12],
+int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
                                       mbedtls_chachapoly_mode_t mode,
-                                      size_t aad_len,
+                                      size_t length,
+                                      const unsigned char nonce[12],
                                       const unsigned char *aad,
-                                      size_t ilen,
+                                      size_t aad_len,
                                       const unsigned char *input,
                                       unsigned char *output,
-                                      unsigned char mac[16] );
+                                      unsigned char tag[16] );
+
+/**
+ * \brief           Decrypt data and check a MAC (tag) with ChaCha20-Poly1305.
+ *
+ * \param ctx       The ChachaPoly context.
+ * \param length    The length of the input and output data.
+ * \param nonce     The nonce / initialization vector.
+ * \param aad       The buffer holding the additional authenticated data.
+ * \param aad_len   The length of the additional authenticated data.
+ * \param tag       The buffer holding the tag.
+ * \param input     The buffer holding the input data.
+ * \param output    The buffer for holding the output data.
+ *
+ * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
+ *                      if one or more of the required parameters are NULL.
+ *                      MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED if the tag does not
+ *                      match.
+ *                      Otherwise, 0 is returned to indicate success.
+ */
+int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
+                                     size_t length,
+                                     const unsigned char nonce[12],
+                                     const unsigned char *aad,
+                                     size_t aad_len,
+                                     const unsigned char tag[16],
+                                     const unsigned char *input,
+                                     unsigned char *output );
 
 /**
  * \brief               Checkup routine
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 35ae99e11..0dba5ed91 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -295,44 +295,70 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     return( 0 );
 }
 
-int mbedtls_chachapoly_crypt_and_mac ( const unsigned char key[32],
-                                       const unsigned char nonce[12],
-                                       mbedtls_chachapoly_mode_t mode,
-                                       size_t aad_len,
-                                       const unsigned char *aad,
-                                       size_t ilen,
-                                       const unsigned char *input,
-                                       unsigned char *output,
-                                       unsigned char mac[16] )
+int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
+                                      mbedtls_chachapoly_mode_t mode,
+                                      size_t length,
+                                      const unsigned char nonce[12],
+                                      const unsigned char *aad,
+                                      size_t aad_len,
+                                      const unsigned char *input,
+                                      unsigned char *output,
+                                      unsigned char tag[16] )
 {
-    mbedtls_chachapoly_context ctx;
     int result;
 
-    mbedtls_chachapoly_init( &ctx );
-
-    result = mbedtls_chachapoly_setkey( &ctx, key );
+    result = mbedtls_chachapoly_starts( ctx, nonce, mode );
     if ( result != 0 )
         goto cleanup;
 
-    result = mbedtls_chachapoly_starts( &ctx, nonce, mode );
-    if ( result != 0 )
-        goto cleanup;
-
-    result = mbedtls_chachapoly_update_aad( &ctx, aad_len, aad );
+    result = mbedtls_chachapoly_update_aad( ctx, aad_len, aad );
     if ( result != 0 )
             goto cleanup;
 
-    result = mbedtls_chachapoly_update( &ctx, ilen, input, output );
+    result = mbedtls_chachapoly_update( ctx, length, input, output );
     if ( result != 0 )
             goto cleanup;
 
-    result = mbedtls_chachapoly_finish( &ctx, mac );
+    result = mbedtls_chachapoly_finish( ctx, tag );
 
 cleanup:
-    mbedtls_chachapoly_free( &ctx );
     return( result );
 }
 
+int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
+                                     size_t length,
+                                     const unsigned char nonce[12],
+                                     const unsigned char *aad,
+                                     size_t aad_len,
+                                     const unsigned char tag[16],
+                                     const unsigned char *input,
+                                     unsigned char *output )
+{
+    int ret;
+    unsigned char check_tag[16];
+    size_t i;
+    int diff;
+
+    if( ( ret = mbedtls_chachapoly_crypt_and_tag( ctx,
+                        MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
+                        aad, aad_len, input, output, check_tag ) ) != 0 )
+    {
+        return( ret );
+    }
+
+    /* Check tag in "constant-time" */
+    for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
+        diff |= tag[i] ^ check_tag[i];
+
+    if( diff != 0 )
+    {
+        mbedtls_zeroize( output, length );
+        return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
+    }
+
+    return( 0 );
+}
+
 #endif /* MBEDTLS_CHACHAPOLY_ALT */
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -425,6 +451,7 @@ static const unsigned char test_mac[1][16] =
 
 int mbedtls_chachapoly_self_test( int verbose )
 {
+    mbedtls_chachapoly_context ctx;
     unsigned i;
     int result;
     unsigned char output[200];
@@ -437,12 +464,24 @@ int mbedtls_chachapoly_self_test( int verbose )
             mbedtls_printf( "  ChaCha20-Poly1305 test %u ", i );
         }
 
-        result = mbedtls_chachapoly_crypt_and_mac( test_key[i],
-                                                   test_nonce[i],
+        mbedtls_chachapoly_init( &ctx );
+
+        result = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
+        if ( result != 0 )
+        {
+            if ( verbose != 0 )
+            {
+                mbedtls_printf( "setkey() error code: %i\n", result );
+            }
+            return( -1 );
+        }
+
+        result = mbedtls_chachapoly_crypt_and_tag( &ctx,
                                                    MBEDTLS_CHACHAPOLY_ENCRYPT,
-                                                   test_aad_len[i],
-                                                   test_aad[i],
                                                    test_input_len[i],
+                                                   test_nonce[i],
+                                                   test_aad[i],
+                                                   test_aad_len[i],
                                                    test_input[i],
                                                    output,
                                                    mac );
@@ -450,7 +489,7 @@ int mbedtls_chachapoly_self_test( int verbose )
         {
             if ( verbose != 0 )
             {
-                mbedtls_printf( "error code: %i\n", result );
+                mbedtls_printf( "crypt_and_tag() error code: %i\n", result );
             }
             return( -1 );
         }
@@ -473,6 +512,8 @@ int mbedtls_chachapoly_self_test( int verbose )
             return( -1 );
         }
 
+        mbedtls_chachapoly_free( &ctx );
+
         if ( verbose != 0 )
         {
             mbedtls_printf( "passed\n" );
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index fb1a738f0..b205c4ce0 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -24,6 +24,7 @@ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char
     size_t key_len;
     size_t nonce_len;
     size_t mac_len;
+    mbedtls_chachapoly_context ctx;
 
     memset( key_str,     0x00, 32    );
     memset( nonce_str,   0x00, 12    );
@@ -43,14 +44,21 @@ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char
     TEST_ASSERT( nonce_len == 12 );
     TEST_ASSERT( mac_len   == 16 );
 
-    mbedtls_chachapoly_crypt_and_mac( key_str, nonce_str,
+    mbedtls_chachapoly_init( &ctx );
+
+    mbedtls_chachapoly_setkey( &ctx, key_str );
+
+    mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
-                                      aad_len, aad_str,
-                                      input_len, input_str, output,
-                                      mac );
+                                      input_len, nonce_str,
+                                      aad_str, aad_len,
+                                      input_str, output, mac );
 
     TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
     TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
+
+exit:
+    mbedtls_chachapoly_free( &ctx );
 }
 /* END_CASE */
 
@@ -64,13 +72,14 @@ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char
     unsigned char output_str[10000];
     unsigned char mac_str[16];
     unsigned char output[10000];
-    unsigned char mac[16];
     size_t input_len;
     size_t output_len;
     size_t aad_len;
     size_t key_len;
     size_t nonce_len;
     size_t mac_len;
+    int ret;
+    mbedtls_chachapoly_context ctx;
 
     memset( key_str,     0x00, 32    );
     memset( nonce_str,   0x00, 12    );
@@ -90,14 +99,20 @@ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char
     TEST_ASSERT( nonce_len == 12 );
     TEST_ASSERT( mac_len   == 16 );
 
-    mbedtls_chachapoly_crypt_and_mac( key_str, nonce_str,
-                                      MBEDTLS_CHACHAPOLY_DECRYPT,
-                                      aad_len, aad_str,
-                                      input_len, input_str, output,
-                                      mac );
+    mbedtls_chachapoly_init( &ctx );
 
+    mbedtls_chachapoly_setkey( &ctx, key_str );
+
+    ret = mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           input_len, nonce_str,
+                                           aad_str, aad_len,
+                                           mac_str, input_str, output );
+
+    TEST_ASSERT( ret == 0 );
     TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
-    TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
+
+exit:
+    mbedtls_chachapoly_free( &ctx );
 }
 /* END_CASE */
 

From fe725defaee76f91aa1f8d6b13469107e53556f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 8 May 2018 09:38:09 +0200
Subject: [PATCH 037/578] cipher: use new functions from chachapoly

---
 library/cipher.c | 60 ++++++++++--------------------------------------
 1 file changed, 12 insertions(+), 48 deletions(-)

diff --git a/library/cipher.c b/library/cipher.c
index acc986fa8..1827770b1 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1000,34 +1000,17 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
 #if defined(MBEDTLS_CHACHAPOLY_C)
     if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
     {
-        int ret;
-
+        /* ChachaPoly has fixed length nonce and MAC (tag) */
         if ( ( iv_len != ctx->cipher_info->iv_size ) ||
-             ( tag_len != 16U ) ) /* Truncated MAC is not allowed for Poly1305 */
+             ( tag_len != 16U ) )
         {
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
         }
 
         *olen = ilen;
-
-        ret = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                     iv, MBEDTLS_CHACHAPOLY_ENCRYPT );
-        if ( ret != 0 )
-            return( ret );
-
-        ret = mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                         ad_len, ad );
-        if ( ret != 0 )
-            return( ret );
-
-        ret = mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                     ilen, input, output );
-        if ( ret != 0 )
-            return( ret );
-
-        ret = mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                     tag );
-        return( ret );
+        return( mbedtls_chachapoly_crypt_and_tag( ctx->cipher_ctx,
+                                MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                ilen, iv, ad, ad_len, input, output, tag ) );
     }
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
@@ -1079,42 +1062,23 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
 #if defined(MBEDTLS_CHACHAPOLY_C)
     if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
     {
-        unsigned char check_tag[16];
         int ret;
 
+        /* ChachaPoly has fixed length nonce and MAC (tag) */
         if ( ( iv_len != ctx->cipher_info->iv_size ) ||
-             ( tag_len != 16U ) ) /* Truncated MAC is not allowed for Poly1305 */
+             ( tag_len != 16U ) )
         {
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
         }
 
         *olen = ilen;
+        ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen,
+                                iv, ad, ad_len, tag, input, output );
 
-        ret = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                     iv, MBEDTLS_CHACHAPOLY_DECRYPT );
-        if ( ret != 0 )
-            return( ret );
+        if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED )
+            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
 
-        ret = mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                         ad_len, ad );
-        if ( ret != 0 )
-            return( ret );
-
-        ret = mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                     ilen, input, output );
-        if ( ret != 0 )
-            return( ret );
-
-        ret = mbedtls_chachapoly_finish( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                     check_tag );
-        if ( ret != 0 )
-            return( ret );
-
-        /* Compare the tag in constant time */
-        if ( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
-            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
-
-        return( 0 );
+        return( ret );
     }
 #endif /* MBEDTLS_CHACHAPOLY_C */
 

From b500f8b9113a54e194a116338eb9b606c4628d45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 8 May 2018 12:43:48 +0200
Subject: [PATCH 038/578] Update documentation to match new guidelines.

---
 include/mbedtls/chacha20.h   | 157 ++++++++++--------
 include/mbedtls/chachapoly.h | 297 +++++++++++++++++++++--------------
 include/mbedtls/cipher.h     |   6 +-
 include/mbedtls/poly1305.h   | 124 +++++++++------
 4 files changed, 350 insertions(+), 234 deletions(-)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index d32da1b77..579ea3888 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -1,11 +1,18 @@
 /**
  * \file chacha20.h
  *
- * \brief ChaCha20 cipher.
+ * \brief   This file contains ChaCha20 definitions and functions.
+ *
+ *          ChaCha20 is a stream cipher that can encrypt and decrypt
+ *          information. ChaCha was created by Daniel Bernstein as a variant of
+ *          its Salsa cipher https://cr.yp.to/chacha/chacha-20080128.pdf
+ *          ChaCha20 is the variant with 20 rounds, that was also standardized
+ *          in RFC 7539.
  *
  * \author Daniel King <damaki.gh@gmail.com>
- *
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ */
+
+/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -20,8 +27,9 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
  */
+
 #ifndef MBEDTLS_CHACHA20_H
 #define MBEDTLS_CHACHA20_H
 
@@ -44,10 +52,10 @@ extern "C" {
 
 typedef struct
 {
-    uint32_t initial_state[16];  /*! Holds the initial state (before round operations) */
-    uint32_t working_state[16];  /*! Holds the working state (after round operations) */
-    uint8_t  keystream8[64];     /*! Holds leftover keystream bytes */
-    size_t keystream_bytes_used; /*! Number of keystream bytes currently used */
+    uint32_t initial_state[16];  /*! The initial state (before round operations). */
+    uint32_t working_state[16];  /*! The working state (after round operations). */
+    uint8_t  keystream8[64];     /*! Leftover keystream bytes. */
+    size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
 }
 mbedtls_chacha20_context;
 
@@ -56,118 +64,141 @@ mbedtls_chacha20_context;
 #endif /* MBEDTLS_CHACHA20_ALT */
 
 /**
- * \brief           Initialize ChaCha20 context
+ * \brief           This function initializes the specified ChaCha20 context.
  *
- * \param ctx       ChaCha20 context to be initialized
+ *                  It must be the first API called before using
+ *                  the context.
+ *
+ *                  It is usually followed by calls to
+ *                  \c mbedtls_chacha20_setkey() and
+ *                  \c mbedtls_chacha20_starts(), then one or more calls to
+ *                  to \c mbedtls_chacha20_update(), and finally to
+ *                  \c mbedtls_chacha20_free().
+ *
+ * \param ctx       The ChaCha20 context to initialize.
  */
 void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
 
 /**
- * \brief           Clear ChaCha20 context
+ * \brief           This function releases and clears the specified ChaCha20 context.
  *
- * \param ctx       ChaCha20 context to be cleared
+ * \param ctx       The ChaCha20 context to clear.
  */
 void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
 
 /**
- * \brief           Set the ChaCha20 key.
+ * \brief           This function sets the encryption/decryption key.
  *
- * \note            The nonce and counter must be set after calling this function,
- *                  before data can be encrypted/decrypted. The nonce and
- *                  counter are set by calling mbedtls_chacha20_starts.
+ * \note            After using this function, you must also call
+ *                  \c mbedtls_chacha20_starts() to set a nonce before you
+ *                  start encrypting/decrypting data with
+ *                  \c mbedtls_chacha_update().
  *
- * \see             mbedtls_chacha20_starts
+ * \param ctx       The ChaCha20 context to which the key should be bound.
+ * \param key       The encryption/decryption key. Must be 32 bytes in length.
  *
- * \param ctx       The context to setup.
- * \param key       Buffer containing the 256-bit key. Must be 32 bytes in length.
- *
- * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or key
- *                  is NULL, or if key_bits is not 128 or 256.
- *                  Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
  */
 int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
                              const unsigned char key[32] );
 
 /**
- * \brief           Set the ChaCha20 nonce and initial counter value.
+ * \brief           This function sets the nonce and initial counter value.
  *
  * \note            A ChaCha20 context can be re-used with the same key by
- *                  calling this function to change the nonce and/or initial
- *                  counter value.
+ *                  calling this function to change the nonce.
  *
- * \param ctx       The ChaCha20 context.
- * \param nonce     Buffer containing the 96-bit nonce. Must be 12 bytes in size.
- * \param counter   Initial counter value to use. This is usually 0.
+ * \warning         You must never use the same nonce twice with the same key.
+ *                  This would void any confidentiality guarantees for the
+ *                  messages encrypted with the same nonce and key.
  *
- * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA is returned if ctx or
- *                  nonce is NULL.
- *                  Otherwise, 0 is returned to indicate success.
+ * \param ctx       The ChaCha20 context to which the nonce should be bound.
+ * \param nonce     The nonce. Must be 12 bytes in size.
+ * \param counter   The initial counter value. This is usually 0.
+ *
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
+ *                  NULL.
  */
 int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
                              const unsigned char nonce[12],
                              uint32_t counter );
 
 /**
- * \brief           Encrypt or decrypt data.
+ * \brief           This function encrypts or decrypts data.
  *
- *                  This function is used to both encrypt and decrypt data.
+ *                  Since ChaCha20 is a stream cipher, the same operation is
+ *                  used for encrypting and decrypting data.
  *
  * \note            The \p input and \p output pointers must either be equal or
  *                  point to non-overlapping buffers.
  *
- * \note            mbedtls_chacha20_setkey and mbedtls_chacha20_starts must be
- *                  called at least once to setup the context before this function
- *                  can be called.
+ * \note            \c mbedtls_chacha20_setkey() and
+ *                  \c mbedtls_chacha20_starts() must be called at least once
+ *                  to setup the context before this function can be called.
  *
- * \param ctx       The ChaCha20 context.
- * \param size      The length (in bytes) to process. This can have any length.
- * \param input     Buffer containing the input data.
+ * \note            This function can be called mutliple times in a row in
+ *                  order to encrypt of decrypt data piecewise with the same
+ *                  key and nonce.
+ *
+ * \param ctx       The ChaCha20 context to use for encryption or decryption.
+ * \param size      The length of the input data in bytes.
+ * \param input     The buffer holding the input data.
  *                  This pointer can be NULL if size == 0.
- * \param output    Buffer containing the output data.
+ * \param output    The buffer holding the output data.
+ *                  Must be able to hold \p size bytes.
  *                  This pointer can be NULL if size == 0.
  *
- * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
  *                  output pointers are NULL.
- *                  Otherwise, 0 is returned to indicate success.
  */
 int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
-                              size_t size,
-                              const unsigned char *input,
-                              unsigned char *output );
+                             size_t size,
+                             const unsigned char *input,
+                             unsigned char *output );
 
 /**
- * \brief           Encrypt or decrypt a message using ChaCha20.
+ * \brief           This function encrypts or decrypts data with ChaCha20 and
+ *                  the given key and nonce.
  *
- *                  This function is used the same way for encrypting and
- *                  decrypting data. It's not necessary to specify which
- *                  operation is being performed.
+ *                  Since ChaCha20 is a stream cipher, the same operation is
+ *                  used for encrypting and decrypting data.
  *
- * \note            The \p input and \p output buffers may overlap, but only
- *                  if input >= output (i.e. only if input points ahead of
- *                  the output pointer).
+ * \warning         You must never use the same (key, nonce) pair more than
+ *                  once. This would void any confidentiality guarantees for
+ *                  the messages encrypted with the same nonce and key.
  *
- * \param key       Buffer containing the 256-bit key. Must be 32 bytes in length.
- * \param nonce     Buffer containing the 96-bit nonce. Must be 12 bytes in length.
+ * \note            The \p input and \p output pointers must either be equal or
+ *                  point to non-overlapping buffers.
+ *
+ * \param key       The encryption/decryption key. Must be 32 bytes in length.
+ * \param nonce     The nonce. Must be 12 bytes in size.
  * \param counter   The initial counter value. This is usually 0.
- * \param data_len  The number of bytes to process.
- * \param input     Buffer containing the input data (data to encrypt or decrypt).
- * \param output    Buffer to where the processed data is written.
+ * \param size      The length of the input data in bytes.
+ * \param input     The buffer holding the input data.
+ *                  This pointer can be NULL if size == 0.
+ * \param output    The buffer holding the output data.
+ *                  Must be able to hold \p size bytes.
+ *                  This pointer can be NULL if size == 0.
  *
- * \return          MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
  *                  or output is NULL.
- *                  Otherwise, 0 is returned to indicate success.
  */
 int mbedtls_chacha20_crypt( const unsigned char key[32],
                             const unsigned char nonce[12],
                             uint32_t counter,
-                            size_t data_len,
+                            size_t size,
                             const unsigned char* input,
                             unsigned char* output );
 
 /**
- * \brief           Checkup routine
+ * \brief           The ChaCha20 checkup routine.
  *
- * \return          0 if successful, or 1 if the test failed
+ * \return          \c 0 on success.
+ * \return          \c 1 on failure.
  */
 int mbedtls_chacha20_self_test( int verbose );
 
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index e7413b36f..ddcd54972 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -1,9 +1,18 @@
 /**
  * \file chachapoly.h
  *
- * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
+ * \brief   This file contains the AEAD-ChaCha20-Poly1305 definitions and
+ *          functions.
  *
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *          ChaCha20-Poly1305 is an algorithm for Authenticated Encryption
+ *          with Associated Data (AEAD) that can be used to encrypt and
+ *          authenticate data. It is based on ChaCha20 and Poly1305 by Daniel
+ *          Bernstein and was standardized in RFC 7539.
+ *
+ * \author Daniel King <damaki.gh@gmail.com>
+ */
+
+/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -18,8 +27,9 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
  */
+
 #ifndef MBEDTLS_CHACHAPOLY_H
 #define MBEDTLS_CHACHAPOLY_H
 
@@ -30,7 +40,7 @@
 #endif
 
 #define MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state */
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state. */
 #define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED    -0x00049 /**< Authenticated decryption failed: data was not authentic. */
 
 
@@ -40,8 +50,8 @@ extern "C" {
 
 typedef enum
 {
-    MBEDTLS_CHACHAPOLY_ENCRYPT,
-    MBEDTLS_CHACHAPOLY_DECRYPT
+    MBEDTLS_CHACHAPOLY_ENCRYPT,     /**< The mode value for performing encryption. */
+    MBEDTLS_CHACHAPOLY_DECRYPT      /**< The mode value for performing decryption. */
 }
 mbedtls_chachapoly_mode_t;
 
@@ -52,12 +62,12 @@ mbedtls_chachapoly_mode_t;
 
 typedef struct
 {
-    mbedtls_chacha20_context chacha20_ctx;      /** ChaCha20 context */
-    mbedtls_poly1305_context poly1305_ctx;      /** Poly1305 context */
-    uint64_t aad_len;                           /** Length (bytes) of the Additional Authenticated Data */
-    uint64_t ciphertext_len;                    /** Length (bytes) of the ciphertext */
-    int state;                                  /** Current state of the context */
-    mbedtls_chachapoly_mode_t mode; /** Cipher mode (encrypt or decrypt) */
+    mbedtls_chacha20_context chacha20_ctx;  /**< The ChaCha20 context. */
+    mbedtls_poly1305_context poly1305_ctx;  /**< The Poly1305 context. */
+    uint64_t aad_len;                       /**< The length (bytes) of the Additional Authenticated Data. */
+    uint64_t ciphertext_len;                /**< The length (bytes) of the ciphertext. */
+    int state;                              /**< The current state of the context. */
+    mbedtls_chachapoly_mode_t mode;         /**< Cipher mode (encrypt or decrypt). */
 }
 mbedtls_chachapoly_context;
 
@@ -66,112 +76,144 @@ mbedtls_chachapoly_context;
 #endif /* !MBEDTLS_CHACHAPOLY_ALT */
 
 /**
- * \brief               Initialize ChaCha20-Poly1305 context
+ * \brief           This function initializes the specified ChaCha20-Poly1305 context.
  *
- * \param ctx           ChaCha20-Poly1305 context to be initialized
+ *                  It must be the first API called before using
+ *                  the context. It must be followed by a call to
+ *                  \c mbedtls_chachapoly_setkey() before any operation can be
+ *                  done, and to \c mbedtls_chachapoly_free() once all
+ *                  operations with that context have been finished.
+ *
+ *                  In order to encrypt or decrypt full messages at once, for
+ *                  each message you should make a single call to
+ *                  \c mbedtls_chachapoly_crypt_and_tag() or
+ *                  \c mbedtls_chachapoly_auth_decrypt().
+ *
+ *                  In order to encrypt or decrypt messages piecewise, for each
+ *                  message you should make a call to
+ *                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
+ *                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
+ *                  \c mbedtls_chachapoly_update(), then one call to
+ *                  \c mbedtls_chachapoly_finish().
+ *
+ *
+ * \param ctx       The ChachaPoly context to initialize.
  */
 void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
 
 /**
- * \brief               Clear ChaCha20-Poly1305 context
+ * \brief           This function releases and clears the specified ChaCha20-Poly1305 context.
  *
- * \param ctx           ChaCha20-Poly1305 context to be cleared
+ * \param ctx       The ChachaPoly context to clear.
  */
 void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
 
 /**
- * \brief               Set the ChaCha20-Poly1305 symmetric encryption key.
+ * \brief           This function sets the ChaCha20-Poly1305 symmetric encryption key.
  *
- * \param ctx           The ChaCha20-Poly1305 context.
- * \param key           The 256-bit (32 bytes) key.
+ * \param ctx       The ChaCha20-Poly1305 context to which the key should be
+ *                  bound.
+ * \param key       The 256-bit (32 bytes) key.
  *
- * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
- *                      if \p ctx or \p key are NULL.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ *                  if \p ctx or \p key are NULL.
  */
 int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
                                const unsigned char key[32] );
 
 /**
- * \brief               Setup ChaCha20-Poly1305 context for encryption or decryption.
+ * \brief           This function starts a ChaCha20-Poly1305 encryption or
+ *                  decryption operation.
  *
- * \note                If the context is being used for AAD only (no data to
- *                      encrypt or decrypt) then \p mode can be set to any value.
+ * \warning         You must never use the same nonce twice with the same key.
+ *                  This would void any confidentiality and authenticity
+ *                  guarantees for the messages encrypted with the same nonce
+ *                  and key.
  *
- * \param ctx           The ChaCha20-Poly1305 context.
- * \param nonce         The nonce/IV to use for the message. This must be unique
- *                      for every message encrypted under the same key.
- * \param mode          Specifies whether the context is used to encrypt or
- *                      decrypt data.
+ * \note            If the context is being used for AAD only (no data to
+ *                  encrypt or decrypt) then \p mode can be set to any value.
  *
- * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
- *                      if \p ctx or \p mac are NULL.
- *                      Otherwise, 0 is returned to indicate success.
+ * \param ctx       The ChaCha20-Poly1305 context.
+ * \param nonce     The nonce/IV to use for the message. Must be 12 bytes.
+ * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
+ *                  #MBEDTLS_CHACHAPOLY_DECRYPT.
+ *
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ *                  if \p ctx or \p mac are NULL.
  */
 int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
                                const unsigned char nonce[12],
                                mbedtls_chachapoly_mode_t mode );
 
 /**
- * \brief               Process additional authenticated data (AAD).
+ * \brief           This function feeds additional data to be authenticated
+ *                  into an ongoing ChaCha20-Poly1305 operation.
  *
- *                      This function processes data that is authenticated, but
- *                      not encrypted.
+ *                  The Additional Authenticated Data (AAD), also called
+ *                  Associated Data (AD) is only authenticated but not
+ *                  encrypted nor included in the encrypted output. It is
+ *                  usually transmitted separately fro mthe ciphertext or
+ *                  computed locally by each party.
  *
- * \note                This function is called before data is encrypted/decrypted.
- *                      I.e. call this function to process the AAD before calling
- *                      mbedtls_chachapoly_update.
+ * \note            This function is called before data is encrypted/decrypted.
+ *                  I.e. call this function to process the AAD before calling
+ *                  \c mbedtls_chachapoly_update().
  *
- *                      You may call this function multiple times to process
- *                      an arbitrary amount of AAD. It is permitted to call
- *                      this function 0 times, if no AAD is used.
+ *                  You may call this function multiple times to process
+ *                  an arbitrary amount of AAD. It is permitted to call
+ *                  this function 0 times, if no AAD is used.
  *
- *                      This function cannot be called any more if data has
- *                      been processed by mbedtls_chachapoly_update,
- *                      or if the context has been finished.
+ *                  This function cannot be called any more if data has
+ *                  been processed by \c mbedtls_chachapoly_update(),
+ *                  or if the context has been finished.
  *
- * \param ctx           The ChaCha20-Poly1305 context.
- * \param aad_len       The length (in bytes) of the AAD. The length has no
- *                      restrictions.
- * \param aad           Buffer containing the AAD.
- *                      This pointer can be NULL if aad_len == 0.
+ * \param ctx       The ChaCha20-Poly1305 context to use.
+ * \param aad_len   The length (in bytes) of the AAD. The length has no
+ *                  restrictions.
+ * \param aad       Buffer containing the AAD.
+ *                  This pointer can be NULL if aad_len == 0.
  *
- * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
- *                      if \p ctx or \p aad are NULL.
- *                      MBEDTLS_ERR_CHACHAPOLY_BAD_STATE is returned if
- *                      the context has not been setup, the context has been
- *                      finished, or if the AAD has been finished.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ *                  if \p ctx or \p aad are NULL.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+ *                  if the operations has not been started or has been
+ *                  finished, or if the AAD has been finished.
  */
 int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
                                    size_t aad_len,
                                    const unsigned char *aad );
 
 /**
- * \brief               Encrypt/decrypt data.
+ * \brief           Thus function feeds data to be encrypted or decrypted
+ *                  into an on-going ChaCha20-Poly1305
+ *                  operation.
  *
- *                      The direction (encryption or decryption) depends on the
- *                      mode that was given when calling
- *                      mbedtls_chachapoly_starts.
+ *                  The direction (encryption or decryption) depends on the
+ *                  mode that was given when calling
+ *                  \c mbedtls_chachapoly_starts().
  *
- *                      You may call this function multiple times to process
- *                      an arbitrary amount of data. It is permitted to call
- *                      this function 0 times, if no data is to be encrypted
- *                      or decrypted.
+ *                  You may call this function multiple times to process
+ *                  an arbitrary amount of data. It is permitted to call
+ *                  this function 0 times, if no data is to be encrypted
+ *                  or decrypted.
  *
- * \param ctx           The ChaCha20-Poly1305 context.
- * \param len           The length (in bytes) of the data to encrypt or decrypt.
- * \param input         Buffer containing the data to encrypt or decrypt.
- *                      This pointer can be NULL if len == 0.
- * \param output        Buffer to where the encrypted or decrypted data is written.
- *                      This pointer can be NULL if len == 0.
+ * \param ctx       The ChaCha20-Poly1305 context to use.
+ * \param len       The length (in bytes) of the data to encrypt or decrypt.
+ * \param input     The buffer containing the data to encrypt or decrypt.
+ *                  This pointer can be NULL if len == 0.
+ * \param output    The buffer to where the encrypted or decrypted data is written.
+ *                  Must be able to hold \p len bytes.
+ *                  This pointer can be NULL if len == 0.
  *
- * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
- *                      if \p ctx, \p input, or \p output are NULL.
- *                      MBEDTLS_ERR_CHACHAPOLY_BAD_STATE is returned if
- *                      the context has not been setup, or if the context has been
- *                      finished.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ *                  if \p ctx, \p input, or \p output are NULL.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+ *                  if the operation has not been started or has been
+ *                  finished.
  */
 int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
                                size_t len,
@@ -179,42 +221,51 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
                                unsigned char *output );
 
 /**
- * \brief               Compute the ChaCha20-Poly1305 MAC.
+ * \brief           This function finished the ChaCha20-Poly1305 operation and
+ *                  generates the MAC (authentication tag).
  *
- * \param ctx           The ChaCha20-Poly1305 context.
- * \param mac           Buffer to where the 128-bit (16 bytes) MAC is written.
+ * \param ctx       The ChaCha20-Poly1305 context to use.
+ * \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
  *
- * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
- *                      if \p ctx or \p mac are NULL.
- *                      MBEDTLS_ERR_CHACHAPOLY_BAD_STATE is returned if
- *                      the context has not been setup.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ *                  if \p ctx or \p mac are NULL.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
+ *                  if the operation has not been started or has been
+ *                  finished.
  */
 int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
                                unsigned char mac[16] );
 
 /**
- * \brief               Encrypt or decrypt data, and produce a MAC (tag) with ChaCha20-Poly1305.
+ * \brief           This function performs a complete ChaCha20-Poly1305
+ *                  operation with the previously-set key.
  *
- * \param ctx           The ChachaPoly context.
- * \param mode          Specifies whether the data in the \p input buffer is to
- *                      be encrypted or decrypted. If there is no data to encrypt
- *                      or decrypt (i.e. \p ilen is 0) then the value of this
- *                      parameter does not matter.
- * \param length        The length (in bytes) of the data to encrypt or decrypt.
- * \param nonce         The 96-bit (12 bytes) nonce/IV to use.
- * \param aad           Buffer containing the additional authenticated data (AAD).
- *                      This pointer can be NULL if aad_len == 0.
- * \param aad_len       The length (in bytes) of the AAD data to process.
- * \param input         Buffer containing the data to encrypt or decrypt.
- *                      This pointer can be NULL if ilen == 0.
- * \param output        Buffer to where the encrypted or decrypted data is written.
- *                      This pointer can be NULL if ilen == 0.
- * \param tag           Buffer to where the computed 128-bit (16 bytes) MAC is written.
+ * \note            Before using this function, you must set the key with
+ *                  \c mbedtls_chachapoly_setkey().
  *
- * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
- *                      if one or more of the required parameters are NULL.
- *                      Otherwise, 0 is returned to indicate success.
+ * \warning         You must never use the same nonce twice with the same key.
+ *                  This would void any confidentiality and authenticity
+ *                  guarantees for the messages encrypted with the same nonce
+ *                  and key.
+ *
+ * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+ * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
+ *                  #MBEDTLS_CHACHAPOLY_DECRYPT.
+ * \param length    The length (in bytes) of the data to encrypt or decrypt.
+ * \param nonce     The 96-bit (12 bytes) nonce/IV to use.
+ * \param aad       The buffer containing the additional authenticated data (AAD).
+ *                  This pointer can be NULL if aad_len == 0.
+ * \param aad_len   The length (in bytes) of the AAD data to process.
+ * \param input     The buffer containing the data to encrypt or decrypt.
+ *                  This pointer can be NULL if ilen == 0.
+ * \param output    The buffer to where the encrypted or decrypted data is written.
+ *                  This pointer can be NULL if ilen == 0.
+ * \param tag       The buffer to where the computed 128-bit (16 bytes) MAC is written.
+ *
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ *                  if one or more of the required parameters are NULL.
  */
 int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
                                       mbedtls_chachapoly_mode_t mode,
@@ -227,22 +278,29 @@ int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
                                       unsigned char tag[16] );
 
 /**
- * \brief           Decrypt data and check a MAC (tag) with ChaCha20-Poly1305.
+ * \brief           This function performs a complete ChaCha20-Poly1305
+ *                  authenticated decryption with the previously-set key.
  *
- * \param ctx       The ChachaPoly context.
- * \param length    The length of the input and output data.
- * \param nonce     The nonce / initialization vector.
- * \param aad       The buffer holding the additional authenticated data.
- * \param aad_len   The length of the additional authenticated data.
- * \param tag       The buffer holding the tag.
- * \param input     The buffer holding the input data.
- * \param output    The buffer for holding the output data.
+ * \note            Before using this function, you must set the key with
+ *                  \c mbedtls_chachapoly_setkey().
  *
- * \return              MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA is returned
- *                      if one or more of the required parameters are NULL.
- *                      MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED if the tag does not
- *                      match.
- *                      Otherwise, 0 is returned to indicate success.
+ * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
+ * \param length    The length (in bytes) of the data to decrypt.
+ * \param nonce     The 96-bit (12 bytes) nonce/IV to use.
+ * \param aad       The buffer containing the additional authenticated data (AAD).
+ *                  This pointer can be NULL if aad_len == 0.
+ * \param aad_len   The length (in bytes) of the AAD data to process.
+ * \param tag       The buffer holding the authentication tag.
+ * \param input     The buffer containing the data to decrypt.
+ *                  This pointer can be NULL if ilen == 0.
+ * \param output    The buffer to where the decrypted data is written.
+ *                  This pointer can be NULL if ilen == 0.
+ *
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ *                  if one or more of the required parameters are NULL.
+ * \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
+ *                  if the data was not authentic.
  */
 int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
                                      size_t length,
@@ -254,9 +312,10 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
                                      unsigned char *output );
 
 /**
- * \brief               Checkup routine
+ * \brief           The ChaCha20-Poly1305 checkup routine.
  *
- * \return              0 if successful, or 1 if the test failed
+ * \return          \c 0 on success.
+ * \return          \c 1 on failure.
  */
 int mbedtls_chachapoly_self_test( int verbose );
 
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ac1f564fb..591aa79aa 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -86,7 +86,7 @@ typedef enum {
     MBEDTLS_CIPHER_ID_CAMELLIA,  /**< The Camellia cipher. */
     MBEDTLS_CIPHER_ID_BLOWFISH,  /**< The Blowfish cipher. */
     MBEDTLS_CIPHER_ID_ARC4,      /**< The RC4 cipher. */
-    MBEDTLS_CIPHER_ID_CHACHA20,  /**< The Chacha20 cipher. */
+    MBEDTLS_CIPHER_ID_CHACHA20,  /**< The ChaCha20 cipher. */
 } mbedtls_cipher_id_t;
 
 /**
@@ -146,8 +146,8 @@ typedef enum {
     MBEDTLS_CIPHER_CAMELLIA_128_CCM,     /**< Camellia cipher with 128-bit CCM mode. */
     MBEDTLS_CIPHER_CAMELLIA_192_CCM,     /**< Camellia cipher with 192-bit CCM mode. */
     MBEDTLS_CIPHER_CAMELLIA_256_CCM,     /**< Camellia cipher with 256-bit CCM mode. */
-    MBEDTLS_CIPHER_CHACHA20,             /**< Chacha20 stream cipher. */
-    MBEDTLS_CIPHER_CHACHA20_POLY1305,    /**< Chacha20-Poly1305 AEAD cipher. */
+    MBEDTLS_CIPHER_CHACHA20,             /**< ChaCha20 stream cipher. */
+    MBEDTLS_CIPHER_CHACHA20_POLY1305,    /**< ChaCha20-Poly1305 AEAD cipher. */
 } mbedtls_cipher_type_t;
 
 /** Supported cipher modes. */
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index f69191578..c2e2655e7 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -1,9 +1,18 @@
 /**
  * \file poly1305.h
  *
- * \brief Poly1305 authenticator algorithm.
+ * \brief   This file containts Poly1305 definitions and functions.
  *
- *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
+ *          Poly1305 is a one-time message authenticator that can be used to
+ *          authenticate messages. Poly1305-AES was created by Daniel
+ *          Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
+ *          Poly1305 algorithm (not tied to AES) was also standardized in RFC
+ *          7539.
+ *
+ * \author Daniel King <damaki.gh@gmail.com>
+ */
+
+/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -18,8 +27,9 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
  */
+
 #ifndef MBEDTLS_POLY1305_H
 #define MBEDTLS_POLY1305_H
 
@@ -42,11 +52,11 @@ extern "C" {
 
 typedef struct
 {
-    uint32_t r[4];      /** Stores the value for 'r' (low 128 bits of the key) */
-    uint32_t s[4];      /** Stores the value for 's' (high 128 bits of the key) */
-    uint32_t acc[5];    /** Accumulator number */
-    uint8_t queue[16];  /** Stores partial block data */
-    size_t queue_len;   /** Number of bytes stored in 'queue'. Always less than 16 */
+    uint32_t r[4];      /** The value for 'r' (low 128 bits of the key). */
+    uint32_t s[4];      /** The value for 's' (high 128 bits of the key). */
+    uint32_t acc[5];    /** The accumulator number. */
+    uint8_t queue[16];  /** The current partial block of data. */
+    size_t queue_len;   /** The number of bytes stored in 'queue'. */
 }
 mbedtls_poly1305_context;
 
@@ -55,82 +65,97 @@ mbedtls_poly1305_context;
 #endif /* MBEDTLS_POLY1305_ALT */
 
 /**
- * \brief               Initialize a Poly1305 context
+ * \brief           This function initializes the specified Poly1305 context.
  *
- * \param ctx           The Poly1305 context to be initialized
+ *                  It must be the first API called before using
+ *                  the context.
+ *
+ *                  It is usually followed by a call to
+ *                  \c mbedtls_poly1305_starts(), then one or more calls to
+ *                  \c mbedtls_poly1305_update(), then one call to
+ *                  \c mbedtls_poly1305_finish(), then finally
+ *                  \c mbedtls_poly1305_free().
+ *
+ * \param ctx       The Poly1305 context to initialize.
  */
 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
 
 /**
- * \brief               Clear a Poly1305 context
+ * \brief           This function releases and clears the specified Poly1305 context.
  *
- * \param ctx           The Poly1305 context to be cleared
+ * \param ctx       The Poly1305 context to clear.
  */
 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
 
 /**
- * \brief               Set the Poly1305 authentication key.
+ * \brief           This function sets the one-time authentication key.
  *
- * \warning             The key should be unique, and \b MUST be
- *                      unpredictable for each invocation of Poly1305.
+ * \warning         The key must be unique and unpredictable for each
+ *                  invocation of Poly1305.
  *
- * \param ctx           The Poly1305 context.
- * \param key           Buffer containing the 256-bit key.
+ * \param ctx       The Poly1305 context to which the key should be bound.
+ * \param key       The buffer containing the 256-bit key.
  *
- * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if ctx
- *                      or key are NULL.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+ *                  if ctx or key are NULL.
  */
 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] );
 
 /**
- * \brief               Process data with Poly1305.
+ * \brief           This functions feeds an input bufer into an ongoing
+ *                  Poly1305 computation.
  *
- *                      This function can be called multiple times to process
- *                      a stream of data.
+ *                  It is called between \c mbedtls_cipher_cmac_starts() and
+ *                  \c mbedtls_cipher_cmac_finish().
+ *                  Can be called repeatedly to process a stream of data.
  *
- * \param ctx           The Poly1305 context.
- * \param ilen          The input length (in bytes). Any value is accepted.
- * \param input         Buffer containing the input data to Process.
- *                      This pointer can be NULL if ilen == 0.
+ * \param ctx       The Poly1305 context to use for the Poly1305 operation.
+ * \param ilen      The length of the input data (in bytes). Any value is accepted.
+ * \param input     The buffer holding the input data.
+ *                  This pointer can be NULL if ilen == 0.
  *
- * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if ctx
- *                      or input are NULL.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+ *                  if ctx or input are NULL.
  */
 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
                              size_t ilen,
                              const unsigned char *input );
 
 /**
- * \brief               Generate the Poly1305 MAC.
+ * \brief           This function generates the Poly1305 Message
+ *                  Authentication Code (MAC).
  *
- * \param ctx           The Poly1305 context.
- * \param mac           Buffer to where the MAC is written. Must be big enough
- *                      to hold the 16-byte MAC.
+ * \param ctx       The Poly1305 context to use for the Poly1305 operation.
+ * \param mac       The buffer to where the MAC is written. Must be big enough
+ *                  to hold the 16-byte MAC.
  *
- * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if ctx
- *                      or mac are NULL.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+ *                  if ctx or mac are NULL.
  */
 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
                              unsigned char mac[16] );
 
 /**
- * \brief               Generate the Poly1305 MAC of some data with the given key.
+ * \brief           This function calculates the Poly1305 MAC of the input
+ *                  buffer with the provided key.
  *
- * \warning             The key should be unique, and \b MUST be
- *                      unpredictable for each invocation of Poly1305.
+ * \warning         The key must be unique and unpredictable for each
+ *                  invocation of Poly1305.
  *
- * \param key           Buffer containing the 256-bit (32 bytes) key.
- * \param ilen          The length of the input data (in bytes).
- * \param input         Buffer containing the input data to process.
- * \param mac           Buffer to where the 128-bit (16 bytes) MAC is written.
+ * \param key       The buffer containing the 256-bit key.
+ * \param ilen      The length of the input data (in bytes). Any value is accepted.
+ * \param input     The buffer holding the input data.
+ *                  This pointer can be NULL if ilen == 0.
+ * \param mac       The buffer to where the MAC is written. Must be big enough
+ *                  to hold the 16-byte MAC.
  *
- * \return              MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA is returned if key,
- *                      input, or mac are NULL.
- *                      Otherwise, 0 is returned to indicate success.
+ * \return          \c 0 on success.
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
+ *                  if key, input, or mac are NULL.
  */
 int mbedtls_poly1305_mac( const unsigned char key[32],
                           size_t ilen,
@@ -138,9 +163,10 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
                           unsigned char mac[16] );
 
 /**
- * \brief               Checkup routine
+ * \brief           The Poly1305 checkup routine.
  *
- * \return              0 if successful, or 1 if the test failed
+ * \return          \c 0 on success.
+ * \return          \c 1 on failure.
  */
 int mbedtls_poly1305_self_test( int verbose );
 

From b1ac5e7842376fd2f2fa02094d2f49061c6bb703 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 09:25:00 +0200
Subject: [PATCH 039/578] poly1305: adjust parameter order

This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
---
 include/mbedtls/poly1305.h                |  6 +++---
 library/chachapoly.c                      | 16 ++++++++--------
 library/poly1305.c                        | 14 +++++++-------
 programs/test/benchmark.c                 |  2 +-
 tests/suites/test_suite_poly1305.function |  2 +-
 5 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index c2e2655e7..19f523774 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -121,8 +121,8 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
  *                  if ctx or input are NULL.
  */
 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
-                             size_t ilen,
-                             const unsigned char *input );
+                             const unsigned char *input,
+                             size_t ilen );
 
 /**
  * \brief           This function generates the Poly1305 Message
@@ -158,8 +158,8 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
  *                  if key, input, or mac are NULL.
  */
 int mbedtls_poly1305_mac( const unsigned char key[32],
-                          size_t ilen,
                           const unsigned char *input,
+                          size_t ilen,
                           unsigned char mac[16] );
 
 /**
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 0dba5ed91..d599c5240 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -66,8 +66,8 @@ static void mbedtls_chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
     {
         memset( zeroes, 0, sizeof( zeroes ) );
         (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                        16U - partial_block_len,
-                                        zeroes );
+                                        zeroes,
+                                        16U - partial_block_len );
     }
 }
 
@@ -85,8 +85,8 @@ static void mbedtls_chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
     {
         memset( zeroes, 0, sizeof( zeroes ) );
         (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                        16U - partial_block_len,
-                                        zeroes );
+                                        zeroes,
+                                        16U - partial_block_len );
     }
 }
 
@@ -194,7 +194,7 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
 
     ctx->aad_len += aad_len;
 
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad_len, aad ) );
+    return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
 }
 
 int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
@@ -233,11 +233,11 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
          *       above, we can safety ignore the return value.
          */
         (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
-        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len, output );
+        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
     }
     else /* DECRYPT */
     {
-        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len, input );
+        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len );
         (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
     }
 
@@ -289,7 +289,7 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     len_block[14] = (unsigned char) ( ctx->ciphertext_len >> 48 );
     len_block[15] = (unsigned char) ( ctx->ciphertext_len >> 56 );
 
-    (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, 16U, len_block );
+    (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
     (void) mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
 
     return( 0 );
diff --git a/library/poly1305.c b/library/poly1305.c
index 66f932c4f..14c362d58 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -285,8 +285,8 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
 }
 
 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
-                             size_t ilen,
-                             const unsigned char* input )
+                             const unsigned char *input,
+                             size_t ilen )
 {
     size_t offset    = 0U;
     size_t remaining = ilen;
@@ -391,9 +391,9 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
 }
 
 int mbedtls_poly1305_mac( const unsigned char key[32],
-                           size_t ilen,
-                           const unsigned char *input,
-                           unsigned char mac[16] )
+                          const unsigned char *input,
+                          size_t ilen,
+                          unsigned char mac[16] )
 {
     mbedtls_poly1305_context ctx;
     int result;
@@ -404,7 +404,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
     if ( result != 0 )
         goto cleanup;
 
-    result = mbedtls_poly1305_update( &ctx, ilen, input );
+    result = mbedtls_poly1305_update( &ctx, input, ilen );
     if ( result != 0 )
         goto cleanup;
 
@@ -496,8 +496,8 @@ int mbedtls_poly1305_self_test( int verbose )
         }
 
         result = mbedtls_poly1305_mac( test_keys[i],
-                                       test_data_len[i],
                                        test_data[i],
+                                       test_data_len[i],
                                        mac );
         if ( result != 0 )
         {
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index c41966586..17f9d0e27 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -538,7 +538,7 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_POLY1305_C)
     if ( todo.poly1305 )
     {
-        TIME_AND_TSC( "Poly1305", mbedtls_poly1305_mac( buf, BUFSIZE, buf, buf ) );
+        TIME_AND_TSC( "Poly1305", mbedtls_poly1305_mac( buf, buf, BUFSIZE, buf ) );
     }
 #endif
 
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index af69a0312..a633c2baa 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -20,7 +20,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
     src_len = unhexify( src_str, hex_src_string );
     unhexify( key, hex_key_string );
 
-    mbedtls_poly1305_mac( key, src_len, src_str, mac );
+    mbedtls_poly1305_mac( key, src_str, src_len, mac );
     hexify( mac_str, mac, 16 );
 
     TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );

From 5ef92d309a759d9d2acdaf613021d7bfc66d6241 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 09:34:25 +0200
Subject: [PATCH 040/578] chachapoly: adjust parameter order

This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the GCM API that
very comparable to it, so switch to (pointer, len) for consistency.

Note that the crypt_and_tag() and auth_decrypt() functions were already using
the same convention as GCM, so this also increases intra-module consistency.
---
 include/mbedtls/chachapoly.h | 4 ++--
 library/chachapoly.c         | 6 +++---
 library/cipher.c             | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index ddcd54972..ce9737c2b 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -183,8 +183,8 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
  *                  finished, or if the AAD has been finished.
  */
 int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
-                                   size_t aad_len,
-                                   const unsigned char *aad );
+                                   const unsigned char *aad,
+                                   size_t aad_len );
 
 /**
  * \brief           Thus function feeds data to be encrypted or decrypted
diff --git a/library/chachapoly.c b/library/chachapoly.c
index d599c5240..9ca21b39a 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -175,8 +175,8 @@ cleanup:
 }
 
 int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
-                                   size_t aad_len,
-                                   const unsigned char *aad )
+                                   const unsigned char *aad,
+                                   size_t aad_len )
 {
     if ( ctx == NULL )
     {
@@ -311,7 +311,7 @@ int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
     if ( result != 0 )
         goto cleanup;
 
-    result = mbedtls_chachapoly_update_aad( ctx, aad_len, aad );
+    result = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
     if ( result != 0 )
             goto cleanup;
 
diff --git a/library/cipher.c b/library/cipher.c
index 1827770b1..2463a6148 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -320,7 +320,7 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
             return( result );
 
         return mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                          ad_len, ad );
+                                                          ad, ad_len );
     }
 #endif
 

From b8bd80aa026f9e84b267eb155b910b0d09526c27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 09:54:51 +0200
Subject: [PATCH 041/578] Add FEATURE_NOT_AVAILABLE error codes.

---
 include/mbedtls/chacha20.h   | 3 ++-
 include/mbedtls/chachapoly.h | 7 ++++---
 include/mbedtls/error.h      | 6 +++---
 include/mbedtls/poly1305.h   | 3 ++-
 library/error.c              | 8 ++++++++
 5 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 579ea3888..7a8cd531e 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -42,7 +42,8 @@
 #include <stdint.h>
 #include <stddef.h>
 
-#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x003B /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA         -0x0053 /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE    -0x0055 /**< Feature not available. For example, s part of the API is not implemented. */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index ce9737c2b..a55a3eea2 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -39,9 +39,10 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA -0x00047 /**< Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE      -0x00049 /**< The requested operation is not permitted in the current state. */
-#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED    -0x00049 /**< Authenticated decryption failed: data was not authentic. */
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA       -0x0054 /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE            -0x0056 /**< The requested operation is not permitted in the current state. */
+#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED          -0x0058 /**< Authenticated decryption failed: data was not authentic. */
+#define MBEDTLS_ERR_CHACHAPOLY_FEATURE_UNAVAILABLE  -0x005A /**< Feature not available. For example, s part of the API is not implemented. */
 
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index e056975a2..21fa9fce2 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -76,9 +76,9 @@
  * SHA1      1                  0x0035-0x0035
  * SHA256    1                  0x0037-0x0037
  * SHA512    1                  0x0039-0x0039
- * CHACHA20  1                  0x003B-0x003B
- * POLY1305  1                  0x0041-0x0041
- * CHACHAPOLY 2                 0x0047-0x0049
+ * CHACHA20  2                  0x0053-0x0055
+ * POLY1305  2                  0x0057-0x0059
+ * CHACHAPOLY 4 0x0054-0x005A
  *
  * High-level module nr (3 bits - 0x0...-0x7...)
  * Name      ID  Nr of Errors
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 19f523774..021a3a0de 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -42,7 +42,8 @@
 #include <stdint.h>
 #include <stddef.h>
 
-#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0041 /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057 /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE    -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/error.c b/library/error.c
index aeef9303a..d9c21cd3f 100644
--- a/library/error.c
+++ b/library/error.c
@@ -668,6 +668,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
 #if defined(MBEDTLS_CHACHA20_C)
     if( use_ret == -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) )
         mbedtls_snprintf( buf, buflen, "CHACHA20 - Invalid input parameter(s)" );
+    if( use_ret == -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE) )
+        mbedtls_snprintf( buf, buflen, "CHACHA20 - Feature not available. For example, s part of the API is not implemented" );
 #endif /* MBEDTLS_CHACHA20_C */
 
 #if defined(MBEDTLS_CHACHAPOLY_C)
@@ -675,6 +677,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
         mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Invalid input parameter(s)" );
     if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE) )
         mbedtls_snprintf( buf, buflen, "CHACHAPOLY - The requested operation is not permitted in the current state" );
+    if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) )
+        mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Authenticated decryption failed: data was not authentic" );
+    if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_FEATURE_UNAVAILABLE) )
+        mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Feature not available. For example, s part of the API is not implemented" );
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
 #if defined(MBEDTLS_CMAC_C)
@@ -792,6 +798,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
 #if defined(MBEDTLS_POLY1305_C)
     if( use_ret == -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA) )
         mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" );
+    if( use_ret == -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE) )
+        mbedtls_snprintf( buf, buflen, "POLY1305 - Feature not available. For example, s part of the API is not implemented" );
 #endif /* MBEDTLS_POLY1305_C */
 
 #if defined(MBEDTLS_RIPEMD160_C)

From d6aea18749e1bf29f061633dda6e970497692039 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 10:21:28 +0200
Subject: [PATCH 042/578] Add Chacha20-Poly1305 to benchmark.c

---
 programs/test/benchmark.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 17f9d0e27..3e9ab0a29 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -62,6 +62,7 @@ int main( void )
 #include "mbedtls/chacha20.h"
 #include "mbedtls/gcm.h"
 #include "mbedtls/ccm.h"
+#include "mbedtls/chachapoly.h"
 #include "mbedtls/cmac.h"
 #include "mbedtls/poly1305.h"
 #include "mbedtls/havege.h"
@@ -96,7 +97,7 @@ int main( void )
 #define OPTIONS                                                         \
     "md4, md5, ripemd160, sha1, sha256, sha512,\n"                      \
     "arc4, des3, des, camellia, blowfish, chacha20,\n"                  \
-    "aes_cbc, aes_gcm, aes_ccm,\n"                                      \
+    "aes_cbc, aes_gcm, aes_ccm, chachapoly,\n"                                      \
     "aes_cmac, des3_cmac, poly1305\n"                                   \
     "havege, ctr_drbg, hmac_drbg\n"                                     \
     "rsa, dhm, ecdsa, ecdh.\n"
@@ -231,7 +232,8 @@ unsigned char buf[BUFSIZE];
 typedef struct {
     char md4, md5, ripemd160, sha1, sha256, sha512,
          arc4, des3, des,
-         aes_cbc, aes_gcm, aes_ccm, aes_cmac, des3_cmac,
+         aes_cbc, aes_gcm, aes_ccm, chachapoly,
+         aes_cmac, des3_cmac,
          camellia, blowfish, chacha20,
          poly1305,
          havege, ctr_drbg, hmac_drbg,
@@ -282,6 +284,8 @@ int main( int argc, char *argv[] )
                 todo.aes_gcm = 1;
             else if( strcmp( argv[i], "aes_ccm" ) == 0 )
                 todo.aes_ccm = 1;
+            else if( strcmp( argv[i], "chachapoly" ) == 0 )
+                todo.chachapoly = 1;
             else if( strcmp( argv[i], "aes_cmac" ) == 0 )
                 todo.aes_cmac = 1;
             else if( strcmp( argv[i], "des3_cmac" ) == 0 )
@@ -473,6 +477,27 @@ int main( int argc, char *argv[] )
         }
     }
 #endif
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if( todo.chachapoly )
+    {
+        mbedtls_chachapoly_context chachapoly;
+
+        mbedtls_chachapoly_init( &chachapoly );
+        memset( buf, 0, sizeof( buf ) );
+        memset( tmp, 0, sizeof( tmp ) );
+
+        mbedtls_snprintf( title, sizeof( title ), "ChaCha20-Poly1305" );
+
+        mbedtls_chachapoly_setkey( &chachapoly, tmp );
+
+        TIME_AND_TSC( title,
+                mbedtls_chachapoly_crypt_and_tag( &chachapoly,
+                    MBEDTLS_CHACHAPOLY_ENCRYPT, BUFSIZE, tmp,
+                    NULL, 0, buf, buf, tmp ) );
+
+        mbedtls_chachapoly_free( &chachapoly );
+    }
+#endif
 #if defined(MBEDTLS_CMAC_C)
     if( todo.aes_cmac )
     {

From 528524bf3c6eb6f9873bc38a101952fbc4943b2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 11:21:21 +0200
Subject: [PATCH 043/578] Reduce size of buffers in test suites

---
 tests/suites/test_suite_chacha20.function   | 22 ++++-----
 tests/suites/test_suite_chachapoly.function | 54 ++++++++++-----------
 tests/suites/test_suite_poly1305.function   | 16 +++---
 3 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 75d2d0fc9..9c0b98522 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -14,21 +14,21 @@ void chacha20_crypt( char *hex_key_string,
                      char *hex_src_string,
                      char *hex_dst_string )
 {
-    unsigned char key_str[100];
-    unsigned char nonce_str[100];
-    unsigned char src_str[10000];
-    unsigned char dst_str[10000];
-    unsigned char output[10000];
+    unsigned char key_str[32]; /* size set by the standard */
+    unsigned char nonce_str[12]; /* size set by the standard */
+    unsigned char src_str[375]; /* max size of binary input */
+    unsigned char dst_str[751]; /* hex expansion of the above */
+    unsigned char output[751];
     size_t key_len;
     size_t nonce_len;
     size_t src_len;
     size_t dst_len;
 
-    memset(key_str, 0x00, 100);
-    memset(nonce_str, 0x00, 100);
-    memset(src_str, 0x00, 10000);
-    memset(dst_str, 0x00, 10000);
-    memset(output, 0x00, 10000);
+    memset( key_str,    0x00, sizeof( key_str ) );
+    memset( nonce_str,  0x00, sizeof( nonce_str ) );
+    memset( src_str,    0x00, sizeof( src_str ) );
+    memset( dst_str,    0x00, sizeof( dst_str ) );
+    memset( output,     0x00, sizeof( output ) );
 
     key_len   = unhexify( key_str, hex_key_string );
     nonce_len = unhexify( nonce_str, hex_nonce_string );
@@ -52,4 +52,4 @@ void chacha20_self_test()
 {
     TEST_ASSERT( mbedtls_chacha20_self_test( 0 ) == 0 );
 }
-/* END_CASE */
\ No newline at end of file
+/* END_CASE */
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index b205c4ce0..3d6a2b6d1 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -10,14 +10,14 @@
 /* BEGIN_CASE */
 void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
 {
-    unsigned char key_str[32];
-    unsigned char nonce_str[12];
-    unsigned char aad_str[10000];
-    unsigned char input_str[10000];
-    unsigned char output_str[10000];
-    unsigned char mac_str[16];
-    unsigned char output[10000];
-    unsigned char mac[16];
+    unsigned char key_str[32]; /* size set by the standard */
+    unsigned char nonce_str[12]; /* size set by the standard */
+    unsigned char aad_str[12]; /* max size of test data so far */
+    unsigned char input_str[265]; /* max size of binary input/output so far */
+    unsigned char output_str[265];
+    unsigned char output[265];
+    unsigned char mac_str[16]; /* size set by the standard */
+    unsigned char mac[16]; /* size set by the standard */
     size_t input_len;
     size_t output_len;
     size_t aad_len;
@@ -26,12 +26,12 @@ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char
     size_t mac_len;
     mbedtls_chachapoly_context ctx;
 
-    memset( key_str,     0x00, 32    );
-    memset( nonce_str,   0x00, 12    );
-    memset( aad_str,     0x00, 10000 );
-    memset( input_str,   0x00, 10000 );
-    memset( output_str,  0x00, 10000 );
-    memset( mac_str,     0x00, 16    );
+    memset( key_str,    0x00, sizeof( key_str ) );
+    memset( nonce_str,  0x00, sizeof( nonce_str ) );
+    memset( aad_str,    0x00, sizeof( aad_str ) );
+    memset( input_str,  0x00, sizeof( input_str ) );
+    memset( output_str, 0x00, sizeof( output_str ) );
+    memset( mac_str,    0x00, sizeof( mac_str ) );
 
     aad_len    = unhexify( aad_str,    hex_aad_string    );
     input_len  = unhexify( input_str,  hex_input_string  );
@@ -65,13 +65,13 @@ exit:
 /* BEGIN_CASE */
 void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
 {
-    unsigned char key_str[32];
-    unsigned char nonce_str[12];
-    unsigned char aad_str[10000];
-    unsigned char input_str[10000];
-    unsigned char output_str[10000];
-    unsigned char mac_str[16];
-    unsigned char output[10000];
+    unsigned char key_str[32]; /* size set by the standard */
+    unsigned char nonce_str[12]; /* size set by the standard */
+    unsigned char aad_str[12]; /* max size of test data so far */
+    unsigned char input_str[265]; /* max size of binary input/output so far */
+    unsigned char output_str[265];
+    unsigned char output[265];
+    unsigned char mac_str[16]; /* size set by the standard */
     size_t input_len;
     size_t output_len;
     size_t aad_len;
@@ -81,12 +81,12 @@ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char
     int ret;
     mbedtls_chachapoly_context ctx;
 
-    memset( key_str,     0x00, 32    );
-    memset( nonce_str,   0x00, 12    );
-    memset( aad_str,     0x00, 10000 );
-    memset( input_str,   0x00, 10000 );
-    memset( output_str,  0x00, 10000 );
-    memset( mac_str,     0x00, 16    );
+    memset( key_str,    0x00, sizeof( key_str ) );
+    memset( nonce_str,  0x00, sizeof( nonce_str ) );
+    memset( aad_str,    0x00, sizeof( aad_str ) );
+    memset( input_str,  0x00, sizeof( input_str ) );
+    memset( output_str, 0x00, sizeof( output_str ) );
+    memset( mac_str,    0x00, sizeof( mac_str ) );
 
     aad_len    = unhexify( aad_str,    hex_aad_string    );
     input_len  = unhexify( input_str,  hex_input_string  );
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index a633c2baa..5ede635c9 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -6,16 +6,16 @@
 /* BEGIN_CASE depends_on:MBEDTLS_POLY1305_C */
 void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src_string  )
 {
-    unsigned char src_str[10000];
-    unsigned char mac_str[100];
-    unsigned char key[32];
-    unsigned char mac[16];
+    unsigned char src_str[375]; /* max size of binary input */
+    unsigned char key[32]; /* size set by the standard */
+    unsigned char mac[16]; /* size set by the standard */
+    unsigned char mac_str[33]; /* hex expansion of the above */
     size_t src_len;
 
-    memset(src_str, 0x00, 10000);
-    memset(mac_str, 0x00, 100);
-    memset(key,     0x00, 32);
-    memset(mac,     0x00, 16);
+    memset( src_str, 0x00, sizeof( src_str ) );
+    memset( mac_str, 0x00, sizeof( mac_str ) );
+    memset( key,     0x00, sizeof( key ) );
+    memset( mac,     0x00, sizeof( mac ) );
 
     src_len = unhexify( src_str, hex_src_string );
     unhexify( key, hex_key_string );

From 7296771194379fec7b1b47606e4ad461722c320f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 12:22:13 +0200
Subject: [PATCH 044/578] chachapoly: add test with unauthentic data

---
 tests/suites/test_suite_chachapoly.data     | 14 +++++++++++---
 tests/suites/test_suite_chachapoly.function |  9 ++++++---
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data
index 08129aa37..f0b4a0de6 100644
--- a/tests/suites/test_suite_chachapoly.data
+++ b/tests/suites/test_suite_chachapoly.data
@@ -2,9 +2,13 @@ ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
 depends_on:MBEDTLS_CHACHAPOLY_C
 mbedtls_chachapoly_enc:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600691"
 
-ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
+ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Decrypt)
 depends_on:MBEDTLS_CHACHAPOLY_C
-mbedtls_chachapoly_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600691"
+mbedtls_chachapoly_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600691":0
+
+ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Decrypt, not authentic)
+depends_on:MBEDTLS_CHACHAPOLY_C
+mbedtls_chachapoly_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600690":MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
 
 ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Encrypt)
 depends_on:MBEDTLS_CHACHAPOLY_C
@@ -12,7 +16,11 @@ mbedtls_chachapoly_enc:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc
 
 ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt)
 depends_on:MBEDTLS_CHACHAPOLY_C
-mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"eead9d67890cbb22392336fea1851f38"
+mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"eead9d67890cbb22392336fea1851f38":0
+
+ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt, not authentic)
+depends_on:MBEDTLS_CHACHAPOLY_C
+mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"fead9d67890cbb22392336fea1851f38":MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
 
 ChaCha20-Poly1305 Selftest
 depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SELF_TEST
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 3d6a2b6d1..a613870b3 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -63,7 +63,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
+void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp )
 {
     unsigned char key_str[32]; /* size set by the standard */
     unsigned char nonce_str[12]; /* size set by the standard */
@@ -108,8 +108,11 @@ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char
                                            aad_str, aad_len,
                                            mac_str, input_str, output );
 
-    TEST_ASSERT( ret == 0 );
-    TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
+    TEST_ASSERT( ret == ret_exp );
+    if( ret_exp == 0 )
+    {
+        TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
+    }
 
 exit:
     mbedtls_chachapoly_free( &ctx );

From 55c0d096b7747b89394be4063d2d35275aa0ced7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 12:37:58 +0200
Subject: [PATCH 045/578] chacha20: fix bug in starts() and add test for it

Previously the streaming API would fail when encrypting multiple messages with
the same key.
---
 library/chacha20.c                        |  6 ++++
 tests/suites/test_suite_chacha20.function | 37 ++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/library/chacha20.c b/library/chacha20.c
index 5ede4553c..d89000da2 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -243,6 +243,12 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
     ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );
 
+    mbedtls_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
+    mbedtls_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+
+    /* Initially, there's no keystream bytes available */
+    ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
+
     return( 0 );
 }
 
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 9c0b98522..fb3ad3e79 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -23,6 +23,7 @@ void chacha20_crypt( char *hex_key_string,
     size_t nonce_len;
     size_t src_len;
     size_t dst_len;
+    mbedtls_chacha20_context ctx;
 
     memset( key_str,    0x00, sizeof( key_str ) );
     memset( nonce_str,  0x00, sizeof( nonce_str ) );
@@ -39,11 +40,45 @@ void chacha20_crypt( char *hex_key_string,
     TEST_ASSERT( key_len   == 32U );
     TEST_ASSERT( nonce_len == 12U );
 
+    /*
+     * Test the integrated API
+     */
     TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 );
 
     hexify( dst_str, output, src_len );
+    TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
 
-    TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0);
+    /*
+     * Test the streaming API
+     */
+    mbedtls_chacha20_init( &ctx );
+
+    TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str ) == 0 );
+
+    TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 );
+
+    memset( output, 0x00, sizeof( output ) );
+    TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 );
+
+    hexify( dst_str, output, src_len );
+    TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
+
+    /*
+     * Test the streaming API again, piecewise
+     */
+
+    /* Don't reset the context of key, in order to test that starts() do the
+     * right thing. */
+    TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 );
+
+    memset( output, 0x00, sizeof( output ) );
+    TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 );
+    TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 );
+
+    hexify( dst_str, output, src_len );
+    TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
+
+    mbedtls_chacha20_free( &ctx );
 }
 /* END_CASE */
 

From 1465602ee14779f4a21b87ec81aebcabf47fbcac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 12:51:54 +0200
Subject: [PATCH 046/578] poly1305: fix bug in starts() and add test for it

---
 library/poly1305.c                        |  5 +++
 tests/suites/test_suite_chacha20.function |  4 +--
 tests/suites/test_suite_poly1305.function | 38 ++++++++++++++++++++++-
 3 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/library/poly1305.c b/library/poly1305.c
index 14c362d58..542a85004 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -280,6 +280,11 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
     ctx->acc[1] = 0U;
     ctx->acc[2] = 0U;
     ctx->acc[3] = 0U;
+    ctx->acc[4] = 0U;
+
+    /* Queue initially empty */
+    mbedtls_zeroize( ctx->queue, sizeof( ctx->queue ) );
+    ctx->queue_len = 0U;
 
     return( 0 );
 }
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index fb3ad3e79..bac1ef3ca 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -67,8 +67,8 @@ void chacha20_crypt( char *hex_key_string,
      * Test the streaming API again, piecewise
      */
 
-    /* Don't reset the context of key, in order to test that starts() do the
-     * right thing. */
+    /* Don't free/init the context nor set the key again,
+     * in order to test that starts() does the right thing. */
     TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 );
 
     memset( output, 0x00, sizeof( output ) );
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 5ede635c9..964d1297a 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -11,6 +11,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
     unsigned char mac[16]; /* size set by the standard */
     unsigned char mac_str[33]; /* hex expansion of the above */
     size_t src_len;
+    mbedtls_poly1305_context ctx;
 
     memset( src_str, 0x00, sizeof( src_str ) );
     memset( mac_str, 0x00, sizeof( mac_str ) );
@@ -20,10 +21,45 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
     src_len = unhexify( src_str, hex_src_string );
     unhexify( key, hex_key_string );
 
+    /*
+     * Test the integrated API
+     */
     mbedtls_poly1305_mac( key, src_str, src_len, mac );
-    hexify( mac_str, mac, 16 );
 
+    hexify( mac_str, mac, 16 );
     TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+
+    /*
+     * Test the streaming API
+     */
+    mbedtls_poly1305_init( &ctx );
+
+    TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
+
+    TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, src_len ) == 0 );
+
+    TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
+
+    hexify( mac_str, mac, 16 );
+    TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+
+    /*
+     * Test the streaming API again, piecewise
+     */
+
+    /* Don't free/init the context, in order to test that starts() does the
+     * right thing. */
+    TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
+
+    TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 );
+    TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, src_len - 1) == 0 );
+
+    TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
+
+    hexify( mac_str, mac, 16 );
+    TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+
+    mbedtls_poly1305_free( &ctx );
 }
 /* END_CASE */
 

From 69767d1c7b8796fb02b93ee0b437e68267a0ee42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 12:25:18 +0200
Subject: [PATCH 047/578] cipher: add chachapoly test vector + unauth case

---
 tests/suites/test_suite_cipher.chachapoly.data | 8 ++++++++
 tests/suites/test_suite_cipher.function        | 6 +++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index de5b3d648..d91dc2432 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -109,3 +109,11 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:6:16:-1:6:16:6:16
 ChaCha20+Poly1305 Encrypt and decrypt 32 bytes in multiple parts
 depends_on:MBEDTLS_CHACHAPOLY_C
 enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:16:-1:16:16:16:16
+
+ChaCha20+Poly1305 RFC 7539 Test Vector #1
+depends_on:MBEDTLS_CHACHAPOLY_C
+auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d"
+
+ChaCha20+Poly1305 RFC 7539 Test Vector #1 Unauthentic (1st bit flipped)
+depends_on:MBEDTLS_CHACHAPOLY_C
+auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"6ead9d67890cbb22392336fea1851f38":"FAIL"
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 92462e52b..e4b7e4365 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -560,14 +560,14 @@ void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
     int ret;
     unsigned char key[50];
     unsigned char iv[50];
-    unsigned char cipher[200];
-    unsigned char clear[200];
+    unsigned char cipher[265]; /* max size of test data so far */
+    unsigned char clear[265];
+    unsigned char output[267]; /* above + 2 (overwrite check) */
     unsigned char ad[200];
     unsigned char tag[20];
     unsigned char my_tag[20];
     size_t key_len, iv_len, cipher_len, clear_len, ad_len, tag_len;
     mbedtls_cipher_context_t ctx;
-    unsigned char output[200];
     size_t outlen;
 
     mbedtls_cipher_init( &ctx );

From fce88b25333a7ba655b07ded57a96a40b2e4a821 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 9 May 2018 13:06:12 +0200
Subject: [PATCH 048/578] Fix selftest verbosity in test suites

---
 tests/suites/test_suite_chacha20.function | 2 +-
 tests/suites/test_suite_poly1305.function | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index bac1ef3ca..124e51003 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -85,6 +85,6 @@ void chacha20_crypt( char *hex_key_string,
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void chacha20_self_test()
 {
-    TEST_ASSERT( mbedtls_chacha20_self_test( 0 ) == 0 );
+    TEST_ASSERT( mbedtls_chacha20_self_test( 1 ) == 0 );
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 964d1297a..682eb05aa 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -66,6 +66,6 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
 /* BEGIN_CASE depends_on:MBEDTLS_POLY1305_C:MBEDTLS_SELF_TEST */
 void poly1305_selftest()
 {
-    TEST_ASSERT( mbedtls_poly1305_self_test( 0 ) == 0 );
+    TEST_ASSERT( mbedtls_poly1305_self_test( 1 ) == 0 );
 }
 /* END_CASE */

From 2aca2368817ce558d20624ad06b33d2e2d44ae2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 10:11:42 +0200
Subject: [PATCH 049/578] chacha20: add test for parameter validation

---
 tests/suites/test_suite_chacha20.data     |  3 ++
 tests/suites/test_suite_chacha20.function | 50 +++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/tests/suites/test_suite_chacha20.data b/tests/suites/test_suite_chacha20.data
index 86094604b..3f9033eeb 100644
--- a/tests/suites/test_suite_chacha20.data
+++ b/tests/suites/test_suite_chacha20.data
@@ -22,5 +22,8 @@ chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0
 ChaCha20 RFC 7539 Test Vector #3 (Decrypt)
 chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000000000000000002":42:"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1":"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e"
 
+ChaCha20 Paremeter Validation
+chacha20_bad_params:
+
 ChaCha20 Selftest
 chacha20_self_test:
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 124e51003..669d91e79 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -82,6 +82,56 @@ void chacha20_crypt( char *hex_key_string,
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void chacha20_bad_params()
+{
+    unsigned char key[32];
+    unsigned char nonce[12];
+    unsigned char src[1];
+    unsigned char dst[1];
+    uint32_t counter = 0;
+    size_t len = sizeof( src );
+    mbedtls_chacha20_context ctx;
+
+    mbedtls_chacha20_init( NULL );
+    mbedtls_chacha20_free( NULL );
+
+    mbedtls_chacha20_init( &ctx );
+
+    TEST_ASSERT( mbedtls_chacha20_setkey( NULL, key )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, NULL )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chacha20_starts( NULL, nonce, counter )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_starts( &ctx, NULL, counter )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chacha20_update( NULL, 0, src, dst )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, NULL, dst )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, src, NULL )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_update( &ctx, 0, NULL, NULL )
+                 == 0 );
+
+    mbedtls_chacha20_free( &ctx );
+
+    TEST_ASSERT( mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL )
+                 == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, 0, NULL, NULL )
+                 == 0 );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void chacha20_self_test()
 {

From a8fa8b8f964fec5468a9a4a224fda3b04f726ddd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 10:12:36 +0200
Subject: [PATCH 050/578] poly1305: add test for parameter validation

Also fix two validation bugs found while adding the tests.

Also handle test dependencies the right way while at it.
---
 library/poly1305.c                        |  4 +-
 tests/suites/test_suite_poly1305.data     | 17 ++-----
 tests/suites/test_suite_poly1305.function | 55 +++++++++++++++++++++--
 3 files changed, 58 insertions(+), 18 deletions(-)

diff --git a/library/poly1305.c b/library/poly1305.c
index 542a85004..0aa453356 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -259,7 +259,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] )
 {
-    if ( ctx == NULL )
+    if ( ctx == NULL || key == NULL )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
@@ -417,7 +417,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
 
 cleanup:
     mbedtls_poly1305_free( &ctx );
-    return( 0 );
+    return( result );
 }
 
 #endif /* MBEDTLS_POLY1305_ALT */
diff --git a/tests/suites/test_suite_poly1305.data b/tests/suites/test_suite_poly1305.data
index f259e848b..13912e997 100644
--- a/tests/suites/test_suite_poly1305.data
+++ b/tests/suites/test_suite_poly1305.data
@@ -1,51 +1,42 @@
 Poly1305 RFC 7539 Example And Test Vector
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"85d6be7857556d337f4452fe42d506a80103808afb0db2fd4abff6af4149f51b":"a8061dc1305136c6c22b8baf0c0127a9":"43727970746f6772617068696320466f72756d2052657365617263682047726f7570"
 
 Poly1305 RFC 7539 Test Vector #1
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
 
 Poly1305 RFC 7539 Test Vector #2
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0000000000000000000000000000000036e5f6b5c5e06070f0efca96227a863e":"36e5f6b5c5e06070f0efca96227a863e":"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f"
 
 Poly1305 RFC 7539 Test Vector #3
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"36e5f6b5c5e06070f0efca96227a863e00000000000000000000000000000000":"f3477e7cd95417af89a6b8794c310cf0":"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f"
 
 Poly1305 RFC 7539 Test Vector #4
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"4541669a7eaaee61e708dc7cbcc5eb62":"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e"
 
 Poly1305 RFC 7539 Test Vector #5
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0200000000000000000000000000000000000000000000000000000000000000":"03000000000000000000000000000000":"ffffffffffffffffffffffffffffffff"
 
 Poly1305 RFC 7539 Test Vector #6
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"02000000000000000000000000000000ffffffffffffffffffffffffffffffff":"03000000000000000000000000000000":"02000000000000000000000000000000"
 
 Poly1305 RFC 7539 Test Vector #7
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0100000000000000000000000000000000000000000000000000000000000000":"05000000000000000000000000000000":"fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff11000000000000000000000000000000"
 
 Poly1305 RFC 7539 Test Vector #8
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0100000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe01010101010101010101010101010101"
 
 Poly1305 RFC 7539 Test Vector #9
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0200000000000000000000000000000000000000000000000000000000000000":"faffffffffffffffffffffffffffffff":"fdffffffffffffffffffffffffffffff"
 
 Poly1305 RFC 7539 Test Vector #10
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0100000000000000040000000000000000000000000000000000000000000000":"14000000000000005500000000000000":"e33594d7505e43b900000000000000003394d7505e4379cd01000000000000000000000000000000000000000000000001000000000000000000000000000000"
 
 Poly1305 RFC 7539 Test Vector #11
-depends_on:MBEDTLS_POLY1305_C
 mbedtls_poly1305:"0100000000000000040000000000000000000000000000000000000000000000":"13000000000000000000000000000000":"e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000"
 
+Poly1305 Parameter validation
+poly1305_bad_params:
+
 Poly1305 Selftest
-depends_on:MBEDTLS_SELF_TEST:MBEDTLS_POLY1305_C
+depends_on:MBEDTLS_SELF_TEST
 poly1305_selftest:
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 682eb05aa..c5e7989fe 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -3,7 +3,12 @@
 #include <stddef.h>
 /* END_HEADER */
 
-/* BEGIN_CASE depends_on:MBEDTLS_POLY1305_C */
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_POLY1305_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE */
 void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src_string  )
 {
     unsigned char src_str[375]; /* max size of binary input */
@@ -24,7 +29,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
     /*
      * Test the integrated API
      */
-    mbedtls_poly1305_mac( key, src_str, src_len, mac );
+    TEST_ASSERT( mbedtls_poly1305_mac( key, src_str, src_len, mac ) == 0 );
 
     hexify( mac_str, mac, 16 );
     TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
@@ -63,7 +68,51 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_POLY1305_C:MBEDTLS_SELF_TEST */
+/* BEGIN_CASE */
+void poly1305_bad_params()
+{
+    unsigned char src[1];
+    unsigned char key[32];
+    unsigned char mac[16];
+    size_t src_len = sizeof( src );
+    mbedtls_poly1305_context ctx;
+
+    mbedtls_poly1305_init( NULL );
+    mbedtls_poly1305_free( NULL );
+
+    mbedtls_poly1305_init( &ctx );
+
+    TEST_ASSERT( mbedtls_poly1305_starts( NULL, key )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_poly1305_starts( &ctx, NULL )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_poly1305_update( NULL, src, 0 )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, src_len )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, 0 )
+                 == 0 );
+
+    TEST_ASSERT( mbedtls_poly1305_finish( NULL, mac )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_poly1305_finish( &ctx, NULL )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_poly1305_mac( NULL, src, 0, mac )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, src_len, mac )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_poly1305_mac( key, src, 0, NULL )
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, 0, mac )
+                 == 0 );
+
+    mbedtls_poly1305_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void poly1305_selftest()
 {
     TEST_ASSERT( mbedtls_poly1305_self_test( 1 ) == 0 );

From 59d2c30ebae033e0050eef3382972665d64b8e03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 10:39:32 +0200
Subject: [PATCH 051/578] chachapoly: add test for parameter validation

Also fix two bugs found by the new tests.

Also remove redundant test case dependency declarations while at it.
---
 library/chachapoly.c                        |   5 +-
 tests/suites/test_suite_chachapoly.data     |  11 +-
 tests/suites/test_suite_chachapoly.function | 157 +++++++++++++++++++-
 3 files changed, 161 insertions(+), 12 deletions(-)

diff --git a/library/chachapoly.c b/library/chachapoly.c
index 9ca21b39a..fd05886fb 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -202,7 +202,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
                                const unsigned char *input,
                                unsigned char *output )
 {
-    if ( ( ctx == NULL ) || ( input == NULL ) || ( output == NULL ) )
+    if ( ctx == NULL )
     {
         return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
     }
@@ -339,6 +339,9 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
     size_t i;
     int diff;
 
+    if( tag == NULL )
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
     if( ( ret = mbedtls_chachapoly_crypt_and_tag( ctx,
                         MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
                         aad, aad_len, input, output, check_tag ) ) != 0 )
diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data
index f0b4a0de6..b0eedea27 100644
--- a/tests/suites/test_suite_chachapoly.data
+++ b/tests/suites/test_suite_chachapoly.data
@@ -1,27 +1,24 @@
 ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Encrypt)
-depends_on:MBEDTLS_CHACHAPOLY_C
 mbedtls_chachapoly_enc:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600691"
 
 ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Decrypt)
-depends_on:MBEDTLS_CHACHAPOLY_C
 mbedtls_chachapoly_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600691":0
 
 ChaCha20-Poly1305 RFC 7539 Example and Test Vector (Decrypt, not authentic)
-depends_on:MBEDTLS_CHACHAPOLY_C
 mbedtls_chachapoly_dec:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"1ae10b594f09e26a7e902ecbd0600690":MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
 
 ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Encrypt)
-depends_on:MBEDTLS_CHACHAPOLY_C
 mbedtls_chachapoly_enc:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38"
 
 ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt)
-depends_on:MBEDTLS_CHACHAPOLY_C
 mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"eead9d67890cbb22392336fea1851f38":0
 
 ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt, not authentic)
-depends_on:MBEDTLS_CHACHAPOLY_C
 mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"fead9d67890cbb22392336fea1851f38":MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
 
+ChaCha20-Poly1305 Parameter Validation
+chachapoly_bad_params:
+
 ChaCha20-Poly1305 Selftest
-depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SELF_TEST
+depends_on:MBEDTLS_SELF_TEST
 chachapoly_selftest:
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index a613870b3..3f8145a54 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -46,13 +46,13 @@ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char
 
     mbedtls_chachapoly_init( &ctx );
 
-    mbedtls_chachapoly_setkey( &ctx, key_str );
+    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
 
-    mbedtls_chachapoly_crypt_and_tag( &ctx,
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       input_len, nonce_str,
                                       aad_str, aad_len,
-                                      input_str, output, mac );
+                                      input_str, output, mac ) == 0 );
 
     TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
     TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
@@ -101,7 +101,7 @@ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char
 
     mbedtls_chachapoly_init( &ctx );
 
-    mbedtls_chachapoly_setkey( &ctx, key_str );
+    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
 
     ret = mbedtls_chachapoly_auth_decrypt( &ctx,
                                            input_len, nonce_str,
@@ -119,6 +119,155 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void chachapoly_bad_params()
+{
+    unsigned char key[32];
+    unsigned char nonce[12];
+    unsigned char aad[1];
+    unsigned char input[1];
+    unsigned char output[1];
+    unsigned char mac[16];
+    size_t input_len = sizeof( input );
+    size_t aad_len = sizeof( aad );
+    mbedtls_chachapoly_context ctx;
+
+    memset( key,    0x00, sizeof( key ) );
+    memset( nonce,  0x00, sizeof( nonce ) );
+    memset( aad,    0x00, sizeof( aad ) );
+    memset( input,  0x00, sizeof( input ) );
+    memset( output, 0x00, sizeof( output ) );
+    memset( mac,    0x00, sizeof( mac ) );
+
+    mbedtls_chachapoly_init( NULL );
+    mbedtls_chachapoly_free( NULL );
+
+    mbedtls_chachapoly_init( &ctx );
+
+    TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( NULL,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      0, nonce,
+                                      aad, 0,
+                                      input, output, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      0, NULL,
+                                      aad, 0,
+                                      input, output, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      0, nonce,
+                                      NULL, aad_len,
+                                      input, output, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      input_len, nonce,
+                                      aad, 0,
+                                      NULL, output, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      input_len, nonce,
+                                      aad, 0,
+                                      input, NULL, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      0, nonce,
+                                      aad, 0,
+                                      input, output, NULL )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL,
+                                           0, nonce,
+                                           aad, 0,
+                                           mac, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           0, NULL,
+                                           aad, 0,
+                                           mac, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           0, nonce,
+                                           NULL, aad_len,
+                                           mac, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           0, nonce,
+                                           aad, 0,
+                                           NULL, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           input_len, nonce,
+                                           aad, 0,
+                                           mac, NULL, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           input_len, nonce,
+                                           aad, 0,
+                                           mac, input, NULL )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      0, nonce,
+                                      aad, aad_len,
+                                      NULL, NULL, mac )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           0, nonce,
+                                           aad, aad_len,
+                                           mac, NULL, NULL )
+                 == 0 );
+
+    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      input_len, nonce,
+                                      NULL, 0,
+                                      input, output, mac )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
+                                           input_len, nonce,
+                                           NULL, 0,
+                                           mac, input, output )
+                 == 0 );
+
+    TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
+    TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+
+exit:
+    mbedtls_chachapoly_free( &ctx );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void chachapoly_selftest()
 {

From 444f71121685facd1a8c9b52719bdb1459892219 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 11:06:46 +0200
Subject: [PATCH 052/578] poly1305: add test with multiple small fragments

This exercises the code path where data is just appended to the waiting queue
while it isn't empty.
---
 tests/suites/test_suite_poly1305.function | 32 ++++++++++++++++++-----
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index c5e7989fe..62d2ad951 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -54,15 +54,35 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
 
     /* Don't free/init the context, in order to test that starts() does the
      * right thing. */
-    TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
+    if( src_len >= 1 )
+    {
+        TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
 
-    TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 );
-    TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, src_len - 1) == 0 );
+        TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 );
+        TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, src_len - 1 ) == 0 );
 
-    TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
+        TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
 
-    hexify( mac_str, mac, 16 );
-    TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+        hexify( mac_str, mac, 16 );
+        TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+    }
+
+    /*
+     * Again with more pieces
+     */
+    if( src_len >= 2 )
+    {
+        TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 );
+
+        TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 );
+        TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, 1 ) == 0 );
+        TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 2, src_len - 2 ) == 0 );
+
+        TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
+
+        hexify( mac_str, mac, 16 );
+        TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
+    }
 
     mbedtls_poly1305_free( &ctx );
 }

From ceb1225d4610d975e1f5a75df9df3f48ae5d96af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 11:41:00 +0200
Subject: [PATCH 053/578] chachapoly: add test for state flow

---
 tests/suites/test_suite_chachapoly.data     |  3 +
 tests/suites/test_suite_chachapoly.function | 80 +++++++++++++++++++++
 2 files changed, 83 insertions(+)

diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data
index b0eedea27..34cb56831 100644
--- a/tests/suites/test_suite_chachapoly.data
+++ b/tests/suites/test_suite_chachapoly.data
@@ -16,6 +16,9 @@ mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc
 ChaCha20-Poly1305 RFC 7539 Test Vector #1 (Decrypt, not authentic)
 mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"fead9d67890cbb22392336fea1851f38":MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
 
+ChaCha20-Poly1305 State Flow
+chachapoly_state:
+
 ChaCha20-Poly1305 Parameter Validation
 chachapoly_bad_params:
 
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 3f8145a54..e379309cd 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -268,6 +268,86 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void chachapoly_state()
+{
+    unsigned char key[32];
+    unsigned char nonce[12];
+    unsigned char aad[1];
+    unsigned char input[1];
+    unsigned char output[1];
+    unsigned char mac[16];
+    size_t input_len = sizeof( input );
+    size_t aad_len = sizeof( aad );
+    mbedtls_chachapoly_context ctx;
+
+    memset( key,    0x00, sizeof( key ) );
+    memset( nonce,  0x00, sizeof( nonce ) );
+    memset( aad,    0x00, sizeof( aad ) );
+    memset( input,  0x00, sizeof( input ) );
+    memset( output, 0x00, sizeof( output ) );
+    memset( mac,    0x00, sizeof( mac ) );
+
+    /* Initial state: finish, update, update_aad forbidden */
+    mbedtls_chachapoly_init( &ctx );
+
+    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+
+    /* Still initial state: finish, update, update_aad forbidden */
+    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
+                 == 0 );
+
+    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+
+    /* Starts -> finish OK */
+    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
+                 == 0 );
+
+    /* After finish: update, update_aad forbidden */
+    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+
+    /* Starts -> update* OK */
+    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
+                 == 0 );
+
+    /* After update: update_aad forbidden */
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
+                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+
+    /* Starts -> update_aad* -> finish OK */
+    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
+                 == 0 );
+    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
+                 == 0 );
+
+exit:
+    mbedtls_chachapoly_free( &ctx );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void chachapoly_selftest()
 {

From c0dfcd4bf195f3f3b547e6a19336a9d3b359473a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 11:42:07 +0200
Subject: [PATCH 054/578] Simplify selftest functions using macros

This reduces clutter, making the functions more readable.

Also, it makes lcov see each line as covered. This is not cheating, as the
lines that were previously seen as not covered are not supposed to be reached
anyway (failing branches of the selftests).

Thanks to this and previous test suite enhancements, lcov now sees chacha20.c
and poly1305.c at 100% line coverage, and for chachapoly.c only two lines are
not covered (error returns from lower-level module that should never happen
except perhaps if an alternative implementation returns an unexpected error).
---
 library/chacha20.c   | 45 +++++++++++++------------------
 library/chachapoly.c | 64 ++++++++++++++++----------------------------
 library/poly1305.c   | 45 +++++++++++++------------------
 3 files changed, 60 insertions(+), 94 deletions(-)

diff --git a/library/chacha20.c b/library/chacha20.c
index d89000da2..5a753ebaa 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -519,18 +519,29 @@ static const size_t test_lengths[2] =
     375U
 };
 
+#define ASSERT( cond, args )            \
+    do                                  \
+    {                                   \
+        if( ! ( cond ) )                \
+        {                               \
+            if( verbose != 0 )          \
+                mbedtls_printf args;    \
+                                        \
+            return( -1 );               \
+        }                               \
+    }                                   \
+    while( 0 )
+
 int mbedtls_chacha20_self_test( int verbose )
 {
     unsigned char output[381];
     unsigned i;
     int result;
 
-    for ( i = 0U; i < 2U; i++ )
+    for( i = 0U; i < 2U; i++ )
     {
-        if ( verbose != 0 )
-        {
+        if( verbose != 0 )
             mbedtls_printf( "  ChaCha20 test %u ", i );
-        }
 
         result = mbedtls_chacha20_crypt( test_keys[i],
                                          test_nonces[i],
@@ -538,36 +549,18 @@ int mbedtls_chacha20_self_test( int verbose )
                                          test_lengths[i],
                                          test_input[i],
                                          output );
-        if ( result != 0)
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "error code: %i\n", result );
-            }
 
-            return( -1 );
-        }
+        ASSERT( 0 == result, ( "error code: %i\n", result ) );
 
-        if ( 0 != memcmp( output, test_output[i], test_lengths[i] ) )
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "failed\n" );
-            }
+        ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ),
+                ( "failed (output)\n" ) );
 
-            return( -1 );
-        }
-
-        if ( verbose != 0 )
-        {
+        if( verbose != 0 )
             mbedtls_printf( "passed\n" );
-        }
     }
 
     if( verbose != 0 )
-    {
         mbedtls_printf( "\n" );
-    }
 
     return( 0 );
 }
diff --git a/library/chachapoly.c b/library/chachapoly.c
index fd05886fb..ebf25bbbb 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -452,6 +452,19 @@ static const unsigned char test_mac[1][16] =
     }
 };
 
+#define ASSERT( cond, args )            \
+    do                                  \
+    {                                   \
+        if( ! ( cond ) )                \
+        {                               \
+            if( verbose != 0 )          \
+                mbedtls_printf args;    \
+                                        \
+            return( -1 );               \
+        }                               \
+    }                                   \
+    while( 0 )
+
 int mbedtls_chachapoly_self_test( int verbose )
 {
     mbedtls_chachapoly_context ctx;
@@ -460,24 +473,15 @@ int mbedtls_chachapoly_self_test( int verbose )
     unsigned char output[200];
     unsigned char mac[16];
 
-    for ( i = 0U; i < 1U; i++ )
+    for( i = 0U; i < 1U; i++ )
     {
-        if ( verbose != 0 )
-        {
+        if( verbose != 0 )
             mbedtls_printf( "  ChaCha20-Poly1305 test %u ", i );
-        }
 
         mbedtls_chachapoly_init( &ctx );
 
         result = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
-        if ( result != 0 )
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "setkey() error code: %i\n", result );
-            }
-            return( -1 );
-        }
+        ASSERT( 0 == result, ( "setkey() error code: %i\n", result ) );
 
         result = mbedtls_chachapoly_crypt_and_tag( &ctx,
                                                    MBEDTLS_CHACHAPOLY_ENCRYPT,
@@ -488,45 +492,23 @@ int mbedtls_chachapoly_self_test( int verbose )
                                                    test_input[i],
                                                    output,
                                                    mac );
-        if ( result != 0 )
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "crypt_and_tag() error code: %i\n", result );
-            }
-            return( -1 );
-        }
 
-        if ( memcmp( output, test_output[i], test_input_len[i] ) != 0 )
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "failure (wrong output)\n" );
-            }
-            return( -1 );
-        }
+        ASSERT( 0 == result, ( "crypt_and_tag() error code: %i\n", result ) );
 
-        if ( memcmp( mac, test_mac[i], 16U ) != 0 )
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "failure (wrong MAC)\n" );
-            }
-            return( -1 );
-        }
+        ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ),
+                ( "failure (wrong output)\n" ) );
+
+        ASSERT( 0 == memcmp( mac, test_mac[i], 16U ),
+                ( "failure (wrong MAC)\n" ) );
 
         mbedtls_chachapoly_free( &ctx );
 
-        if ( verbose != 0 )
-        {
+        if( verbose != 0 )
             mbedtls_printf( "passed\n" );
-        }
     }
 
     if( verbose != 0 )
-    {
         mbedtls_printf( "\n" );
-    }
 
     return( 0 );
 }
diff --git a/library/poly1305.c b/library/poly1305.c
index 0aa453356..a9fff4757 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -487,53 +487,44 @@ static const unsigned char test_mac[2][16] =
     }
 };
 
+#define ASSERT( cond, args )            \
+    do                                  \
+    {                                   \
+        if( ! ( cond ) )                \
+        {                               \
+            if( verbose != 0 )          \
+                mbedtls_printf args;    \
+                                        \
+            return( -1 );               \
+        }                               \
+    }                                   \
+    while( 0 )
+
 int mbedtls_poly1305_self_test( int verbose )
 {
     unsigned char mac[16];
     unsigned i;
     int result;
 
-    for ( i = 0U; i < 2U; i++ )
+    for( i = 0U; i < 2U; i++ )
     {
-        if ( verbose != 0 )
-        {
+        if( verbose != 0 )
             mbedtls_printf( "  Poly1305 test %u ", i );
-        }
 
         result = mbedtls_poly1305_mac( test_keys[i],
                                        test_data[i],
                                        test_data_len[i],
                                        mac );
-        if ( result != 0 )
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "error code: %i\n", result );
-            }
+        ASSERT( 0 == result, ( "error code: %i\n", result ) );
 
-            return( -1 );
-        }
+        ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) );
 
-        if ( memcmp( mac, test_mac[i], 16U ) != 0 )
-        {
-            if ( verbose != 0 )
-            {
-                mbedtls_printf( "failed\n" );
-            }
-
-            return( -1 );
-        }
-
-        if ( verbose != 0 )
-        {
+        if( verbose != 0 )
             mbedtls_printf( "passed\n" );
-        }
     }
 
     if( verbose != 0 )
-    {
         mbedtls_printf( "\n" );
-    }
 
     return( 0 );
 }

From 32902e6eae89af32a406a68f4a7c8dbf318305a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 12:30:19 +0200
Subject: [PATCH 055/578] cipher: handle ChaCha20 as a stream cipher

That's what it is. So we shouldn't set a block size != 1.

While at it, move call to chachapoly_update() closer to the one for GCM, as
they are similar (AEAD).
---
 include/mbedtls/cipher.h |  2 +-
 library/cipher.c         | 34 +++++++++-------------------------
 library/cipher_wrap.c    | 21 +++++++++++++++++----
 3 files changed, 27 insertions(+), 30 deletions(-)

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 591aa79aa..1ae847d20 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -193,7 +193,7 @@ enum {
 /** Maximum length of any IV, in Bytes. */
 #define MBEDTLS_MAX_IV_LENGTH      16
 /** Maximum block size of any cipher, in Bytes. */
-#define MBEDTLS_MAX_BLOCK_LENGTH   64
+#define MBEDTLS_MAX_BLOCK_LENGTH   16
 
 /**
  * Base cipher information (opaque struct).
diff --git a/library/cipher.c b/library/cipher.c
index 2463a6148..cf10094f6 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -367,6 +367,15 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
     }
 #endif
 
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
+    {
+        *olen = ilen;
+        return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
+                                                      ilen, input, output );
+    }
+#endif
+
     if ( 0 == block_size )
     {
         return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT;
@@ -378,31 +387,6 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
 
-
-#if defined(MBEDTLS_CHACHA20_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
-    {
-        *olen = ilen;
-        return mbedtls_chacha20_update( (mbedtls_chacha20_context*) ctx->cipher_ctx,
-                                         ilen, input, output );
-    }
-#endif
-
-    if( input == output &&
-       ( ctx->unprocessed_len != 0 || ilen % mbedtls_cipher_get_block_size( ctx ) ) )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
-    {
-        *olen = ilen;
-        return mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                      ilen, input, output );
-    }
-#endif
-
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
     {
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 5c8082850..9110b968c 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1305,6 +1305,19 @@ static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
     return( 0 );
 }
 
+static int chacha20_stream_wrap( void *ctx,  size_t length,
+                                 const unsigned char *input,
+                                 unsigned char *output )
+{
+    int ret;
+
+    ret = mbedtls_chacha20_update( ctx, length, input, output );
+    if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    return( ret );
+}
+
 static void * chacha20_ctx_alloc( void )
 {
     mbedtls_chacha20_context *ctx;
@@ -1337,7 +1350,7 @@ static const mbedtls_cipher_base_t chacha20_base_info = {
     NULL,
 #endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
+    chacha20_stream_wrap,
 #endif
     chacha20_setkey_wrap,
     chacha20_setkey_wrap,
@@ -1346,12 +1359,12 @@ static const mbedtls_cipher_base_t chacha20_base_info = {
 };
 static const mbedtls_cipher_info_t chacha20_info = {
     MBEDTLS_CIPHER_CHACHA20,
-    MBEDTLS_MODE_NONE,
+    MBEDTLS_MODE_STREAM,
     256,
     "CHACHA20",
     12,
     0,
-    64,
+    1,
     &chacha20_base_info
 };
 #endif /* MBEDTLS_CHACHA20_C */
@@ -1417,7 +1430,7 @@ static const mbedtls_cipher_info_t chachapoly_info = {
     "CHACHA20-POLY1305",
     12,
     0,
-    64,
+    1,
     &chachapoly_base_info
 };
 #endif /* MBEDTLS_CHACHAPOLY_C */

From 234e1cef735d12f24b569271c8af02edbad6e07c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 10 May 2018 12:54:32 +0200
Subject: [PATCH 056/578] cipher: add stream test vectors for
 chacha20(poly1305)

---
 tests/suites/test_suite_cipher.chacha20.data   | 6 +++++-
 tests/suites/test_suite_cipher.chachapoly.data | 4 ++++
 tests/suites/test_suite_cipher.function        | 6 +++---
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data
index 5f3e07d0b..c67e582e7 100644
--- a/tests/suites/test_suite_cipher.chacha20.data
+++ b/tests/suites/test_suite_cipher.chacha20.data
@@ -1,7 +1,11 @@
 Decrypt empty buffer
-depends_on:MBEDTLS_CHACHA20_C:
+depends_on:MBEDTLS_CHACHA20_C
 dec_empty_buf:
 
+Chacha20 RFC 7539 Test Vector #1
+depends_on:MBEDTLS_CHACHA20_C
+decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20:-1:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"":"":0:0
+
 ChaCha20 Encrypt and decrypt 0 bytes
 depends_on:MBEDTLS_CHACHA20_C
 enc_dec_buf:MBEDTLS_CIPHER_CHACHA20:"CHACHA20":256:0:-1
diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index d91dc2432..1760dc09d 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -117,3 +117,7 @@ auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0
 ChaCha20+Poly1305 RFC 7539 Test Vector #1 Unauthentic (1st bit flipped)
 depends_on:MBEDTLS_CHACHAPOLY_C
 auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"6ead9d67890cbb22392336fea1851f38":"FAIL"
+
+Chacha20+Poly1305 RFC 7539 Test Vector #1 (streaming)
+depends_on:MBEDTLS_CHACHAPOLY_C
+decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20_POLY1305:-1:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d":"f33388860000000000004e91":"eead9d67890cbb22392336fea1851f38":0:0
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index e4b7e4365..b7037a068 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -479,8 +479,9 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
 {
     unsigned char key[50];
     unsigned char iv[50];
-    unsigned char cipher[200];
-    unsigned char clear[200];
+    unsigned char cipher[265]; /* max length of test data so far */
+    unsigned char clear[265];
+    unsigned char output[265];
     unsigned char ad[200];
     unsigned char tag[20];
     size_t key_len, iv_len, cipher_len, clear_len;
@@ -488,7 +489,6 @@ void decrypt_test_vec( int cipher_id, int pad_mode,
     size_t ad_len, tag_len;
 #endif
     mbedtls_cipher_context_t ctx;
-    unsigned char output[200];
     size_t outlen, total_len;
 
     mbedtls_cipher_init( &ctx );

From 3798b6be6be7a8a9b3ecd1f7e43df3a72382f365 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 13:27:45 +0200
Subject: [PATCH 057/578] Add some error codes and merge others

- need HW failure codes too
- re-use relevant poly codes for chachapoly to save on limited space

Values were chosen to leave 3 free slots at the end of the NET odd range.
---
 include/mbedtls/chacha20.h                  |  5 ++-
 include/mbedtls/chachapoly.h                | 23 +++++------
 include/mbedtls/error.h                     |  8 ++--
 include/mbedtls/poly1305.h                  |  1 +
 library/chachapoly.c                        | 16 +++----
 library/error.c                             |  8 ++--
 tests/suites/test_suite_chachapoly.function | 46 ++++++++++-----------
 7 files changed, 54 insertions(+), 53 deletions(-)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 7a8cd531e..c33aef371 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -42,8 +42,9 @@
 #include <stdint.h>
 #include <stddef.h>
 
-#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA         -0x0053 /**< Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE    -0x0055 /**< Feature not available. For example, s part of the API is not implemented. */
+#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA         -0x0051 /**< Invalid input parameter(s). */
+#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE    -0x0053 /**< Feature not available. For example, s part of the API is not implemented. */
+#define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED        -0x0055  /**< Chacha20 hardware accelerator failed. */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index a55a3eea2..ae786e045 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -39,11 +39,11 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA       -0x0054 /**< Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE            -0x0056 /**< The requested operation is not permitted in the current state. */
-#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED          -0x0058 /**< Authenticated decryption failed: data was not authentic. */
-#define MBEDTLS_ERR_CHACHAPOLY_FEATURE_UNAVAILABLE  -0x005A /**< Feature not available. For example, s part of the API is not implemented. */
+/* for shared error codes */
+#include "poly1305.h"
 
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE            -0x0054 /**< The requested operation is not permitted in the current state. */
+#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED          -0x0056 /**< Authenticated decryption failed: data was not authentic. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -59,7 +59,6 @@ mbedtls_chachapoly_mode_t;
 #if !defined(MBEDTLS_CHACHAPOLY_ALT)
 
 #include "chacha20.h"
-#include "poly1305.h"
 
 typedef struct
 {
@@ -117,7 +116,7 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
  * \param key       The 256-bit (32 bytes) key.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if \p ctx or \p key are NULL.
  */
 int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
@@ -141,7 +140,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
  *                  #MBEDTLS_CHACHAPOLY_DECRYPT.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if \p ctx or \p mac are NULL.
  */
 int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
@@ -177,7 +176,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
  *                  This pointer can be NULL if aad_len == 0.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if \p ctx or \p aad are NULL.
  * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
  *                  if the operations has not been started or has been
@@ -210,7 +209,7 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
  *                  This pointer can be NULL if len == 0.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if \p ctx, \p input, or \p output are NULL.
  * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
  *                  if the operation has not been started or has been
@@ -229,7 +228,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
  * \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if \p ctx or \p mac are NULL.
  * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
  *                  if the operation has not been started or has been
@@ -265,7 +264,7 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
  * \param tag       The buffer to where the computed 128-bit (16 bytes) MAC is written.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if one or more of the required parameters are NULL.
  */
 int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
@@ -298,7 +297,7 @@ int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
  *                  This pointer can be NULL if ilen == 0.
  *
  * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA
+ * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if one or more of the required parameters are NULL.
  * \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
  *                  if the data was not authentic.
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 21fa9fce2..12f045ab4 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -62,7 +62,7 @@
  * DES       2  0x0032-0x0032   0x0033-0x0033
  * CTR_DBRG  4  0x0034-0x003A
  * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
- * NET      11  0x0042-0x0052   0x0043-0x0045
+ * NET      13  0x0042-0x0052   0x0043-0x0049
  * ASN1      7  0x0060-0x006C
  * CMAC      1  0x007A-0x007A
  * PBKDF2    1  0x007C-0x007C
@@ -76,9 +76,9 @@
  * SHA1      1                  0x0035-0x0035
  * SHA256    1                  0x0037-0x0037
  * SHA512    1                  0x0039-0x0039
- * CHACHA20  2                  0x0053-0x0055
- * POLY1305  2                  0x0057-0x0059
- * CHACHAPOLY 4 0x0054-0x005A
+ * CHACHA20  3                  0x0051-0x0055
+ * POLY1305  3                  0x0057-0x005B
+ * CHACHAPOLY 2 0x0054-0x0056
  *
  * High-level module nr (3 bits - 0x0...-0x7...)
  * Name      ID  Nr of Errors
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 021a3a0de..babbc15fa 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -44,6 +44,7 @@
 
 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057 /**< Invalid input parameter(s). */
 #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE    -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
+#define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED        -0x005B  /**< Poly1305 hardware accelerator failed. */
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/library/chachapoly.c b/library/chachapoly.c
index ebf25bbbb..de9e66ccc 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -123,7 +123,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
 
     if ( ( ctx == NULL ) || ( key == NULL ) )
     {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
 
     result = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
@@ -140,7 +140,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
 
     if ( ( ctx == NULL ) || ( nonce == NULL ) )
     {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
 
     /* Set counter = 0, will be update to 1 when generating Poly1305 key */
@@ -180,12 +180,12 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
 {
     if ( ctx == NULL )
     {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
     else if ( ( aad_len > 0U ) && ( aad == NULL ) )
     {
         /* aad pointer is allowed to be NULL if aad_len == 0 */
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
     else if ( ctx->state != CHACHAPOLY_STATE_AAD )
     {
@@ -204,12 +204,12 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
 {
     if ( ctx == NULL )
     {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
     else if ( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
     {
         /* input and output pointers are allowed to be NULL if len == 0 */
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
     else if ( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
               ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
@@ -251,7 +251,7 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
 
     if ( ( ctx == NULL ) || ( mac == NULL ) )
     {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
     else if ( ctx->state == CHACHAPOLY_STATE_INIT )
     {
@@ -340,7 +340,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
     int diff;
 
     if( tag == NULL )
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
     if( ( ret = mbedtls_chachapoly_crypt_and_tag( ctx,
                         MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
diff --git a/library/error.c b/library/error.c
index d9c21cd3f..512831f09 100644
--- a/library/error.c
+++ b/library/error.c
@@ -670,17 +670,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
         mbedtls_snprintf( buf, buflen, "CHACHA20 - Invalid input parameter(s)" );
     if( use_ret == -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE) )
         mbedtls_snprintf( buf, buflen, "CHACHA20 - Feature not available. For example, s part of the API is not implemented" );
+    if( use_ret == -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED) )
+        mbedtls_snprintf( buf, buflen, "CHACHA20 - Chacha20 hardware accelerator failed" );
 #endif /* MBEDTLS_CHACHA20_C */
 
 #if defined(MBEDTLS_CHACHAPOLY_C)
-    if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA) )
-        mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Invalid input parameter(s)" );
     if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE) )
         mbedtls_snprintf( buf, buflen, "CHACHAPOLY - The requested operation is not permitted in the current state" );
     if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) )
         mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Authenticated decryption failed: data was not authentic" );
-    if( use_ret == -(MBEDTLS_ERR_CHACHAPOLY_FEATURE_UNAVAILABLE) )
-        mbedtls_snprintf( buf, buflen, "CHACHAPOLY - Feature not available. For example, s part of the API is not implemented" );
 #endif /* MBEDTLS_CHACHAPOLY_C */
 
 #if defined(MBEDTLS_CMAC_C)
@@ -800,6 +798,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
         mbedtls_snprintf( buf, buflen, "POLY1305 - Invalid input parameter(s)" );
     if( use_ret == -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE) )
         mbedtls_snprintf( buf, buflen, "POLY1305 - Feature not available. For example, s part of the API is not implemented" );
+    if( use_ret == -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED) )
+        mbedtls_snprintf( buf, buflen, "POLY1305 - Poly1305 hardware accelerator failed" );
 #endif /* MBEDTLS_POLY1305_C */
 
 #if defined(MBEDTLS_RIPEMD160_C)
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index e379309cd..7baa22995 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -145,77 +145,77 @@ void chachapoly_bad_params()
     mbedtls_chachapoly_init( &ctx );
 
     TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
     TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( NULL,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       0, nonce,
                                       aad, 0,
                                       input, output, mac )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       0, NULL,
                                       aad, 0,
                                       input, output, mac )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       0, nonce,
                                       NULL, aad_len,
                                       input, output, mac )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       input_len, nonce,
                                       aad, 0,
                                       NULL, output, mac )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       input_len, nonce,
                                       aad, 0,
                                       input, NULL, mac )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
                                       0, nonce,
                                       aad, 0,
                                       input, output, NULL )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
     TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL,
                                            0, nonce,
                                            aad, 0,
                                            mac, input, output )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
                                            0, NULL,
                                            aad, 0,
                                            mac, input, output )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
                                            0, nonce,
                                            NULL, aad_len,
                                            mac, input, output )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
                                            0, nonce,
                                            aad, 0,
                                            NULL, input, output )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
                                            input_len, nonce,
                                            aad, 0,
                                            mac, NULL, output )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
                                            input_len, nonce,
                                            aad, 0,
                                            mac, input, NULL )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
     TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
                                       MBEDTLS_CHACHAPOLY_ENCRYPT,
@@ -242,26 +242,26 @@ void chachapoly_bad_params()
                  == 0 );
 
     TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
     TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
     TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
     TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL )
-                 == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA );
+                 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
 exit:
     mbedtls_chachapoly_free( &ctx );

From fb78c901389043d37a3076a745835084c63b8d7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 13:46:15 +0200
Subject: [PATCH 058/578] Use recently-introduced platform_util module

---
 library/chacha20.c   | 23 ++++++++++-------------
 library/chachapoly.c | 11 ++++-------
 library/poly1305.c   | 16 ++++++----------
 3 files changed, 20 insertions(+), 30 deletions(-)

diff --git a/library/chacha20.c b/library/chacha20.c
index 5a753ebaa..7f7603549 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -22,7 +22,6 @@
  *
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
-#include "mbedtls/chacha20.h"
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
@@ -32,7 +31,8 @@
 
 #if defined(MBEDTLS_CHACHA20_C)
 
-#if !defined(MBEDTLS_CHACHA20_ALT)
+#include "mbedtls/chacha20.h"
+#include "mbedtls/platform_util.h"
 
 #include <stddef.h>
 #include <string.h>
@@ -46,6 +46,8 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
+#if !defined(MBEDTLS_CHACHA20_ALT)
+
 #define BYTES_TO_U32_LE( data, offset )                           \
     ( (uint32_t) data[offset]                                     \
           | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 )   \
@@ -59,11 +61,6 @@
 
 #define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U )
 
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
 /**
  * \brief           ChaCha20 quarter round operation.
  *
@@ -182,9 +179,9 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
 {
     if ( ctx != NULL )
     {
-        mbedtls_zeroize( ctx->initial_state, sizeof( ctx->initial_state ) );
-        mbedtls_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
-        mbedtls_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+        mbedtls_platform_zeroize( ctx->initial_state, sizeof( ctx->initial_state ) );
+        mbedtls_platform_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
+        mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
 
         /* Initially, there's no keystream bytes available */
         ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
@@ -195,7 +192,7 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
 {
     if ( ctx != NULL )
     {
-        mbedtls_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
+        mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
     }
 }
 
@@ -243,8 +240,8 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
     ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );
 
-    mbedtls_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
-    mbedtls_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
+    mbedtls_platform_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
+    mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
 
     /* Initially, there's no keystream bytes available */
     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
diff --git a/library/chachapoly.c b/library/chachapoly.c
index de9e66ccc..5ce27f210 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -29,6 +29,8 @@
 #if defined(MBEDTLS_CHACHAPOLY_C)
 
 #include "mbedtls/chachapoly.h"
+#include "mbedtls/platform_util.h"
+
 #include <string.h>
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -47,11 +49,6 @@
 #define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
 #define CHACHAPOLY_STATE_FINISHED   ( 3 )
 
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
 /**
  * \brief           Adds padding bytes (zeroes) to pad the AAD for Poly1305.
  *
@@ -170,7 +167,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
     }
 
 cleanup:
-    mbedtls_zeroize( poly1305_key, 64U );
+    mbedtls_platform_zeroize( poly1305_key, 64U );
     return( result );
 }
 
@@ -355,7 +352,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
 
     if( diff != 0 )
     {
-        mbedtls_zeroize( output, length );
+        mbedtls_platform_zeroize( output, length );
         return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
     }
 
diff --git a/library/poly1305.c b/library/poly1305.c
index a9fff4757..bdd674475 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -28,9 +28,8 @@
 
 #if defined(MBEDTLS_POLY1305_C)
 
-#if !defined(MBEDTLS_POLY1305_ALT)
-
 #include "mbedtls/poly1305.h"
+#include "mbedtls/platform_util.h"
 
 #include <string.h>
 
@@ -43,6 +42,8 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 
+#if !defined(MBEDTLS_POLY1305_ALT)
+
 #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
 
 #define BYTES_TO_U32_LE( data, offset )                           \
@@ -52,11 +53,6 @@
           | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 )  \
     )
 
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_zeroize( void *v, size_t n ) {
-    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
-}
-
 /**
  * \brief                   Process blocks with Poly1305.
  *
@@ -244,7 +240,7 @@ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
 {
     if ( ctx != NULL )
     {
-        mbedtls_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
+        mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
     }
 }
 
@@ -252,7 +248,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
 {
     if ( ctx != NULL )
     {
-        mbedtls_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
+        mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
     }
 }
 
@@ -283,7 +279,7 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
     ctx->acc[4] = 0U;
 
     /* Queue initially empty */
-    mbedtls_zeroize( ctx->queue, sizeof( ctx->queue ) );
+    mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) );
     ctx->queue_len = 0U;
 
     return( 0 );

From c22e61a081b0aa1309429cc7f73a22220f419d38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 13:51:05 +0200
Subject: [PATCH 059/578] Add ifdef for selftest in header file

See https://github.com/ARMmbed/mbedtls/pull/975
---
 include/mbedtls/chacha20.h   | 2 ++
 include/mbedtls/chachapoly.h | 2 ++
 include/mbedtls/poly1305.h   | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index c33aef371..56ee57aa6 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -196,6 +196,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
                             const unsigned char* input,
                             unsigned char* output );
 
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief           The ChaCha20 checkup routine.
  *
@@ -203,6 +204,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
  * \return          \c 1 on failure.
  */
 int mbedtls_chacha20_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index ae786e045..249dba185 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -311,6 +311,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
                                      const unsigned char *input,
                                      unsigned char *output );
 
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief           The ChaCha20-Poly1305 checkup routine.
  *
@@ -318,6 +319,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
  * \return          \c 1 on failure.
  */
 int mbedtls_chachapoly_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index babbc15fa..abe369000 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -164,6 +164,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
                           size_t ilen,
                           unsigned char mac[16] );
 
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief           The Poly1305 checkup routine.
  *
@@ -171,6 +172,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
  * \return          \c 1 on failure.
  */
 int mbedtls_poly1305_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
 }

From 9620f9b99e59a789e71154d0ca13d310f05247e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 16:52:19 +0200
Subject: [PATCH 060/578] Rm mbedtls_ prefix form static functions

- prefix is no necessary for static ids and makes lines longer
- most often omitted (even though we're not fully consistent)
---
 library/chacha20.c   | 42 ++++++++++++++++++++----------------------
 library/chachapoly.c | 10 +++++-----
 library/poly1305.c   | 27 +++++++++++----------------
 3 files changed, 36 insertions(+), 43 deletions(-)

diff --git a/library/chacha20.c b/library/chacha20.c
index 7f7603549..81bb3b702 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -76,11 +76,11 @@
  * \param c         The index of 'c' in the state.
  * \param d         The index of 'd' in the state.
  */
-static inline void mbedtls_chacha20_quarter_round( uint32_t state[16],
-                                                   size_t a,
-                                                   size_t b,
-                                                   size_t c,
-                                                   size_t d )
+static inline void chacha20_quarter_round( uint32_t state[16],
+                                           size_t a,
+                                           size_t b,
+                                           size_t c,
+                                           size_t d )
 {
     /* a += b; d ^= a; d <<<= 16; */
     state[a] += state[b];
@@ -111,17 +111,17 @@ static inline void mbedtls_chacha20_quarter_round( uint32_t state[16],
  *
  * \param state     The ChaCha20 state to update.
  */
-static void mbedtls_chacha20_inner_block( uint32_t state[16] )
+static void chacha20_inner_block( uint32_t state[16] )
 {
-    mbedtls_chacha20_quarter_round( state, 0, 4, 8,  12 );
-    mbedtls_chacha20_quarter_round( state, 1, 5, 9,  13 );
-    mbedtls_chacha20_quarter_round( state, 2, 6, 10, 14 );
-    mbedtls_chacha20_quarter_round( state, 3, 7, 11, 15 );
+    chacha20_quarter_round( state, 0, 4, 8,  12 );
+    chacha20_quarter_round( state, 1, 5, 9,  13 );
+    chacha20_quarter_round( state, 2, 6, 10, 14 );
+    chacha20_quarter_round( state, 3, 7, 11, 15 );
 
-    mbedtls_chacha20_quarter_round( state, 0, 5, 10, 15 );
-    mbedtls_chacha20_quarter_round( state, 1, 6, 11, 12 );
-    mbedtls_chacha20_quarter_round( state, 2, 7, 8,  13 );
-    mbedtls_chacha20_quarter_round( state, 3, 4, 9,  14 );
+    chacha20_quarter_round( state, 0, 5, 10, 15 );
+    chacha20_quarter_round( state, 1, 6, 11, 12 );
+    chacha20_quarter_round( state, 2, 7, 8,  13 );
+    chacha20_quarter_round( state, 3, 4, 9,  14 );
 }
 
 /**
@@ -131,9 +131,9 @@ static void mbedtls_chacha20_inner_block( uint32_t state[16] )
  * \param working_state This state is used as a temporary working area.
  * \param keystream     Generated keystream bytes are written to this buffer.
  */
-static void mbedtls_chacha20_block( const uint32_t initial_state[16],
-                                    uint32_t working_state[16],
-                                    unsigned char keystream[64] )
+static void chacha20_block( const uint32_t initial_state[16],
+                            uint32_t working_state[16],
+                            unsigned char keystream[64] )
 {
     size_t i;
     size_t offset;
@@ -143,9 +143,7 @@ static void mbedtls_chacha20_block( const uint32_t initial_state[16],
             CHACHA20_BLOCK_SIZE_BYTES );
 
     for ( i = 0U; i < 10U; i++ )
-    {
-        mbedtls_chacha20_inner_block( working_state );
-    }
+        chacha20_inner_block( working_state );
 
     working_state[0]  += initial_state[0];
     working_state[1]  += initial_state[1];
@@ -281,7 +279,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
     {
         /* Generate new keystream block and increment counter */
-        mbedtls_chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
+        chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
         ctx->initial_state[CHACHA20_CTR_INDEX]++;
 
         for ( i = 0U; i < 64U; i += 8U )
@@ -304,7 +302,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     if ( size > 0U )
     {
         /* Generate new keystream block and increment counter */
-        mbedtls_chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
+        chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
         ctx->initial_state[CHACHA20_CTR_INDEX]++;
 
         for ( i = 0U; i < size; i++)
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 5ce27f210..d0c35511a 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -54,7 +54,7 @@
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static void mbedtls_chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
+static void chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
 {
     uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
     unsigned char zeroes[15];
@@ -73,7 +73,7 @@ static void mbedtls_chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static void mbedtls_chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
+static void chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
 {
     uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
     unsigned char zeroes[15];
@@ -218,7 +218,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
     {
         ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
 
-        mbedtls_chachapoly_pad_aad( ctx );
+        chachapoly_pad_aad( ctx );
     }
 
     ctx->ciphertext_len += len;
@@ -257,11 +257,11 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
 
     if ( ctx->state == CHACHAPOLY_STATE_AAD )
     {
-        mbedtls_chachapoly_pad_aad( ctx );
+        chachapoly_pad_aad( ctx );
     }
     else if ( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
     {
-        mbedtls_chachapoly_pad_ciphertext( ctx );
+        chachapoly_pad_ciphertext( ctx );
     }
 
     ctx->state = CHACHAPOLY_STATE_FINISHED;
diff --git a/library/poly1305.c b/library/poly1305.c
index bdd674475..091684e19 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -64,10 +64,10 @@
  *                          to the input data before calling this function.
  *                          Otherwise, set this parameter to 1.
  */
-static void mbedtls_poly1305_process( mbedtls_poly1305_context *ctx,
-                                      size_t nblocks,
-                                      const unsigned char *input,
-                                      uint32_t needs_padding )
+static void poly1305_process( mbedtls_poly1305_context *ctx,
+                              size_t nblocks,
+                              const unsigned char *input,
+                              uint32_t needs_padding )
 {
     uint64_t d0, d1, d2, d3;
     uint32_t acc0, acc1, acc2, acc3, acc4;
@@ -167,8 +167,8 @@ static void mbedtls_poly1305_process( mbedtls_poly1305_context *ctx,
  * \param mac               The buffer to where the MAC is written. Must be
  *                          big enough to contain the 16-byte MAC.
  */
-static void mbedtls_poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
-                                          unsigned char mac[16] )
+static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
+                                  unsigned char mac[16] )
 {
     uint64_t d;
     uint32_t g0, g1, g2, g3, g4;
@@ -330,10 +330,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
 
             ctx->queue_len = 0U;
 
-            mbedtls_poly1305_process( ctx,
-                                      1U,
-                                      ctx->queue,
-                                      1U ); /* add padding bit */
+            poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */
 
             offset    += queue_free_len;
             remaining -= queue_free_len;
@@ -344,7 +341,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
     {
         nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
 
-        mbedtls_poly1305_process( ctx, nblocks, &input[offset], 1U );
+        poly1305_process( ctx, nblocks, &input[offset], 1U );
 
         offset += nblocks * POLY1305_BLOCK_SIZE_BYTES;
         remaining %= POLY1305_BLOCK_SIZE_BYTES;
@@ -380,13 +377,11 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
                 0,
                 POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
 
-        mbedtls_poly1305_process( ctx,
-                                  1U,           /* Process 1 block */
-                                  ctx->queue,
-                                  0U );         /* Don't add padding bit (it was just added above) */
+        poly1305_process( ctx, 1U,          /* Process 1 block */
+                          ctx->queue, 0U ); /* Don't add padding bit (it was just added above) */
     }
 
-    mbedtls_poly1305_compute_mac( ctx, mac );
+    poly1305_compute_mac( ctx, mac );
 
     return( 0 );
 }

From 98fae6d8003f3fa1222f11fd843781fc7433874d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 17:23:41 +0200
Subject: [PATCH 061/578] ChaCha20: move working state from ctx to stack

No need to keep it around.
---
 include/mbedtls/chacha20.h |  3 +--
 library/chacha20.c         | 52 ++++++++++++++++++--------------------
 2 files changed, 26 insertions(+), 29 deletions(-)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 56ee57aa6..d7a0750c2 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -54,8 +54,7 @@ extern "C" {
 
 typedef struct
 {
-    uint32_t initial_state[16];  /*! The initial state (before round operations). */
-    uint32_t working_state[16];  /*! The working state (after round operations). */
+    uint32_t state[16];          /*! The state (before round operations). */
     uint8_t  keystream8[64];     /*! Leftover keystream bytes. */
     size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
 }
diff --git a/library/chacha20.c b/library/chacha20.c
index 81bb3b702..f782e8c39 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -128,15 +128,13 @@ static void chacha20_inner_block( uint32_t state[16] )
  * \brief               Generates a keystream block.
  *
  * \param initial_state The initial ChaCha20 state (containing the key, nonce, counter).
- * \param working_state This state is used as a temporary working area.
  * \param keystream     Generated keystream bytes are written to this buffer.
  */
 static void chacha20_block( const uint32_t initial_state[16],
-                            uint32_t working_state[16],
                             unsigned char keystream[64] )
 {
+    uint32_t working_state[16];
     size_t i;
-    size_t offset;
 
     memcpy( working_state,
             initial_state,
@@ -164,21 +162,22 @@ static void chacha20_block( const uint32_t initial_state[16],
 
     for ( i = 0U; i < 16; i++ )
     {
-        offset = i * 4U;
+        size_t offset = i * 4U;
 
         keystream[offset     ] = (unsigned char)   working_state[i];
         keystream[offset + 1U] = (unsigned char) ( working_state[i] >> 8  );
         keystream[offset + 2U] = (unsigned char) ( working_state[i] >> 16 );
         keystream[offset + 3U] = (unsigned char) ( working_state[i] >> 24 );
     }
+
+    mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
 }
 
 void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
 {
     if ( ctx != NULL )
     {
-        mbedtls_platform_zeroize( ctx->initial_state, sizeof( ctx->initial_state ) );
-        mbedtls_platform_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
+        mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
         mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
 
         /* Initially, there's no keystream bytes available */
@@ -203,20 +202,20 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
     }
 
     /* ChaCha20 constants - the string "expand 32-byte k" */
-    ctx->initial_state[0] = 0x61707865;
-    ctx->initial_state[1] = 0x3320646e;
-    ctx->initial_state[2] = 0x79622d32;
-    ctx->initial_state[3] = 0x6b206574;
+    ctx->state[0] = 0x61707865;
+    ctx->state[1] = 0x3320646e;
+    ctx->state[2] = 0x79622d32;
+    ctx->state[3] = 0x6b206574;
 
     /* Set key */
-    ctx->initial_state[4]  = BYTES_TO_U32_LE( key, 0 );
-    ctx->initial_state[5]  = BYTES_TO_U32_LE( key, 4 );
-    ctx->initial_state[6]  = BYTES_TO_U32_LE( key, 8 );
-    ctx->initial_state[7]  = BYTES_TO_U32_LE( key, 12 );
-    ctx->initial_state[8]  = BYTES_TO_U32_LE( key, 16 );
-    ctx->initial_state[9]  = BYTES_TO_U32_LE( key, 20 );
-    ctx->initial_state[10] = BYTES_TO_U32_LE( key, 24 );
-    ctx->initial_state[11] = BYTES_TO_U32_LE( key, 28 );
+    ctx->state[4]  = BYTES_TO_U32_LE( key, 0 );
+    ctx->state[5]  = BYTES_TO_U32_LE( key, 4 );
+    ctx->state[6]  = BYTES_TO_U32_LE( key, 8 );
+    ctx->state[7]  = BYTES_TO_U32_LE( key, 12 );
+    ctx->state[8]  = BYTES_TO_U32_LE( key, 16 );
+    ctx->state[9]  = BYTES_TO_U32_LE( key, 20 );
+    ctx->state[10] = BYTES_TO_U32_LE( key, 24 );
+    ctx->state[11] = BYTES_TO_U32_LE( key, 28 );
 
     return( 0 );
 }
@@ -231,14 +230,13 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     }
 
     /* Counter */
-    ctx->initial_state[12] = counter;
+    ctx->state[12] = counter;
 
     /* Nonce */
-    ctx->initial_state[13] = BYTES_TO_U32_LE( nonce, 0 );
-    ctx->initial_state[14] = BYTES_TO_U32_LE( nonce, 4 );
-    ctx->initial_state[15] = BYTES_TO_U32_LE( nonce, 8 );
+    ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 );
+    ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 );
+    ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 );
 
-    mbedtls_platform_zeroize( ctx->working_state, sizeof( ctx->working_state ) );
     mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
 
     /* Initially, there's no keystream bytes available */
@@ -279,8 +277,8 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
     {
         /* Generate new keystream block and increment counter */
-        chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
-        ctx->initial_state[CHACHA20_CTR_INDEX]++;
+        chacha20_block( ctx->state, ctx->keystream8 );
+        ctx->state[CHACHA20_CTR_INDEX]++;
 
         for ( i = 0U; i < 64U; i += 8U )
         {
@@ -302,8 +300,8 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     if ( size > 0U )
     {
         /* Generate new keystream block and increment counter */
-        chacha20_block( ctx->initial_state, ctx->working_state, ctx->keystream8 );
-        ctx->initial_state[CHACHA20_CTR_INDEX]++;
+        chacha20_block( ctx->state, ctx->keystream8 );
+        ctx->state[CHACHA20_CTR_INDEX]++;
 
         for ( i = 0U; i < size; i++)
         {

From 17297890757e6fa86a90cd172275c4f8d96dfa04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 17:53:41 +0200
Subject: [PATCH 062/578] Misc style adjustments

- fix some whitespace
- fix most overlong lines
- remove some superfluous parentheses
- s/result/ret/ for consistency with the rest of the library
---
 library/chacha20.c   | 108 ++++++++++++++++---------------
 library/chachapoly.c | 150 +++++++++++++++++++++----------------------
 library/poly1305.c   | 113 ++++++++++++++++----------------
 3 files changed, 189 insertions(+), 182 deletions(-)

diff --git a/library/chacha20.c b/library/chacha20.c
index f782e8c39..903f55f3b 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -55,7 +55,8 @@
           | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 )  \
     )
 
-#define ROTL32( value, amount ) ( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) )
+#define ROTL32( value, amount ) \
+        ( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) )
 
 #define CHACHA20_CTR_INDEX ( 12U )
 
@@ -127,7 +128,7 @@ static void chacha20_inner_block( uint32_t state[16] )
 /**
  * \brief               Generates a keystream block.
  *
- * \param initial_state The initial ChaCha20 state (containing the key, nonce, counter).
+ * \param initial_state The initial ChaCha20 state (key, nonce, counter).
  * \param keystream     Generated keystream bytes are written to this buffer.
  */
 static void chacha20_block( const uint32_t initial_state[16],
@@ -140,19 +141,19 @@ static void chacha20_block( const uint32_t initial_state[16],
             initial_state,
             CHACHA20_BLOCK_SIZE_BYTES );
 
-    for ( i = 0U; i < 10U; i++ )
+    for( i = 0U; i < 10U; i++ )
         chacha20_inner_block( working_state );
 
-    working_state[0]  += initial_state[0];
-    working_state[1]  += initial_state[1];
-    working_state[2]  += initial_state[2];
-    working_state[3]  += initial_state[3];
-    working_state[4]  += initial_state[4];
-    working_state[5]  += initial_state[5];
-    working_state[6]  += initial_state[6];
-    working_state[7]  += initial_state[7];
-    working_state[8]  += initial_state[8];
-    working_state[9]  += initial_state[9];
+    working_state[ 0] += initial_state[ 0];
+    working_state[ 1] += initial_state[ 1];
+    working_state[ 2] += initial_state[ 2];
+    working_state[ 3] += initial_state[ 3];
+    working_state[ 4] += initial_state[ 4];
+    working_state[ 5] += initial_state[ 5];
+    working_state[ 6] += initial_state[ 6];
+    working_state[ 7] += initial_state[ 7];
+    working_state[ 8] += initial_state[ 8];
+    working_state[ 9] += initial_state[ 9];
     working_state[10] += initial_state[10];
     working_state[11] += initial_state[11];
     working_state[12] += initial_state[12];
@@ -160,14 +161,14 @@ static void chacha20_block( const uint32_t initial_state[16],
     working_state[14] += initial_state[14];
     working_state[15] += initial_state[15];
 
-    for ( i = 0U; i < 16; i++ )
+    for( i = 0U; i < 16; i++ )
     {
         size_t offset = i * 4U;
 
-        keystream[offset     ] = (unsigned char)   working_state[i];
-        keystream[offset + 1U] = (unsigned char) ( working_state[i] >> 8  );
-        keystream[offset + 2U] = (unsigned char) ( working_state[i] >> 16 );
-        keystream[offset + 3U] = (unsigned char) ( working_state[i] >> 24 );
+        keystream[offset     ] = (unsigned char)( working_state[i]       );
+        keystream[offset + 1U] = (unsigned char)( working_state[i] >>  8 );
+        keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
+        keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
     }
 
     mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
@@ -175,7 +176,7 @@ static void chacha20_block( const uint32_t initial_state[16],
 
 void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
 {
-    if ( ctx != NULL )
+    if( ctx != NULL )
     {
         mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
         mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
@@ -187,7 +188,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
 
 void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
 {
-    if ( ctx != NULL )
+    if( ctx != NULL )
     {
         mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
     }
@@ -196,7 +197,7 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
 int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
                             const unsigned char key[32] )
 {
-    if ( ( ctx == NULL ) || ( key == NULL ) )
+    if( ( ctx == NULL ) || ( key == NULL ) )
     {
         return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
     }
@@ -224,7 +225,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
                              const unsigned char nonce[12],
                              uint32_t counter )
 {
-    if ( ( ctx == NULL ) || ( nonce == NULL ) )
+    if( ( ctx == NULL ) || ( nonce == NULL ) )
     {
         return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
     }
@@ -253,20 +254,21 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     size_t offset = 0U;
     size_t i;
 
-    if ( ctx == NULL )
+    if( ctx == NULL )
     {
         return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
     }
-    else if ( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
+    else if( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
     {
         /* input and output pointers are allowed to be NULL only if size == 0 */
         return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
     }
 
     /* Use leftover keystream bytes, if available */
-    while ( ( size > 0U ) && ( ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) )
+    while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
     {
-        output[offset] = input[offset] ^ ctx->keystream8[ctx->keystream_bytes_used];
+        output[offset] = input[offset]
+                       ^ ctx->keystream8[ctx->keystream_bytes_used];
 
         ctx->keystream_bytes_used++;
         offset++;
@@ -274,22 +276,22 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     }
 
     /* Process full blocks */
-    while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
+    while( size >= CHACHA20_BLOCK_SIZE_BYTES )
     {
         /* Generate new keystream block and increment counter */
         chacha20_block( ctx->state, ctx->keystream8 );
         ctx->state[CHACHA20_CTR_INDEX]++;
 
-        for ( i = 0U; i < 64U; i += 8U )
+        for( i = 0U; i < 64U; i += 8U )
         {
-            output[offset + i      ] = input[offset + i      ] ^ ctx->keystream8[i      ];
-            output[offset + i + 1U ] = input[offset + i + 1U ] ^ ctx->keystream8[i + 1U ];
-            output[offset + i + 2U ] = input[offset + i + 2U ] ^ ctx->keystream8[i + 2U ];
-            output[offset + i + 3U ] = input[offset + i + 3U ] ^ ctx->keystream8[i + 3U ];
-            output[offset + i + 4U ] = input[offset + i + 4U ] ^ ctx->keystream8[i + 4U ];
-            output[offset + i + 5U ] = input[offset + i + 5U ] ^ ctx->keystream8[i + 5U ];
-            output[offset + i + 6U ] = input[offset + i + 6U ] ^ ctx->keystream8[i + 6U ];
-            output[offset + i + 7U ] = input[offset + i + 7U ] ^ ctx->keystream8[i + 7U ];
+            output[offset + i  ] = input[offset + i  ] ^ ctx->keystream8[i  ];
+            output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1];
+            output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2];
+            output[offset + i+3] = input[offset + i+3] ^ ctx->keystream8[i+3];
+            output[offset + i+4] = input[offset + i+4] ^ ctx->keystream8[i+4];
+            output[offset + i+5] = input[offset + i+5] ^ ctx->keystream8[i+5];
+            output[offset + i+6] = input[offset + i+6] ^ ctx->keystream8[i+6];
+            output[offset + i+7] = input[offset + i+7] ^ ctx->keystream8[i+7];
         }
 
         offset += CHACHA20_BLOCK_SIZE_BYTES;
@@ -297,13 +299,13 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     }
 
     /* Last (partial) block */
-    if ( size > 0U )
+    if( size > 0U )
     {
         /* Generate new keystream block and increment counter */
         chacha20_block( ctx->state, ctx->keystream8 );
         ctx->state[CHACHA20_CTR_INDEX]++;
 
-        for ( i = 0U; i < size; i++)
+        for( i = 0U; i < size; i++)
         {
             output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
         }
@@ -323,23 +325,23 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
                             unsigned char* output )
 {
     mbedtls_chacha20_context ctx;
-    int result;
+    int ret;
 
     mbedtls_chacha20_init( &ctx );
 
-    result = mbedtls_chacha20_setkey( &ctx, key );
-    if ( result != 0 )
+    ret = mbedtls_chacha20_setkey( &ctx, key );
+    if( ret != 0 )
         goto cleanup;
 
-    result = mbedtls_chacha20_starts( &ctx, nonce, counter );
-    if ( result != 0 )
+    ret = mbedtls_chacha20_starts( &ctx, nonce, counter );
+    if( ret != 0 )
         goto cleanup;
 
-    result = mbedtls_chacha20_update( &ctx, data_len, input, output );
+    ret = mbedtls_chacha20_update( &ctx, data_len, input, output );
 
 cleanup:
     mbedtls_chacha20_free( &ctx );
-    return( result );
+    return( ret );
 }
 
 #endif /* !MBEDTLS_CHACHA20_ALT */
@@ -529,21 +531,21 @@ int mbedtls_chacha20_self_test( int verbose )
 {
     unsigned char output[381];
     unsigned i;
-    int result;
+    int ret;
 
     for( i = 0U; i < 2U; i++ )
     {
         if( verbose != 0 )
             mbedtls_printf( "  ChaCha20 test %u ", i );
 
-        result = mbedtls_chacha20_crypt( test_keys[i],
-                                         test_nonces[i],
-                                         test_counters[i],
-                                         test_lengths[i],
-                                         test_input[i],
-                                         output );
+        ret = mbedtls_chacha20_crypt( test_keys[i],
+                                      test_nonces[i],
+                                      test_counters[i],
+                                      test_lengths[i],
+                                      test_input[i],
+                                      output );
 
-        ASSERT( 0 == result, ( "error code: %i\n", result ) );
+        ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
 
         ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ),
                 ( "failed (output)\n" ) );
diff --git a/library/chachapoly.c b/library/chachapoly.c
index d0c35511a..12fce808f 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -50,7 +50,7 @@
 #define CHACHAPOLY_STATE_FINISHED   ( 3 )
 
 /**
- * \brief           Adds padding bytes (zeroes) to pad the AAD for Poly1305.
+ * \brief           Adds nul bytes to pad the AAD for Poly1305.
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
@@ -59,7 +59,7 @@ static void chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
     uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
     unsigned char zeroes[15];
 
-    if ( partial_block_len > 0U )
+    if( partial_block_len > 0U )
     {
         memset( zeroes, 0, sizeof( zeroes ) );
         (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
@@ -69,7 +69,7 @@ static void chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
 }
 
 /**
- * \brief           Adds padding bytes (zeroes) to pad the ciphertext for Poly1305.
+ * \brief           Adds nul bytes to pad the ciphertext for Poly1305.
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
@@ -78,7 +78,7 @@ static void chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
     uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
     unsigned char zeroes[15];
 
-    if ( partial_block_len > 0U )
+    if( partial_block_len > 0U )
     {
         memset( zeroes, 0, sizeof( zeroes ) );
         (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
@@ -89,7 +89,7 @@ static void chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
 
 void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
 {
-    if ( ctx != NULL )
+    if( ctx != NULL )
     {
         mbedtls_chacha20_init( &ctx->chacha20_ctx );
         mbedtls_poly1305_init( &ctx->poly1305_ctx );
@@ -102,7 +102,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
 
 void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
 {
-    if ( ctx != NULL )
+    if( ctx != NULL )
     {
         mbedtls_chacha20_free( &ctx->chacha20_ctx );
         mbedtls_poly1305_free( &ctx->poly1305_ctx );
@@ -116,49 +116,49 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
 int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
                                const unsigned char key[32] )
 {
-    int result;
+    int ret;
 
-    if ( ( ctx == NULL ) || ( key == NULL ) )
+    if( ( ctx == NULL ) || ( key == NULL ) )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
 
-    result = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
+    ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
 
-    return( result );
+    return( ret );
 }
 
 int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
                                const unsigned char nonce[12],
                                mbedtls_chachapoly_mode_t mode  )
 {
-    int result;
+    int ret;
     unsigned char poly1305_key[64];
 
-    if ( ( ctx == NULL ) || ( nonce == NULL ) )
+    if( ( ctx == NULL ) || ( nonce == NULL ) )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
 
     /* Set counter = 0, will be update to 1 when generating Poly1305 key */
-    result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
-    if ( result != 0 )
+    ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
+    if( ret != 0 )
         goto cleanup;
 
-    /* Generate the Poly1305 key by getting the ChaCha20 keystream output with counter = 0.
-     * This is the same as encrypting a buffer of zeroes.
+    /* Generate the Poly1305 key by getting the ChaCha20 keystream output with
+     * counter = 0.  This is the same as encrypting a buffer of zeroes.
      * Only the first 256-bits (32 bytes) of the key is used for Poly1305.
      * The other 256 bits are discarded.
      */
     memset( poly1305_key, 0, sizeof( poly1305_key ) );
-    result = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
+    ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
                                       poly1305_key, poly1305_key );
-    if ( result != 0 )
+    if( ret != 0 )
         goto cleanup;
 
-    result = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
+    ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
 
-    if ( result == 0 )
+    if( ret == 0 )
     {
         ctx->aad_len        = 0U;
         ctx->ciphertext_len = 0U;
@@ -168,23 +168,23 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
 
 cleanup:
     mbedtls_platform_zeroize( poly1305_key, 64U );
-    return( result );
+    return( ret );
 }
 
 int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
                                    const unsigned char *aad,
                                    size_t aad_len )
 {
-    if ( ctx == NULL )
+    if( ctx == NULL )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
-    else if ( ( aad_len > 0U ) && ( aad == NULL ) )
+    else if( ( aad_len > 0U ) && ( aad == NULL ) )
     {
         /* aad pointer is allowed to be NULL if aad_len == 0 */
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
-    else if ( ctx->state != CHACHAPOLY_STATE_AAD )
+    else if( ctx->state != CHACHAPOLY_STATE_AAD )
     {
         return(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
@@ -199,22 +199,22 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
                                const unsigned char *input,
                                unsigned char *output )
 {
-    if ( ctx == NULL )
+    if( ctx == NULL )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
-    else if ( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
+    else if( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
     {
         /* input and output pointers are allowed to be NULL if len == 0 */
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
-    else if ( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
+    else if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
               ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
     {
         return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
-    if ( ctx->state == CHACHAPOLY_STATE_AAD )
+    if( ctx->state == CHACHAPOLY_STATE_AAD )
     {
         ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
 
@@ -223,11 +223,11 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
 
     ctx->ciphertext_len += len;
 
-    if ( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
+    if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
     {
         /* Note: the following functions return an error only if one or more of
-         *       the input pointers are NULL. Since we have checked their validity
-         *       above, we can safety ignore the return value.
+         *       the input pointers are NULL. Since we have checked their
+         *       validity above, we can safety ignore the return value.
          */
         (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
         (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
@@ -246,20 +246,20 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
 {
     unsigned char len_block[16];
 
-    if ( ( ctx == NULL ) || ( mac == NULL ) )
+    if( ( ctx == NULL ) || ( mac == NULL ) )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
-    else if ( ctx->state == CHACHAPOLY_STATE_INIT )
+    else if( ctx->state == CHACHAPOLY_STATE_INIT )
     {
         return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
-    if ( ctx->state == CHACHAPOLY_STATE_AAD )
+    if( ctx->state == CHACHAPOLY_STATE_AAD )
     {
         chachapoly_pad_aad( ctx );
     }
-    else if ( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
+    else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
     {
         chachapoly_pad_ciphertext( ctx );
     }
@@ -269,22 +269,22 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     /* The lengths of the AAD and ciphertext are processed by
      * Poly1305 as the final 128-bit block, encoded as little-endian integers.
      */
-    len_block[0]  = (unsigned char) ctx->aad_len;
-    len_block[1]  = (unsigned char) ( ctx->aad_len >> 8 );
-    len_block[2]  = (unsigned char) ( ctx->aad_len >> 16 );
-    len_block[3]  = (unsigned char) ( ctx->aad_len >> 24 );
-    len_block[4]  = (unsigned char) ( ctx->aad_len >> 32 );
-    len_block[5]  = (unsigned char) ( ctx->aad_len >> 40 );
-    len_block[6]  = (unsigned char) ( ctx->aad_len >> 48 );
-    len_block[7]  = (unsigned char) ( ctx->aad_len >> 56 );
-    len_block[8]  = (unsigned char) ctx->ciphertext_len;
-    len_block[9]  = (unsigned char) ( ctx->ciphertext_len >> 8 );
-    len_block[10] = (unsigned char) ( ctx->ciphertext_len >> 16 );
-    len_block[11] = (unsigned char) ( ctx->ciphertext_len >> 24 );
-    len_block[12] = (unsigned char) ( ctx->ciphertext_len >> 32 );
-    len_block[13] = (unsigned char) ( ctx->ciphertext_len >> 40 );
-    len_block[14] = (unsigned char) ( ctx->ciphertext_len >> 48 );
-    len_block[15] = (unsigned char) ( ctx->ciphertext_len >> 56 );
+    len_block[ 0] = (unsigned char)( ctx->aad_len       );
+    len_block[ 1] = (unsigned char)( ctx->aad_len >>  8 );
+    len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 );
+    len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 );
+    len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 );
+    len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 );
+    len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 );
+    len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 );
+    len_block[ 8] = (unsigned char)( ctx->ciphertext_len       );
+    len_block[ 9] = (unsigned char)( ctx->ciphertext_len >>  8 );
+    len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
+    len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
+    len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
+    len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
+    len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
+    len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
 
     (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
     (void) mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
@@ -302,24 +302,24 @@ int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
                                       unsigned char *output,
                                       unsigned char tag[16] )
 {
-    int result;
+    int ret;
 
-    result = mbedtls_chachapoly_starts( ctx, nonce, mode );
-    if ( result != 0 )
+    ret = mbedtls_chachapoly_starts( ctx, nonce, mode );
+    if( ret != 0 )
         goto cleanup;
 
-    result = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
-    if ( result != 0 )
-            goto cleanup;
+    ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
+    if( ret != 0 )
+        goto cleanup;
 
-    result = mbedtls_chachapoly_update( ctx, length, input, output );
-    if ( result != 0 )
-            goto cleanup;
+    ret = mbedtls_chachapoly_update( ctx, length, input, output );
+    if( ret != 0 )
+        goto cleanup;
 
-    result = mbedtls_chachapoly_finish( ctx, tag );
+    ret = mbedtls_chachapoly_finish( ctx, tag );
 
 cleanup:
-    return( result );
+    return( ret );
 }
 
 int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
@@ -466,7 +466,7 @@ int mbedtls_chachapoly_self_test( int verbose )
 {
     mbedtls_chachapoly_context ctx;
     unsigned i;
-    int result;
+    int ret;
     unsigned char output[200];
     unsigned char mac[16];
 
@@ -477,20 +477,20 @@ int mbedtls_chachapoly_self_test( int verbose )
 
         mbedtls_chachapoly_init( &ctx );
 
-        result = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
-        ASSERT( 0 == result, ( "setkey() error code: %i\n", result ) );
+        ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
+        ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) );
 
-        result = mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                                   MBEDTLS_CHACHAPOLY_ENCRYPT,
-                                                   test_input_len[i],
-                                                   test_nonce[i],
-                                                   test_aad[i],
-                                                   test_aad_len[i],
-                                                   test_input[i],
-                                                   output,
-                                                   mac );
+        ret = mbedtls_chachapoly_crypt_and_tag( &ctx,
+                                                MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                                test_input_len[i],
+                                                test_nonce[i],
+                                                test_aad[i],
+                                                test_aad_len[i],
+                                                test_input[i],
+                                                output,
+                                                mac );
 
-        ASSERT( 0 == result, ( "crypt_and_tag() error code: %i\n", result ) );
+        ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) );
 
         ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ),
                 ( "failure (wrong output)\n" ) );
diff --git a/library/poly1305.c b/library/poly1305.c
index 091684e19..41e83f3f3 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -57,12 +57,12 @@
  * \brief                   Process blocks with Poly1305.
  *
  * \param ctx               The Poly1305 context.
- * \param nblocks           Number of blocks to process. Note that this function
- *                          only processes full blocks.
+ * \param nblocks           Number of blocks to process. Note that this
+ *                          function only processes full blocks.
  * \param input             Buffer containing the input block(s).
- * \param needs_padding     Set to 0 if the padding bit has already been applied
- *                          to the input data before calling this function.
- *                          Otherwise, set this parameter to 1.
+ * \param needs_padding     Set to 0 if the padding bit has already been
+ *                          applied to the input data before calling this
+ *                          function.  Otherwise, set this parameter to 1.
  */
 static void poly1305_process( mbedtls_poly1305_context *ctx,
                               size_t nblocks,
@@ -92,14 +92,19 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
     acc4 = ctx->acc[4];
 
     /* Process full blocks */
-    for ( i = 0U; i < nblocks; i++ )
+    for( i = 0U; i < nblocks; i++ )
     {
-        /* Compute: acc += block */
-        /* Note that the input block is treated as a 128-bit little-endian integer */
-        d0   = (uint64_t) acc0 + BYTES_TO_U32_LE( input, offset + 0  );
-        d1   = (uint64_t) acc1 + BYTES_TO_U32_LE( input, offset + 4  ) + ( d0 >> 32U );
-        d2   = (uint64_t) acc2 + BYTES_TO_U32_LE( input, offset + 8  ) + ( d1 >> 32U );
-        d3   = (uint64_t) acc3 + BYTES_TO_U32_LE( input, offset + 12 ) + ( d2 >> 32U );
+        /* The input block is treated as a 128-bit little-endian integer */
+        d0   = BYTES_TO_U32_LE( input, offset + 0  );
+        d1   = BYTES_TO_U32_LE( input, offset + 4  );
+        d2   = BYTES_TO_U32_LE( input, offset + 8  );
+        d3   = BYTES_TO_U32_LE( input, offset + 12 );
+
+        /* Compute: acc += (padded) block as a 130-bit integer */
+        d0  += (uint64_t) acc0;
+        d1  += (uint64_t) acc1 + ( d0 >> 32U );
+        d2  += (uint64_t) acc2 + ( d1 >> 32U );
+        d3  += (uint64_t) acc3 + ( d2 >> 32U );
         acc0 = (uint32_t) d0;
         acc1 = (uint32_t) d1;
         acc2 = (uint32_t) d2;
@@ -182,7 +187,7 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
     acc3 = ctx->acc[3];
     acc4 = ctx->acc[4];
 
-    /* Before adding 's' we need to ensure that the accumulator is mod 2^130 - 5.
+    /* Before adding 's' we ensure that the accumulator is mod 2^130 - 5.
      * We do this by calculating acc - (2^130 - 5), then checking if
      * the 131st bit is set. If it is, then reduce: acc -= (2^130 - 5)
      */
@@ -218,27 +223,27 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
     acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
 
     /* Compute MAC (128 least significant bits of the accumulator) */
-    mac[0]  = (unsigned char) acc0;
-    mac[1]  = (unsigned char) ( acc0 >> 8  );
-    mac[2]  = (unsigned char) ( acc0 >> 16 );
-    mac[3]  = (unsigned char) ( acc0 >> 24 );
-    mac[4]  = (unsigned char) acc1;
-    mac[5]  = (unsigned char) ( acc1 >> 8  );
-    mac[6]  = (unsigned char) ( acc1 >> 16 );
-    mac[7]  = (unsigned char) ( acc1 >> 24 );
-    mac[8]  = (unsigned char) acc2;
-    mac[9]  = (unsigned char) ( acc2 >> 8  );
-    mac[10] = (unsigned char) ( acc2 >> 16 );
-    mac[11] = (unsigned char) ( acc2 >> 24 );
-    mac[12] = (unsigned char) acc3;
-    mac[13] = (unsigned char) ( acc3 >> 8  );
-    mac[14] = (unsigned char) ( acc3 >> 16 );
-    mac[15] = (unsigned char) ( acc3 >> 24 );
+    mac[ 0] = (unsigned char)( acc0       );
+    mac[ 1] = (unsigned char)( acc0 >>  8 );
+    mac[ 2] = (unsigned char)( acc0 >> 16 );
+    mac[ 3] = (unsigned char)( acc0 >> 24 );
+    mac[ 4] = (unsigned char)( acc1       );
+    mac[ 5] = (unsigned char)( acc1 >>  8 );
+    mac[ 6] = (unsigned char)( acc1 >> 16 );
+    mac[ 7] = (unsigned char)( acc1 >> 24 );
+    mac[ 8] = (unsigned char)( acc2       );
+    mac[ 9] = (unsigned char)( acc2 >>  8 );
+    mac[10] = (unsigned char)( acc2 >> 16 );
+    mac[11] = (unsigned char)( acc2 >> 24 );
+    mac[12] = (unsigned char)( acc3       );
+    mac[13] = (unsigned char)( acc3 >>  8 );
+    mac[14] = (unsigned char)( acc3 >> 16 );
+    mac[15] = (unsigned char)( acc3 >> 24 );
 }
 
 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
 {
-    if ( ctx != NULL )
+    if( ctx != NULL )
     {
         mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
     }
@@ -246,7 +251,7 @@ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
 
 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
 {
-    if ( ctx != NULL )
+    if( ctx != NULL )
     {
         mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
     }
@@ -255,7 +260,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] )
 {
-    if ( ctx == NULL || key == NULL )
+    if( ctx == NULL || key == NULL )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
@@ -294,21 +299,21 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
     size_t queue_free_len;
     size_t nblocks;
 
-    if ( ctx == NULL )
+    if( ctx == NULL )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
-    else if ( ( ilen > 0U ) && ( input == NULL ) )
+    else if( ( ilen > 0U ) && ( input == NULL ) )
     {
         /* input pointer is allowed to be NULL only if ilen == 0 */
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
 
-    if ( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
+    if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
     {
         queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
 
-        if ( ilen < queue_free_len )
+        if( ilen < queue_free_len )
         {
             /* Not enough data to complete the block.
              * Store this data with the other leftovers.
@@ -337,7 +342,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
         }
     }
 
-    if ( remaining >= POLY1305_BLOCK_SIZE_BYTES )
+    if( remaining >= POLY1305_BLOCK_SIZE_BYTES )
     {
         nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
 
@@ -347,7 +352,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
         remaining %= POLY1305_BLOCK_SIZE_BYTES;
     }
 
-    if ( remaining > 0U )
+    if( remaining > 0U )
     {
         /* Store partial block */
         ctx->queue_len = remaining;
@@ -360,13 +365,13 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
                              unsigned char mac[16] )
 {
-    if ( ( ctx == NULL ) || ( mac == NULL ) )
+    if( ( ctx == NULL ) || ( mac == NULL ) )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
     }
 
     /* Process any leftover data */
-    if ( ctx->queue_len > 0U )
+    if( ctx->queue_len > 0U )
     {
         /* Add padding bit */
         ctx->queue[ctx->queue_len] = 1U;
@@ -378,7 +383,7 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
                 POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
 
         poly1305_process( ctx, 1U,          /* Process 1 block */
-                          ctx->queue, 0U ); /* Don't add padding bit (it was just added above) */
+                          ctx->queue, 0U ); /* Already padded above */
     }
 
     poly1305_compute_mac( ctx, mac );
@@ -392,23 +397,23 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
                           unsigned char mac[16] )
 {
     mbedtls_poly1305_context ctx;
-    int result;
+    int ret;
 
     mbedtls_poly1305_init( &ctx );
 
-    result = mbedtls_poly1305_starts( &ctx, key );
-    if ( result != 0 )
+    ret = mbedtls_poly1305_starts( &ctx, key );
+    if( ret != 0 )
         goto cleanup;
 
-    result = mbedtls_poly1305_update( &ctx, input, ilen );
-    if ( result != 0 )
+    ret = mbedtls_poly1305_update( &ctx, input, ilen );
+    if( ret != 0 )
         goto cleanup;
 
-    result = mbedtls_poly1305_finish( &ctx, mac );
+    ret = mbedtls_poly1305_finish( &ctx, mac );
 
 cleanup:
     mbedtls_poly1305_free( &ctx );
-    return( result );
+    return( ret );
 }
 
 #endif /* MBEDTLS_POLY1305_ALT */
@@ -495,18 +500,18 @@ int mbedtls_poly1305_self_test( int verbose )
 {
     unsigned char mac[16];
     unsigned i;
-    int result;
+    int ret;
 
     for( i = 0U; i < 2U; i++ )
     {
         if( verbose != 0 )
             mbedtls_printf( "  Poly1305 test %u ", i );
 
-        result = mbedtls_poly1305_mac( test_keys[i],
-                                       test_data[i],
-                                       test_data_len[i],
-                                       mac );
-        ASSERT( 0 == result, ( "error code: %i\n", result ) );
+        ret = mbedtls_poly1305_mac( test_keys[i],
+                                    test_data[i],
+                                    test_data_len[i],
+                                    mac );
+        ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
 
         ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) );
 

From f4f01b6b7ad1604e8cd8f25c55b5f32da1a52d94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 18:43:42 +0200
Subject: [PATCH 063/578] Check return values from lower modules

The cast to void was motivated by the assumption that the functions only
return non-zero when passed bad arguments, but that might not be true of
alternative implementation, for example on hardware failure.
---
 library/chachapoly.c | 77 +++++++++++++++++++++++++++-----------------
 1 file changed, 48 insertions(+), 29 deletions(-)

diff --git a/library/chachapoly.c b/library/chachapoly.c
index 12fce808f..ba3cf3c0c 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -54,18 +54,19 @@
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static void chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
+static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
 {
     uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
     unsigned char zeroes[15];
 
-    if( partial_block_len > 0U )
-    {
-        memset( zeroes, 0, sizeof( zeroes ) );
-        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                        zeroes,
-                                        16U - partial_block_len );
-    }
+    if( partial_block_len == 0U )
+        return( 0 );
+
+    memset( zeroes, 0, sizeof( zeroes ) );
+
+    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
+                                     zeroes,
+                                     16U - partial_block_len ) );
 }
 
 /**
@@ -78,13 +79,13 @@ static void chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
     uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
     unsigned char zeroes[15];
 
-    if( partial_block_len > 0U )
-    {
-        memset( zeroes, 0, sizeof( zeroes ) );
-        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                        zeroes,
-                                        16U - partial_block_len );
-    }
+    if( partial_block_len == 0U )
+        return( 0 );
+
+    memset( zeroes, 0, sizeof( zeroes ) );
+    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
+                                     zeroes,
+                                     16U - partial_block_len ) );
 }
 
 void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
@@ -199,6 +200,8 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
                                const unsigned char *input,
                                unsigned char *output )
 {
+    int ret;
+
     if( ctx == NULL )
     {
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
@@ -218,24 +221,32 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
     {
         ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
 
-        chachapoly_pad_aad( ctx );
+        ret = chachapoly_pad_aad( ctx );
+        if( ret != 0 )
+            return( ret );
     }
 
     ctx->ciphertext_len += len;
 
     if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
     {
-        /* Note: the following functions return an error only if one or more of
-         *       the input pointers are NULL. Since we have checked their
-         *       validity above, we can safety ignore the return value.
-         */
-        (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
-        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
+        ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
+        if( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
+        if( ret != 0 )
+            return( ret );
     }
     else /* DECRYPT */
     {
-        (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len );
-        (void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
+        ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len );
+        if( ret != 0 )
+            return( ret );
+
+        ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
+        if( ret != 0 )
+            return( ret );
     }
 
     return( 0 );
@@ -244,6 +255,7 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
 int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
                                unsigned char mac[16] )
 {
+    int ret;
     unsigned char len_block[16];
 
     if( ( ctx == NULL ) || ( mac == NULL ) )
@@ -257,11 +269,15 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
 
     if( ctx->state == CHACHAPOLY_STATE_AAD )
     {
-        chachapoly_pad_aad( ctx );
+        ret = chachapoly_pad_aad( ctx );
+        if( ret != 0 )
+            return( ret );
     }
     else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
     {
-        chachapoly_pad_ciphertext( ctx );
+        ret = chachapoly_pad_ciphertext( ctx );
+        if( ret != 0 )
+            return( ret );
     }
 
     ctx->state = CHACHAPOLY_STATE_FINISHED;
@@ -286,10 +302,13 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
     len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
 
-    (void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
-    (void) mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
+    ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
+    if( ret != 0 )
+        return( ret );
 
-    return( 0 );
+    ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
+
+    return( ret );
 }
 
 int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,

From be78b07015f302a9c4897139206d5abb95fbf5b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 24 May 2018 19:33:59 +0200
Subject: [PATCH 064/578] chachapoly: warn against piecewise decryption

---
 include/mbedtls/chachapoly.h | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 249dba185..be10cfd32 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -89,13 +89,31 @@ mbedtls_chachapoly_context;
  *                  \c mbedtls_chachapoly_crypt_and_tag() or
  *                  \c mbedtls_chachapoly_auth_decrypt().
  *
- *                  In order to encrypt or decrypt messages piecewise, for each
+ *                  In order to encrypt messages piecewise, for each
  *                  message you should make a call to
  *                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
  *                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
  *                  \c mbedtls_chachapoly_update(), then one call to
  *                  \c mbedtls_chachapoly_finish().
  *
+ * \warning         Decryption with the piecewise API is discouraged! Always
+ *                  use \c mbedtls_chachapoly_auth_decrypt() when possible!
+ *
+ *                  If however this is not possible because the data is too
+ *                  large to fit in memory, you need to:
+ *
+ *                  - call \c mbedtls_chachapoly_starts() and (if needed)
+ *                  \c mbedtls_chachapoly_update_aad() as above,
+ *                  - call \c mbedtls_chachapoly_update() multiple times and
+ *                  ensure its output (the plaintext) is NOT used in any other
+ *                  way than placing it in temporary storage at this point,
+ *                  - call \c mbedtls_chachapoly_finish() to compute the
+ *                  authentication tag and compared it in constant time to the
+ *                  tag received with the ciphertext.
+ *
+ *                  If the tags are not equal, you must immediately discard
+ *                  all previous outputs of \c mbedtls_chachapoly_update(),
+ *                  otherwise you can now safely use the plaintext.
  *
  * \param ctx       The ChachaPoly context to initialize.
  */
@@ -134,10 +152,13 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
  * \note            If the context is being used for AAD only (no data to
  *                  encrypt or decrypt) then \p mode can be set to any value.
  *
+ * \warning         Decryption with the piecewise API is discouraged, see the
+ *                  warning on \c mbedtls_chachapoly_init().
+ *
  * \param ctx       The ChaCha20-Poly1305 context.
  * \param nonce     The nonce/IV to use for the message. Must be 12 bytes.
  * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
- *                  #MBEDTLS_CHACHAPOLY_DECRYPT.
+ *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
  *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
@@ -169,6 +190,9 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
  *                  been processed by \c mbedtls_chachapoly_update(),
  *                  or if the context has been finished.
  *
+ * \warning         Decryption with the piecewise API is discouraged, see the
+ *                  warning on \c mbedtls_chachapoly_init().
+ *
  * \param ctx       The ChaCha20-Poly1305 context to use.
  * \param aad_len   The length (in bytes) of the AAD. The length has no
  *                  restrictions.
@@ -200,6 +224,9 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
  *                  this function 0 times, if no data is to be encrypted
  *                  or decrypted.
  *
+ * \warning         Decryption with the piecewise API is discouraged, see the
+ *                  warning on \c mbedtls_chachapoly_init().
+ *
  * \param ctx       The ChaCha20-Poly1305 context to use.
  * \param len       The length (in bytes) of the data to encrypt or decrypt.
  * \param input     The buffer containing the data to encrypt or decrypt.
@@ -227,6 +254,9 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
  * \param ctx       The ChaCha20-Poly1305 context to use.
  * \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
  *
+ * \warning         Decryption with the piecewise API is discouraged, see the
+ *                  warning on \c mbedtls_chachapoly_init().
+ *
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if \p ctx or \p mac are NULL.

From 20b4408fbd4c5663f73a12d05a31722a8f4a18ab Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 29 May 2018 14:06:49 +0200
Subject: [PATCH 065/578] Fix Lucky13 attack protection when using HMAC-SHA-384

As a protection against the Lucky Thirteen attack, the TLS code for
CBC decryption in encrypt-then-MAC mode performs extra MAC
calculations to compensate for variations in message size due to
padding. The amount of extra MAC calculation to perform was based on
the assumption that the bulk of the time is spent in processing
64-byte blocks, which is correct for most supported hashes but not for
SHA-384. Correct the amount of extra work for SHA-384 (and SHA-512
which is currently not used in TLS, and MD2 although no one should
care about that).
---
 library/ssl_tls.c | 62 +++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 54 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bc9dc77e1..6fdfb6349 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1985,20 +1985,66 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
         {
             /*
              * Process MAC and always update for padlen afterwards to make
-             * total time independent of padlen
-             *
-             * extra_run compensates MAC check for padlen
+             * total time independent of padlen.
              *
              * Known timing attacks:
              *  - Lucky Thirteen (http://www.isg.rhul.ac.uk/tls/TLStiming.pdf)
              *
-             * We use ( ( Lx + 8 ) / 64 ) to handle 'negative Lx' values
-             * correctly. (We round down instead of up, so -56 is the correct
-             * value for our calculations instead of -55)
+             * To compensate for different timings for the MAC calculation
+             * depending on how much padding was removed (which is determined
+             * by padlen), process extra_run more blocks through the hash
+             * function.
+             *
+             * The formula in the paper is
+             *   extra_run = ceil( (L1-55) / 64 ) - ceil( (L2-55) / 64 )
+             * where L1 is the size of the header plus the decrypted message
+             * plus CBC padding and L2 is the size of the header plus the
+             * decrypted message. This is for an underlying hash function
+             * with 64-byte blocks.
+             * We use ( (Lx+8) / 64 ) to handle 'negative Lx' values
+             * correctly. We round down instead of up, so -56 is the correct
+             * value for our calculations instead of -55.
+             *
+             * Repeat the formula rather than defining a block_size variable
+             * so that the code only uses division by a constant, not division
+             * by a variable.
              */
             size_t j, extra_run = 0;
-            extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
-                        ( 13 + ssl->in_msglen          + 8 ) / 64;
+            switch( ssl->transform_in->ciphersuite_info->mac )
+            {
+#if defined(MBEDTLS_MD2_C)
+                case MBEDTLS_MD_MD2:
+                    /* no size prepended, 64-byte compression blocks */
+                    extra_run = ( 13 + ssl->in_msglen + padlen ) / 64 -
+                                ( 13 + ssl->in_msglen          ) / 64;
+                    break;
+#endif
+#if defined(MBEDTLS_MD4_C) || defined(MBEDTLS_MD5_C) || \
+    defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA224_C) || \
+    defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_RIPEMD160_C)
+                case MBEDTLS_MD_MD4:
+                case MBEDTLS_MD_MD5:
+                case MBEDTLS_MD_SHA1:
+                case MBEDTLS_MD_SHA224:
+                case MBEDTLS_MD_SHA256:
+                case MBEDTLS_MD_RIPEMD160:
+                    /* 8 bytes of message size, 64-byte compression blocks */
+                    extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
+                                ( 13 + ssl->in_msglen          + 8 ) / 64;
+                    break;
+#endif
+#if defined(MBEDTLS_SHA384_C) || defined(MBEDTLS_SHA512_C)
+                case MBEDTLS_MD_SHA384:
+                case MBEDTLS_MD_SHA512:
+                    /* 16 bytes of message size, 128-byte compression blocks */
+                    extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 -
+                                ( 13 + ssl->in_msglen          + 16 ) / 128;
+                    break;
+#endif
+                default:
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "unsupported HMAC hash" ) );
+                    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
 
             extra_run &= correct * 0xFF;
 

From 1bd9d58b21b5b19d70fd262f80351a8c48ea941b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Jun 2018 11:58:44 +0200
Subject: [PATCH 066/578] Clarify comment about integer division by a variable

---
 library/ssl_tls.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6fdfb6349..e1b8f9c5b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2005,9 +2005,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
              * correctly. We round down instead of up, so -56 is the correct
              * value for our calculations instead of -55.
              *
-             * Repeat the formula rather than defining a block_size variable
-             * so that the code only uses division by a constant, not division
-             * by a variable.
+             * Repeat the formula rather than defining a block_size variable.
+             * This avoids requiring division by a variable at runtime
+             * (which would be marginally less efficient and would require
+             * linking an extra division function in some builds).
              */
             size_t j, extra_run = 0;
             switch( ssl->transform_in->ciphersuite_info->mac )

From a7fe25d5a53bd930a56b0980d214914cb7f6821b Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Jun 2018 12:01:18 +0200
Subject: [PATCH 067/578] Remove tests of #define's that don't exist

---
 library/ssl_tls.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e1b8f9c5b..893429d78 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2021,9 +2021,9 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
                     break;
 #endif
 #if defined(MBEDTLS_MD4_C) || defined(MBEDTLS_MD5_C) || \
-    defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA224_C) || \
-    defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_RIPEMD160_C)
                 case MBEDTLS_MD_MD4:
+    defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C) \
+    defined(MBEDTLS_RIPEMD160_C)
                 case MBEDTLS_MD_MD5:
                 case MBEDTLS_MD_SHA1:
                 case MBEDTLS_MD_SHA224:
@@ -2034,7 +2034,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
                                 ( 13 + ssl->in_msglen          + 8 ) / 64;
                     break;
 #endif
-#if defined(MBEDTLS_SHA384_C) || defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C)
                 case MBEDTLS_MD_SHA384:
                 case MBEDTLS_MD_SHA512:
                     /* 16 bytes of message size, 128-byte compression blocks */

From 5c38984fa70bf4998bacea1251003d3dc61f915c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Jun 2018 12:02:43 +0200
Subject: [PATCH 068/578] Use our habitual INTERNAL_ERROR debug message

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 893429d78..8e855a120 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2043,7 +2043,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
                     break;
 #endif
                 default:
-                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "unsupported HMAC hash" ) );
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
                     return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
             }
 

From 26c3b0a4b18fc7c24a00499d3f5a909509ce2bbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 4 Jun 2018 12:06:23 +0200
Subject: [PATCH 069/578] Fix return type of internal function

Fixes incomplete change in f4f01b6b7ad1
---
 library/chachapoly.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/chachapoly.c b/library/chachapoly.c
index ba3cf3c0c..8f785883b 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -74,7 +74,7 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
  *
  * \param ctx       The ChaCha20-Poly1305 context.
  */
-static void chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
+static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
 {
     uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
     unsigned char zeroes[15];

From 3dc62a0a9b6776ca1f58724c5be01c77012edf94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 4 Jun 2018 12:18:19 +0200
Subject: [PATCH 070/578] chachapoly: force correct mode for integrated API

Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
---
 include/mbedtls/chachapoly.h                | 21 ++++-----
 library/chachapoly.c                        | 51 +++++++++++++--------
 library/cipher.c                            |  3 +-
 programs/test/benchmark.c                   |  5 +-
 tests/suites/test_suite_chachapoly.function | 27 ++++-------
 5 files changed, 53 insertions(+), 54 deletions(-)

diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index be10cfd32..649749a01 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -269,7 +269,7 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
 
 /**
  * \brief           This function performs a complete ChaCha20-Poly1305
- *                  operation with the previously-set key.
+ *                  authenticated encryption with the previously-set key.
  *
  * \note            Before using this function, you must set the key with
  *                  \c mbedtls_chachapoly_setkey().
@@ -280,8 +280,6 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
  *                  and key.
  *
  * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
- * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
- *                  #MBEDTLS_CHACHAPOLY_DECRYPT.
  * \param length    The length (in bytes) of the data to encrypt or decrypt.
  * \param nonce     The 96-bit (12 bytes) nonce/IV to use.
  * \param aad       The buffer containing the additional authenticated data (AAD).
@@ -297,15 +295,14 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
  * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
  *                  if one or more of the required parameters are NULL.
  */
-int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                      mbedtls_chachapoly_mode_t mode,
-                                      size_t length,
-                                      const unsigned char nonce[12],
-                                      const unsigned char *aad,
-                                      size_t aad_len,
-                                      const unsigned char *input,
-                                      unsigned char *output,
-                                      unsigned char tag[16] );
+int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
+                                        size_t length,
+                                        const unsigned char nonce[12],
+                                        const unsigned char *aad,
+                                        size_t aad_len,
+                                        const unsigned char *input,
+                                        unsigned char *output,
+                                        unsigned char tag[16] );
 
 /**
  * \brief           This function performs a complete ChaCha20-Poly1305
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 8f785883b..80c1ebf8f 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -311,15 +311,15 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     return( ret );
 }
 
-int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                      mbedtls_chachapoly_mode_t mode,
-                                      size_t length,
-                                      const unsigned char nonce[12],
-                                      const unsigned char *aad,
-                                      size_t aad_len,
-                                      const unsigned char *input,
-                                      unsigned char *output,
-                                      unsigned char tag[16] )
+static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
+                                     mbedtls_chachapoly_mode_t mode,
+                                     size_t length,
+                                     const unsigned char nonce[12],
+                                     const unsigned char *aad,
+                                     size_t aad_len,
+                                     const unsigned char *input,
+                                     unsigned char *output,
+                                     unsigned char tag[16] )
 {
     int ret;
 
@@ -341,6 +341,20 @@ cleanup:
     return( ret );
 }
 
+int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
+                                        size_t length,
+                                        const unsigned char nonce[12],
+                                        const unsigned char *aad,
+                                        size_t aad_len,
+                                        const unsigned char *input,
+                                        unsigned char *output,
+                                        unsigned char tag[16] )
+{
+    return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
+                                      length, nonce, aad, aad_len,
+                                      input, output, tag ) );
+}
+
 int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
                                      size_t length,
                                      const unsigned char nonce[12],
@@ -358,7 +372,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
     if( tag == NULL )
         return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
-    if( ( ret = mbedtls_chachapoly_crypt_and_tag( ctx,
+    if( ( ret = chachapoly_crypt_and_tag( ctx,
                         MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
                         aad, aad_len, input, output, check_tag ) ) != 0 )
     {
@@ -499,15 +513,14 @@ int mbedtls_chachapoly_self_test( int verbose )
         ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
         ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) );
 
-        ret = mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                                MBEDTLS_CHACHAPOLY_ENCRYPT,
-                                                test_input_len[i],
-                                                test_nonce[i],
-                                                test_aad[i],
-                                                test_aad_len[i],
-                                                test_input[i],
-                                                output,
-                                                mac );
+        ret = mbedtls_chachapoly_encrypt_and_tag( &ctx,
+                                                  test_input_len[i],
+                                                  test_nonce[i],
+                                                  test_aad[i],
+                                                  test_aad_len[i],
+                                                  test_input[i],
+                                                  output,
+                                                  mac );
 
         ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) );
 
diff --git a/library/cipher.c b/library/cipher.c
index cf10094f6..5a96e2bc7 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -992,8 +992,7 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
         }
 
         *olen = ilen;
-        return( mbedtls_chachapoly_crypt_and_tag( ctx->cipher_ctx,
-                                MBEDTLS_CHACHAPOLY_ENCRYPT,
+        return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx,
                                 ilen, iv, ad, ad_len, input, output, tag ) );
     }
 #endif /* MBEDTLS_CHACHAPOLY_C */
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 3e9ab0a29..f266b82f4 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -491,9 +491,8 @@ int main( int argc, char *argv[] )
         mbedtls_chachapoly_setkey( &chachapoly, tmp );
 
         TIME_AND_TSC( title,
-                mbedtls_chachapoly_crypt_and_tag( &chachapoly,
-                    MBEDTLS_CHACHAPOLY_ENCRYPT, BUFSIZE, tmp,
-                    NULL, 0, buf, buf, tmp ) );
+                mbedtls_chachapoly_encrypt_and_tag( &chachapoly,
+                    BUFSIZE, tmp, NULL, 0, buf, buf, tmp ) );
 
         mbedtls_chachapoly_free( &chachapoly );
     }
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 7baa22995..95dfd8a91 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -48,8 +48,7 @@ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char
 
     TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
 
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       input_len, nonce_str,
                                       aad_str, aad_len,
                                       input_str, output, mac ) == 0 );
@@ -149,38 +148,32 @@ void chachapoly_bad_params()
     TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
                  == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( NULL,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( NULL,
                                       0, nonce,
                                       aad, 0,
                                       input, output, mac )
                  == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       0, NULL,
                                       aad, 0,
                                       input, output, mac )
                  == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       0, nonce,
                                       NULL, aad_len,
                                       input, output, mac )
                  == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       input_len, nonce,
                                       aad, 0,
                                       NULL, output, mac )
                  == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       input_len, nonce,
                                       aad, 0,
                                       input, NULL, mac )
                  == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       0, nonce,
                                       aad, 0,
                                       input, output, NULL )
@@ -217,8 +210,7 @@ void chachapoly_bad_params()
                                            mac, input, NULL )
                  == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
 
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       0, nonce,
                                       aad, aad_len,
                                       NULL, NULL, mac )
@@ -229,8 +221,7 @@ void chachapoly_bad_params()
                                            mac, NULL, NULL )
                  == 0 );
 
-    TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
-                                      MBEDTLS_CHACHAPOLY_ENCRYPT,
+    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                       input_len, nonce,
                                       NULL, 0,
                                       input, output, mac )

From e533b221536d1307278584b65065dc1df5b6cb79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 4 Jun 2018 12:23:19 +0200
Subject: [PATCH 071/578] Fix ordering and repetitions in config.h

---
 include/mbedtls/config.h | 34 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 22 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 69d2b63b5..663c98417 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -269,13 +269,13 @@
  *            digests and ciphers instead.
  *
  */
-//#define MBEDTLS_CHACHAPOLY_ALT
 //#define MBEDTLS_AES_ALT
 //#define MBEDTLS_ARC4_ALT
 //#define MBEDTLS_BLOWFISH_ALT
 //#define MBEDTLS_CAMELLIA_ALT
 //#define MBEDTLS_CCM_ALT
 //#define MBEDTLS_CHACHA20_ALT
+//#define MBEDTLS_CHACHAPOLY_ALT
 //#define MBEDTLS_CMAC_ALT
 //#define MBEDTLS_DES_ALT
 //#define MBEDTLS_DHM_ALT
@@ -1689,17 +1689,6 @@
  */
 #define MBEDTLS_AES_C
 
-/**
- * \def MBEDTLS_CHACHAPOLY_C
- *
- * Enable the ChaCha20-Poly1305 AEAD algorithm.
- *
- * Module:  library/chachapoly.c
- *
- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
- */
-#define MBEDTLS_CHACHAPOLY_C
-
 /**
  * \def MBEDTLS_ARC4_C
  *
@@ -1849,16 +1838,6 @@
  */
 #define MBEDTLS_CAMELLIA_C
 
-/**
- * \def MBEDTLS_CHACHA20_C
- *
- * Enable the ChaCha20 block cipher.
- *
- * Module:  library/chacha20.c
- * Caller:  library/chachapoly.c
- */
-#define MBEDTLS_CHACHA20_C
-
 /**
  * \def MBEDTLS_CCM_C
  *
@@ -1894,6 +1873,17 @@
  */
 #define MBEDTLS_CHACHA20_C
 
+/**
+ * \def MBEDTLS_CHACHAPOLY_C
+ *
+ * Enable the ChaCha20-Poly1305 AEAD algorithm.
+ *
+ * Module:  library/chachapoly.c
+ *
+ * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+ */
+#define MBEDTLS_CHACHAPOLY_C
+
 /**
  * \def MBEDTLS_CIPHER_C
  *

From 9c82e2ce49d466ee37db2fde177a84d49c095631 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 4 Jun 2018 12:30:04 +0200
Subject: [PATCH 072/578] Fix some whitespace issues

---
 programs/test/benchmark.c | 2 +-
 tests/Makefile            | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index f266b82f4..0b927e2b0 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -97,7 +97,7 @@ int main( void )
 #define OPTIONS                                                         \
     "md4, md5, ripemd160, sha1, sha256, sha512,\n"                      \
     "arc4, des3, des, camellia, blowfish, chacha20,\n"                  \
-    "aes_cbc, aes_gcm, aes_ccm, chachapoly,\n"                                      \
+    "aes_cbc, aes_gcm, aes_ccm, chachapoly,\n"                          \
     "aes_cmac, des3_cmac, poly1305\n"                                   \
     "havege, ctr_drbg, hmac_drbg\n"                                     \
     "rsa, dhm, ecdsa, ecdh.\n"
diff --git a/tests/Makefile b/tests/Makefile
index f9d976864..16423193c 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -45,7 +45,7 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
-APPS = 	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
+APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_aes.cfb$(EXEXT)	test_suite_aes.rest$(EXEXT)	\
 	test_suite_arc4$(EXEXT)		test_suite_asn1write$(EXEXT)	\
 	test_suite_base64$(EXEXT)	test_suite_blowfish$(EXEXT)	\
@@ -209,7 +209,6 @@ test_suite_hmac_drbg.pr.c : suites/test_suite_hmac_drbg.function suites/test_sui
 	echo "  Gen   $@"
 	perl scripts/generate_code.pl suites $* $*
 
-
 test_suite_aes.ecb$(EXEXT): test_suite_aes.ecb.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

From d2db09f435947b5dc12901390e782d68ba3baf77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 4 Jun 2018 12:31:12 +0200
Subject: [PATCH 073/578] Fix typo in documentation

---
 include/mbedtls/poly1305.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index abe369000..5c69a813a 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -106,7 +106,7 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
                              const unsigned char key[32] );
 
 /**
- * \brief           This functions feeds an input bufer into an ongoing
+ * \brief           This functions feeds an input buffer into an ongoing
  *                  Poly1305 computation.
  *
  *                  It is called between \c mbedtls_cipher_cmac_starts() and

From 94175a50f7ec89ecf704b92f6d90bfc9d33dbdf4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 4 Jun 2018 12:42:17 +0200
Subject: [PATCH 074/578] Refresh generated file

---
 library/version_features.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/library/version_features.c b/library/version_features.c
index cce1a384e..c0a5a3c65 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -84,9 +84,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_TIMING_ALT)
     "MBEDTLS_TIMING_ALT",
 #endif /* MBEDTLS_TIMING_ALT */
-#if defined(MBEDTLS_CHACHAPOLY_ALT)
-    "MBEDTLS_CHACHAPOLY_ALT",
-#endif /* MBEDTLS_CHACHAPOLY_ALT */
 #if defined(MBEDTLS_AES_ALT)
     "MBEDTLS_AES_ALT",
 #endif /* MBEDTLS_AES_ALT */
@@ -105,6 +102,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_CHACHA20_ALT)
     "MBEDTLS_CHACHA20_ALT",
 #endif /* MBEDTLS_CHACHA20_ALT */
+#if defined(MBEDTLS_CHACHAPOLY_ALT)
+    "MBEDTLS_CHACHAPOLY_ALT",
+#endif /* MBEDTLS_CHACHAPOLY_ALT */
 #if defined(MBEDTLS_CMAC_ALT)
     "MBEDTLS_CMAC_ALT",
 #endif /* MBEDTLS_CMAC_ALT */
@@ -519,9 +519,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_AES_C)
     "MBEDTLS_AES_C",
 #endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    "MBEDTLS_CHACHAPOLY_C",
-#endif /* MBEDTLS_CHACHAPOLY_C */
 #if defined(MBEDTLS_ARC4_C)
     "MBEDTLS_ARC4_C",
 #endif /* MBEDTLS_ARC4_C */
@@ -543,9 +540,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_CAMELLIA_C)
     "MBEDTLS_CAMELLIA_C",
 #endif /* MBEDTLS_CAMELLIA_C */
-#if defined(MBEDTLS_CHACHA20_C)
-    "MBEDTLS_CHACHA20_C",
-#endif /* MBEDTLS_CHACHA20_C */
 #if defined(MBEDTLS_CCM_C)
     "MBEDTLS_CCM_C",
 #endif /* MBEDTLS_CCM_C */
@@ -555,6 +549,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_CHACHA20_C)
     "MBEDTLS_CHACHA20_C",
 #endif /* MBEDTLS_CHACHA20_C */
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    "MBEDTLS_CHACHAPOLY_C",
+#endif /* MBEDTLS_CHACHAPOLY_C */
 #if defined(MBEDTLS_CIPHER_C)
     "MBEDTLS_CIPHER_C",
 #endif /* MBEDTLS_CIPHER_C */

From d0e55a465779554d354343601161aa11f69353b6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 4 Jun 2018 12:03:30 +0200
Subject: [PATCH 075/578] ssl_decrypt_buf: remove code for hashes that aren't
 used in TLS

---
 library/ssl_tls.c | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8e855a120..4d50497cd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2013,22 +2013,11 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
             size_t j, extra_run = 0;
             switch( ssl->transform_in->ciphersuite_info->mac )
             {
-#if defined(MBEDTLS_MD2_C)
-                case MBEDTLS_MD_MD2:
-                    /* no size prepended, 64-byte compression blocks */
-                    extra_run = ( 13 + ssl->in_msglen + padlen ) / 64 -
-                                ( 13 + ssl->in_msglen          ) / 64;
-                    break;
-#endif
-#if defined(MBEDTLS_MD4_C) || defined(MBEDTLS_MD5_C) || \
-                case MBEDTLS_MD_MD4:
-    defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C) \
-    defined(MBEDTLS_RIPEMD160_C)
+#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
+    defined(MBEDTLS_SHA256_C)
                 case MBEDTLS_MD_MD5:
                 case MBEDTLS_MD_SHA1:
-                case MBEDTLS_MD_SHA224:
                 case MBEDTLS_MD_SHA256:
-                case MBEDTLS_MD_RIPEMD160:
                     /* 8 bytes of message size, 64-byte compression blocks */
                     extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 -
                                 ( 13 + ssl->in_msglen          + 8 ) / 64;
@@ -2036,7 +2025,6 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
 #endif
 #if defined(MBEDTLS_SHA512_C)
                 case MBEDTLS_MD_SHA384:
-                case MBEDTLS_MD_SHA512:
                     /* 16 bytes of message size, 128-byte compression blocks */
                     extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 -
                                 ( 13 + ssl->in_msglen          + 16 ) / 128;

From 747fd539380ed5d37e0927b4d2fb5326f2aca104 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 30 May 2018 09:13:21 +0200
Subject: [PATCH 076/578] Fixes different off by ones

---
 ChangeLog         |  3 +++
 library/ssl_cli.c |  6 +++---
 library/ssl_srv.c | 43 ++++++++++++++++++++++++++++++++++++-------
 library/ssl_tls.c |  9 +++++++++
 4 files changed, 51 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8ebe9bb61..723539c39 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,9 @@ Changes
    * Support TLS testing in out-of-source builds using cmake. Fixes #1193.
    * Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by
      TrinityTonic. #1359.
+   * Adds of lengths checks in different functions (not a security issue as
+     original buffer is overgrown) thanks to Philippe Antoine from Catena
+     cyber. #1663.
 
 = mbed TLS 2.9.0 branch released 2018-04-30
 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7455e99d2..f89972a4c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1247,14 +1247,14 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
     size_t list_size;
     const unsigned char *p;
 
-    list_size = buf[0];
-    if( list_size + 1 != len )
+    if( len == 0 || (size_t)( buf[0] + 1 ) != len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
         mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                         MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
+    list_size = buf[0];
 
     p = buf + 1;
     while( list_size > 0 )
@@ -2711,7 +2711,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
      * therefore the buffer length at this point must be greater than that
      * regardless of the actual code path.
      */
-    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
+    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
         mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 09b7a3fed..457f9bbc0 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -91,6 +91,13 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) );
 
+    if( len < 2 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
     servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
     if( servername_list_size + 2 != len )
     {
@@ -101,7 +108,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl,
     }
 
     p = buf + 2;
-    while( servername_list_size > 0 )
+    while( servername_list_size > 2 )
     {
         hostname_len = ( ( p[1] << 8 ) | p[2] );
         if( hostname_len + 3 > servername_list_size )
@@ -205,6 +212,12 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
     mbedtls_md_type_t md_cur;
     mbedtls_pk_type_t sig_cur;
 
+    if ( len < 2 ) {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
     sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
     if( sig_alg_list_size + 2 != len ||
         sig_alg_list_size % 2 != 0 )
@@ -273,6 +286,12 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl,
     const unsigned char *p;
     const mbedtls_ecp_curve_info *curve_info, **curves;
 
+    if ( len < 2 ) {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                       MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+        return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+    }
     list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
     if( list_size + 2 != len ||
         list_size % 2 != 0 )
@@ -332,14 +351,14 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl,
     size_t list_size;
     const unsigned char *p;
 
-    list_size = buf[0];
-    if( list_size + 1 != len )
+    if( len == 0 || (size_t)( buf[0] + 1 ) != len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
         mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                         MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
         return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
     }
+    list_size = buf[0];
 
     p = buf + 1;
     while( list_size > 0 )
@@ -1656,10 +1675,16 @@ read_record_header:
 
         while( ext_len != 0 )
         {
-            unsigned int ext_id   = ( ( ext[0] <<  8 )
-                                    | ( ext[1]       ) );
-            unsigned int ext_size = ( ( ext[2] <<  8 )
-                                    | ( ext[3]       ) );
+            unsigned int ext_id;
+            unsigned int ext_size;
+            if ( ext_len < 4 ) {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
+                mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                               MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+                return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
+            }
+            ext_id   = ( ( ext[0] <<  8 ) | ( ext[1] ) );
+            ext_size = ( ( ext[2] <<  8 ) | ( ext[3] ) );
 
             if( ext_size + 4 > ext_len )
             {
@@ -3299,6 +3324,10 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
     defined(MBEDTLS_SSL_PROTO_TLS1_2)
     if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
     {
+        if ( p + 2 > end ) {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
+        }
         if( *p++ != ( ( len >> 8 ) & 0xFF ) ||
             *p++ != ( ( len      ) & 0xFF ) )
         {
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e8e0cd854..b8b8df205 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1151,6 +1151,9 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch
          * other_secret already set by the ClientKeyExchange message,
          * and is 48 bytes long
          */
+        if( end - p < 2 )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
         *p++ = 0;
         *p++ = 48;
         p += 48;
@@ -4528,6 +4531,12 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
 
     while( i < ssl->in_hslen )
     {
+        if ( i + 3 > ssl->in_hslen ) {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
+            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                           MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
+        }
         if( ssl->in_msg[i] != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );

From b5b254300e964188d1e83ca9c43e2c043bca2240 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 11 May 2018 11:06:29 +0200
Subject: [PATCH 077/578] Fix undefined shifts

- in x509_profile_check_pk_alg
- in x509_profile_check_md_alg
- in x509_profile_check_key

and in ssl_cli.c : unsigned char gets promoted to signed integer
---
 ChangeLog          | 2 ++
 library/ssl_cli.c  | 4 ++--
 library/x509_crt.c | 9 +++++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8ebe9bb61..189a071a5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,8 @@ API Changes
 Bugfix
    * Fix an issue with MicroBlaze support in bn_mul.h which was causing the
      build to fail. Found by zv-io. Fixes #1651.
+   * Fix undefined shifts with negative values in certificates parsing
+     (found by Catena cyber using oss-fuzz)
 
 Changes
    * Support TLS testing in out-of-source builds using cmake. Fixes #1193.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7455e99d2..6007a6e17 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3313,8 +3313,8 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
 
     msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
 
-    lifetime = ( msg[0] << 24 ) | ( msg[1] << 16 ) |
-               ( msg[2] <<  8 ) | ( msg[3]       );
+    lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) |
+               ( msg[2] << 8 ) | ( msg[3] );
 
     ticket_len = ( msg[4] << 8 ) | ( msg[5] );
 
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 290c1eb3d..89194b320 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -163,6 +163,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
 static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
                                       mbedtls_md_type_t md_alg )
 {
+    if( md_alg == MBEDTLS_MD_NONE )
+        return( -1 );
+
     if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 )
         return( 0 );
 
@@ -176,6 +179,9 @@ static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile,
 static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile,
                                       mbedtls_pk_type_t pk_alg )
 {
+    if( pk_alg == MBEDTLS_PK_NONE )
+        return( -1 );
+
     if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 )
         return( 0 );
 
@@ -208,6 +214,9 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
     {
         const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id;
 
+        if( gid == MBEDTLS_ECP_DP_NONE )
+            return( -1 );
+
         if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 )
             return( 0 );
 

From 2adb375c50e2db5f44dd1ce8b7cb4b33b035563a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 7 Jun 2018 10:51:44 +0200
Subject: [PATCH 078/578] Add option to avoid 64-bit multiplication

Motivation is similar to NO_UDBL_DIVISION.

The alternative implementation of 64-bit mult is straightforward and aims at
obvious correctness. Also, visual examination of the generate assembly show
that it's quite efficient with clang, armcc5 and arm-clang. However current
GCC generates fairly inefficient code for it.

I tried to rework the code in order to make GCC generate more efficient code.
Unfortunately the only way to do that is to get rid of 64-bit add and handle
the carry manually, but this causes other compilers to generate less efficient
code with branches, which is not acceptable from a side-channel point of view.

So let's keep the obvious code that works for most compilers and hope future
versions of GCC learn to manage registers in a sensible way in that context.

See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
---
 include/mbedtls/config.h   | 22 +++++++++++++
 library/poly1305.c         | 66 +++++++++++++++++++++++++++-----------
 library/version_features.c |  3 ++
 scripts/config.pl          |  1 +
 tests/scripts/all.sh       | 53 +++++++++++++++++++++++++++++-
 5 files changed, 125 insertions(+), 20 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 663c98417..bde5a4581 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -84,6 +84,28 @@
  */
 //#define MBEDTLS_NO_UDBL_DIVISION
 
+/**
+ * \def MBEDTLS_NO_64BIT_MULTIPLICATION
+ *
+ * The platform lacks support for 32x32 -> 64-bit multiplication.
+ *
+ * Used in:
+ *      library/poly1305.c
+ *
+ * Some parts of the library may use multiplication of two unsigned 32-bit
+ * operands with a 64-bit result in order to speed up computations. On some
+ * platforms, this is not available in hardware and has to be implemented in
+ * software, usually in a library provided by the toolchain.
+ *
+ * Sometimes it is not desirable to have to link to that library. This option
+ * removes the dependency of that library on platforms that lack a hardware
+ * 64-bit multiplier by embedding a software implementation in Mbed TLS.
+ *
+ * Note that depending on the compiler, this may decrease performance compared
+ * to using the library function provided by the toolchain.
+ */
+//#define MBEDTLS_NO_64BIT_MULTIPLICATION
+
 /**
  * \def MBEDTLS_HAVE_SSE2
  *
diff --git a/library/poly1305.c b/library/poly1305.c
index 41e83f3f3..bafe61380 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -53,6 +53,34 @@
           | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 )  \
     )
 
+/*
+ * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
+ * However we provided an alternative for platforms without such a multiplier.
+ */
+#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
+static uint64_t mul64( uint32_t a, uint32_t b )
+{
+    /* a = al + 2**16 ah, b = bl + 2**16 bh */
+    const uint16_t al = (uint16_t) a;
+    const uint16_t bl = (uint16_t) b;
+    const uint16_t ah = a >> 16;
+    const uint16_t bh = b >> 16;
+
+    /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */
+    const uint32_t lo = (uint32_t) al * bl;
+    const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh;
+    const uint32_t hi = (uint32_t) ah * bh;
+
+    return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) );
+}
+#else
+static inline uint64_t mul64( uint32_t a, uint32_t b )
+{
+    return( (uint64_t) a * b );
+}
+#endif
+
+
 /**
  * \brief                   Process blocks with Poly1305.
  *
@@ -112,25 +140,25 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
         acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding;
 
         /* Compute: acc *= r */
-        d0 = ( (uint64_t) acc0 * r0  ) +
-             ( (uint64_t) acc1 * rs3 ) +
-             ( (uint64_t) acc2 * rs2 ) +
-             ( (uint64_t) acc3 * rs1 );
-        d1 = ( (uint64_t) acc0 * r1  ) +
-             ( (uint64_t) acc1 * r0  ) +
-             ( (uint64_t) acc2 * rs3 ) +
-             ( (uint64_t) acc3 * rs2 ) +
-             ( (uint64_t) acc4 * rs1 );
-        d2 = ( (uint64_t) acc0 * r2  ) +
-             ( (uint64_t) acc1 * r1  ) +
-             ( (uint64_t) acc2 * r0  ) +
-             ( (uint64_t) acc3 * rs3 ) +
-             ( (uint64_t) acc4 * rs2 );
-        d3 = ( (uint64_t) acc0 * r3  ) +
-             ( (uint64_t) acc1 * r2  ) +
-             ( (uint64_t) acc2 * r1  ) +
-             ( (uint64_t) acc3 * r0  ) +
-             ( (uint64_t) acc4 * rs3 );
+        d0 = mul64( acc0, r0  ) +
+             mul64( acc1, rs3 ) +
+             mul64( acc2, rs2 ) +
+             mul64( acc3, rs1 );
+        d1 = mul64( acc0, r1  ) +
+             mul64( acc1, r0  ) +
+             mul64( acc2, rs3 ) +
+             mul64( acc3, rs2 ) +
+             mul64( acc4, rs1 );
+        d2 = mul64( acc0, r2  ) +
+             mul64( acc1, r1  ) +
+             mul64( acc2, r0  ) +
+             mul64( acc3, rs3 ) +
+             mul64( acc4, rs2 );
+        d3 = mul64( acc0, r3  ) +
+             mul64( acc1, r2  ) +
+             mul64( acc2, r1  ) +
+             mul64( acc3, r0  ) +
+             mul64( acc4, rs3 );
         acc4 *= r0;
 
         /* Compute: acc %= (2^130 - 5) (partial remainder) */
diff --git a/library/version_features.c b/library/version_features.c
index c0a5a3c65..21b3477b1 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -39,6 +39,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_NO_UDBL_DIVISION)
     "MBEDTLS_NO_UDBL_DIVISION",
 #endif /* MBEDTLS_NO_UDBL_DIVISION */
+#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
+    "MBEDTLS_NO_64BIT_MULTIPLICATION",
+#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */
 #if defined(MBEDTLS_HAVE_SSE2)
     "MBEDTLS_HAVE_SSE2",
 #endif /* MBEDTLS_HAVE_SSE2 */
diff --git a/scripts/config.pl b/scripts/config.pl
index 5bf27859a..a89787ae6 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -95,6 +95,7 @@ MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 MBEDTLS_ZLIB_SUPPORT
 MBEDTLS_PKCS11_C
 MBEDTLS_NO_UDBL_DIVISION
+MBEDTLS_NO_64BIT_MULTIPLICATION
 _ALT\s*$
 );
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index e6c7549e6..83011f5a0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -344,6 +344,12 @@ if_build_succeeded () {
     fi
 }
 
+# to be used instead of ! for commands run with
+# record_status or if_build_succeeded
+not() {
+    ! "$@"
+}
+
 msg "info: $0 configuration"
 echo "MEMORY: $MEMORY"
 echo "FORCE: $FORCE"
@@ -691,6 +697,31 @@ make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
 msg "test: gcc, force 64-bit bignum limbs"
 make test
 
+
+msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
+make CFLAGS='-Werror -O1'
+
+msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s
+make test
+
+
+msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
+make CFLAGS='-Werror -O1'
+
+msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s
+make test
+
+
 msg "build: arm-none-eabi-gcc, make" # ~ 10s
 cleanup
 cp "$CONFIG_H" "$CONFIG_BAK"
@@ -726,7 +757,27 @@ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
 scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
 make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
 echo "Checking that software 64-bit division is not required"
-! grep __aeabi_uldiv library/*.o
+if_build_succeeded not grep __aeabi_uldiv library/*.o
+
+msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl full
+scripts/config.pl unset MBEDTLS_NET_C
+scripts/config.pl unset MBEDTLS_TIMING_C
+scripts/config.pl unset MBEDTLS_FS_IO
+scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
+scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
+# following things are not in the default config
+scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
+scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
+scripts/config.pl unset MBEDTLS_THREADING_C
+scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
+scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
+scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
+make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
+echo "Checking that software 64-bit multiplication is not required"
+if_build_succeeded not grep __aeabi_lmul library/*.o
 
 msg "build: ARM Compiler 5, make"
 cleanup

From 21a65e00113d934da3a770d3741e319abc7c71f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 7 Jun 2018 11:54:17 +0200
Subject: [PATCH 079/578] Fix usage of inline with for some compilers

---
 library/chacha20.c | 5 +++++
 library/poly1305.c | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/library/chacha20.c b/library/chacha20.c
index 903f55f3b..d14a51e04 100644
--- a/library/chacha20.c
+++ b/library/chacha20.c
@@ -48,6 +48,11 @@
 
 #if !defined(MBEDTLS_CHACHA20_ALT)
 
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
 #define BYTES_TO_U32_LE( data, offset )                           \
     ( (uint32_t) data[offset]                                     \
           | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 )   \
diff --git a/library/poly1305.c b/library/poly1305.c
index bafe61380..e22d3afb6 100644
--- a/library/poly1305.c
+++ b/library/poly1305.c
@@ -44,6 +44,11 @@
 
 #if !defined(MBEDTLS_POLY1305_ALT)
 
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+    !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
 #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
 
 #define BYTES_TO_U32_LE( data, offset )                           \

From f30dbdcaf0fb4c06d083532334ee15c643bd2051 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 7 Jun 2018 13:04:35 +0200
Subject: [PATCH 080/578] Update generated file

---
 visualc/VS2010/mbedTLS.vcxproj | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index ad5a062e3..446b4ba53 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -159,8 +159,8 @@
     <ClInclude Include="..\..\include\mbedtls\camellia.h" />
     <ClInclude Include="..\..\include\mbedtls\ccm.h" />
     <ClInclude Include="..\..\include\mbedtls\certs.h" />
-    <ClInclude Include="..\..\include\mbedtls\chacha20.h" />
-    <ClInclude Include="..\..\include\mbedtls\chachapoly.h" />
+    <ClInclude Include="..\..\include\mbedtls\chacha20.h" />
+    <ClInclude Include="..\..\include\mbedtls\chachapoly.h" />
     <ClInclude Include="..\..\include\mbedtls\check_config.h" />
     <ClInclude Include="..\..\include\mbedtls\cipher.h" />
     <ClInclude Include="..\..\include\mbedtls\cipher_internal.h" />
@@ -201,7 +201,7 @@
     <ClInclude Include="..\..\include\mbedtls\platform.h" />
     <ClInclude Include="..\..\include\mbedtls\platform_time.h" />
     <ClInclude Include="..\..\include\mbedtls\platform_util.h" />
-    <ClInclude Include="..\..\include\mbedtls\poly1305.h" />
+    <ClInclude Include="..\..\include\mbedtls\poly1305.h" />
     <ClInclude Include="..\..\include\mbedtls\ripemd160.h" />
     <ClInclude Include="..\..\include\mbedtls\rsa.h" />
     <ClInclude Include="..\..\include\mbedtls\rsa_internal.h" />
@@ -236,8 +236,8 @@
     <ClCompile Include="..\..\library\camellia.c" />
     <ClCompile Include="..\..\library\ccm.c" />
     <ClCompile Include="..\..\library\certs.c" />
-    <ClCompile Include="..\..\library\chacha20.c" />
-    <ClCompile Include="..\..\library\chachapoly.c" />
+    <ClCompile Include="..\..\library\chacha20.c" />
+    <ClCompile Include="..\..\library\chachapoly.c" />
     <ClCompile Include="..\..\library\cipher.c" />
     <ClCompile Include="..\..\library\cipher_wrap.c" />
     <ClCompile Include="..\..\library\cmac.c" />
@@ -275,7 +275,7 @@
     <ClCompile Include="..\..\library\pkwrite.c" />
     <ClCompile Include="..\..\library\platform.c" />
     <ClCompile Include="..\..\library\platform_util.c" />
-    <ClCompile Include="..\..\library\poly1305.c" />
+    <ClCompile Include="..\..\library\poly1305.c" />
     <ClCompile Include="..\..\library\ripemd160.c" />
     <ClCompile Include="..\..\library\rsa.c" />
     <ClCompile Include="..\..\library\rsa_internal.c" />

From c06c9ae0885d170b416b860e4a2371a867dcb6d2 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 12 Jun 2018 18:29:28 +0100
Subject: [PATCH 081/578] Add alias APPLE make var of APPLE_BUILD

---
 library/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/Makefile b/library/Makefile
index 60e9cbcc4..9affde417 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -21,6 +21,8 @@ endif
 # if were running on Windows build for Windows
 ifdef WINDOWS
 WINDOWS_BUILD=1
+else ifdef APPLE
+APPLE_BUILD=1
 endif
 
 # To compile as a shared library:

From 9b04e19129bdaacc68cada54bd84e4a66e52ee52 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Tue, 12 Jun 2018 20:16:03 +0100
Subject: [PATCH 082/578] Use grep to detect zeroize test failures on GDB

This patch uses grep to search the GDB output for errors as there is
a bug in the tool that causes it to return 0 to the system even though
there was a problem in the script.

This patch also fixes the zeroize test to work with the --keep-going
option in all.sh.
---
 tests/scripts/all.sh | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4894ad9b5..439a6bf13 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -896,12 +896,29 @@ cd "$MBEDTLS_ROOT_DIR"
 rm -rf "$OUT_OF_SOURCE_DIR"
 unset MBEDTLS_ROOT_DIR
 
+# Test that the function mbedtls_platform_zeroize() is not optimized away by
+# different combinations of compilers and optimization flags by using an
+# auxiliary GDB script. Unfortunately, GDB does not return error values to the
+# system in all cases that the script fails, so we must manually search the
+# output to check whether the pass string is present and no failure strings
+# were printed.
 for optimization_flag in -O2 -O3 -Ofast -Os; do
     for compiler in clang gcc; do
         msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
         cleanup
-        CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" make programs
-        gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx
+        make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
+        if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx > test_zeroize.log 2>&1
+        if [ ! -s test_zeroize.log ]; then
+            err_msg "test_zeroize.log was not found or is empty"
+            record_status [ -s test_zeroize.log ]
+        elif ! grep "The buffer was correctly zeroized" test_zeroize.log >/dev/null 2>&1; then
+            err_msg "test_zeroize.log does not contain pass string"
+            record_status false
+        elif grep -i "error" test_zeroize.log >/dev/null 2>&1; then
+            err_msg "test_zeroize.log contains error string"
+            record_status false
+        fi
+        rm -f test_zeroize.log
     done
 done
 

From c471cd7e0a68de83f4132fb48e9497f96ff8d43a Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 13 Jun 2018 09:28:04 +0100
Subject: [PATCH 083/578] Autodetect if running on OS X in makefile

---
 library/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/Makefile b/library/Makefile
index 9affde417..89bc84f11 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -21,7 +21,7 @@ endif
 # if were running on Windows build for Windows
 ifdef WINDOWS
 WINDOWS_BUILD=1
-else ifdef APPLE
+else ifeq ($(shell uname -s),Darwin)
 APPLE_BUILD=1
 endif
 

From 1d9375919a5d78d07611379784f9a9edbeb918fa Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 13 Jun 2018 10:04:58 +0100
Subject: [PATCH 084/578] Conditionally assign APPLE_BUILD var in makefile

---
 library/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/Makefile b/library/Makefile
index 89bc84f11..b1ef8d3f6 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -22,7 +22,7 @@ endif
 ifdef WINDOWS
 WINDOWS_BUILD=1
 else ifeq ($(shell uname -s),Darwin)
-APPLE_BUILD=1
+APPLE_BUILD ?= 1
 endif
 
 # To compile as a shared library:

From c03059db42e7e1bc2c1c86615fd802b3a7a4de8b Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 14 Jun 2018 07:35:11 +0200
Subject: [PATCH 085/578] Simplify code in mbedtls_x509_csr_parse

---
 library/x509_csr.c | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/library/x509_csr.c b/library/x509_csr.c
index 8bb7f3363..40a0f2061 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -278,32 +278,24 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
 
 #if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_init( &pem );
-
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( buf[buflen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
+    if( buf[buflen - 1] == '\0' ) {
+        mbedtls_pem_init( &pem );
         ret = mbedtls_pem_read_buffer( &pem,
                                "-----BEGIN CERTIFICATE REQUEST-----",
                                "-----END CERTIFICATE REQUEST-----",
                                buf, NULL, 0, &use_len );
 
-    if( ret == 0 )
-    {
-        /*
-         * Was PEM encoded, parse the result
-         */
-        ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+        if( ret == 0 )
+            /*
+             * Was PEM encoded, parse the result
+             */
+            ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
+
         mbedtls_pem_free( &pem );
-        return( ret );
+        if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
+            return( ret );
     }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else
 #endif /* MBEDTLS_PEM_PARSE_C */
     return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
 }

From 388c1b124ec79212ada16316eee43e1c66c3b486 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 19:01:34 +0100
Subject: [PATCH 086/578] Fix ret code in aescrypt2.c

---
 programs/aes/aescrypt2.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 4acf38dd7..31daf1e2c 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #include "mbedtls/aes.h"
 #include "mbedtls/md.h"
@@ -71,7 +74,8 @@ int main( void )
 #else
 int main( int argc, char *argv[] )
 {
-    int ret = 1;
+    int ret = 0;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
 
     unsigned int i, n;
     int mode, lastn;
@@ -429,7 +433,7 @@ int main( int argc, char *argv[] )
         }
     }
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
     if( fin )
@@ -452,6 +456,6 @@ exit:
     mbedtls_aes_free( &aes_ctx );
     mbedtls_md_free( &sha_ctx );
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */

From 4c47df6f3f17eefe50cf2eeca437f3a35eb1075b Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 19:11:26 +0100
Subject: [PATCH 087/578] Fix ret code in crypt_and_hash.c

---
 programs/aes/crypt_and_hash.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 0e272ebe4..9e234e672 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -30,9 +30,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
  defined(MBEDTLS_FS_IO)
@@ -74,6 +77,7 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     int ret = 1, i, n;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     int mode;
     size_t keylen, ilen, olen;
     FILE *fkey, *fin = NULL, *fout = NULL;
@@ -526,7 +530,7 @@ int main( int argc, char *argv[] )
         }
     }
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
     if( fin )
@@ -549,6 +553,6 @@ exit:
     mbedtls_cipher_free( &cipher_ctx );
     mbedtls_md_free( &md_ctx );
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */

From 898841dc71ecc0be0066041b5cfb45bf90dc8922 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 19:23:39 +0100
Subject: [PATCH 088/578] Fix ret code in dh_client.c

---
 programs/pkey/dh_client.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 0978408c1..68f0df58e 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#define mbedtls_time_t     time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define mbedtls_time_t          time_t
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -71,7 +74,8 @@ int main( void )
 {
     FILE *f;
 
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t n, buflen;
     mbedtls_net_context server_fd;
 
@@ -115,7 +119,6 @@ int main( void )
 
     if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not open rsa_pub.txt\n" \
                 "  ! Please run rsa_genkey first\n\n" );
         goto exit;
@@ -191,7 +194,6 @@ int main( void )
 
     if( dhm.len < 64 || dhm.len > 512 )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Invalid DHM modulus size\n\n" );
         goto exit;
     }
@@ -286,6 +288,8 @@ int main( void )
     buf[16] = '\0';
     mbedtls_printf( "\n  . Plaintext is \"%s\"\n\n", (char *) buf );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
     mbedtls_net_free( &server_fd );
@@ -301,7 +305,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
           MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&

From d6bfeff28984c54aa53f464bd9c7525cab1b5bae Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 19:34:09 +0100
Subject: [PATCH 089/578] Fix ret code in dh_genprime.c

---
 programs/pkey/dh_genprime.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 84a94a18b..7884ea668 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -30,9 +30,11 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define mbedtls_printf     printf
-#define mbedtls_time_t     time_t
-#endif
+#define mbedtls_printf          printf
+#define mbedtls_time_t          time_t
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||   \
     !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) ||     \
@@ -69,6 +71,7 @@ int main( void )
 int main( int argc, char **argv )
 {
     int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_mpi G, P, Q;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
@@ -86,7 +89,7 @@ int main( int argc, char **argv )
     {
     usage:
         mbedtls_printf( USAGE );
-        return( 1 );
+        return( exit_code );
     }
 
     for( i = 1; i < argc; i++ )
@@ -164,7 +167,6 @@ int main( int argc, char **argv )
 
     if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not create dh_prime.txt\n\n" );
         goto exit;
     }
@@ -180,6 +182,8 @@ int main( int argc, char **argv )
     mbedtls_printf( " ok\n\n" );
     fclose( fout );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
     mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
@@ -191,7 +195,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
           MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */

From 03a992c817ccba1ca2ed126f11fb2326f3647935 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 19:40:45 +0100
Subject: [PATCH 090/578] Fix ret code in dh_server.c

---
 programs/pkey/dh_server.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 430423154..d7765e332 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#define mbedtls_time_t     time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define mbedtls_time_t          time_t
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
@@ -71,7 +74,8 @@ int main( void )
 {
     FILE *f;
 
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t n, buflen;
     mbedtls_net_context listen_fd, client_fd;
 
@@ -121,7 +125,6 @@ int main( void )
 
     if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not open rsa_priv.txt\n" \
                 "  ! Please run rsa_genkey first\n\n" );
         goto exit;
@@ -164,7 +167,6 @@ int main( void )
 
     if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not open dh_prime.txt\n" \
                 "  ! Please run dh_genprime first\n\n" );
         goto exit;
@@ -304,6 +306,8 @@ int main( void )
 
     mbedtls_printf( "\n\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
@@ -323,7 +327,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
           MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&

From 2602a1fbc518d6558ca2c3aaadb2f2236cc0ad47 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 19:45:25 +0100
Subject: [PATCH 091/578] Fix ret code in ecdsa.c

---
 programs/pkey/ecdsa.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index b47406010..8455bb52b 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_ECDSA_C) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
@@ -98,7 +101,8 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
 
 int main( int argc, char *argv[] )
 {
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_ecdsa_context ctx_sign, ctx_verify;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
@@ -115,7 +119,6 @@ int main( int argc, char *argv[] )
 
     memset( sig, 0, sizeof( sig ) );
     memset( message, 0x25, sizeof( message ) );
-    ret = 1;
 
     if( argc != 1 )
     {
@@ -213,8 +216,6 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    ret = 0;
-
     /*
      * Verify signature
      */
@@ -231,6 +232,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( " ok\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
 #if defined(_WIN32)
@@ -243,7 +246,7 @@ exit:
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
           ECPARAMS */

From 208c217dfaefb1d85a6cb1684df40eb9d78a3178 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 19:51:56 +0100
Subject: [PATCH 092/578] Fix ret code in gen_key.c

---
 programs/pkey/gen_key.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index a7f5c90a6..9a98fda56 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
@@ -186,7 +189,8 @@ static int write_private_key( mbedtls_pk_context *key, const char *output_file )
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_pk_context key;
     char buf[1024];
     int i;
@@ -214,7 +218,6 @@ int main( int argc, char *argv[] )
     if( argc == 0 )
     {
     usage:
-        ret = 1;
         mbedtls_printf( USAGE );
 #if defined(MBEDTLS_ECP_C)
         mbedtls_printf( " available ec_curve values:\n" );
@@ -222,7 +225,7 @@ int main( int argc, char *argv[] )
         mbedtls_printf( "    %s (default)\n", curve_info->name );
         while( ( ++curve_info )->name != NULL )
             mbedtls_printf( "    %s\n", curve_info->name );
-#endif
+#endif /* MBEDTLS_ECP_C */
         goto exit;
     }
 
@@ -411,9 +414,11 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( " ok\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
-    if( ret != 0 && ret != 1)
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
 #ifdef MBEDTLS_ERROR_C
         mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -436,7 +441,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
         * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

From 0faf1a5c0118217383adf58e5be049b908ad0524 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:02:18 +0100
Subject: [PATCH 093/578] Fix ret code in key_app.c

---
 programs/pkey/key_app.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index f1b548d05..56930781f 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BIGNUM_C) && \
     defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
@@ -83,7 +86,8 @@ struct options
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     char buf[1024];
     int i;
     char *p, *q;
@@ -283,10 +287,12 @@ int main( int argc, char *argv[] )
     else
         goto usage;
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
 #if defined(MBEDTLS_ERROR_C)
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         mbedtls_strerror( ret, buf, sizeof(buf) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
@@ -303,6 +309,6 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */

From ed68488e28691fa1ae7448ad14ab5ef0d0c0ee34 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:07:30 +0100
Subject: [PATCH 094/578] Fix ret code in key_app_writer.c

---
 programs/pkey/key_app_writer.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 52b0f8e74..5c151e119 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO)
 #include "mbedtls/error.h"
@@ -189,7 +192,8 @@ static int write_private_key( mbedtls_pk_context *key, const char *output_file )
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     char buf[1024];
     int i;
     char *p, *q;
@@ -210,7 +214,6 @@ int main( int argc, char *argv[] )
     if( argc == 0 )
     {
     usage:
-        ret = 1;
         mbedtls_printf( USAGE );
         goto exit;
     }
@@ -403,9 +406,11 @@ int main( int argc, char *argv[] )
         write_private_key( &key, opt.output_file );
     }
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
-    if( ret != 0 && ret != 1)
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
 #ifdef MBEDTLS_ERROR_C
         mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -426,6 +431,6 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */

From 70e1ffdacd641a6ecc568f8694806bfabd041609 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:12:43 +0100
Subject: [PATCH 095/578] Fix ret code in rsa_genkey.c

---
 programs/pkey/rsa_genkey.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 939921761..1afec559b 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
@@ -61,7 +64,8 @@ int main( void )
 #else
 int main( void )
 {
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_rsa_context rsa;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
@@ -105,14 +109,12 @@ int main( void )
         ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) )      != 0 )
     {
         mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
-        ret = 1;
         goto exit;
     }
 
     if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
     {
         mbedtls_printf( " failed\n  ! could not open rsa_pub.txt for writing\n\n" );
-        ret = 1;
         goto exit;
     }
 
@@ -129,7 +131,6 @@ int main( void )
     if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
     {
         mbedtls_printf( " failed\n  ! could not open rsa_priv.txt for writing\n" );
-        ret = 1;
         goto exit;
     }
 
@@ -160,6 +161,8 @@ int main( void )
 */
     mbedtls_printf( " ok\n\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
     if( fpub  != NULL )
@@ -180,7 +183,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
           MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

From 1a66056c778b1a512755249cf01480924629bd3f Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:16:46 +0100
Subject: [PATCH 096/578] Fix ret code in rsa_sign.c

---
 programs/pkey/rsa_sign.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 89018cb76..c6c790519 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -29,10 +29,13 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#define mbedtls_snprintf   snprintf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define mbedtls_snprintf        snprintf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
     !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -55,7 +58,8 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t i;
     mbedtls_rsa_context rsa;
     unsigned char hash[32];
@@ -69,8 +73,6 @@ int main( int argc, char *argv[] )
     mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
     mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
 
-    ret = 1;
-
     if( argc != 2 )
     {
         mbedtls_printf( "usage: rsa_sign <filename>\n" );
@@ -87,7 +89,6 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not open rsa_priv.txt\n" \
                 "  ! Please run rsa_genkey first\n\n" );
         goto exit;
@@ -159,7 +160,6 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( filename, "wb+" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not create %s\n\n", argv[1] );
         goto exit;
     }
@@ -172,6 +172,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . Done (created \"%s\")\n\n", filename );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
     mbedtls_rsa_free( &rsa );
@@ -184,7 +186,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
           MBEDTLS_FS_IO */

From 3c41e564f8eeb5012df5877efbbbba2b68914a6f Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:23:38 +0100
Subject: [PATCH 097/578] Fix ret code in rsa_sign_pss.c

---
 programs/pkey/rsa_sign_pss.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 7b6f14dd8..3b58c297b 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_snprintf   snprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf        snprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
     !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||        \
@@ -61,6 +64,7 @@ int main( int argc, char *argv[] )
 {
     FILE *f;
     int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_pk_context pk;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
@@ -101,7 +105,6 @@ int main( int argc, char *argv[] )
 
     if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not read key from '%s'\n", argv[1] );
         mbedtls_printf( "  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
         goto exit;
@@ -109,7 +112,6 @@ int main( int argc, char *argv[] )
 
     if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Key is not an RSA key\n" );
         goto exit;
     }
@@ -145,7 +147,6 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( filename, "wb+" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not create %s\n\n", filename );
         goto exit;
     }
@@ -161,6 +162,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . Done (created \"%s\")\n\n", filename );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_pk_free( &pk );
     mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -171,7 +174,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
           MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&

From 0a860f63013152cf995370f594eff0da9131e033 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:27:09 +0100
Subject: [PATCH 098/578] Fix ret code in rsa_verify.c

---
 programs/pkey/rsa_verify.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 1f827aa07..5625abacf 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#define mbedtls_snprintf   snprintf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define mbedtls_snprintf        snprintf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
     !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -54,7 +57,8 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret, c;
+    int ret = 1, c;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t i;
     mbedtls_rsa_context rsa;
     unsigned char hash[32];
@@ -62,7 +66,6 @@ int main( int argc, char *argv[] )
     char filename[512];
 
     mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-    ret = 1;
 
     if( argc != 2 )
     {
@@ -100,7 +103,6 @@ int main( int argc, char *argv[] )
     /*
      * Extract the RSA signature from the text file
      */
-    ret = 1;
     mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
 
     if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -146,7 +148,7 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
 
@@ -157,7 +159,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
           MBEDTLS_FS_IO */

From a8332637d76078ed6ec0715222bb056c3dc49aa1 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:33:22 +0100
Subject: [PATCH 099/578] Fix ret code in rsa_verify_pss.c

---
 programs/pkey/rsa_verify_pss.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 31b720f36..d681e2c5e 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_snprintf   snprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf        snprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
     !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||        \
@@ -60,6 +63,7 @@ int main( int argc, char *argv[] )
 {
     FILE *f;
     int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t i;
     mbedtls_pk_context pk;
     unsigned char hash[32];
@@ -91,7 +95,6 @@ int main( int argc, char *argv[] )
 
     if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Key is not an RSA key\n" );
         goto exit;
     }
@@ -101,7 +104,6 @@ int main( int argc, char *argv[] )
     /*
      * Extract the RSA signature from the file
      */
-    ret = 1;
     mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
 
     if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -139,7 +141,7 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
     mbedtls_pk_free( &pk );
@@ -149,7 +151,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
           MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */

From 55a0d56b3337e6bb1a61ae4a4affd78218ee7697 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:40:36 +0100
Subject: [PATCH 100/578] Fix ret code in gen_entropy.c

---
 programs/random/gen_entropy.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index 792d3818a..bca36e0ac 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO)
 #include "mbedtls/entropy.h"
@@ -49,20 +52,21 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int i, k, ret;
+    int i, k, ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_entropy_context entropy;
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
     if( argc < 2 )
     {
         mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
-        return( 1 );
+        return( exit_code );
     }
 
     if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
     {
         mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
-        return( 1 );
+        return( exit_code );
     }
 
     mbedtls_entropy_init( &entropy );
@@ -72,7 +76,8 @@ int main( int argc, char *argv[] )
         ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
         if( ret != 0 )
         {
-            mbedtls_printf("failed!\n");
+            mbedtls_printf( "  failed\n  !  mbedtls_entropy_func returned -%04X\n",
+                            ret );
             goto cleanup;
         }
 
@@ -83,7 +88,7 @@ int main( int argc, char *argv[] )
         fflush( stdout );
     }
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 cleanup:
     mbedtls_printf( "\n" );
@@ -91,6 +96,6 @@ cleanup:
     fclose( f );
     mbedtls_entropy_free( &entropy );
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_ENTROPY_C */

From 73d4a5f1312f63626b02df2687ca8545b3df2efc Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:46:55 +0100
Subject: [PATCH 101/578] Fix ret code in gen_random_ctr_drbg.c

---
 programs/random/gen_random_ctr_drbg.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index c76f99d09..76d4092de 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
  defined(MBEDTLS_FS_IO)
@@ -52,7 +55,8 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int i, k, ret;
+    int i, k, ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_ctr_drbg_context ctr_drbg;
     mbedtls_entropy_context entropy;
     unsigned char buf[1024];
@@ -62,13 +66,13 @@ int main( int argc, char *argv[] )
     if( argc < 2 )
     {
         mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
-        return( 1 );
+        return( exit_code );
     }
 
     if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
     {
         mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
-        return( 1 );
+        return( exit_code );
     }
 
     mbedtls_entropy_init( &entropy );
@@ -116,7 +120,7 @@ int main( int argc, char *argv[] )
         fflush( stdout );
     }
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 cleanup:
     mbedtls_printf("\n");
@@ -125,6 +129,6 @@ cleanup:
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */

From 5517202541e32f919d7689b02ad90ea5e988cb30 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:53:53 +0100
Subject: [PATCH 102/578] Fix ret code in ssl_client1.c

---
 programs/ssl/ssl_client1.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 01cee1354..0e49c49aa 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -30,11 +30,13 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define mbedtls_time       time
-#define mbedtls_time_t     time_t
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#define mbedtls_time            time
+#define mbedtls_time_t          time_t
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -80,7 +82,8 @@ static void my_debug( void *ctx, int level,
 
 int main( void )
 {
-    int ret, len;
+    int ret = 1, len;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context server_fd;
     uint32_t flags;
     unsigned char buf[1024];
@@ -281,10 +284,12 @@ int main( void )
 
     mbedtls_ssl_close_notify( &ssl );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
 #ifdef MBEDTLS_ERROR_C
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         char error_buf[100];
         mbedtls_strerror( ret, error_buf, 100 );
@@ -305,7 +310,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&

From 4be53b5519b20b9cc55e01f991eb855bd2103257 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 20:57:21 +0100
Subject: [PATCH 103/578] Fix ret code in ssl_fork_server.c

---
 programs/ssl/ssl_fork_server.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 7624896a3..29a297c40 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -29,10 +29,13 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#define mbedtls_time_t     time_t
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define mbedtls_time_t          time_t
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_CERTS_C) ||    \
     !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
@@ -95,7 +98,8 @@ static void my_debug( void *ctx, int level,
 
 int main( void )
 {
-    int ret, len, cnt = 0, pid;
+    int ret = 1, len, cnt = 0, pid;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context listen_fd, client_fd;
     unsigned char buf[1024];
     const char *pers = "ssl_fork_server";
@@ -392,6 +396,8 @@ int main( void )
         goto exit;
     }
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_net_free( &client_fd );
     mbedtls_net_free( &listen_fd );
@@ -408,7 +414,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C &&
           MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&

From 67a42acfb8e0148ebfd468af010504a47309a699 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 21:04:29 +0100
Subject: [PATCH 104/578] Fix ret code in ssl_mail_client.c

---
 programs/ssl/ssl_mail_client.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 04b847a69..a41486443 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -30,11 +30,13 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define mbedtls_time       time
-#define mbedtls_time_t     time_t
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#define mbedtls_time            time
+#define mbedtls_time_t          time_t
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
@@ -346,7 +348,8 @@ static int write_and_get_response( mbedtls_net_context *sock_fd, unsigned char *
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0, len;
+    int ret = 1, len;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context server_fd;
     unsigned char buf[1024];
 #if defined(MBEDTLS_BASE64_C)
@@ -499,8 +502,8 @@ int main( int argc, char *argv[] )
                               mbedtls_test_cas_pem_len );
 #else
     {
-        ret = 1;
         mbedtls_printf("MBEDTLS_CERTS_C and/or MBEDTLS_PEM_PARSE_C not defined.");
+        goto exit;
     }
 #endif
     if( ret < 0 )
@@ -529,8 +532,8 @@ int main( int argc, char *argv[] )
                               mbedtls_test_cli_crt_len );
 #else
     {
-        ret = -1;
         mbedtls_printf("MBEDTLS_CERTS_C not defined.");
+        goto exit;
     }
 #endif
     if( ret != 0 )
@@ -549,8 +552,8 @@ int main( int argc, char *argv[] )
                 mbedtls_test_cli_key_len, NULL, 0 );
 #else
     {
-        ret = -1;
         mbedtls_printf("MBEDTLS_CERTS_C or MBEDTLS_PEM_PARSE_C not defined.");
+        goto exit;
     }
 #endif
     if( ret != 0 )
@@ -819,6 +822,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_ssl_close_notify( &ssl );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
     mbedtls_net_free( &server_fd );
@@ -835,7 +840,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **

From aacd928f97116e7dd8f27e6a3ffa250f9eec1b79 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 21:36:13 +0100
Subject: [PATCH 105/578] Fix ret code in cert_req.c

---
 programs/x509/cert_req.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 30df2162a..8b47138a5 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_FS_IO) ||  \
     !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
@@ -133,7 +136,8 @@ int write_certificate_request( mbedtls_x509write_csr *req, const char *output_fi
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_pk_context key;
     char buf[1024];
     int i;
@@ -156,7 +160,6 @@ int main( int argc, char *argv[] )
     {
     usage:
         mbedtls_printf( USAGE );
-        ret = 1;
         goto exit;
     }
 
@@ -317,9 +320,11 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( " ok\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
-    if( ret != 0 && ret != 1)
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
 #ifdef MBEDTLS_ERROR_C
         mbedtls_strerror( ret, buf, sizeof( buf ) );
@@ -339,7 +344,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
           MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */

From f9a54d339f84cfb877a1e352e1c2456a2a7738cc Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 21:42:45 +0100
Subject: [PATCH 106/578] Fix ret code in cert_write.c

---
 programs/x509/cert_write.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 12baf720c..1cfe1cdcb 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
     !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
@@ -211,7 +214,8 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_x509_crt issuer_crt;
     mbedtls_pk_context loaded_issuer_key, loaded_subject_key;
     mbedtls_pk_context *issuer_key = &loaded_issuer_key,
@@ -248,7 +252,6 @@ int main( int argc, char *argv[] )
     {
     usage:
         mbedtls_printf( USAGE );
-        ret = 1;
         goto exit;
     }
 
@@ -611,7 +614,6 @@ int main( int argc, char *argv[] )
         {
             mbedtls_printf( " failed\n  !  issuer_key does not match "
                             "issuer certificate\n\n" );
-            ret = -1;
             goto exit;
         }
     }
@@ -784,6 +786,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( " ok\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_x509write_crt_free( &crt );
     mbedtls_pk_free( &loaded_subject_key );
@@ -797,7 +801,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
           MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&

From 898b208929c3575855dc414d0cfd44537f5a0439 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 21:47:51 +0100
Subject: [PATCH 107/578] Fix ret code in crl_app.c

---
 programs/x509/crl_app.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 210d19e96..687752fc6 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
     !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO)
@@ -67,7 +70,8 @@ struct options
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     unsigned char buf[100000];
     mbedtls_x509_crl crl;
     int i;
@@ -131,6 +135,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "%s\n", buf );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_x509_crl_free( &crl );
 
@@ -139,7 +145,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
           MBEDTLS_FS_IO */

From 57a0c9b62c96ca5dffedc820e286dc9326b02185 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 21:51:47 +0100
Subject: [PATCH 108/578] Fix ret code in req_app.c

---
 programs/x509/req_app.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 8410a5371..131cc293f 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
     !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO)
@@ -67,7 +70,8 @@ struct options
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     unsigned char buf[100000];
     mbedtls_x509_csr csr;
     int i;
@@ -131,6 +135,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "%s\n", buf );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_x509_csr_free( &csr );
 
@@ -139,7 +145,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
           MBEDTLS_FS_IO */

From 80081a68cdb90ad017236a0f58de1163dd32a134 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 21:58:53 +0100
Subject: [PATCH 109/578] Fix ret code in udp_proxy.c

---
 programs/test/udp_proxy.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 5797f3d69..cacd4f303 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -37,10 +37,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
-#define mbedtls_time       time
-#define mbedtls_time_t     time_t
-#define mbedtls_printf     printf
-#endif
+#define mbedtls_time            time
+#define mbedtls_time_t          time_t
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_NET_C)
 int main( void )
@@ -600,7 +602,8 @@ int handle_message( const char *way,
 
 int main( int argc, char *argv[] )
 {
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
 
     mbedtls_net_context listen_fd, client_fd, server_fd;
 
@@ -781,10 +784,12 @@ accept:
 
     }
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
 #ifdef MBEDTLS_ERROR_C
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         char error_buf[100];
         mbedtls_strerror( ret, error_buf, 100 );
@@ -802,7 +807,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret != 0 );
+    return( exit_code );
 }
 
 #endif /* MBEDTLS_NET_C */

From 357b0b283a81b7283116f1199da0e2bc459daad4 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:04:03 +0100
Subject: [PATCH 110/578] Fix ret code in ssl_cert_test.c

---
 programs/test/ssl_cert_test.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index 9cfcd2d55..7e5ed384b 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_snprintf   snprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf        snprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
     defined(MBEDTLS_FS_IO) && defined(MBEDTLS_X509_CRL_PARSE_C)
@@ -80,7 +83,8 @@ const char *client_private_keys[MAX_CLIENT_CERTS] =
 
 int main( void )
 {
-    int ret, i;
+    int ret = 1, i;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_x509_crt cacert;
     mbedtls_x509_crl crl;
     char buf[10240];
@@ -210,7 +214,6 @@ int main( void )
         if( ! mbedtls_pk_can_do( &clicert.pk, MBEDTLS_PK_RSA ) )
         {
             mbedtls_printf( " failed\n  !  certificate's key is not RSA\n\n" );
-            ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
             goto exit;
         }
 
@@ -241,6 +244,8 @@ int main( void )
         mbedtls_pk_free( &pk );
     }
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_x509_crt_free( &cacert );
     mbedtls_x509_crl_free( &crl );
@@ -250,7 +255,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_RSA_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO &&
           MBEDTLS_X509_CRL_PARSE_C */

From 78dabe07bf57af3b1210da15addfbd22e7fbad01 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:08:41 +0100
Subject: [PATCH 111/578] Fix ret code in pem2der.c

---
 programs/util/pem2der.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index ad2c6ac13..fda5f5781 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -29,10 +29,13 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_free       free
-#define mbedtls_calloc    calloc
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_free            free
+#define mbedtls_calloc          calloc
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO)
 #include "mbedtls/error.h"
@@ -178,7 +181,8 @@ static int write_file( const char *path, unsigned char *buf, size_t n )
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     unsigned char *pem_buffer = NULL;
     unsigned char der_buffer[4096];
     char buf[1024];
@@ -273,6 +277,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( " ok\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     free( pem_buffer );
 
@@ -281,6 +287,6 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */

From d905db65b7264ac12521b588390f4a15becfaf6d Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:12:21 +0100
Subject: [PATCH 112/578] Fix ret code in mpi_demo.c

---
 programs/pkey/mpi_demo.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index afe8957e7..5b40c5185 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
 #include "mbedtls/bignum.h"
@@ -47,7 +50,8 @@ int main( void )
 #else
 int main( void )
 {
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
 
     mbedtls_mpi_init( &E ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &N );
@@ -88,15 +92,16 @@ int main( void )
     MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "  Z (decrypted)  = Y^D mod N = ", &Z, 10, NULL ) );
     mbedtls_printf( "\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 cleanup:
     mbedtls_mpi_free( &E ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N );
     mbedtls_mpi_free( &H ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
     mbedtls_mpi_free( &Z );
 
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         mbedtls_printf( "\nAn error occurred.\n" );
-        ret = 1;
     }
 
 #if defined(_WIN32)
@@ -104,6 +109,6 @@ cleanup:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */

From f47c9c11d1026d79d502e46d302157814fb03e53 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:16:23 +0100
Subject: [PATCH 113/578] Fix ret code in ecdh_curve25519.c

---
 programs/pkey/ecdh_curve25519.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index e7ead9a93..1f52126af 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_ECDH_C) || \
     !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
@@ -51,7 +54,8 @@ int main( void )
 
 int main( int argc, char *argv[] )
 {
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_ecdh_context ctx_cli, ctx_srv;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
@@ -218,6 +222,7 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( " ok\n" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
 
@@ -231,7 +236,7 @@ exit:
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
 
-    return( ret != 0 );
+    return( exit_code );
 }
 #endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
           MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

From 52898179cf597f414e9791a8fb08ea920e90dea3 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:19:26 +0100
Subject: [PATCH 114/578] Fix ret code in pk_encrypt.c

---
 programs/pkey/pk_encrypt.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 7ca9d5ad9..b4b7107dd 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
@@ -59,7 +62,8 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t i, olen = 0;
     mbedtls_pk_context pk;
     mbedtls_entropy_context entropy;
@@ -68,7 +72,6 @@ int main( int argc, char *argv[] )
     unsigned char buf[512];
     const char *pers = "mbedtls_pk_encrypt";
 
-    ret = 1;
     mbedtls_ctr_drbg_init( &ctr_drbg );
 
     if( argc != 3 )
@@ -132,7 +135,6 @@ int main( int argc, char *argv[] )
      */
     if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not create %s\n\n", "result-enc.txt" );
         goto exit;
     }
@@ -145,12 +147,14 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . Done (created \"%s\")\n\n", "result-enc.txt" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
 
 #if defined(MBEDTLS_ERROR_C)
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
@@ -162,7 +166,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
           MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

From 0a7522c1270cb0a4a6e91fd2a72993e595560272 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:23:22 +0100
Subject: [PATCH 115/578] Fix ret code in pk_encrypt.c

---
 programs/pkey/pk_decrypt.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 32fbc7545..b60f6caee 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -59,7 +59,8 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int ret, c;
+    int ret = 1, c;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t i, olen = 0;
     mbedtls_pk_context pk;
     mbedtls_entropy_context entropy;
@@ -71,7 +72,6 @@ int main( int argc, char *argv[] )
 
     mbedtls_ctr_drbg_init( &ctr_drbg );
     memset(result, 0, sizeof( result ) );
-    ret = 1;
 
     if( argc != 2 )
     {
@@ -110,8 +110,6 @@ int main( int argc, char *argv[] )
     /*
      * Extract the RSA encrypted value from the text file
      */
-    ret = 1;
-
     if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
     {
         mbedtls_printf( "\n  ! Could not open %s\n\n", "result-enc.txt" );
@@ -143,14 +141,14 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
 
 #if defined(MBEDTLS_ERROR_C)
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
@@ -162,7 +160,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
           MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

From 82b2726b4c99d1d6aab7c878bdd8c5c41aef3186 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:26:25 +0100
Subject: [PATCH 116/578] Fix ret code in pk_sign.c

---
 programs/pkey/pk_sign.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 55df95e49..240be6b92 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -30,9 +30,11 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define mbedtls_snprintf   snprintf
-#define mbedtls_printf     printf
-#endif
+#define mbedtls_snprintf        snprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
     !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
@@ -61,6 +63,7 @@ int main( int argc, char *argv[] )
 {
     FILE *f;
     int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_pk_context pk;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
@@ -134,14 +137,12 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( filename, "wb+" ) ) == NULL )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Could not create %s\n\n", filename );
         goto exit;
     }
 
     if( fwrite( buf, 1, olen, f ) != olen )
     {
-        ret = 1;
         mbedtls_printf( "failed\n  ! fwrite failed\n\n" );
         fclose( f );
         goto exit;
@@ -151,13 +152,15 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . Done (created \"%s\")\n\n", filename );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_pk_free( &pk );
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
 
 #if defined(MBEDTLS_ERROR_C)
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
@@ -169,7 +172,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret ? EXIT_FAILURE : EXIT_SUCCESS );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
           MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&

From 9f3379d3cac97e811977eed0d986cf686d68e7c7 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:30:05 +0100
Subject: [PATCH 117/578] Fix ret code in pk_verify.c

---
 programs/pkey/pk_verify.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index d35d17f69..24fcd3761 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_snprintf   snprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_snprintf        snprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
     !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) ||   \
@@ -56,6 +59,7 @@ int main( int argc, char *argv[] )
 {
     FILE *f;
     int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t i;
     mbedtls_pk_context pk;
     unsigned char hash[32];
@@ -87,7 +91,6 @@ int main( int argc, char *argv[] )
     /*
      * Extract the signature from the file
      */
-    ret = 1;
     mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
 
     if( ( f = fopen( filename, "rb" ) ) == NULL )
@@ -125,13 +128,13 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
 
-    ret = 0;
+    exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
     mbedtls_pk_free( &pk );
 
 #if defined(MBEDTLS_ERROR_C)
-    if( ret != 0 )
+    if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
         mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
@@ -143,7 +146,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
           MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */

From dabd78fdc36f109b2c11f60d3d02f02338286a99 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Sun, 29 Apr 2018 22:35:36 +0100
Subject: [PATCH 118/578] Fix ret code in generic_sum.c

---
 programs/hash/generic_sum.c | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index d1e81d491..3fb215b22 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
 #include "mbedtls/md.h"
@@ -169,7 +172,8 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename )
 
 int main( int argc, char *argv[] )
 {
-    int ret, i;
+    int ret = 1, i;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
 
@@ -196,7 +200,7 @@ int main( int argc, char *argv[] )
         fflush( stdout ); getchar();
 #endif
 
-        return( 1 );
+        return( exit_code );
     }
 
     /*
@@ -206,12 +210,12 @@ int main( int argc, char *argv[] )
     if( md_info == NULL )
     {
         mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
-        return( 1 );
+        return( exit_code );
     }
     if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
     {
         mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
-        return( 1 );
+        return( exit_code );
     }
 
     ret = 0;
@@ -224,9 +228,12 @@ int main( int argc, char *argv[] )
     for( i = 2; i < argc; i++ )
         ret |= generic_print( md_info, argv[i] );
 
+    if ( ret == 0 )
+        exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_md_free( &md_ctx );
 
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */

From 7a9d01ceede3805f45b0aa6041ebaaa88ef022eb Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Mon, 30 Apr 2018 20:05:57 +0100
Subject: [PATCH 119/578] Fix ret code in cert_app.c

---
 programs/x509/cert_app.c | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index c893ca8de..7ad4e86ff 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -145,7 +145,8 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl
 
 int main( int argc, char *argv[] )
 {
-    int ret = 0;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context server_fd;
     unsigned char buf[1024];
     mbedtls_entropy_context entropy;
@@ -180,7 +181,6 @@ int main( int argc, char *argv[] )
     {
     usage:
         mbedtls_printf( USAGE );
-        ret = 2;
         goto exit;
     }
 
@@ -252,19 +252,23 @@ int main( int argc, char *argv[] )
 
     if( strlen( opt.ca_path ) )
     {
-        ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
+        if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 )
+        {
+            mbedtls_printf( " failed\n  !  mbedtls_x509_crt_parse_path returned -0x%x\n\n", -ret );
+            goto exit;
+        }
+
         verify = 1;
     }
     else if( strlen( opt.ca_file ) )
     {
-        ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
-        verify = 1;
-    }
+        if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 )
+        {
+            mbedtls_printf( " failed\n  !  mbedtls_x509_crt_parse_file returned -0x%x\n\n", -ret );
+            goto exit;
+        }
 
-    if( ret < 0 )
-    {
-        mbedtls_printf( " failed\n  !  mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
-        goto exit;
+        verify = 1;
     }
 
     mbedtls_printf( " ok (%d skipped)\n", ret );
@@ -332,8 +336,6 @@ int main( int argc, char *argv[] )
             cur = cur->next;
         }
 
-        ret = 0;
-
         /*
          * 1.3 Verify the certificate
          */
@@ -470,6 +472,8 @@ ssl_exit:
     else
         goto usage;
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
 
     mbedtls_net_free( &server_fd );
@@ -485,10 +489,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    if( ret < 0 )
-        ret = 1;
-
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
           MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&

From 7fe4edf8c0ea6ae98ec652d73e39c68432a545a7 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Mon, 30 Apr 2018 22:07:15 +0100
Subject: [PATCH 120/578] Fix ret code in rsa_decrypt.c

---
 programs/pkey/rsa_decrypt.c | 61 ++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 32 deletions(-)

diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 2da3fbf11..0a252d2ad 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -30,11 +30,11 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define mbedtls_printf     printf
-#define mbedtls_exit       exit
+#define mbedtls_printf       printf
+#define mbedtls_exit         exit
 #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
     defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
@@ -61,7 +61,9 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int return_val, exit_val, c;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
+    int c;
     size_t i;
     mbedtls_rsa_context rsa;
     mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
@@ -73,7 +75,6 @@ int main( int argc, char *argv[] )
     ((void) argv);
 
     memset(result, 0, sizeof( result ) );
-    exit_val = MBEDTLS_EXIT_SUCCESS;
 
     if( argc != 1 )
     {
@@ -83,7 +84,7 @@ int main( int argc, char *argv[] )
         mbedtls_printf( "\n" );
 #endif
 
-        mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+        mbedtls_exit( exit_code );
     }
 
     mbedtls_printf( "\n  . Seeding the random number generator..." );
@@ -96,14 +97,13 @@ int main( int argc, char *argv[] )
     mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
     mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
 
-    return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+    ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
                                         &entropy, (const unsigned char *) pers,
                                         strlen( pers ) );
-    if( return_val != 0 )
+    if( ret != 0 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
-                        return_val );
+                        ret );
         goto exit;
     }
 
@@ -112,40 +112,38 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! Could not open rsa_priv.txt\n" \
                 "  ! Please run rsa_genkey first\n\n" );
         goto exit;
     }
 
-    if( ( return_val = mbedtls_mpi_read_file( &N , 16, f ) )  != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &E , 16, f ) )  != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &D , 16, f ) )  != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &P , 16, f ) )  != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &Q , 16, f ) )  != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
+    if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) )  != 0 ||
+        ( ret = mbedtls_mpi_read_file( &E , 16, f ) )  != 0 ||
+        ( ret = mbedtls_mpi_read_file( &D , 16, f ) )  != 0 ||
+        ( ret = mbedtls_mpi_read_file( &P , 16, f ) )  != 0 ||
+        ( ret = mbedtls_mpi_read_file( &Q , 16, f ) )  != 0 ||
+        ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
+        ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
+        ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
-                        return_val );
+                        ret );
         fclose( f );
         goto exit;
     }
     fclose( f );
 
-    if( ( return_val = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
+    if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_rsa_import returned %d\n\n",
-                        return_val );
+                        ret );
         goto exit;
     }
 
-    if( ( return_val = mbedtls_rsa_complete( &rsa ) ) != 0 )
+    if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_rsa_complete returned %d\n\n",
-                        return_val );
+                        ret );
         goto exit;
     }
 
@@ -154,7 +152,6 @@ int main( int argc, char *argv[] )
      */
     if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( "\n  ! Could not open %s\n\n", "result-enc.txt" );
         goto exit;
     }
@@ -169,7 +166,6 @@ int main( int argc, char *argv[] )
 
     if( i != rsa.len )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( "\n  ! Invalid RSA signature format\n\n" );
         goto exit;
     }
@@ -180,14 +176,13 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Decrypting the encrypted data" );
     fflush( stdout );
 
-    return_val = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
+    ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
                                             &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i,
                                             buf, result, 1024 );
-    if( return_val != 0 )
+    if( ret != 0 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
-                        return_val );
+                        ret );
         goto exit;
     }
 
@@ -195,6 +190,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_ctr_drbg_free( &ctr_drbg );
     mbedtls_entropy_free( &entropy );
@@ -208,6 +205,6 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( exit_val );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */

From 25b5af58b4651f448d16b26109f82029ae248a39 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Mon, 30 Apr 2018 22:08:36 +0100
Subject: [PATCH 121/578] Fix ret code in rsa_encrypt.c

---
 programs/pkey/rsa_encrypt.c | 61 ++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 34 deletions(-)

diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index 81c27d888..411657a07 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -30,12 +30,12 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#define mbedtls_exit       exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
-#endif
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define mbedtls_exit            exit
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
@@ -61,7 +61,8 @@ int main( void )
 int main( int argc, char *argv[] )
 {
     FILE *f;
-    int return_val, exit_val;
+    int ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     size_t i;
     mbedtls_rsa_context rsa;
     mbedtls_entropy_context entropy;
@@ -71,8 +72,6 @@ int main( int argc, char *argv[] )
     const char *pers = "rsa_encrypt";
     mbedtls_mpi N, E;
 
-    exit_val = MBEDTLS_EXIT_SUCCESS;
-
     if( argc != 2 )
     {
         mbedtls_printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
@@ -81,7 +80,7 @@ int main( int argc, char *argv[] )
         mbedtls_printf( "\n" );
 #endif
 
-        mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+        mbedtls_exit( exit_code );
     }
 
     mbedtls_printf( "\n  . Seeding the random number generator..." );
@@ -92,14 +91,13 @@ int main( int argc, char *argv[] )
     mbedtls_ctr_drbg_init( &ctr_drbg );
     mbedtls_entropy_init( &entropy );
 
-    return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
-                                        &entropy, (const unsigned char *) pers,
-                                        strlen( pers ) );
-    if( return_val != 0 )
+    ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+                                 &entropy, (const unsigned char *) pers,
+                                 strlen( pers ) );
+    if( ret != 0 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
-                        return_val );
+                        ret );
         goto exit;
     }
 
@@ -108,35 +106,30 @@ int main( int argc, char *argv[] )
 
     if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! Could not open rsa_pub.txt\n" \
                 "  ! Please run rsa_genkey first\n\n" );
         goto exit;
     }
 
-    if( ( return_val = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
-        ( return_val = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
+    if( ( ret = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
+        ( ret = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
-                        return_val );
+                        ret );
         fclose( f );
         goto exit;
     }
     fclose( f );
 
-    if( ( return_val = mbedtls_rsa_import( &rsa, &N, NULL,
-                                           NULL, NULL, &E ) ) != 0 )
+    if( ( ret = mbedtls_rsa_import( &rsa, &N, NULL, NULL, NULL, &E ) ) != 0 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! mbedtls_rsa_import returned %d\n\n",
-                        return_val );
+                        ret );
         goto exit;
     }
 
     if( strlen( argv[1] ) > 100 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " Input data larger than 100 characters.\n\n" );
         goto exit;
     }
@@ -149,14 +142,13 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Generating the RSA encrypted value" );
     fflush( stdout );
 
-    return_val = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
-                                            &ctr_drbg, MBEDTLS_RSA_PUBLIC,
-                                            strlen( argv[1] ), input, buf );
-    if( return_val != 0 )
+    ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
+                                     &ctr_drbg, MBEDTLS_RSA_PUBLIC,
+                                     strlen( argv[1] ), input, buf );
+    if( ret != 0 )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
-                        return_val );
+                        ret );
         goto exit;
     }
 
@@ -165,7 +157,6 @@ int main( int argc, char *argv[] )
      */
     if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
     {
-        exit_val = MBEDTLS_EXIT_FAILURE;
         mbedtls_printf( " failed\n  ! Could not create %s\n\n", "result-enc.txt" );
         goto exit;
     }
@@ -178,6 +169,8 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf( "\n  . Done (created \"%s\")\n\n", "result-enc.txt" );
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
     mbedtls_ctr_drbg_free( &ctr_drbg );
@@ -189,7 +182,7 @@ exit:
     fflush( stdout ); getchar();
 #endif
 
-    return( exit_val );
+    return( exit_code );
 }
 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
           MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

From 28abd8e98cab6b4e6f23b7818076f468ba12b28d Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Mon, 30 Apr 2018 22:09:18 +0100
Subject: [PATCH 122/578] Fix ret code in gen_random_havege.c

---
 programs/random/gen_random_havege.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/programs/random/gen_random_havege.c b/programs/random/gen_random_havege.c
index 6c3146265..3fb3f0196 100644
--- a/programs/random/gen_random_havege.c
+++ b/programs/random/gen_random_havege.c
@@ -29,9 +29,12 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_HAVEGE_C) && defined(MBEDTLS_FS_IO)
 #include "mbedtls/havege.h"
@@ -51,20 +54,21 @@ int main( int argc, char *argv[] )
 {
     FILE *f;
     time_t t;
-    int i, k, ret = 0;
+    int i, k, ret = 1;
+    int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_havege_state hs;
     unsigned char buf[1024];
 
     if( argc < 2 )
     {
         mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
-        return( 1 );
+        return( exit_code );
     }
 
     if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
     {
         mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
-        return( 1 );
+        return( exit_code );
     }
 
     mbedtls_havege_init( &hs );
@@ -73,11 +77,10 @@ int main( int argc, char *argv[] )
 
     for( i = 0, k = 768; i < k; i++ )
     {
-        if( mbedtls_havege_random( &hs, buf, sizeof( buf ) ) != 0 )
+        if( ( ret = mbedtls_havege_random( &hs, buf, sizeof( buf ) ) ) != 0 )
         {
-            mbedtls_printf( "Failed to get random from source.\n" );
-
-            ret = 1;
+            mbedtls_printf( " failed\n  !  mbedtls_havege_random returned -0x%04X",
+                            -ret );
             goto exit;
         }
 
@@ -93,9 +96,11 @@ int main( int argc, char *argv[] )
 
     mbedtls_printf(" \n ");
 
+    exit_code = MBEDTLS_EXIT_SUCCESS;
+
 exit:
     mbedtls_havege_free( &hs );
     fclose( f );
-    return( ret );
+    return( exit_code );
 }
 #endif /* MBEDTLS_HAVEGE_C */

From 7d42965ea8d25f17f38436927bc3aad62cb68596 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Mon, 30 Apr 2018 22:42:33 +0100
Subject: [PATCH 123/578] Fix typo in platform macro defines for examples

---
 programs/aes/aescrypt2.c              | 2 +-
 programs/aes/crypt_and_hash.c         | 2 +-
 programs/hash/generic_sum.c           | 2 +-
 programs/pkey/dh_client.c             | 2 +-
 programs/pkey/dh_genprime.c           | 2 +-
 programs/pkey/dh_server.c             | 2 +-
 programs/pkey/ecdh_curve25519.c       | 2 +-
 programs/pkey/ecdsa.c                 | 2 +-
 programs/pkey/gen_key.c               | 2 +-
 programs/pkey/key_app.c               | 2 +-
 programs/pkey/key_app_writer.c        | 2 +-
 programs/pkey/mpi_demo.c              | 2 +-
 programs/pkey/pk_encrypt.c            | 2 +-
 programs/pkey/pk_sign.c               | 2 +-
 programs/pkey/pk_verify.c             | 2 +-
 programs/pkey/rsa_genkey.c            | 2 +-
 programs/pkey/rsa_sign.c              | 2 +-
 programs/pkey/rsa_sign_pss.c          | 2 +-
 programs/pkey/rsa_verify.c            | 2 +-
 programs/pkey/rsa_verify_pss.c        | 2 +-
 programs/random/gen_entropy.c         | 2 +-
 programs/random/gen_random_ctr_drbg.c | 2 +-
 programs/ssl/ssl_client1.c            | 2 +-
 programs/ssl/ssl_fork_server.c        | 2 +-
 programs/ssl/ssl_mail_client.c        | 2 +-
 programs/test/ssl_cert_test.c         | 2 +-
 programs/test/udp_proxy.c             | 2 +-
 programs/util/pem2der.c               | 2 +-
 programs/x509/cert_req.c              | 2 +-
 programs/x509/cert_write.c            | 2 +-
 programs/x509/crl_app.c               | 2 +-
 programs/x509/req_app.c               | 2 +-
 32 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 31daf1e2c..c727f936e 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 9e234e672..99d30c9a9 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -33,7 +33,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index 3fb215b22..bbe8d92a2 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 68f0df58e..7ec47acab 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_printf          printf
 #define mbedtls_time_t          time_t
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 7884ea668..dbe915338 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_printf          printf
 #define mbedtls_time_t          time_t
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index d7765e332..c4e2c391e 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_printf          printf
 #define mbedtls_time_t          time_t
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 1f52126af..5db04088f 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 8455bb52b..c653df9e4 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 9a98fda56..f01bf5fcd 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 56930781f..7a4cb3976 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 5c151e119..bd9eaf6ac 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
index 5b40c5185..365bdc480 100644
--- a/programs/pkey/mpi_demo.c
+++ b/programs/pkey/mpi_demo.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index b4b7107dd..400619c5c 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 240be6b92..7ec46752a 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 24fcd3761..3c7709f9d 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
index 1afec559b..3359e1407 100644
--- a/programs/pkey/rsa_genkey.c
+++ b/programs/pkey/rsa_genkey.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index c6c790519..b16fe5d22 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -33,7 +33,7 @@
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
 #define mbedtls_snprintf        snprintf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 3b58c297b..b0b0f7ecf 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 5625abacf..6f88345f2 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_printf          printf
 #define mbedtls_snprintf        snprintf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index d681e2c5e..7c9c68f22 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
index bca36e0ac..a1eb3868a 100644
--- a/programs/random/gen_entropy.c
+++ b/programs/random/gen_entropy.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
index 76d4092de..5ade946a7 100644
--- a/programs/random/gen_random_ctr_drbg.c
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 0e49c49aa..bf7c0132a 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -34,7 +34,7 @@
 #define mbedtls_time_t          time_t
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 29a297c40..1c3a80600 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -33,7 +33,7 @@
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
 #define mbedtls_time_t          time_t
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index a41486443..04f891081 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -34,7 +34,7 @@
 #define mbedtls_time_t          time_t
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c
index 7e5ed384b..fd3526f7f 100644
--- a/programs/test/ssl_cert_test.c
+++ b/programs/test/ssl_cert_test.c
@@ -32,7 +32,7 @@
 #include <stdlib.h>
 #define mbedtls_snprintf        snprintf
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index cacd4f303..55e0f249c 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -40,7 +40,7 @@
 #define mbedtls_time            time
 #define mbedtls_time_t          time_t
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index fda5f5781..73a9fb5e0 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -33,7 +33,7 @@
 #define mbedtls_free            free
 #define mbedtls_calloc          calloc
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 8b47138a5..a32ac505f 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 1cfe1cdcb..09a91e077 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 687752fc6..f8316835f 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 131cc293f..0f20c85f5 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -31,7 +31,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_printf          printf
-#define MBEDTLS_EXTI_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 

From bce5f7882c056d68a9f0e14cfab3ade20ba7bf99 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Mon, 30 Apr 2018 22:43:11 +0100
Subject: [PATCH 124/578] Add missing platform macro defines in pk_decrypt.c

---
 programs/pkey/pk_decrypt.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index b60f6caee..00bd71ed3 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -29,8 +29,11 @@
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
-#define mbedtls_printf     printf
-#endif
+#include <stdlib.h>
+#define mbedtls_printf          printf
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
     defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \

From eb8bca65614b793585f87b9403954bf3b2d0b594 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Mon, 30 Apr 2018 22:43:29 +0100
Subject: [PATCH 125/578] Add missing platform macro defines in cert_app.c

---
 programs/x509/cert_app.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 7ad4e86ff..c57ecca03 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -30,11 +30,13 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define mbedtls_time       time
-#define mbedtls_time_t     time_t
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#endif
+#define mbedtls_time            time
+#define mbedtls_time_t          time_t
+#define mbedtls_fprintf         fprintf
+#define mbedtls_printf          printf
+#define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
 
 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
     !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \

From 6b9bcd62676feb1968a81db19c94bce624f3a1e6 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 1 May 2018 19:29:14 +0100
Subject: [PATCH 126/578] Remove redundant ret = 1 in dh_client.c

---
 programs/pkey/dh_client.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 7ec47acab..3dadf48e6 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -209,7 +209,6 @@ int main( void )
 
     if( ( n = (size_t) ( end - p ) ) != rsa.len )
     {
-        ret = 1;
         mbedtls_printf( " failed\n  ! Invalid RSA signature size\n\n" );
         goto exit;
     }

From c7bc9e122f7c9536277234fc484c224d686bb811 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 18 Jun 2018 10:30:30 +0200
Subject: [PATCH 127/578] Fix a few typos

---
 include/mbedtls/chacha20.h   | 2 +-
 include/mbedtls/chachapoly.h | 2 +-
 include/mbedtls/poly1305.h   | 8 ++++----
 library/chachapoly.c         | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index d7a0750c2..47bd7d38b 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -139,7 +139,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
  *                  \c mbedtls_chacha20_starts() must be called at least once
  *                  to setup the context before this function can be called.
  *
- * \note            This function can be called mutliple times in a row in
+ * \note            This function can be called multiple times in a row in
  *                  order to encrypt of decrypt data piecewise with the same
  *                  key and nonce.
  *
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 649749a01..42b2b230c 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -175,7 +175,7 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
  *                  The Additional Authenticated Data (AAD), also called
  *                  Associated Data (AD) is only authenticated but not
  *                  encrypted nor included in the encrypted output. It is
- *                  usually transmitted separately fro mthe ciphertext or
+ *                  usually transmitted separately from the ciphertext or
  *                  computed locally by each party.
  *
  * \note            This function is called before data is encrypted/decrypted.
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 5c69a813a..54b50abc2 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -1,7 +1,7 @@
 /**
  * \file poly1305.h
  *
- * \brief   This file containts Poly1305 definitions and functions.
+ * \brief   This file contains Poly1305 definitions and functions.
  *
  *          Poly1305 is a one-time message authenticator that can be used to
  *          authenticate messages. Poly1305-AES was created by Daniel
@@ -109,9 +109,9 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
  * \brief           This functions feeds an input buffer into an ongoing
  *                  Poly1305 computation.
  *
- *                  It is called between \c mbedtls_cipher_cmac_starts() and
- *                  \c mbedtls_cipher_cmac_finish().
- *                  Can be called repeatedly to process a stream of data.
+ *                  It is called between \c mbedtls_cipher_poly1305_starts() and
+ *                  \c mbedtls_cipher_poly1305_finish().
+ *                  It can be called repeatedly to process a stream of data.
  *
  * \param ctx       The Poly1305 context to use for the Poly1305 operation.
  * \param ilen      The length of the input data (in bytes). Any value is accepted.
diff --git a/library/chachapoly.c b/library/chachapoly.c
index 80c1ebf8f..860f87765 100644
--- a/library/chachapoly.c
+++ b/library/chachapoly.c
@@ -187,7 +187,7 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
     }
     else if( ctx->state != CHACHAPOLY_STATE_AAD )
     {
-        return(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
     ctx->aad_len += aad_len;

From d8213d00db781e93ce1e19e3e8f8b4308816bd9c Mon Sep 17 00:00:00 2001
From: Angus Gratton <gus@projectgus.com>
Date: Wed, 25 May 2016 20:56:48 +1000
Subject: [PATCH 128/578] Let MBEDTLS_SSL_MAX_CONTENT_LEN to be split into
 outward & inward sizes

For the situation where the mbedTLS device has limited RAM, but the
other end of the connection doesn't support the max_fragment_length
extension. To be spec-compliant, mbedTLS has to keep a 16384 byte
incoming buffer. However the outgoing buffer can be made smaller without
breaking spec compliance, and we save some RAM.

See comments in include/mbedtls/config.h for some more details.

(The lower limit of outgoing buffer size is the buffer size used during
handshake/cert negotiation. As the handshake is half-duplex it might
even be possible to store this data in the "incoming" buffer during the
handshake, which would save even more RAM - but it would also be a lot
hackier and error-prone. I didn't really explore this possibility, but
thought I'd mention it here in case someone sees this later on a mission
to jam mbedTLS into an even tinier RAM footprint.)
---
 include/mbedtls/compat-1.3.h   |   3 +-
 include/mbedtls/config.h       |  46 +++++++++++++-
 include/mbedtls/ssl.h          |  13 +++-
 include/mbedtls/ssl_internal.h |  63 +++++++++++++++----
 library/ssl_cli.c              |  36 +++++------
 library/ssl_srv.c              |  16 ++---
 library/ssl_tls.c              | 108 +++++++++++++++++++--------------
 7 files changed, 198 insertions(+), 87 deletions(-)

diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 600a0f154..213b69140 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -1378,7 +1378,8 @@
 #define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
 #define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
 #define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
-#define SSL_BUFFER_LEN MBEDTLS_SSL_BUFFER_LEN
+#define SSL_BUFFER_LEN ( ( ( MBEDTLS_SSL_IN_BUFFER_LEN ) < ( MBEDTLS_SSL_OUT_BUFFER_LEN ) ) \
+                         ? ( MBEDTLS_SSL_IN_BUFFER_LEN ) : ( MBEDTLS_SSL_OUT_BUFFER_LEN ) )
 #define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
 #define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
 #define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 307b90b1f..667177a55 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2896,7 +2896,51 @@
 //#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
 
 /* SSL options */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
+
+/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
+ *
+ * Maximum fragment length in bytes.
+ *
+ * Determines the size of both the incoming and outgoing TLS I/O buffers.
+ *
+ * Uncommenting MBEDTLS_SSL_IN_CONTENT_LEN and/or MBEDTLS_SSL_OUT_CONTENT_LEN
+ * will override this length by setting maximum incoming and/or outgoing
+ * fragment length, respectively.
+ */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384
+
+/** \def MBEDTLS_SSL_IN_CONTENT_LEN
+ *
+ * Maximum incoming fragment length in bytes.
+ *
+ * Uncomment to set the size of the inward TLS buffer independently of the
+ * outward buffer.
+ */
+//#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
+
+/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
+ *
+ * Maximum outgoing fragment length in bytes.
+ *
+ * Uncomment to set the size of the outward TLS buffer independently of the
+ * inward buffer.
+ *
+ * It is possible to save RAM by setting a smaller outward buffer, while keeping
+ * the default inward 16384 byte buffer to conform to the TLS specification.
+ *
+ * The minimum required outward buffer size is determined by the handshake
+ * protocol's usage. Handshaking will fail if the outward buffer is too small.
+ * The specific size requirement depends on the configured ciphers and any
+ * certificate data which is sent during the handshake.
+ *
+ * For absolute minimum RAM usage, it's best to enable
+ * MBEDTLS_SSL_MAX_FRAGMENT_LENGTH and reduce MBEDTLS_SSL_MAX_CONTENT_LEN. This
+ * reduces both incoming and outgoing buffer sizes. However this is only
+ * guaranteed if the other end of the connection also supports the TLS
+ * max_fragment_len extension. Otherwise the connection may fail.
+ */
+//#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
+
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 45135500f..886c14c36 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -220,7 +220,7 @@
 #endif
 
 /*
- * Maxium fragment length in bytes,
+ * Maximum fragment length in bytes,
  * determines the size of each of the two internal I/O buffers.
  *
  * Note: the RFC defines the default size of SSL / TLS messages. If you
@@ -234,6 +234,14 @@
 #define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
 #endif
 
+#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
+#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
+#endif
+
+#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
+#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
+#endif
+
 /* \} name SECTION: Module settings */
 
 /*
@@ -2418,7 +2426,8 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
  * \brief          Set the maximum fragment length to emit and/or negotiate
- *                 (Default: MBEDTLS_SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
+ *                 (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and
+ *                 MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes)
  *                 (Server: set maximum fragment length to emit,
  *                 usually negotiated by the client during handshake
  *                 (Client: set maximum fragment length to emit *and*
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index f48fe9042..d214703d7 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -143,32 +143,73 @@
 #define MBEDTLS_SSL_PADDING_ADD              0
 #endif
 
-#define MBEDTLS_SSL_PAYLOAD_LEN ( MBEDTLS_SSL_MAX_CONTENT_LEN    \
-                        + MBEDTLS_SSL_COMPRESSION_ADD            \
-                        + MBEDTLS_MAX_IV_LENGTH                  \
-                        + MBEDTLS_SSL_MAC_ADD                    \
-                        + MBEDTLS_SSL_PADDING_ADD                \
-                        )
+#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD +    \
+                                       MBEDTLS_MAX_IV_LENGTH +          \
+                                       MBEDTLS_SSL_MAC_ADD +            \
+                                       MBEDTLS_SSL_PADDING_ADD          \
+                                       )
+
+#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+                                     ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
+
+#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
+                                      ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
+
+/* Maximum length we can advertise as our max content length for
+   RFC 6066 max_fragment_length extension negotiation purposes
+   (the lesser of both sizes, if they are unequal.)
+ */
+#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN (                            \
+        (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN)   \
+        ? ( MBEDTLS_SSL_OUT_CONTENT_LEN )                            \
+        : ( MBEDTLS_SSL_IN_CONTENT_LEN )                             \
+        )
 
 /*
  * Check that we obey the standard's message size bounds
  */
 
 #if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
-#error Bad configuration - record content too large.
+#error "Bad configuration - record content too large."
 #endif
 
-#if MBEDTLS_SSL_PAYLOAD_LEN > 16384 + 2048
-#error Bad configuration - protected record payload too large.
+#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
+#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
 #endif
 
+#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
+#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
+#endif
+
+#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
+#error "Bad configuration - incoming protected record payload too large."
+#endif
+
+#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
+#error "Bad configuration - outgoing protected record payload too large."
+#endif
+
+/* Calculate buffer sizes */
+
 /* Note: Even though the TLS record header is only 5 bytes
    long, we're internally using 8 bytes to store the
    implicit sequence number. */
 #define MBEDTLS_SSL_HEADER_LEN 13
 
-#define MBEDTLS_SSL_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )
+#define MBEDTLS_SSL_IN_BUFFER_LEN  \
+    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
+
+#define MBEDTLS_SSL_OUT_BUFFER_LEN  \
+    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
+
+#ifdef MBEDTLS_ZLIB_SUPPORT
+/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
+#define MBEDTLS_SSL_COMPRESS_BUFFER_LEN (                               \
+        ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN )      \
+        ? MBEDTLS_SSL_IN_BUFFER_LEN                                     \
+        : MBEDTLS_SSL_OUT_BUFFER_LEN                                    \
+        )
+#endif
 
 /*
  * TLS extension flags (for extensions with outgoing ServerHello content
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e537f9d2e..09d8a0d7d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -57,7 +57,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
                                     size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     size_t hostname_len;
 
     *olen = 0;
@@ -127,7 +127,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
                                          size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
 
     *olen = 0;
 
@@ -171,7 +171,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
                                                 size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     size_t sig_alg_len = 0;
     const int *md;
 #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
@@ -256,7 +256,7 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
                                                      size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     unsigned char *elliptic_curve_list = p + 6;
     size_t elliptic_curve_len = 0;
     const mbedtls_ecp_curve_info *info;
@@ -329,7 +329,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
                                                    size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
 
     *olen = 0;
 
@@ -362,7 +362,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
 {
     int ret;
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     size_t kkpp_len;
 
     *olen = 0;
@@ -439,7 +439,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
                                                size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
 
     *olen = 0;
 
@@ -472,7 +472,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
                                           unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
 
     *olen = 0;
 
@@ -504,7 +504,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
                                        unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
 
     *olen = 0;
 
@@ -538,7 +538,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
                                        unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
 
     *olen = 0;
 
@@ -572,7 +572,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
                                           unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     size_t tlen = ssl->session_negotiate->ticket_len;
 
     *olen = 0;
@@ -616,7 +616,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
                                 unsigned char *buf, size_t *olen )
 {
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     size_t alpnlen = 0;
     const char **cur;
 
@@ -2117,7 +2117,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
     size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
     unsigned char *p = ssl->handshake->premaster + pms_offset;
 
-    if( offset + len_bytes > MBEDTLS_SSL_MAX_CONTENT_LEN )
+    if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
         return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
@@ -2160,7 +2160,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
     if( ( ret = mbedtls_pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
                             p, ssl->handshake->pmslen,
                             ssl->out_msg + offset + len_bytes, olen,
-                            MBEDTLS_SSL_MAX_CONTENT_LEN - offset - len_bytes,
+                            MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
                             ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
@@ -2926,7 +2926,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
         i = 4;
         n = ssl->conf->psk_identity_len;
 
-        if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
                                         "SSL buffer too short" ) );
@@ -2962,7 +2962,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
              */
             n = ssl->handshake->dhm_ctx.len;
 
-            if( i + 2 + n > MBEDTLS_SSL_MAX_CONTENT_LEN )
+            if( i + 2 + n > MBEDTLS_SSL_OUT_CONTENT_LEN )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
                                             " or SSL buffer too short" ) );
@@ -2991,7 +2991,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
              * ClientECDiffieHellmanPublic public;
              */
             ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, &n,
-                    &ssl->out_msg[i], MBEDTLS_SSL_MAX_CONTENT_LEN - i,
+                    &ssl->out_msg[i], MBEDTLS_SSL_OUT_CONTENT_LEN - i,
                     ssl->conf->f_rng, ssl->conf->p_rng );
             if( ret != 0 )
             {
@@ -3032,7 +3032,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
         i = 4;
 
         ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
-                ssl->out_msg + i, MBEDTLS_SSL_MAX_CONTENT_LEN - i, &n,
+                ssl->out_msg + i, MBEDTLS_SSL_OUT_CONTENT_LEN - i, &n,
                 ssl->conf->f_rng, ssl->conf->p_rng );
         if( ret != 0 )
         {
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index eb19f58c0..29678e3c0 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1303,7 +1303,7 @@ read_record_header:
     else
 #endif
     {
-        if( msg_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) );
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
@@ -2235,7 +2235,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
 {
     int ret;
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     size_t kkpp_len;
 
     *olen = 0;
@@ -2342,7 +2342,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
     cookie_len_byte = p++;
 
     if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
-                                     &p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
+                                     &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN,
                                      ssl->cli_id, ssl->cli_id_len ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "f_cookie_write", ret );
@@ -2638,7 +2638,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
     size_t dn_size, total_dn_size; /* excluding length bytes */
     size_t ct_len, sa_len; /* including length bytes */
     unsigned char *buf, *p;
-    const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
     const mbedtls_x509_crt *crt;
     int authmode;
 
@@ -2839,7 +2839,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
      * ssl_write_server_key_exchange also takes care of incrementing
      * ssl->out_msglen. */
     unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2;
-    size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN
+    size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN
                            - sig_start );
     int ret = ssl->conf->f_async_resume( ssl,
                                          sig_start, signature_len, sig_max_len );
@@ -2893,7 +2893,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
         ret = mbedtls_ecjpake_write_round_two(
             &ssl->handshake->ecjpake_ctx,
             ssl->out_msg + ssl->out_msglen,
-            MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen, &len,
+            MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len,
             ssl->conf->f_rng, ssl->conf->p_rng );
         if( ret != 0 )
         {
@@ -3020,7 +3020,7 @@ curve_matching_done:
         if( ( ret = mbedtls_ecdh_make_params(
                   &ssl->handshake->ecdh_ctx, &len,
                   ssl->out_msg + ssl->out_msglen,
-                  MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen,
+                  MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen,
                   ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret );
@@ -4171,7 +4171,7 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
     if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket,
                                 ssl->session_negotiate,
                                 ssl->out_msg + 10,
-                                ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN,
+                                ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN,
                                 &tlen, &lifetime ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e5119fcda..9c1f8859e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -141,14 +141,24 @@ static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
  *    } MaxFragmentLength;
  * and we add 0 -> extension unused
  */
-static unsigned int mfl_code_to_length[MBEDTLS_SSL_MAX_FRAG_LEN_INVALID] =
+static unsigned int ssl_mfl_code_to_length( int mfl )
 {
-    MBEDTLS_SSL_MAX_CONTENT_LEN,    /* MBEDTLS_SSL_MAX_FRAG_LEN_NONE */
-    512,                    /* MBEDTLS_SSL_MAX_FRAG_LEN_512  */
-    1024,                   /* MBEDTLS_SSL_MAX_FRAG_LEN_1024 */
-    2048,                   /* MBEDTLS_SSL_MAX_FRAG_LEN_2048 */
-    4096,                   /* MBEDTLS_SSL_MAX_FRAG_LEN_4096 */
-};
+    switch( mfl )
+    {
+    case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
+        return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
+    case MBEDTLS_SSL_MAX_FRAG_LEN_512:
+        return 512;
+    case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
+        return 1024;
+    case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
+        return 2048;
+    case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
+        return 4096;
+    default:
+        return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN );
+    }
+}
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_CLI_C)
@@ -956,11 +966,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
         if( ssl->compress_buf == NULL )
         {
             MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) );
-            ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_BUFFER_LEN );
+            ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
             if( ssl->compress_buf == NULL )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
-                                    MBEDTLS_SSL_BUFFER_LEN ) );
+                                    MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) );
                 return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
             }
         }
@@ -1297,11 +1307,11 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
                       ssl->out_msg, ssl->out_msglen );
 
-    if( ssl->out_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+    if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
                                     (unsigned) ssl->out_msglen,
-                                    MBEDTLS_SSL_MAX_CONTENT_LEN ) );
+                                    MBEDTLS_SSL_OUT_CONTENT_LEN ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
@@ -1906,14 +1916,14 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
              * Padding is guaranteed to be incorrect if:
              *   1. padlen >= ssl->in_msglen
              *
-             *   2. padding_idx >= MBEDTLS_SSL_MAX_CONTENT_LEN +
+             *   2. padding_idx >= MBEDTLS_SSL_IN_CONTENT_LEN +
              *                     ssl->transform_in->maclen
              *
              * In both cases we reset padding_idx to a safe value (0) to
              * prevent out-of-buffer reads.
              */
             correct &= ( ssl->in_msglen >= padlen + 1 );
-            correct &= ( padding_idx < MBEDTLS_SSL_MAX_CONTENT_LEN +
+            correct &= ( padding_idx < MBEDTLS_SSL_IN_CONTENT_LEN +
                                        ssl->transform_in->maclen );
 
             padding_idx *= correct;
@@ -2126,7 +2136,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
     ssl->transform_out->ctx_deflate.next_in = msg_pre;
     ssl->transform_out->ctx_deflate.avail_in = len_pre;
     ssl->transform_out->ctx_deflate.next_out = msg_post;
-    ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_BUFFER_LEN - bytes_written;
+    ssl->transform_out->ctx_deflate.avail_out = MBEDTLS_SSL_OUT_BUFFER_LEN - bytes_written;
 
     ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH );
     if( ret != Z_OK )
@@ -2135,7 +2145,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
     }
 
-    ssl->out_msglen = MBEDTLS_SSL_BUFFER_LEN -
+    ssl->out_msglen = MBEDTLS_SSL_OUT_BUFFER_LEN -
                       ssl->transform_out->ctx_deflate.avail_out - bytes_written;
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
@@ -2173,7 +2183,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
     ssl->transform_in->ctx_inflate.next_in = msg_pre;
     ssl->transform_in->ctx_inflate.avail_in = len_pre;
     ssl->transform_in->ctx_inflate.next_out = msg_post;
-    ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_BUFFER_LEN -
+    ssl->transform_in->ctx_inflate.avail_out = MBEDTLS_SSL_IN_BUFFER_LEN -
                                                header_bytes;
 
     ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH );
@@ -2183,7 +2193,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED );
     }
 
-    ssl->in_msglen = MBEDTLS_SSL_BUFFER_LEN -
+    ssl->in_msglen = MBEDTLS_SSL_IN_BUFFER_LEN -
                      ssl->transform_in->ctx_inflate.avail_out - header_bytes;
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
@@ -2258,7 +2268,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
-    if( nb_want > MBEDTLS_SSL_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) )
+    if( nb_want > MBEDTLS_SSL_IN_BUFFER_LEN - (size_t)( ssl->in_hdr - ssl->in_buf ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -2344,7 +2354,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
         }
         else
         {
-            len = MBEDTLS_SSL_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
+            len = MBEDTLS_SSL_IN_BUFFER_LEN - ( ssl->in_hdr - ssl->in_buf );
 
             if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
                 timeout = ssl->handshake->retransmit_timeout;
@@ -2798,12 +2808,12 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
         if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
         {
             /* Make room for the additional DTLS fields */
-            if( MBEDTLS_SSL_MAX_CONTENT_LEN - ssl->out_msglen < 8 )
+            if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
                               "size %u, maximum %u",
                                (unsigned) ( ssl->in_hslen - 4 ),
-                               (unsigned) ( MBEDTLS_SSL_MAX_CONTENT_LEN - 12 ) ) );
+                               (unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
                 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
             }
 
@@ -3016,7 +3026,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
                             msg_len ) );
 
-        if( ssl->in_hslen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        if( ssl->in_hslen > MBEDTLS_SSL_IN_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
             return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
@@ -3120,7 +3130,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
         ssl->next_record_offset = new_remain - ssl->in_hdr;
         ssl->in_left = ssl->next_record_offset + remain_len;
 
-        if( ssl->in_left > MBEDTLS_SSL_BUFFER_LEN -
+        if( ssl->in_left > MBEDTLS_SSL_IN_BUFFER_LEN -
                            (size_t)( ssl->in_hdr - ssl->in_buf ) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) );
@@ -3496,7 +3506,7 @@ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl )
             ssl->conf->p_cookie,
             ssl->cli_id, ssl->cli_id_len,
             ssl->in_buf, ssl->in_left,
-            ssl->out_buf, MBEDTLS_SSL_MAX_CONTENT_LEN, &len );
+            ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len );
 
     MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret );
 
@@ -3593,7 +3603,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
     }
 
     /* Check length against the size of our buffer */
-    if( ssl->in_msglen > MBEDTLS_SSL_BUFFER_LEN
+    if( ssl->in_msglen > MBEDTLS_SSL_IN_BUFFER_LEN
                          - (size_t)( ssl->in_msg - ssl->in_buf ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
@@ -3687,7 +3697,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
     if( ssl->transform_in == NULL )
     {
         if( ssl->in_msglen < 1 ||
-            ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+            ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
             return( MBEDTLS_ERR_SSL_INVALID_RECORD );
@@ -3703,7 +3713,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
         if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 &&
-            ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_MAX_CONTENT_LEN )
+            ssl->in_msglen > ssl->transform_in->minlen + MBEDTLS_SSL_IN_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
             return( MBEDTLS_ERR_SSL_INVALID_RECORD );
@@ -3716,7 +3726,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
          */
         if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 &&
             ssl->in_msglen > ssl->transform_in->minlen +
-                             MBEDTLS_SSL_MAX_CONTENT_LEN + 256 )
+                             MBEDTLS_SSL_IN_CONTENT_LEN + 256 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
             return( MBEDTLS_ERR_SSL_INVALID_RECORD );
@@ -3764,7 +3774,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt",
                        ssl->in_msg, ssl->in_msglen );
 
-        if( ssl->in_msglen > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) );
             return( MBEDTLS_ERR_SSL_INVALID_RECORD );
@@ -4325,10 +4335,10 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
     while( crt != NULL )
     {
         n = crt->raw.len;
-        if( n > MBEDTLS_SSL_MAX_CONTENT_LEN - 3 - i )
+        if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
-                           i + 3 + n, MBEDTLS_SSL_MAX_CONTENT_LEN ) );
+                           i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
             return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
         }
 
@@ -5662,17 +5672,23 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
                        const mbedtls_ssl_config *conf )
 {
     int ret;
-    const size_t len = MBEDTLS_SSL_BUFFER_LEN;
 
     ssl->conf = conf;
 
     /*
      * Prepare base structures
      */
-    if( ( ssl-> in_buf = mbedtls_calloc( 1, len ) ) == NULL ||
-        ( ssl->out_buf = mbedtls_calloc( 1, len ) ) == NULL )
+    ssl->in_buf = mbedtls_calloc( 1, MBEDTLS_SSL_IN_BUFFER_LEN );
+    if( ssl->in_buf == NULL )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", len ) );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_IN_BUFFER_LEN) );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    ssl->out_buf = mbedtls_calloc( 1, MBEDTLS_SSL_OUT_BUFFER_LEN );
+    if( ssl->out_buf == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_OUT_BUFFER_LEN) );
         mbedtls_free( ssl->in_buf );
         ssl->in_buf = NULL;
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
@@ -5773,9 +5789,9 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
     ssl->transform_in = NULL;
     ssl->transform_out = NULL;
 
-    memset( ssl->out_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
+    memset( ssl->out_buf, 0, MBEDTLS_SSL_OUT_BUFFER_LEN );
     if( partial == 0 )
-        memset( ssl->in_buf, 0, MBEDTLS_SSL_BUFFER_LEN );
+        memset( ssl->in_buf, 0, MBEDTLS_SSL_IN_BUFFER_LEN );
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
     if( mbedtls_ssl_hw_record_reset != NULL )
@@ -6100,7 +6116,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
 
     /* Identity len will be encoded on two bytes */
     if( ( psk_identity_len >> 16 ) != 0 ||
-        psk_identity_len > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
     {
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
@@ -6401,7 +6417,7 @@ void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
 {
     if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ||
-        mfl_code_to_length[mfl_code] > MBEDTLS_SSL_MAX_CONTENT_LEN )
+        ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN )
     {
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
@@ -6679,15 +6695,15 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
     /*
      * Assume mfl_code is correct since it was checked when set
      */
-    max_len = mfl_code_to_length[ssl->conf->mfl_code];
+    max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
 
     /*
      * Check if a smaller max length was negotiated
      */
     if( ssl->session_out != NULL &&
-        mfl_code_to_length[ssl->session_out->mfl_code] < max_len )
+        ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
     {
-        max_len = mfl_code_to_length[ssl->session_out->mfl_code];
+        max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
     }
 
     return max_len;
@@ -7241,7 +7257,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
 #else
-    size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
+    size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
     if( len > max_len )
     {
@@ -7543,20 +7559,20 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
 
     if( ssl->out_buf != NULL )
     {
-        mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_BUFFER_LEN );
+        mbedtls_platform_zeroize( ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN );
         mbedtls_free( ssl->out_buf );
     }
 
     if( ssl->in_buf != NULL )
     {
-        mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_BUFFER_LEN );
+        mbedtls_platform_zeroize( ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN );
         mbedtls_free( ssl->in_buf );
     }
 
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     if( ssl->compress_buf != NULL )
     {
-        mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_BUFFER_LEN );
+        mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN );
         mbedtls_free( ssl->compress_buf );
     }
 #endif

From c4dd07369fd81a1ae584048caf4ae2c4202a85c4 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Wed, 11 Apr 2018 16:28:39 +1000
Subject: [PATCH 129/578] test: Add test cases for separately reduced
 inward/outward buffer sizes

---
 tests/scripts/all.sh |  35 ++++++++
 tests/ssl-opt.sh     | 184 +++++++++++++++++++++++++------------------
 2 files changed, 142 insertions(+), 77 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 43c27b4bd..ac71e33b2 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -520,6 +520,28 @@ tests/ssl-opt.sh -f RSA
 msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
 tests/compat.sh -t RSA
 
+msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
+scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
+if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
+
+msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
+scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
+if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
+
 msg "build: cmake, full config, clang" # ~ 50s
 cleanup
 cp "$CONFIG_H" "$CONFIG_BAK"
@@ -616,6 +638,7 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
 scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
 make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
 
+# Run max fragment length tests with MFL disabled
 msg "build: default config except MFL extension (ASan build)" # ~ 30s
 cleanup
 cp "$CONFIG_H" "$CONFIG_BAK"
@@ -626,6 +649,18 @@ make
 msg "test: ssl-opt.sh, MFL-related tests"
 if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
 
+msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
+scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: MFL tests (disabled MFL extension case) & large packet tests"
+if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
+
 msg "build: default config with  MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
 cleanup
 cp "$CONFIG_H" "$CONFIG_BAK"
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9faeb6703..34598451d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -21,6 +21,11 @@
 
 set -u
 
+if cd $( dirname $0 ); then :; else
+    echo "cd $( dirname $0 ) failed" >&2
+    exit 1
+fi
+
 # default values, can be overriden by the environment
 : ${P_SRV:=../programs/ssl/ssl_server2}
 : ${P_CLI:=../programs/ssl/ssl_client2}
@@ -178,6 +183,25 @@ requires_ipv6() {
     fi
 }
 
+# Calculate the input & output maximum content lengths set in the config
+MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
+MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
+MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
+
+if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
+    MAX_CONTENT_LEN="$MAX_IN_LEN"
+fi
+if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
+    MAX_CONTENT_LEN="$MAX_OUT_LEN"
+fi
+
+# skip the next test if the SSL output buffer is less than 16KB
+requires_full_size_output_buffer() {
+    if [ "$MAX_OUT_LEN" -ne 16384 ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
 # skip the next test if valgrind is in use
 not_with_valgrind() {
     if [ "$MEMCHECK" -gt 0 ]; then
@@ -626,11 +650,6 @@ cleanup() {
 # MAIN
 #
 
-if cd $( dirname $0 ); then :; else
-    echo "cd $( dirname $0 ) failed" >&2
-    exit 1
-fi
-
 get_options "$@"
 
 # sanity checks, avoid an avalanche of errors
@@ -1416,28 +1435,22 @@ run_test    "Session resume using cache: openssl server" \
 
 # Tests for Max Fragment Length extension
 
-MAX_CONTENT_LEN_EXPECT='16384'
-MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN)
-
-if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then
-    printf "The ${CONFIG_H} file contains a value for the configuration of\n"
-    printf "MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the script’s\n"
-    printf "test value of ${MAX_CONTENT_LEN_EXPECT}. \n"
-    printf "\n"
-    printf "The tests assume this value and if it changes, the tests in this\n"
-    printf "script should also be adjusted.\n"
-    printf "\n"
-
+if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
+    printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
     exit 1
 fi
 
+if [ $MAX_CONTENT_LEN -ne 16384 ]; then
+    printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
+fi
+
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 run_test    "Max fragment length: enabled, default" \
             "$P_SRV debug_level=3" \
             "$P_CLI debug_level=3" \
             0 \
-            -c "Maximum fragment length is 16384" \
-            -s "Maximum fragment length is 16384" \
+            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
+            -s "Maximum fragment length is $MAX_CONTENT_LEN" \
             -C "client hello, adding max_fragment_length extension" \
             -S "found max fragment length extension" \
             -S "server hello, max_fragment_length extension" \
@@ -1446,46 +1459,50 @@ run_test    "Max fragment length: enabled, default" \
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 run_test    "Max fragment length: enabled, default, larger message" \
             "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 request_size=16385" \
+            "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
             0 \
-            -c "Maximum fragment length is 16384" \
-            -s "Maximum fragment length is 16384" \
+            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
+            -s "Maximum fragment length is $MAX_CONTENT_LEN" \
             -C "client hello, adding max_fragment_length extension" \
             -S "found max fragment length extension" \
             -S "server hello, max_fragment_length extension" \
             -C "found max_fragment_length extension" \
-            -c "16385 bytes written in 2 fragments" \
-            -s "16384 bytes read" \
+            -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
+            -s "$MAX_CONTENT_LEN bytes read" \
             -s "1 bytes read"
 
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 run_test    "Max fragment length, DTLS: enabled, default, larger message" \
             "$P_SRV debug_level=3 dtls=1" \
-            "$P_CLI debug_level=3 dtls=1 request_size=16385" \
+            "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
             1 \
-            -c "Maximum fragment length is 16384" \
-            -s "Maximum fragment length is 16384" \
+            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
+            -s "Maximum fragment length is $MAX_CONTENT_LEN" \
             -C "client hello, adding max_fragment_length extension" \
             -S "found max fragment length extension" \
             -S "server hello, max_fragment_length extension" \
             -C "found max_fragment_length extension" \
             -c "fragment larger than.*maximum "
 
+# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled
+# (session fragment length will be 16384 regardless of mbedtls
+# content length configuration.)
+
 requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 run_test    "Max fragment length: disabled, larger message" \
             "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 request_size=16385" \
+            "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
             0 \
             -C "Maximum fragment length is 16384" \
             -S "Maximum fragment length is 16384" \
-            -c "16385 bytes written in 2 fragments" \
-            -s "16384 bytes read" \
+            -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
+            -s "$MAX_CONTENT_LEN bytes read" \
             -s "1 bytes read"
 
 requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 run_test    "Max fragment length DTLS: disabled, larger message" \
             "$P_SRV debug_level=3 dtls=1" \
-            "$P_CLI debug_level=3 dtls=1 request_size=16385" \
+            "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
             1 \
             -C "Maximum fragment length is 16384" \
             -S "Maximum fragment length is 16384" \
@@ -1508,7 +1525,7 @@ run_test    "Max fragment length: used by server" \
             "$P_SRV debug_level=3 max_frag_len=4096" \
             "$P_CLI debug_level=3" \
             0 \
-            -c "Maximum fragment length is 16384" \
+            -c "Maximum fragment length is $MAX_CONTENT_LEN" \
             -s "Maximum fragment length is 4096" \
             -C "client hello, adding max_fragment_length extension" \
             -S "found max fragment length extension" \
@@ -2376,6 +2393,7 @@ if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
     exit 1
 fi
 
+requires_full_size_output_buffer
 run_test    "Authentication: server max_int chain, client default" \
             "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
                     key_file=data_files/dir-maxpath/09.key" \
@@ -2383,6 +2401,7 @@ run_test    "Authentication: server max_int chain, client default" \
             0 \
             -C "X509 - A fatal error occured"
 
+requires_full_size_output_buffer
 run_test    "Authentication: server max_int+1 chain, client default" \
             "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
                     key_file=data_files/dir-maxpath/10.key" \
@@ -2390,6 +2409,7 @@ run_test    "Authentication: server max_int+1 chain, client default" \
             1 \
             -c "X509 - A fatal error occured"
 
+requires_full_size_output_buffer
 run_test    "Authentication: server max_int+1 chain, client optional" \
             "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
                     key_file=data_files/dir-maxpath/10.key" \
@@ -2398,6 +2418,7 @@ run_test    "Authentication: server max_int+1 chain, client optional" \
             1 \
             -c "X509 - A fatal error occured"
 
+requires_full_size_output_buffer
 run_test    "Authentication: server max_int+1 chain, client none" \
             "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
                     key_file=data_files/dir-maxpath/10.key" \
@@ -2406,6 +2427,7 @@ run_test    "Authentication: server max_int+1 chain, client none" \
             0 \
             -C "X509 - A fatal error occured"
 
+requires_full_size_output_buffer
 run_test    "Authentication: client max_int+1 chain, server default" \
             "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
             "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -2413,6 +2435,7 @@ run_test    "Authentication: client max_int+1 chain, server default" \
             0 \
             -S "X509 - A fatal error occured"
 
+requires_full_size_output_buffer
 run_test    "Authentication: client max_int+1 chain, server optional" \
             "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
             "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -2420,6 +2443,7 @@ run_test    "Authentication: client max_int+1 chain, server optional" \
             1 \
             -s "X509 - A fatal error occured"
 
+requires_full_size_output_buffer
 run_test    "Authentication: client max_int+1 chain, server required" \
             "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
             "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -2427,6 +2451,7 @@ run_test    "Authentication: client max_int+1 chain, server required" \
             1 \
             -s "X509 - A fatal error occured"
 
+requires_full_size_output_buffer
 run_test    "Authentication: client max_int chain, server required" \
             "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
             "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
@@ -3970,14 +3995,19 @@ run_test    "SSLv3 with extensions, server side" \
 
 # Test for large packets
 
+# How many fragments do we expect to write $1 bytes?
+fragments_for_write() {
+    echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
+}
+
 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
 run_test    "Large packet SSLv3 BlockCipher" \
             "$P_SRV min_version=ssl3" \
             "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
 run_test    "Large packet SSLv3 StreamCipher" \
@@ -3985,23 +4015,23 @@ run_test    "Large packet SSLv3 StreamCipher" \
             "$P_CLI request_size=16384 force_version=ssl3 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.0 BlockCipher" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.0 BlockCipher, without EtM" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.0 BlockCipher, truncated MAC" \
@@ -4009,8 +4039,8 @@ run_test    "Large packet TLS 1.0 BlockCipher, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
@@ -4018,21 +4048,21 @@ run_test    "Large packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.0 StreamCipher" \
             "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             "$P_CLI request_size=16384 force_version=tls1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.0 StreamCipher, without EtM" \
             "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             "$P_CLI request_size=16384 force_version=tls1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.0 StreamCipher, truncated MAC" \
@@ -4040,7 +4070,7 @@ run_test    "Large packet TLS 1.0 StreamCipher, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
@@ -4048,23 +4078,23 @@ run_test    "Large packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.1 BlockCipher" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1_1 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.1 BlockCipher, without EtM" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.1 BlockCipher, truncated MAC" \
@@ -4072,7 +4102,7 @@ run_test    "Large packet TLS 1.1 BlockCipher, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_1 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
@@ -4080,23 +4110,23 @@ run_test    "Large packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_1 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.1 StreamCipher" \
             "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             "$P_CLI request_size=16384 force_version=tls1_1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.1 StreamCipher, without EtM" \
             "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             "$P_CLI request_size=16384 force_version=tls1_1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.1 StreamCipher, truncated MAC" \
@@ -4104,7 +4134,7 @@ run_test    "Large packet TLS 1.1 StreamCipher, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
@@ -4112,31 +4142,31 @@ run_test    "Large packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_1 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.2 BlockCipher" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.2 BlockCipher, without EtM" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.2 BlockCipher larger MAC" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.2 BlockCipher, truncated MAC" \
@@ -4144,7 +4174,7 @@ run_test    "Large packet TLS 1.2 BlockCipher, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
@@ -4152,23 +4182,23 @@ run_test    "Large packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.2 StreamCipher" \
             "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.2 StreamCipher, without EtM" \
             "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.2 StreamCipher, truncated MAC" \
@@ -4176,7 +4206,7 @@ run_test    "Large packet TLS 1.2 StreamCipher, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
             0 \
-            -s "Read from client: 16384 bytes read"
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
 run_test    "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
@@ -4184,24 +4214,24 @@ run_test    "Large packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.2 AEAD" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 run_test    "Large packet TLS 1.2 AEAD shorter tag" \
             "$P_SRV" \
             "$P_CLI request_size=16384 force_version=tls1_2 \
              force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
             0 \
-            -c "16384 bytes written in 1 fragments" \
-            -s "Read from client: 16384 bytes read"
+            -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
+            -s "Read from client: $MAX_CONTENT_LEN bytes read"
 
 # Tests of asynchronous private key support in SSL
 

From a18034a8e28020ed93a941a9b5c07fecc4e8aec7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 19 Jun 2018 11:30:32 +0200
Subject: [PATCH 130/578] Adjust to added fields in cipher_base_t

This is a follow-up to the previous merge commit: two fields were added in the
merged development branch
---
 library/cipher_wrap.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 5ab4071e0..e22c172f9 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1949,9 +1949,15 @@ static const mbedtls_cipher_base_t chacha20_base_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     chacha20_stream_wrap,
 #endif
@@ -2015,9 +2021,15 @@ static const mbedtls_cipher_base_t chachapoly_base_info = {
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     NULL,
 #endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+    NULL,
+#endif
 #if defined(MBEDTLS_CIPHER_MODE_STREAM)
     NULL,
 #endif

From f57bf8b467b8ca7ce82ffedb9846aa8b1e2f9a7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 18 Jun 2018 11:14:09 +0200
Subject: [PATCH 131/578] Define specific mode for ChachaPoly

The TLS layer is checking for mode, such as GCM, CCM, CBC, STREAM. ChachaPoly
needs to have its own mode, even if it's used just one cipher, in order to
allow consistent handling of mode in the TLS layer.
---
 include/mbedtls/cipher.h | 1 +
 library/cipher_wrap.c    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index e707808a2..a1f4738a9 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -186,6 +186,7 @@ typedef enum {
     MBEDTLS_MODE_STREAM,                 /**< The stream cipher mode. */
     MBEDTLS_MODE_CCM,                    /**< The CCM cipher mode. */
     MBEDTLS_MODE_XTS,                    /**< The XTS cipher mode. */
+    MBEDTLS_MODE_CHACHAPOLY,             /**< The ChaCha-Poly cipher mode. */
 } mbedtls_cipher_mode_t;
 
 /** Supported cipher padding types. */
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index e22c172f9..893490acc 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -2040,7 +2040,7 @@ static const mbedtls_cipher_base_t chachapoly_base_info = {
 };
 static const mbedtls_cipher_info_t chachapoly_info = {
     MBEDTLS_CIPHER_CHACHA20_POLY1305,
-    MBEDTLS_MODE_NONE,
+    MBEDTLS_MODE_CHACHAPOLY,
     256,
     "CHACHA20-POLY1305",
     12,

From ce66d5e8e1471bb60d726e4def0520f46e9c0057 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 14 Jun 2018 11:11:15 +0200
Subject: [PATCH 132/578] Declare ChaCha-Poly ciphersuites

Prefer them over AES-GCM as they have better performance and fewer side
channel considerations in software implementations.
---
 include/mbedtls/ssl_ciphersuites.h |  9 ++++
 library/ssl_ciphersuites.c         | 80 +++++++++++++++++++++++++++++-
 tests/ssl-opt.sh                   | 12 ++---
 3 files changed, 91 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 7d5eba091..cda8b4835 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -271,6 +271,15 @@ extern "C" {
 
 #define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8          0xC0FF  /**< experimental */
 
+/* RFC 7905 */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   0xCCA8 /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     0xCCAA /**< TLS 1.2 */
+#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256         0xCCAB /**< TLS 1.2 */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   0xCCAC /**< TLS 1.2 */
+#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAD /**< TLS 1.2 */
+#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAE /**< TLS 1.2 */
+
 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
  */
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 2e9a0fd79..59cdc7a80 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -47,7 +47,7 @@
  * 1. By key exchange:
  *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
  * 2. By key length and cipher:
- *    AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
+ *    ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128 > 3DES
  * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
  * 4. By hash function used when relevant
  * 5. By key exchange/auth again: EC > non-EC
@@ -57,6 +57,11 @@ static const int ciphersuite_preference[] =
 #if defined(MBEDTLS_SSL_CIPHERSUITES)
     MBEDTLS_SSL_CIPHERSUITES,
 #else
+    /* Chacha-Poly ephemeral suites */
+    MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+    MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+
     /* All AES-256 ephemeral suites */
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
@@ -127,6 +132,8 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 
     /* The PSK ephemeral suites */
+    MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+    MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
     MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
     MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
@@ -227,6 +234,7 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
 
     /* The RSA PSK suites */
+    MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
     MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
@@ -246,6 +254,7 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
 
     /* The PSK suites */
+    MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
     MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
     MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
@@ -312,6 +321,75 @@ static const int ciphersuite_preference[] =
 
 static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 {
+#if defined(MBEDTLS_CHACHAPOLY_C) && \
+    defined(MBEDTLS_SHA256_C) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+    { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+      "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+      "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+    { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+      "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_DHE_RSA,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+    { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
+      "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+    { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+      "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+    { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+      "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_DHE_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+    { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
+      "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
+      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
+      MBEDTLS_KEY_EXCHANGE_RSA_PSK,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
+      0 },
+#endif
+#endif /* MBEDTLS_CHACHAPOLY_C &&
+          MBEDTLS_SHA256_C &&
+          MBEDTLS_SSL_PROTO_TLS1_2 */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 #if defined(MBEDTLS_AES_C)
 #if defined(MBEDTLS_SHA1_C)
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9faeb6703..50fb0f94b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -723,7 +723,7 @@ run_test    "Default" \
             "$P_CLI" \
             0 \
             -s "Protocol is TLSv1.2" \
-            -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
+            -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
             -s "client hello v3, signature_algorithm ext: 6" \
             -s "ECDHE curve: secp521r1" \
             -S "error" \
@@ -734,20 +734,14 @@ run_test    "Default, DTLS" \
             "$P_CLI dtls=1" \
             0 \
             -s "Protocol is DTLSv1.2" \
-            -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
+            -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
 
 # Test current time in ServerHello
 requires_config_enabled MBEDTLS_HAVE_TIME
-run_test    "Default, ServerHello contains gmt_unix_time" \
+run_test    "ServerHello contains gmt_unix_time" \
             "$P_SRV debug_level=3" \
             "$P_CLI debug_level=3" \
             0 \
-            -s "Protocol is TLSv1.2" \
-            -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
-            -s "client hello v3, signature_algorithm ext: 6" \
-            -s "ECDHE curve: secp521r1" \
-            -S "error" \
-            -C "error" \
             -f "check_server_hello_time" \
             -F "check_server_hello_time"
 

From c36b4321083d8f13dbe8873b8180fb118c352cc7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 14 Jun 2018 13:14:29 +0200
Subject: [PATCH 133/578] Add GnuTLS interop for CCM(-8) ciphersuites

I'm going to touch the GCM/CCM/CCM-8 code in the next commit, and so far we
didn't have any interop testing for CCM/CCM-8.

Our standard development/testing environment currently has GnuTLS 3.4.10, and
fortunately support for CCM/CCM-8 was introduced in GnuTLS 3.4.0

Support in OpenSSL was introduced in 1.1.0 which is not yet the default
version in the CI.
---
 tests/compat.sh | 72 ++++++++++++++++++++++++++++++++++---------------
 1 file changed, 51 insertions(+), 21 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index d383cb478..fdef98e91 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -42,6 +42,9 @@ if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
             PEER_GNUTLS=""
         else
             PEER_GNUTLS=" GnuTLS"
+            if [ $MINOR -lt 4 ]; then
+                GNUTLS_MINOR_LT_FOUR='x'
+            fi
         fi
     fi
 else
@@ -545,12 +548,20 @@ add_gnutls_ciphersuites()
                     TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384    \
                     TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256    \
                     TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384    \
+                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM                \
+                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM                \
+                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8              \
+                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8              \
                    "
                 G_CIPHERS="$G_CIPHERS                               \
                     +ECDHE-ECDSA:+CAMELLIA-128-CBC:+SHA256          \
                     +ECDHE-ECDSA:+CAMELLIA-256-CBC:+SHA384          \
                     +ECDHE-ECDSA:+CAMELLIA-128-GCM:+AEAD            \
                     +ECDHE-ECDSA:+CAMELLIA-256-GCM:+AEAD            \
+                    +ECDHE-ECDSA:+AES-128-CCM:+AEAD                 \
+                    +ECDHE-ECDSA:+AES-256-CCM:+AEAD                 \
+                    +ECDHE-ECDSA:+AES-128-CCM-8:+AEAD               \
+                    +ECDHE-ECDSA:+AES-256-CCM-8:+AEAD               \
                    "
             fi
             ;;
@@ -580,6 +591,14 @@ add_gnutls_ciphersuites()
                     TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384    \
                     TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256        \
                     TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384        \
+                    TLS-RSA-WITH-AES-128-CCM                    \
+                    TLS-RSA-WITH-AES-256-CCM                    \
+                    TLS-DHE-RSA-WITH-AES-128-CCM                \
+                    TLS-DHE-RSA-WITH-AES-256-CCM                \
+                    TLS-RSA-WITH-AES-128-CCM-8                  \
+                    TLS-RSA-WITH-AES-256-CCM-8                  \
+                    TLS-DHE-RSA-WITH-AES-128-CCM-8              \
+                    TLS-DHE-RSA-WITH-AES-256-CCM-8              \
                     "
                 G_CIPHERS="$G_CIPHERS                           \
                     +ECDHE-RSA:+CAMELLIA-128-CBC:+SHA256        \
@@ -594,6 +613,14 @@ add_gnutls_ciphersuites()
                     +DHE-RSA:+CAMELLIA-256-GCM:+AEAD            \
                     +RSA:+CAMELLIA-128-GCM:+AEAD                \
                     +RSA:+CAMELLIA-256-GCM:+AEAD                \
+                    +RSA:+AES-128-CCM:+AEAD                     \
+                    +RSA:+AES-256-CCM:+AEAD                     \
+                    +RSA:+AES-128-CCM-8:+AEAD                   \
+                    +RSA:+AES-256-CCM-8:+AEAD                   \
+                    +DHE-RSA:+AES-128-CCM:+AEAD                 \
+                    +DHE-RSA:+AES-256-CCM:+AEAD                 \
+                    +DHE-RSA:+AES-128-CCM-8:+AEAD               \
+                    +DHE-RSA:+AES-256-CCM-8:+AEAD               \
                     "
             fi
             ;;
@@ -665,6 +692,14 @@ add_gnutls_ciphersuites()
                     TLS-PSK-WITH-AES-256-GCM-SHA384             \
                     TLS-DHE-PSK-WITH-AES-128-GCM-SHA256         \
                     TLS-DHE-PSK-WITH-AES-256-GCM-SHA384         \
+                    TLS-PSK-WITH-AES-128-CCM                    \
+                    TLS-PSK-WITH-AES-256-CCM                    \
+                    TLS-DHE-PSK-WITH-AES-128-CCM                \
+                    TLS-DHE-PSK-WITH-AES-256-CCM                \
+                    TLS-PSK-WITH-AES-128-CCM-8                  \
+                    TLS-PSK-WITH-AES-256-CCM-8                  \
+                    TLS-DHE-PSK-WITH-AES-128-CCM-8              \
+                    TLS-DHE-PSK-WITH-AES-256-CCM-8              \
                     TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256    \
                     TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384    \
                     TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256        \
@@ -695,6 +730,14 @@ add_gnutls_ciphersuites()
                     +PSK:+AES-256-GCM:+AEAD                     \
                     +DHE-PSK:+AES-128-GCM:+AEAD                 \
                     +DHE-PSK:+AES-256-GCM:+AEAD                 \
+                    +PSK:+AES-128-CCM:+AEAD                     \
+                    +PSK:+AES-256-CCM:+AEAD                     \
+                    +DHE-PSK:+AES-128-CCM:+AEAD                 \
+                    +DHE-PSK:+AES-256-CCM:+AEAD                 \
+                    +PSK:+AES-128-CCM-8:+AEAD                   \
+                    +PSK:+AES-256-CCM-8:+AEAD                   \
+                    +DHE-PSK:+AES-128-CCM-8:+AEAD               \
+                    +DHE-PSK:+AES-256-CCM-8:+AEAD               \
                     +RSA-PSK:+CAMELLIA-128-GCM:+AEAD            \
                     +RSA-PSK:+CAMELLIA-256-GCM:+AEAD            \
                     +PSK:+CAMELLIA-128-GCM:+AEAD                \
@@ -737,10 +780,6 @@ add_mbedtls_ciphersuites()
                 M_CIPHERS="$M_CIPHERS                               \
                     TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256     \
                     TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384     \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM                \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM                \
-                    TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8              \
-                    TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8              \
                     TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384        \
                     TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256        \
                     TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384         \
@@ -755,14 +794,6 @@ add_mbedtls_ciphersuites()
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
                 M_CIPHERS="$M_CIPHERS                               \
-                    TLS-RSA-WITH-AES-128-CCM                        \
-                    TLS-RSA-WITH-AES-256-CCM                        \
-                    TLS-DHE-RSA-WITH-AES-128-CCM                    \
-                    TLS-DHE-RSA-WITH-AES-256-CCM                    \
-                    TLS-RSA-WITH-AES-128-CCM-8                      \
-                    TLS-RSA-WITH-AES-256-CCM-8                      \
-                    TLS-DHE-RSA-WITH-AES-128-CCM-8                  \
-                    TLS-DHE-RSA-WITH-AES-256-CCM-8                  \
                     TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384          \
                     TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384            \
                     TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256          \
@@ -789,14 +820,6 @@ add_mbedtls_ciphersuites()
             if [ `minor_ver "$MODE"` -ge 3 ]
             then
                 M_CIPHERS="$M_CIPHERS                               \
-                    TLS-PSK-WITH-AES-128-CCM                        \
-                    TLS-PSK-WITH-AES-256-CCM                        \
-                    TLS-DHE-PSK-WITH-AES-128-CCM                    \
-                    TLS-DHE-PSK-WITH-AES-256-CCM                    \
-                    TLS-PSK-WITH-AES-128-CCM-8                      \
-                    TLS-PSK-WITH-AES-256-CCM-8                      \
-                    TLS-DHE-PSK-WITH-AES-128-CCM-8                  \
-                    TLS-DHE-PSK-WITH-AES-256-CCM-8                  \
                     TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384            \
                     TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256            \
                     TLS-PSK-WITH-ARIA-256-CBC-SHA384                \
@@ -842,10 +865,17 @@ setup_arguments()
             exit 1;
     esac
 
+    # GnuTLS < 3.4 will choke if we try to allow CCM-8
+    if [ -z "${GNUTLS_MINOR_LT_FOUR-}" ]; then
+        G_PRIO_CCM="+AES-256-CCM-8:+AES-128-CCM-8:"
+    else
+        G_PRIO_CCM=""
+    fi
+
     M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
     O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
     G_SERVER_ARGS="-p $PORT --http $G_MODE"
-    G_SERVER_PRIO="NORMAL:+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+    G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
 
     # with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
     if is_dtls "$MODE"; then

From 2e58e8ee345894ee224694cf727b1443de3d3423 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 18 Jun 2018 11:16:43 +0200
Subject: [PATCH 134/578] Implement ChachaPoly mode in TLS

---
 library/ssl_tls.c | 150 +++++++++++++++++++++++++++++++++-------------
 1 file changed, 109 insertions(+), 41 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e5119fcda..c6e5f9702 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -688,18 +688,32 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
     transform->keylen = cipher_info->key_bitlen / 8;
 
     if( cipher_info->mode == MBEDTLS_MODE_GCM ||
-        cipher_info->mode == MBEDTLS_MODE_CCM )
+        cipher_info->mode == MBEDTLS_MODE_CCM ||
+        cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
     {
+        size_t taglen, explicit_ivlen;
+
         transform->maclen = 0;
         mac_key_len = 0;
 
+        /* All modes haves 96-bit IVs;
+         * GCM and CCM has 4 implicit and 8 explicit bytes
+         * ChachaPoly has all 12 bytes implicit
+         */
         transform->ivlen = 12;
-        transform->fixed_ivlen = 4;
+        if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
+            transform->fixed_ivlen = 12;
+        else
+            transform->fixed_ivlen = 4;
 
-        /* Minimum length is expicit IV + tag */
-        transform->minlen = transform->ivlen - transform->fixed_ivlen
-                            + ( transform->ciphersuite_info->flags &
-                                MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16 );
+        /* All modes have 128-bit tags, except CCM_8 (ciphersuite flag) */
+        taglen = transform->ciphersuite_info->flags &
+                  MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+
+
+        /* Minimum length of encrypted record */
+        explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
+        transform->minlen = explicit_ivlen + taglen;
     }
     else
     {
@@ -1394,17 +1408,26 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_GCM_C) || \
+    defined(MBEDTLS_CCM_C) || \
+    defined(MBEDTLS_CHACHAPOLY_C)
     if( mode == MBEDTLS_MODE_GCM ||
-        mode == MBEDTLS_MODE_CCM )
+        mode == MBEDTLS_MODE_CCM ||
+        mode == MBEDTLS_MODE_CHACHAPOLY )
     {
         int ret;
         size_t enc_msglen, olen;
         unsigned char *enc_msg;
         unsigned char add_data[13];
-        unsigned char taglen = ssl->transform_out->ciphersuite_info->flags &
+        unsigned char iv[12];
+        mbedtls_ssl_transform *transform = ssl->transform_out;
+        unsigned char taglen = transform->ciphersuite_info->flags &
                                MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
+        size_t explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
 
+        /*
+         * Prepare additional authenticated data
+         */
         memcpy( add_data, ssl->out_ctr, 8 );
         add_data[8]  = ssl->out_msgtype;
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
@@ -1412,44 +1435,57 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
         add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF;
         add_data[12] = ssl->out_msglen & 0xFF;
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
-                       add_data, 13 );
+        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
 
         /*
          * Generate IV
          */
-        if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
+        if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
+        {
+            /* GCM and CCM: concatenate fixed + explicit (=seqnum) */
+            memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
+            memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 );
+            memcpy( ssl->out_iv, ssl->out_ctr, 8 );
+
+        }
+        else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
+        {
+            /* ChachaPoly: XOR fixed + sequence number */
+            unsigned char i;
+
+            memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
+
+            for( i = 0; i < 8; i++ )
+                iv[i+4] ^= ssl->out_ctr[i];
+        }
+        else
         {
             /* Reminder if we ever add an AEAD mode with a different size */
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
 
-        memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
-                             ssl->out_ctr, 8 );
-        memcpy( ssl->out_iv, ssl->out_ctr, 8 );
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
-                ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
+        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
+                                  iv, transform->ivlen );
+        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
+                                  ssl->out_iv, explicit_ivlen );
 
         /*
-         * Fix pointer positions and message length with added IV
+         * Fix message length with added IV
          */
         enc_msg = ssl->out_msg;
         enc_msglen = ssl->out_msglen;
-        ssl->out_msglen += ssl->transform_out->ivlen -
-                           ssl->transform_out->fixed_ivlen;
+        ssl->out_msglen += explicit_ivlen;
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
-                            "including %d bytes of padding",
-                       ssl->out_msglen, 0 ) );
+                                    "including 0 bytes of padding",
+                                    ssl->out_msglen ) );
 
         /*
          * Encrypt and authenticate
          */
-        if( ( ret = mbedtls_cipher_auth_encrypt( &ssl->transform_out->cipher_ctx_enc,
-                                         ssl->transform_out->iv_enc,
-                                         ssl->transform_out->ivlen,
+        if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
+                                         iv, transform->ivlen,
                                          add_data, 13,
                                          enc_msg, enc_msglen,
                                          enc_msg, &olen,
@@ -1609,7 +1645,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
 
 static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
 {
-    size_t i;
     mbedtls_cipher_mode_t mode;
     int auth_done = 0;
 #if defined(SSL_SOME_MODES_USE_MAC)
@@ -1659,20 +1694,27 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#if defined(MBEDTLS_GCM_C) || \
+    defined(MBEDTLS_CCM_C) || \
+    defined(MBEDTLS_CHACHAPOLY_C)
     if( mode == MBEDTLS_MODE_GCM ||
-        mode == MBEDTLS_MODE_CCM )
+        mode == MBEDTLS_MODE_CCM ||
+        mode == MBEDTLS_MODE_CHACHAPOLY )
     {
         int ret;
         size_t dec_msglen, olen;
         unsigned char *dec_msg;
         unsigned char *dec_msg_result;
         unsigned char add_data[13];
-        unsigned char taglen = ssl->transform_in->ciphersuite_info->flags &
+        unsigned char iv[12];
+        mbedtls_ssl_transform *transform = ssl->transform_in;
+        unsigned char taglen = transform->ciphersuite_info->flags &
                                MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16;
-        size_t explicit_iv_len = ssl->transform_in->ivlen -
-                                 ssl->transform_in->fixed_ivlen;
+        size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen;
 
+        /*
+         * Compute and update sizes
+         */
         if( ssl->in_msglen < explicit_iv_len + taglen )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
@@ -1686,6 +1728,9 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
         dec_msg_result = ssl->in_msg;
         ssl->in_msglen = dec_msglen;
 
+        /*
+         * Prepare additional authenticated data
+         */
         memcpy( add_data, ssl->in_ctr, 8 );
         add_data[8]  = ssl->in_msgtype;
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
@@ -1693,23 +1738,43 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
         add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF;
         add_data[12] = ssl->in_msglen & 0xFF;
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
-                       add_data, 13 );
+        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 );
 
-        memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
-                ssl->in_iv,
-                ssl->transform_in->ivlen - ssl->transform_in->fixed_ivlen );
+        /*
+         * Prepare IV
+         */
+        if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
+        {
+            /* GCM and CCM: concatenate fixed + explicit (transmitted) */
+            memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
+            memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 );
 
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", ssl->transform_in->iv_dec,
-                                     ssl->transform_in->ivlen );
+        }
+        else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
+        {
+            /* ChachaPoly: XOR fixed + sequence number */
+            unsigned char i;
+
+            memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
+
+            for( i = 0; i < 8; i++ )
+                iv[i+4] ^= ssl->in_ctr[i];
+        }
+        else
+        {
+            /* Reminder if we ever add an AEAD mode with a different size */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
         MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen );
 
         /*
          * Decrypt and authenticate
          */
         if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec,
-                                         ssl->transform_in->iv_dec,
-                                         ssl->transform_in->ivlen,
+                                         iv, transform->ivlen,
                                          add_data, 13,
                                          dec_msg, dec_msglen,
                                          dec_msg_result, &olen,
@@ -1827,6 +1892,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
          */
         if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
         {
+            unsigned char i;
             dec_msglen -= ssl->transform_in->ivlen;
             ssl->in_msglen -= ssl->transform_in->ivlen;
 
@@ -1901,6 +1967,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
              */
             size_t pad_count = 0, real_count = 1;
             size_t padding_idx = ssl->in_msglen - padlen - 1;
+            size_t i;
 
             /*
              * Padding is guaranteed to be incorrect if:
@@ -2077,6 +2144,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
     else
 #endif
     {
+        unsigned char i;
         for( i = 8; i > ssl_ep_len( ssl ); i-- )
             if( ++ssl->in_ctr[i - 1] != 0 )
                 break;

From 9fece7ee91710c0d1ad5306b2cd3037c2f7b3758 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 18 Jun 2018 11:38:22 +0200
Subject: [PATCH 135/578] Add ChachaPoly ciphersuites to compat.sh

This is disabled by default since it requires OpenSSL >= 1.1.0 and the current
default version on the CI is 1.0.2. However, the CI also has 1.1.1-rc which
can be used for this.
---
 tests/compat.sh      | 19 ++++++++++++++++++-
 tests/scripts/all.sh |  4 ++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/tests/compat.sh b/tests/compat.sh
index fdef98e91..bf65e5e61 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -61,7 +61,8 @@ FILTER=""
 # - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions
 #   avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
 # - ARIA: not in default config.h + requires OpenSSL >= 1.1.1
-EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA'
+# - ChachaPoly: requires OpenSSL >= 1.1.0
+EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305'
 VERBOSE=""
 MEMCHECK=0
 PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@@ -440,6 +441,9 @@ add_common_ciphersuites()
 # NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
 # so RSA-PSK ciphersuites need to go in other sections, see
 # https://github.com/ARMmbed/mbedtls/issues/1419
+#
+# ChachaPoly suites are here rather than in "common", as they were added in
+# GnuTLS in 3.5.0 and the CI only has 3.4.x so far.
 add_openssl_ciphersuites()
 {
     case $TYPE in
@@ -471,6 +475,7 @@ add_openssl_ciphersuites()
                     TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384          \
                     TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384        \
                     TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256        \
+                    TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256   \
                     "
                 O_CIPHERS="$O_CIPHERS               \
                     ECDH-ECDSA-AES128-SHA256        \
@@ -479,6 +484,7 @@ add_openssl_ciphersuites()
                     ECDH-ECDSA-AES256-GCM-SHA384    \
                     ECDHE-ECDSA-ARIA256-GCM-SHA384  \
                     ECDHE-ECDSA-ARIA128-GCM-SHA256  \
+                    ECDHE-ECDSA-CHACHA20-POLY1305   \
                     "
             fi
             ;;
@@ -501,6 +507,8 @@ add_openssl_ciphersuites()
                     TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256          \
                     TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256            \
                     TLS-RSA-WITH-ARIA-128-GCM-SHA256                \
+                    TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256       \
+                    TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256     \
                     "
                 O_CIPHERS="$O_CIPHERS               \
                     ECDHE-ARIA256-GCM-SHA384        \
@@ -509,6 +517,8 @@ add_openssl_ciphersuites()
                     ECDHE-ARIA128-GCM-SHA256        \
                     DHE-RSA-ARIA128-GCM-SHA256      \
                     ARIA128-GCM-SHA256              \
+                    DHE-RSA-CHACHA20-POLY1305       \
+                    ECDHE-RSA-CHACHA20-POLY1305     \
                     "
             fi
             ;;
@@ -521,12 +531,18 @@ add_openssl_ciphersuites()
                     TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256            \
                     TLS-PSK-WITH-ARIA-256-GCM-SHA384                \
                     TLS-PSK-WITH-ARIA-128-GCM-SHA256                \
+                    TLS-PSK-WITH-CHACHA20-POLY1305-SHA256           \
+                    TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256     \
+                    TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256       \
                     "
                 O_CIPHERS="$O_CIPHERS               \
                     DHE-PSK-ARIA256-GCM-SHA384      \
                     DHE-PSK-ARIA128-GCM-SHA256      \
                     PSK-ARIA256-GCM-SHA384          \
                     PSK-ARIA128-GCM-SHA256          \
+                    DHE-PSK-CHACHA20-POLY1305       \
+                    ECDHE-PSK-CHACHA20-POLY1305     \
+                    PSK-CHACHA20-POLY1305           \
                     "
             fi
             ;;
@@ -830,6 +846,7 @@ add_mbedtls_ciphersuites()
                     TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256          \
                     TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384            \
                     TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256            \
+                    TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256       \
                     "
             fi
             ;;
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 81a26147e..6d7bbc24f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -543,8 +543,8 @@ if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
 msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min
 if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
 
-msg "test: compat.sh ARIA"
-if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA'
+msg "test: compat.sh ARIA + ChachaPoly"
+if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
 
 msg "test/build: curves.pl (gcc)" # ~ 4 min
 cleanup

From 1f092b40a6877ad57bea043cee40328545505dce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 19 Jun 2018 12:48:24 +0200
Subject: [PATCH 136/578] Add ChangeLog entry for ChachaPoly ciphersuites

fixes #346
---
 ChangeLog | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 23f4291d9..3cbccd7d6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,8 +4,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 Features
    * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
-   authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
-   Daniel King (#485).
+     authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed
+     by Daniel King (#485).
+   * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905.
 
 = mbed TLS 2.11.0 branch released 2018-06-18
 

From e12f0acc4c1bca3d6a171b8392613c0be0541815 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 19 Jun 2018 14:54:11 +0200
Subject: [PATCH 137/578] Adapt buffer size for minimal CCM config

This is useful for testing interop with GnuTLS, which sends records larger
than 512 bytes.

This change is triggered by the addition of CCM interop testing with GnuTLS a
few commits ago.
---
 configs/config-ccm-psk-tls1_2.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index a783e6b73..c9b58dd53 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -81,7 +81,7 @@
  * both ends of the connection!  (See comments in "mbedtls/ssl.h".)
  * The optimal size here depends on the typical size of records.
  */
-#define MBEDTLS_SSL_MAX_CONTENT_LEN             512
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             1024
 
 #include "mbedtls/check_config.h"
 

From c51d613eac600a9c80d2a97aaf6ccf651f8c820e Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 19 Jun 2018 17:25:34 +0100
Subject: [PATCH 138/578] Ensure crosscompiling with make works in Mac OS X

---
 library/Makefile | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/library/Makefile b/library/Makefile
index b1ef8d3f6..857e977e9 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -37,27 +37,29 @@ SOEXT_TLS=so.10
 SOEXT_X509=so.0
 SOEXT_CRYPTO=so.2
 
-DLEXT ?= so
-
 # Set AR_DASH= (empty string) to use an ar implentation that does not accept
 # the - prefix for command line options (e.g. llvm-ar)
 AR_DASH ?= -
 
+ARFLAGS = $(AR_DASH)src
 ifdef APPLE_BUILD
+ifneq ($(APPLE_BUILD),0)
 ARFLAGS = $(AR_DASH)Src
 RLFLAGS = -no_warning_for_no_symbols -c
 RL ?= ranlib
-else
-ARFLAGS = $(AR_DASH)src
+endif
 endif
 
+DLEXT ?= so
 ifdef WINDOWS_BUILD
 # Windows shared library extension:
 DLEXT = dll
 else ifdef APPLE_BUILD
+ifneq ($(APPLE_BUILD),0)
 # Mac OS X shared library extension:
 DLEXT = dylib
 endif
+endif
 
 OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 		asn1parse.o	asn1write.o	base64.o	\
@@ -109,9 +111,11 @@ libmbedtls.a: $(OBJS_TLS)
 	echo "  AR    $@"
 	$(AR) $(ARFLAGS) $@ $(OBJS_TLS)
 ifdef APPLE_BUILD
+ifneq ($(APPLE_BUILD),0)
 	echo "  RL    $@"
 	$(RL) $(RLFLAGS) $@
 endif
+endif
 
 libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
 	echo "  LD    $@"
@@ -134,9 +138,11 @@ libmbedx509.a: $(OBJS_X509)
 	echo "  AR    $@"
 	$(AR) $(ARFLAGS) $@ $(OBJS_X509)
 ifdef APPLE_BUILD
+ifneq ($(APPLE_BUILD),0)
 	echo "  RL    $@"
 	$(RL) $(RLFLAGS) $@
 endif
+endif
 
 libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
 	echo "  LD    $@"
@@ -159,9 +165,11 @@ libmbedcrypto.a: $(OBJS_CRYPTO)
 	echo "  AR    $@"
 	$(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
 ifdef APPLE_BUILD
+ifneq ($(APPLE_BUILD),0)
 	echo "  RL    $@"
 	$(RL) $(RLFLAGS) $@
 endif
+endif
 
 libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
 	echo "  LD    $@"

From 21f73b57edf366392643fb53b545c2e566fe3ac7 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 20 Jun 2018 08:13:24 +0200
Subject: [PATCH 139/578] Coding style

Commit to be squashed
---
 library/x509_csr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/x509_csr.c b/library/x509_csr.c
index 40a0f2061..779098d4e 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -279,7 +279,8 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
 
 #if defined(MBEDTLS_PEM_PARSE_C)
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( buf[buflen - 1] == '\0' ) {
+    if( buf[buflen - 1] == '\0' )
+    {
         mbedtls_pem_init( &pem );
         ret = mbedtls_pem_read_buffer( &pem,
                                "-----BEGIN CERTIFICATE REQUEST-----",

From 7994766581546762745efc0a13dd9a90a8b7787b Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Wed, 20 Jun 2018 09:34:54 +0100
Subject: [PATCH 140/578] Fix usage of if_build_succeeded in all.sh zeroize
 test

---
 tests/scripts/all.sh | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 439a6bf13..01d69c762 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -357,6 +357,12 @@ if_build_succeeded () {
     fi
 }
 
+# to be used instead of ! for commands run with
+# record_status or if_build_succeeded
+not() {
+    ! "$@"
+}
+
 msg "info: $0 configuration"
 echo "MEMORY: $MEMORY"
 echo "FORCE: $FORCE"
@@ -907,17 +913,10 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do
         msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
         cleanup
         make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
-        if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx > test_zeroize.log 2>&1
-        if [ ! -s test_zeroize.log ]; then
-            err_msg "test_zeroize.log was not found or is empty"
-            record_status [ -s test_zeroize.log ]
-        elif ! grep "The buffer was correctly zeroized" test_zeroize.log >/dev/null 2>&1; then
-            err_msg "test_zeroize.log does not contain pass string"
-            record_status false
-        elif grep -i "error" test_zeroize.log >/dev/null 2>&1; then
-            err_msg "test_zeroize.log contains error string"
-            record_status false
-        fi
+        if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+        if_build_succeeded [ -s test_zeroize.log ]
+        if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
+        if_build_succeeded not grep -i "error" test_zeroize.log
         rm -f test_zeroize.log
     done
 done

From e3402ce44f6286fc07962740b061962d270ed554 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 20 Jun 2018 10:43:21 +0100
Subject: [PATCH 141/578] Enable APPLE_BUILD in makefile if using system ar

---
 library/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/Makefile b/library/Makefile
index 857e977e9..353bd8bec 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -22,8 +22,10 @@ endif
 ifdef WINDOWS
 WINDOWS_BUILD=1
 else ifeq ($(shell uname -s),Darwin)
+ifeq ($(AR),ar)
 APPLE_BUILD ?= 1
 endif
+endif
 
 # To compile as a shared library:
 ifdef SHARED

From 755bb6af5f6fdfcabaddd018d149c2819125d7b3 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Wed, 14 Feb 2018 19:30:48 +0200
Subject: [PATCH 142/578] Add ecc extensions only if ecc ciphersuite is used

Fix compliancy to RFC4492. ECC extensions should be included
only if ec ciphersuites are used. Interoperability issue with
bouncy castle. #1157
---
 library/ssl_ciphersuites.c |  6 ++++--
 library/ssl_cli.c          | 20 ++++++++++++++++----
 library/ssl_srv.c          |  8 ++++++--
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 2e9a0fd79..dc4f0bbad 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -2242,7 +2242,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers
 
 #endif /* MBEDTLS_PK_C */
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
 int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
 {
     switch( info->key_exchange )
@@ -2252,13 +2253,14 @@ int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
             return( 1 );
 
         default:
             return( 0 );
     }
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
 
 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
 int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e537f9d2e..ad11292a0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -766,6 +766,10 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     unsigned char offer_compress;
     const int *ciphersuites;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+    int uses_ec = 0;
+#endif
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
 
@@ -917,6 +921,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %04x",
                                     ciphersuites[i] ) );
 
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+        uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
+#endif
+
         n++;
         *p++ = (unsigned char)( ciphersuites[i] >> 8 );
         *p++ = (unsigned char)( ciphersuites[i]      );
@@ -1010,11 +1019,14 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
+    if( uses_ec )
+    {
+        ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
+        ext_len += olen;
 
-    ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
+        ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+        ext_len += olen;
+    }
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 0ccab588e..91079f17a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2564,8 +2564,12 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
-    ext_len += olen;
+    if ( mbedtls_ssl_ciphersuite_uses_ec(
+         mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) )
+    {
+        ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+        ext_len += olen;
+    }
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)

From 3f38cf7c7b7695d83d9049c630bd63a44d5f45e2 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 21 Jun 2018 16:40:24 +0300
Subject: [PATCH 143/578] Add entry in ChangeLog

Add an entry in the ChangeLog, describing the fix.
---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 027a97174..c28f806a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Add ecc extensions only if an ecc based ciphersuite is used.
+     Affects interoperability with BouncyCastle and other peers.
+     Raised by milenamil in #1157.
+
 = mbed TLS 2.11.0 branch released 2018-06-18
 
 Features

From a562c2630061c2492082710196928c74984b67c6 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Tue, 11 Jul 2017 14:39:30 +0100
Subject: [PATCH 144/578] Add ChangeLog entry for mbedtls_ssl_write() docs

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 027a97174..ca4c0b1a8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x released xxxx-xx-xx
+
+Bugfix
+   * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
+     return value. Found by @davidwu2000. #839
+
 = mbed TLS 2.11.0 branch released 2018-06-18
 
 Features

From 7ee25d770d874c59384d31a9d5cf76e423c83e73 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Tue, 11 Jul 2017 16:15:54 +0100
Subject: [PATCH 145/578] Allow 0 as a valid ret value for mbedtls_ssl_write

This patch modifies the documentation for mbedtls_ssl_write() to allow
0 as a valid return value as this is the correct number of bytes that
should be returned when an empty TLS Application record is sent.
---
 include/mbedtls/ssl.h | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 45135500f..39b7f290a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2907,17 +2907,19 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
  *                 or MBEDTLS_ERR_SSL_WANT_WRITE or MBEDTLS_ERR_SSL_WANT_READ,
  *                 or another negative error code.
  *
- * \note           If this function returns something other than a positive value
- *                 or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- *                 the SSL context for reading or writing, and either free it or
- *                 call \c mbedtls_ssl_session_reset() on it before re-using it
- *                 for a new connection; the current connection must be closed.
+ * \note           If this function returns something other than 0, a positive
+ *                 value or MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop
+ *                 using the SSL context for reading or writing, and either
+ *                 free it or call \c mbedtls_ssl_session_reset() on it before
+ *                 re-using it for a new connection; the current connection
+ *                 must be closed.
  *
  * \note           When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ,
  *                 it must be called later with the *same* arguments,
- *                 until it returns a positive value. When the function returns
- *                 MBEDTLS_ERR_SSL_WANT_WRITE there may be some partial
- *                 data in the output buffer, however this is not yet sent.
+ *                 until it returns a value greater that or equal to 0. When
+ *                 the function returns MBEDTLS_ERR_SSL_WANT_WRITE there may be
+ *                 some partial data in the output buffer, however this is not
+ *                 yet sent.
  *
  * \note           If the requested length is greater than the maximum
  *                 fragment length (either the built-in limit or the one set
@@ -2926,6 +2928,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
  *                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
  *                 \c mbedtls_ssl_get_max_frag_len() may be used to query the
  *                 active maximum fragment length.
+ *
+ * \note           Attempting to write 0 bytes will result in an empty TLS
+ *                 application record being sent.
  */
 int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
 

From 5b92352374e50856f6faa229e9986a300fe96796 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Thu, 28 Sep 2017 14:41:17 +0100
Subject: [PATCH 146/578] Document ssl_write_real() behaviour in detail

---
 library/ssl_tls.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e5119fcda..c24a12f97 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7231,8 +7231,16 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
 }
 
 /*
- * Send application data to be encrypted by the SSL layer,
- * taking care of max fragment length and buffer size
+ * Send application data to be encrypted by the SSL layer, taking care of max
+ * fragment length and buffer size.
+ *
+ * According to RFC 5246 Section 6.2.1:
+ *
+ *      Zero-length fragments of Application data MAY be sent as they are
+ *      potentially useful as a traffic analysis countermeasure.
+ *
+ * Therefore, it is possible that the input message length is 0 and the
+ * corresponding return code is 0 on success.
  */
 static int ssl_write_real( mbedtls_ssl_context *ssl,
                            const unsigned char *buf, size_t len )
@@ -7260,6 +7268,12 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
 
     if( ssl->out_left != 0 )
     {
+        /*
+         * The user has previously tried to send the data and
+         * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially
+         * written. In this case, we expect the high-level write function
+         * (e.g. mbedtls_ssl_write()) to be called with the same parameters
+         */
         if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
@@ -7268,6 +7282,11 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
     }
     else
     {
+        /*
+         * The user is trying to send a message the first time, so we need to
+         * copy the data into the internal buffers and setup the data structure
+         * to keep track of partial writes
+         */
         ssl->out_msglen  = len;
         ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
         memcpy( ssl->out_msg, buf, len );

From bf7fe4f3f00ed905cbeb207f171735621d1e0a40 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 21 Jun 2018 20:21:38 +0100
Subject: [PATCH 147/578] Replace check with APPLE with CMAKE_SYSTEM_NAME

---
 library/CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index cd1857c3d..063a269c4 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -96,12 +96,12 @@ if(WIN32)
     set(libs ${libs} ws2_32)
 endif(WIN32)
 
-if(APPLE)
+if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
     SET(CMAKE_C_ARCHIVE_CREATE   "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
     SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
     SET(CMAKE_C_ARCHIVE_FINISH   "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
     SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
-endif(APPLE)
+endif()
 
 if(USE_PKCS11_HELPER_LIBRARY)
     set(libs ${libs} pkcs11-helper)

From 5357164c991e735ef557c04c422709500ee76bc9 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simonb@redtangent.net>
Date: Sun, 24 Jun 2018 12:58:31 +0100
Subject: [PATCH 148/578] Add ebx to the i386 clobber list for MPI assembly

This fix adds the ebx register to the clobber list for the i386 inline assembly
for the multiply helper function.

ebx was used but not listed, so when the compiler chose to also use it, ebx was
getting corrupted. I'm surprised this wasn't spotted sooner.

Fixes Github issues #1550.
---
 include/mbedtls/bn_mul.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index f4b2b561d..e04926043 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -142,7 +142,7 @@
         "movl   %%esi, %3       \n\t"   \
         : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
         : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ecx", "edx", "esi", "edi"             \
+        : "eax", "ebx", "ecx", "edx", "esi", "edi"      \
     );
 
 #else
@@ -154,7 +154,7 @@
         "movl   %%esi, %3       \n\t"   \
         : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
         : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ecx", "edx", "esi", "edi"             \
+        : "eax", "ebx", "ecx", "edx", "esi", "edi"      \
     );
 #endif /* SSE2 */
 #endif /* i386 */

From 6a9257bc5719dcdcc44dd2c0f52208012b1bffe9 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 24 Aug 2017 14:20:17 +0300
Subject: [PATCH 149/578] Add check for return code of bignumber code

Add check for return code of `mbedtls_mpi_write_file`
as commented by @sbutcher-arm
---
 programs/pkey/key_app.c | 50 ++++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index f1b548d05..b93ea8f75 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -105,7 +105,7 @@ int main( int argc, char *argv[] )
     {
     usage:
         mbedtls_printf( USAGE );
-        goto exit;
+        goto cleanup;
     }
 
     opt.mode                = DFL_MODE;
@@ -155,13 +155,13 @@ int main( int argc, char *argv[] )
             if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
             {
                 mbedtls_printf( " failed\n  !  fopen returned NULL\n" );
-                goto exit;
+                goto cleanup;
             }
             if( fgets( buf, sizeof(buf), f ) == NULL )
             {
                 fclose( f );
                 mbedtls_printf( "Error: fgets() failed to retrieve password\n" );
-                goto exit;
+                goto cleanup;
             }
             fclose( f );
 
@@ -182,7 +182,7 @@ int main( int argc, char *argv[] )
         if( ret != 0 )
         {
             mbedtls_printf( " failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
-            goto exit;
+            goto cleanup;
         }
 
         mbedtls_printf( " ok\n" );
@@ -203,14 +203,14 @@ int main( int argc, char *argv[] )
                 goto exit;
             }
 
-            mbedtls_mpi_write_file( "N:  ",  &N,  16, NULL );
-            mbedtls_mpi_write_file( "E:  ",  &E,  16, NULL );
-            mbedtls_mpi_write_file( "D:  ",  &D,  16, NULL );
-            mbedtls_mpi_write_file( "P:  ",  &P,  16, NULL );
-            mbedtls_mpi_write_file( "Q:  ",  &Q,  16, NULL );
-            mbedtls_mpi_write_file( "DP: ",  &DP, 16, NULL );
-            mbedtls_mpi_write_file( "DQ:  ", &DQ, 16, NULL );
-            mbedtls_mpi_write_file( "QP:  ", &QP, 16, NULL );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &rsa->N, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E:  ", &rsa->E, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D:  ", &rsa->D, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P:  ", &rsa->P, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q:  ", &rsa->Q, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ:  ", &rsa->DQ, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP:  ", &rsa->QP, 16, NULL ) );
         }
         else
 #endif
@@ -218,16 +218,16 @@ int main( int argc, char *argv[] )
         if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
         {
             mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
-            mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
-            mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
-            mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
-            mbedtls_mpi_write_file( "D   : ", &ecp->d  , 16, NULL );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D   : ", &ecp->d  , 16, NULL ) );
         }
         else
 #endif
         {
             mbedtls_printf("Do not know how to print key information for this type\n" );
-            goto exit;
+            goto cleanup;
         }
     }
     else if( opt.mode == MODE_PUBLIC )
@@ -243,7 +243,7 @@ int main( int argc, char *argv[] )
         if( ret != 0 )
         {
             mbedtls_printf( " failed\n  !  mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
-            goto exit;
+            goto cleanup;
         }
 
         mbedtls_printf( " ok\n" );
@@ -260,8 +260,8 @@ int main( int argc, char *argv[] )
                 mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
                 goto exit;
             }
-            mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
-            mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &rsa->N, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E:  ", &rsa->E, 16, NULL ) );
         }
         else
 #endif
@@ -269,21 +269,21 @@ int main( int argc, char *argv[] )
         if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
         {
             mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
-            mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
-            mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
-            mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
         }
         else
 #endif
         {
             mbedtls_printf("Do not know how to print key information for this type\n" );
-            goto exit;
+            goto cleanup;
         }
     }
     else
         goto usage;
 
-exit:
+cleanup:
 
 #if defined(MBEDTLS_ERROR_C)
     if( ret != 0 )

From 7a81426a1aecbf156e8b94f496472b59b3eda6e2 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 24 Jun 2018 16:34:15 +0300
Subject: [PATCH 150/578] Fix style issue

Add space before and after paranthesis.
---
 programs/pkey/key_app.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index b93ea8f75..4dbbdfbda 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -288,7 +288,7 @@ cleanup:
 #if defined(MBEDTLS_ERROR_C)
     if( ret != 0 )
     {
-        mbedtls_strerror( ret, buf, sizeof(buf) );
+        mbedtls_strerror( ret, buf, sizeof( buf ) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
     }
 #endif

From 6fd941fe4b082433ba100215669003c04557ed23 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 14 May 2017 16:17:33 +0300
Subject: [PATCH 151/578] Remove unneeded namesapcing in header files

Remove the `mbedtls` namesapcing in the `#include` in header files
Resolves issue #857
---
 ChangeLog                       | 6 ++++++
 configs/config-ccm-psk-tls1_2.h | 2 +-
 configs/config-mini-tls1_1.h    | 2 +-
 configs/config-suite-b.h        | 2 +-
 configs/config-thread.h         | 2 +-
 include/mbedtls/cmac.h          | 2 +-
 include/mbedtls/config.h        | 2 +-
 include/mbedtls/ctr_drbg.h      | 2 +-
 include/mbedtls/hmac_drbg.h     | 2 +-
 include/mbedtls/net.h           | 4 ++--
 include/mbedtls/platform.h      | 2 +-
 include/mbedtls/ssl.h           | 2 +-
 12 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 027a97174..38c0d7256 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix namespacing in header files. REmove the `mbedtls` namespacing in
+     the `#include` in the header files. Resolves #857
+
 = mbed TLS 2.11.0 branch released 2018-06-18
 
 Features
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index a783e6b73..96515a276 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -83,6 +83,6 @@
  */
 #define MBEDTLS_SSL_MAX_CONTENT_LEN             512
 
-#include "mbedtls/check_config.h"
+#include "check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 013bc0300..a14fc10b4 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -73,6 +73,6 @@
 /* For testing with compat.sh */
 #define MBEDTLS_FS_IO
 
-#include "mbedtls/check_config.h"
+#include "check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 18e2c4036..23b53d612 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -112,6 +112,6 @@
  */
 #define MBEDTLS_SSL_MAX_CONTENT_LEN             1024
 
-#include "mbedtls/check_config.h"
+#include "check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 25db16bf0..7c4311333 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -89,6 +89,6 @@
 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
 
-#include "mbedtls/check_config.h"
+#include "check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 913c05f8a..a4fd55256 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -28,7 +28,7 @@
 #ifndef MBEDTLS_CMAC_H
 #define MBEDTLS_CMAC_H
 
-#include "mbedtls/cipher.h"
+#include "cipher.h"
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 34dbec0bc..bdaaab2a4 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2973,7 +2973,7 @@
 /* \} name SECTION: Customisation configuration options */
 
 /* Target and application specific configurations */
-//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "mbedtls/target_config.h"
+//#define YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE "target_config.h"
 
 #if defined(TARGET_LIKE_MBED) && defined(YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE)
 #include YOTTA_CFG_MBEDTLS_TARGET_CONFIG_FILE
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index dcbc04792..3835d7299 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -36,7 +36,7 @@
 #include "aes.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
 #endif
 
 #define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index e0821cf78..2608de859 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -27,7 +27,7 @@
 #include "md.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#include "threading.h"
 #endif
 
 /*
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
index 28ae8217c..6c13b53fb 100644
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@@ -1,7 +1,7 @@
 /**
  * \file net.h
  *
- * \brief Deprecated header file that includes mbedtls/net_sockets.h
+ * \brief Deprecated header file that includes net_sockets.h
  *
  * \deprecated Superseded by mbedtls/net_sockets.h
  */
@@ -25,7 +25,7 @@
  */
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#include "mbedtls/net_sockets.h"
+#include "net_sockets.h"
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
 #endif /* MBEDTLS_DEPRECATED_WARNING */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 9d9c5293e..624cc642a 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -40,7 +40,7 @@
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#include "platform_time.h"
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 45135500f..a96509ec7 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -62,7 +62,7 @@
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#include "platform_time.h"
 #endif
 
 /*

From 6332e368ccff672d332ca9ba40e729e5c50027b7 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 1 Oct 2017 17:11:54 +0300
Subject: [PATCH 152/578] Fix typo in ChangeLog

Fix typo in ChangeLog discovered in PR review
---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 38c0d7256..58f2ae657 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,7 +3,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
 Bugfix
-   * Fix namespacing in header files. REmove the `mbedtls` namespacing in
+   * Fix namespacing in header files. Remove the `mbedtls` namespacing in
      the `#include` in the header files. Resolves #857
 
 = mbed TLS 2.11.0 branch released 2018-06-18

From 6c34442c87596fa50fce1ce7872dd2574cb7c6f5 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simonb@redtangent.net>
Date: Sun, 24 Jun 2018 16:20:56 +0100
Subject: [PATCH 153/578] Add fix for #1550 and credit to the ChangeLog

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 027a97174..ede5b93ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.xx.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix the inline assembly for the MPI multiply helper function for i386 and
+     i386 with SSE2. Found by László Langó. Fixes #1550
+
 = mbed TLS 2.11.0 branch released 2018-06-18
 
 Features

From 51d7cfe026fa3f33d86a80d27ea9013830f33992 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 25 Jun 2018 11:19:51 +0200
Subject: [PATCH 154/578] Fix coverity warnings in benchmark.c

Functions time with TIME_AND_TSC() didn't have their return values checked.
I'm not sure whether Coverity complained about existing uses, but it did about
new ones, since we consistently check their return values everywhere but here,
which it rightfully finds suspicious.

So, let's check return values. This probably adds a few cycles to existing
loop overhead, but on my machine (x86_64) the added overhead is less than the
random-looking variation between various runs, so it's acceptable.

Some calls had their own particular error checking; remove that in favour of
the new general solution.
---
 programs/test/benchmark.c | 41 +++++++++++++++++++++------------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index d577adb99..5277ceb79 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -119,25 +119,34 @@ int main( void )
 #define TIME_AND_TSC( TITLE, CODE )                                     \
 do {                                                                    \
     unsigned long ii, jj, tsc;                                          \
+    int ret = 0;                                                        \
                                                                         \
     mbedtls_printf( HEADER_FORMAT, TITLE );                             \
     fflush( stdout );                                                   \
                                                                         \
     mbedtls_set_alarm( 1 );                                             \
-    for( ii = 1; ! mbedtls_timing_alarmed; ii++ )                       \
+    for( ii = 1; ret == 0 && ! mbedtls_timing_alarmed; ii++ )           \
     {                                                                   \
-        CODE;                                                           \
+        ret = CODE;                                                     \
     }                                                                   \
                                                                         \
     tsc = mbedtls_timing_hardclock();                                   \
-    for( jj = 0; jj < 1024; jj++ )                                      \
+    for( jj = 0; ret == 0 && jj < 1024; jj++ )                          \
     {                                                                   \
-        CODE;                                                           \
+        ret = CODE;                                                     \
     }                                                                   \
                                                                         \
-    mbedtls_printf( "%9lu KiB/s,  %9lu cycles/byte\n",                   \
-                     ii * BUFSIZE / 1024,                               \
-                     ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) );         \
+    if( ret != 0 )                                                      \
+    {                                                                   \
+        PRINT_ERROR;                                                    \
+    }                                                                   \
+    else                                                                \
+    {                                                                   \
+        mbedtls_printf( "%9lu KiB/s,  %9lu cycles/byte\n",              \
+                         ii * BUFSIZE / 1024,                           \
+                         ( mbedtls_timing_hardclock() - tsc )           \
+                         / ( jj * BUFSIZE ) );                          \
+    }                                                                   \
 } while( 0 )
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
@@ -664,15 +673,13 @@ int main( int argc, char *argv[] )
         if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
             mbedtls_exit(1);
         TIME_AND_TSC( "CTR_DRBG (NOPR)",
-                if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
-                mbedtls_exit(1) );
+                mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) );
 
         if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
             mbedtls_exit(1);
         mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
         TIME_AND_TSC( "CTR_DRBG (PR)",
-                if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
-                mbedtls_exit(1) );
+                mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) );
         mbedtls_ctr_drbg_free( &ctr_drbg );
     }
 #endif
@@ -692,8 +699,7 @@ int main( int argc, char *argv[] )
         if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
             mbedtls_exit(1);
         TIME_AND_TSC( "HMAC_DRBG SHA-1 (NOPR)",
-                if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
-                mbedtls_exit(1) );
+                mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
         mbedtls_hmac_drbg_free( &hmac_drbg );
 
         if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
@@ -701,8 +707,7 @@ int main( int argc, char *argv[] )
         mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
                                              MBEDTLS_HMAC_DRBG_PR_ON );
         TIME_AND_TSC( "HMAC_DRBG SHA-1 (PR)",
-                if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
-                mbedtls_exit(1) );
+                mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
         mbedtls_hmac_drbg_free( &hmac_drbg );
 #endif
 
@@ -713,8 +718,7 @@ int main( int argc, char *argv[] )
         if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
             mbedtls_exit(1);
         TIME_AND_TSC( "HMAC_DRBG SHA-256 (NOPR)",
-                if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
-                mbedtls_exit(1) );
+                mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
         mbedtls_hmac_drbg_free( &hmac_drbg );
 
         if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 )
@@ -722,8 +726,7 @@ int main( int argc, char *argv[] )
         mbedtls_hmac_drbg_set_prediction_resistance( &hmac_drbg,
                                              MBEDTLS_HMAC_DRBG_PR_ON );
         TIME_AND_TSC( "HMAC_DRBG SHA-256 (PR)",
-                if( mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) != 0 )
-                mbedtls_exit(1) );
+                mbedtls_hmac_drbg_random( &hmac_drbg, buf, BUFSIZE ) );
         mbedtls_hmac_drbg_free( &hmac_drbg );
 #endif
     }

From 8ee2422ef8d5287f0e236e954992178624478c71 Mon Sep 17 00:00:00 2001
From: niisato <niisato@yinn0777.gmo.local>
Date: Mon, 25 Jun 2018 19:05:48 +0900
Subject: [PATCH 155/578] about a issue Replace "new" variable #1782

---
 library/ssl_tls.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e5119fcda..fd33fa41c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5995,27 +5995,27 @@ static int ssl_append_key_cert( mbedtls_ssl_key_cert **head,
                                 mbedtls_x509_crt *cert,
                                 mbedtls_pk_context *key )
 {
-    mbedtls_ssl_key_cert *new;
+    mbedtls_ssl_key_cert *new_cert;
 
-    new = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
-    if( new == NULL )
+    new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) );
+    if( new_cert == NULL )
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
 
-    new->cert = cert;
-    new->key  = key;
-    new->next = NULL;
+    new_cert->cert = cert;
+    new_cert->key  = key;
+    new_cert->next = NULL;
 
     /* Update head is the list was null, else add to the end */
     if( *head == NULL )
     {
-        *head = new;
+        *head = new_cert;
     }
     else
     {
         mbedtls_ssl_key_cert *cur = *head;
         while( cur->next != NULL )
             cur = cur->next;
-        cur->next = new;
+        cur->next = new_cert;
     }
 
     return( 0 );

From 512b4ee9c7421c4d70352d2a37a6ef1038a515b0 Mon Sep 17 00:00:00 2001
From: Nicholas Wilson <nicholas.wilson@realvnc.com>
Date: Tue, 5 Dec 2017 12:07:33 +0000
Subject: [PATCH 156/578] Use gmtime_r to fix thread-safety issue, and use
 mbedtls_time on Windows

---
 ChangeLog                   |  7 +++++++
 include/mbedtls/threading.h |  3 ---
 library/threading.c         |  9 --------
 library/x509.c              | 42 +++++++------------------------------
 4 files changed, 14 insertions(+), 47 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 027a97174..517381bc5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Changes
+   * Allow overriding the time on Windows via the platform-time abstraction.
+     Fixed by Nick Wilson.
+   * Use gmtime_r/gmtime_s for thread-safety. Fixed by Nick Wilson.
+
 = mbed TLS 2.11.0 branch released 2018-06-18
 
 Features
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index aeea5d0e1..c25daa5cd 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -99,9 +99,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 #if defined(MBEDTLS_FS_IO)
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif
 #endif /* MBEDTLS_THREADING_C */
 
 #ifdef __cplusplus
diff --git a/library/threading.c b/library/threading.c
index f1c37245c..7a32e672c 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -114,9 +114,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
 #if defined(MBEDTLS_FS_IO)
     mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
 #endif
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-    mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
-#endif
 }
 
 /*
@@ -127,9 +124,6 @@ void mbedtls_threading_free_alt( void )
 #if defined(MBEDTLS_FS_IO)
     mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
 #endif
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-    mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
-#endif
 }
 #endif /* MBEDTLS_THREADING_ALT */
 
@@ -142,8 +136,5 @@ void mbedtls_threading_free_alt( void )
 #if defined(MBEDTLS_FS_IO)
 mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
 #endif
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
-#endif
 
 #endif /* MBEDTLS_THREADING_C */
diff --git a/library/x509.c b/library/x509.c
index 371d6da1d..906d1714b 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -59,14 +59,10 @@
 #define mbedtls_snprintf  snprintf
 #endif
 
-
 #if defined(MBEDTLS_HAVE_TIME)
 #include "mbedtls/platform_time.h"
 #endif
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-#include <windows.h>
-#else
+#if defined(MBEDTLS_HAVE_TIME_DATE)
 #include <time.h>
 #endif
 
@@ -903,36 +899,18 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
  * Set the time structure to the current time.
  * Return 0 on success, non-zero on failure.
  */
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 static int x509_get_current_time( mbedtls_x509_time *now )
 {
-    SYSTEMTIME st;
-
-    GetSystemTime( &st );
-
-    now->year = st.wYear;
-    now->mon  = st.wMonth;
-    now->day  = st.wDay;
-    now->hour = st.wHour;
-    now->min  = st.wMinute;
-    now->sec  = st.wSecond;
-
-    return( 0 );
-}
-#else
-static int x509_get_current_time( mbedtls_x509_time *now )
-{
-    struct tm *lt;
+    struct tm *lt, tm_buf;
     mbedtls_time_t tt;
     int ret = 0;
 
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
     tt = mbedtls_time( NULL );
-    lt = gmtime( &tt );
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+    lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL;
+#else
+    lt = gmtime_r( &tt, &tm_buf );
+#endif
 
     if( lt == NULL )
         ret = -1;
@@ -946,14 +924,8 @@ static int x509_get_current_time( mbedtls_x509_time *now )
         now->sec  = lt->tm_sec;
     }
 
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
     return( ret );
 }
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
 
 /*
  * Return 0 if before <= after, 1 otherwise

From 2682edf205177a9639d2126238d6f83e19fd5d71 Mon Sep 17 00:00:00 2001
From: Nicholas Wilson <nicholas.wilson@realvnc.com>
Date: Tue, 5 Dec 2017 12:08:15 +0000
Subject: [PATCH 157/578] Fix build using -std=c99

In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
---
 ChangeLog                      | 1 +
 library/entropy_poll.c         | 5 +++++
 library/net_sockets.c          | 5 +++++
 library/x509.c                 | 4 ++++
 programs/aes/aescrypt2.c       | 5 +++++
 programs/aes/crypt_and_hash.c  | 5 +++++
 programs/ssl/ssl_mail_client.c | 5 +++++
 tests/CMakeLists.txt           | 5 +++++
 tests/suites/helpers.function  | 1 +
 9 files changed, 36 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 517381bc5..4d5f5829f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ Changes
    * Allow overriding the time on Windows via the platform-time abstraction.
      Fixed by Nick Wilson.
    * Use gmtime_r/gmtime_s for thread-safety. Fixed by Nick Wilson.
+   * Fix build using -std=c99. Fixed by Nick Wilson.
 
 = mbed TLS 2.11.0 branch released 2018-06-18
 
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index fd96258ce..31f608b83 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -19,6 +19,11 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
+#if defined(__linux__)
+/* Ensure that syscall() is available even when compiling with -std=c99 */
+#define _GNU_SOURCE
+#endif
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 202da0171..4b267cf35 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -19,6 +19,11 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
+/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
+ * be set before config.h, which pulls in glibc's features.h indirectly.
+ * Harmless on other platforms. */
+#define _POSIX_C_SOURCE 200112L
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
diff --git a/library/x509.c b/library/x509.c
index 906d1714b..b47599b0d 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -29,6 +29,10 @@
  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
  */
 
+/* Ensure gmtime_r is available even with -std=c99; must be included before
+ * config.h, which pulls in glibc's features.h. Harmless on other platforms. */
+#define _XOPEN_SOURCE 500
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index 4acf38dd7..36dabe940 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -19,6 +19,11 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
+/* Enable definition of fileno() even when compiling with -std=c99. Must be
+ * set before config.h, which pulls in glibc's features.h indirectly.
+ * Harmless on other platforms. */
+#define _POSIX_C_SOURCE 1
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 0e272ebe4..49c43b321 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -20,6 +20,11 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
+/* Enable definition of fileno() even when compiling with -std=c99. Must be
+ * set before config.h, which pulls in glibc's features.h indirectly.
+ * Harmless on other platforms. */
+#define _POSIX_C_SOURCE 1
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 04b847a69..74d5d7270 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -19,6 +19,11 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
+/* Enable definition of hostname() even when compiling with -std=c99. Must be
+ * set before config.h, which pulls in glibc's features.h indirectly.
+ * Harmless on other platforms. */
+#define _POSIX_C_SOURCE 200112L
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index f630edb83..084da59f4 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -15,6 +15,11 @@ if(NOT PERL_FOUND)
     message(FATAL_ERROR "Cannot build test suites without Perl")
 endif()
 
+# Enable definition of various functions used throughout the testsuite
+# (hostname, strdup, fileno...) even when compiling with -std=c99. Harmless
+# on non-POSIX platforms.
+add_definitions("-D_POSIX_C_SOURCE=200809L")
+
 function(add_test_suite suite_name)
     if(ARGV1)
         set(data_name ${ARGV1})
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index f82694ada..8f04885a5 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -36,6 +36,7 @@ typedef UINT32 uint32_t;
 
 #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
 #include <unistd.h>
+#include <strings.h>
 #endif
 
 /*----------------------------------------------------------------------------*/

From 15550854a372887752a164eed2d451c0c5b31b03 Mon Sep 17 00:00:00 2001
From: niisato <niisato@yinn0777.gmo.local>
Date: Mon, 25 Jun 2018 20:07:10 +0900
Subject: [PATCH 158/578] add ChangeLog to this commit.

---
 ChangeLog | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 027a97174..85120e23f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix Renaming "new" variable #1783.
+     compile error(new variable) with arm-none-eabi-gcc(c++) on mbed TLS 2.7.0.
+
+
 = mbed TLS 2.11.0 branch released 2018-06-18
 
 Features

From 99a3e8072138e097df42acabfd9ea49541ac4659 Mon Sep 17 00:00:00 2001
From: niisato <niisato@yinn0777.gmo.local>
Date: Mon, 25 Jun 2018 20:21:19 +0900
Subject: [PATCH 159/578] update change log.

---
 ChangeLog | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 85120e23f..f22383217 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,9 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
 Bugfix
-   * Fix Renaming "new" variable #1783.
-     compile error(new variable) with arm-none-eabi-gcc(c++) on mbed TLS 2.7.0.
-
+   * Fix compilation error on c++, because of a variable named new. Found and fixed by Hirotaka Niisato in #1783 
 
 = mbed TLS 2.11.0 branch released 2018-06-18
 

From b7d39db047bb758897ca4f96b9f2f32b50224ce5 Mon Sep 17 00:00:00 2001
From: niisato <niisato@yinn0777.gmo.local>
Date: Mon, 25 Jun 2018 20:44:57 +0900
Subject: [PATCH 160/578] update ChangeLog

---
 ChangeLog | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f22383217..70c000a31 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,7 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
 Bugfix
-   * Fix compilation error on c++, because of a variable named new. Found and fixed by Hirotaka Niisato in #1783 
+   * Fix compilation error on C++, because of a variable named new.
+     Found and fixed by Hirotaka Niisato in #1783 
 
 = mbed TLS 2.11.0 branch released 2018-06-18
 

From 164b9cd025bdfcc2becea310045fae11def65149 Mon Sep 17 00:00:00 2001
From: niisato <niisato@yinn0777.gmo.local>
Date: Mon, 25 Jun 2018 20:47:05 +0900
Subject: [PATCH 161/578] update ChangeLog

---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 70c000a31..25facc53f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,7 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 Bugfix
    * Fix compilation error on C++, because of a variable named new.
-     Found and fixed by Hirotaka Niisato in #1783 
+     Found and fixed by Hirotaka Niisato in #1783.
 
 = mbed TLS 2.11.0 branch released 2018-06-18
 

From 7972334090f79dd32a133e80eb7003d0741049b6 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Fri, 22 Jun 2018 17:30:52 +0200
Subject: [PATCH 162/578] Enable ARIA self test in the unit testing

---
 tests/suites/test_suite_aria.data | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data
index 46c6eccc2..43373b8aa 100644
--- a/tests/suites/test_suite_aria.data
+++ b/tests/suites/test_suite_aria.data
@@ -93,3 +93,7 @@ aria_encrypt_cfb128:"00112233445566778899aabbccddeeff00112233445566778899aabbccd
 
 ARIA-256-CFB128 Decrypt - Official Test Vectors 1.0
 aria_decrypt_cfb128:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0
+
+ARIA Selftest
+depends_on:MBEDTLS_SELF_TEST
+aria_selftest:

From 49221234c8b2832157a4b3b1b1375ea04c18e0a8 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Tue, 26 Jun 2018 16:46:21 +0300
Subject: [PATCH 163/578] Update the Mbed TLS forum link

Update the link to the new Mbed TLS forum
---
 .github/issue_template.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/issue_template.md b/.github/issue_template.md
index 5e9d83d4f..7c3135351 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -38,4 +38,4 @@ Version:
 
 ## Question
 
-**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)**  
+**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://forums.mbed.com/c/mbed-tls)**  

From a522147f58764a0e9d866445ad63aa4d2f274ef6 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Wed, 27 Jun 2018 08:49:00 +0300
Subject: [PATCH 164/578] Fix compilation errors after updating

Fix compilation errorsthat happened after new code introduced
by updating the branch. Replaced `exit` label with `cleanup`.
---
 programs/pkey/key_app.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 4dbbdfbda..f57dba145 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -200,7 +200,7 @@ int main( int argc, char *argv[] )
                 ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) )      != 0 )
             {
                 mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
-                goto exit;
+                goto cleanup;
             }
 
             MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &rsa->N, 16, NULL ) );
@@ -258,7 +258,7 @@ int main( int argc, char *argv[] )
                                             NULL, &E ) ) != 0 )
             {
                 mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
-                goto exit;
+                goto cleanup;
             }
             MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &rsa->N, 16, NULL ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E:  ", &rsa->E, 16, NULL ) );

From bf4709978ce67669a738ede94d498658ac2d7507 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Wed, 27 Jun 2018 11:51:46 +0300
Subject: [PATCH 165/578] Adjust to new RSA infrastructure

Don't access the rsa cotext parameters directly, but use
the local `mbedtls_mpi` variable that were exported.
---
 programs/pkey/key_app.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index f57dba145..3a74f2770 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -203,14 +203,14 @@ int main( int argc, char *argv[] )
                 goto cleanup;
             }
 
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &rsa->N, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E:  ", &rsa->E, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D:  ", &rsa->D, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P:  ", &rsa->P, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q:  ", &rsa->Q, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ:  ", &rsa->DQ, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP:  ", &rsa->QP, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &N, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E:  ", &E, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D:  ", &D, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P:  ", &P, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q:  ", &Q, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ:  ", &DQ, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP:  ", &QP, 16, NULL ) );
         }
         else
 #endif
@@ -260,8 +260,8 @@ int main( int argc, char *argv[] )
                 mbedtls_printf( " failed\n  ! could not export RSA parameters\n\n" );
                 goto cleanup;
             }
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &rsa->N, 16, NULL ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E:  ", &rsa->E, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N:  ", &N, 16, NULL ) );
+            MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E:  ", &E, 16, NULL ) );
         }
         else
 #endif

From d56654f987dc5bb2a2b53f645d0498fa53ef37af Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Wed, 27 Jun 2018 14:36:37 +0300
Subject: [PATCH 166/578] Update the forum link in the README file

Update the forum link in the readme file as well.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a2c3c6f21..ced36e192 100644
--- a/README.md
+++ b/README.md
@@ -211,7 +211,7 @@ To accept the Contributor’s Licence Agreement (CLA), individual contributors c
 
 ### Making a Contribution
 
-1.  [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
+1.  [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://forums.mbed.com/c/mbed-tls) around a feature idea or a bug.
 2.  Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
 3.  Write a test which shows that the bug was fixed or that the feature works as expected.
 4.  Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)

From 84e62f88a2c170e0e1f58d42d3d3bbc9f68d0741 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 28 Jun 2018 11:09:09 +0300
Subject: [PATCH 167/578] Update ChangeLog

Update ChangeLog with a less ambigous description.
---
 ChangeLog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c28f806a7..380b289c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,8 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
-     Affects interoperability with BouncyCastle and other peers.
-     Raised by milenamil in #1157.
+     This improves compliance to RFC 4492, and as a result, solves
+     interoperability issues with BouncyCastle. Raised by milenamil in #1157.
 
 = mbed TLS 2.11.0 branch released 2018-06-18
 

From 40741f8ce5841c507155bf7954b08ffdcb64100a Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 14 Mar 2018 17:24:01 -0400
Subject: [PATCH 168/578] Add a test with a cpp executable including all mbed
 TLS headers

In case of any problems with the 'extern "C"' directives,
building the executable will fail
---
 CMakeLists.txt                |   2 +-
 programs/.gitignore           |   1 +
 programs/Makefile             |   7 ++
 programs/test/CMakeLists.txt  |   3 +
 programs/test/header_test.cpp | 123 ++++++++++++++++++++++++++++++++++
 5 files changed, 135 insertions(+), 1 deletion(-)
 create mode 100644 programs/test/header_test.cpp

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0ade1d4cb..2a10d7caf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 2.6)
-project("mbed TLS" C)
+project("mbed TLS" C CXX)
 
 option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
 option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
diff --git a/programs/.gitignore b/programs/.gitignore
index ddfa1a426..5bbe2e825 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -45,6 +45,7 @@ ssl/mini_client
 test/benchmark
 test/ecp-bench
 test/selftest
+test/header_test
 test/ssl_cert_test
 test/udp_proxy
 test/zeroize
diff --git a/programs/Makefile b/programs/Makefile
index 080e82d88..c5dd9f9ee 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -4,9 +4,11 @@
 
 CFLAGS	?= -O2
 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement
+WARNING_CXXFLAGS ?= -Wall -W
 LDFLAGS ?=
 
 LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64
 LOCAL_LDFLAGS = -L../library 			\
 		-lmbedtls$(SHARED_SUFFIX)	\
 		-lmbedx509$(SHARED_SUFFIX)	\
@@ -68,6 +70,7 @@ APPS =	aes/aescrypt2$(EXEXT)		aes/crypt_and_hash$(EXEXT)	\
 	test/ssl_cert_test$(EXEXT)	test/benchmark$(EXEXT)		\
 	test/selftest$(EXEXT)		test/udp_proxy$(EXEXT)		\
 	test/zeroize$(EXEXT)						\
+	test/header_test$(EXEXT)								\
 	util/pem2der$(EXEXT)		util/strerror$(EXEXT)		\
 	x509/cert_app$(EXEXT)		x509/crl_app$(EXEXT)		\
 	x509/cert_req$(EXEXT)		x509/cert_write$(EXEXT)		\
@@ -242,6 +245,10 @@ test/benchmark$(EXEXT): test/benchmark.c $(DEP)
 	echo "  CC    test/benchmark.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test/header_test$(EXEXT): test/header_test.cpp $(DEP)
+	echo "  CXX   test/header_test.cpp"
+	$(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/header_test.cpp   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test/selftest$(EXEXT): test/selftest.c $(DEP)
 	echo "  CC    test/selftest.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 0c5ce27f7..32c141551 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -16,6 +16,9 @@ target_link_libraries(selftest ${libs})
 add_executable(benchmark benchmark.c)
 target_link_libraries(benchmark ${libs})
 
+add_executable(header_test header_test.cpp)
+target_link_libraries(header_test ${libs})
+    
 add_executable(ssl_cert_test ssl_cert_test.c)
 target_link_libraries(ssl_cert_test ${libs})
 
diff --git a/programs/test/header_test.cpp b/programs/test/header_test.cpp
new file mode 100644
index 000000000..d1ddd4ba0
--- /dev/null
+++ b/programs/test/header_test.cpp
@@ -0,0 +1,123 @@
+/*
+ *  A C++ program that includes all of the mbed TLS header files, in order to
+ *  test if no errors are raised in the process.
+ *
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/aes.h"
+#include "mbedtls/aesni.h"
+#include "mbedtls/arc4.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/blowfish.h"
+#include "mbedtls/bn_mul.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/cipher_internal.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/compat-1.3.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/des.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/ecp_internal.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/havege.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md2.h"
+#include "mbedtls/md4.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md_internal.h"
+#include "mbedtls/net.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/padlock.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pkcs11.h"
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pk_internal.h"
+#include "mbedtls/platform_time.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/rsa_internal.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_internal.h"
+#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/threading.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/version.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/xtea.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_printf     printf
+#define mbedtls_snprintf   snprintf
+#define mbedtls_exit       exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+int main( int argc, char *argv[] )
+{
+    (void) argc;
+    (void) argv;
+}

From 0211c32c9af554a816401efa14064f058bd5aeb1 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 15 Mar 2018 05:16:24 -0400
Subject: [PATCH 169/578] Change the cpp test to be optional

Remove unnecessary defines from the test.
Test by defining TEST_CPP using makefiles or cmake.
---
 CMakeLists.txt                | 6 +++++-
 programs/Makefile             | 5 ++++-
 programs/test/CMakeLists.txt  | 8 +++++---
 programs/test/header_test.cpp | 8 --------
 4 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2a10d7caf..6133d07fa 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,5 +1,9 @@
 cmake_minimum_required(VERSION 2.6)
-project("mbed TLS" C CXX)
+if(TEST_CPP)
+	project("mbed TLS" C CXX)
+else()
+	project("mbed TLS" C)
+endif()
 
 option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
 option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
diff --git a/programs/Makefile b/programs/Makefile
index c5dd9f9ee..844d680f2 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -70,7 +70,6 @@ APPS =	aes/aescrypt2$(EXEXT)		aes/crypt_and_hash$(EXEXT)	\
 	test/ssl_cert_test$(EXEXT)	test/benchmark$(EXEXT)		\
 	test/selftest$(EXEXT)		test/udp_proxy$(EXEXT)		\
 	test/zeroize$(EXEXT)						\
-	test/header_test$(EXEXT)								\
 	util/pem2der$(EXEXT)		util/strerror$(EXEXT)		\
 	x509/cert_app$(EXEXT)		x509/crl_app$(EXEXT)		\
 	x509/cert_req$(EXEXT)		x509/cert_write$(EXEXT)		\
@@ -80,6 +79,10 @@ ifdef PTHREAD
 APPS +=	ssl/ssl_pthread_server$(EXEXT)
 endif
 
+ifdef TEST_CPP
+APPS += test/header_test$(EXEXT)
+endif
+
 .SILENT:
 
 .PHONY: all clean list
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 32c141551..6791ffdb0 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -16,9 +16,11 @@ target_link_libraries(selftest ${libs})
 add_executable(benchmark benchmark.c)
 target_link_libraries(benchmark ${libs})
 
-add_executable(header_test header_test.cpp)
-target_link_libraries(header_test ${libs})
-    
+if(TEST_CPP)
+	add_executable(header_test header_test.cpp)
+	target_link_libraries(header_test ${libs})
+endif()
+
 add_executable(ssl_cert_test ssl_cert_test.c)
 target_link_libraries(ssl_cert_test ${libs})
 
diff --git a/programs/test/header_test.cpp b/programs/test/header_test.cpp
index d1ddd4ba0..69d7c4ac8 100644
--- a/programs/test/header_test.cpp
+++ b/programs/test/header_test.cpp
@@ -102,14 +102,6 @@
 
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_printf     printf
-#define mbedtls_snprintf   snprintf
-#define mbedtls_exit       exit
-#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
-#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
 #endif
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)

From 89c048c101930a60f496fde68f21e7fa0831cd84 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Fri, 16 Mar 2018 07:37:44 -0400
Subject: [PATCH 170/578] Tests: add a test for cpp linking

Change the name of header_test to cpp_dumy_build
Update the test description to better reflect its contents
---
 programs/.gitignore                                  |  2 +-
 programs/Makefile                                    |  8 ++++----
 programs/test/CMakeLists.txt                         |  4 ++--
 .../test/{header_test.cpp => cpp_dummy_build.cpp}    | 12 +++++++-----
 4 files changed, 14 insertions(+), 12 deletions(-)
 rename programs/test/{header_test.cpp => cpp_dummy_build.cpp} (91%)

diff --git a/programs/.gitignore b/programs/.gitignore
index 5bbe2e825..02418966f 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -45,7 +45,7 @@ ssl/mini_client
 test/benchmark
 test/ecp-bench
 test/selftest
-test/header_test
+test/cpp_dummy_build
 test/ssl_cert_test
 test/udp_proxy
 test/zeroize
diff --git a/programs/Makefile b/programs/Makefile
index 844d680f2..b6d1fa25b 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -80,7 +80,7 @@ APPS +=	ssl/ssl_pthread_server$(EXEXT)
 endif
 
 ifdef TEST_CPP
-APPS += test/header_test$(EXEXT)
+APPS += test/cpp_dummy_build$(EXEXT)
 endif
 
 .SILENT:
@@ -248,9 +248,9 @@ test/benchmark$(EXEXT): test/benchmark.c $(DEP)
 	echo "  CC    test/benchmark.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-test/header_test$(EXEXT): test/header_test.cpp $(DEP)
-	echo "  CXX   test/header_test.cpp"
-	$(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/header_test.cpp   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP)
+	echo "  CXX   test/cpp_dummy_build.cpp"
+	$(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
 test/selftest$(EXEXT): test/selftest.c $(DEP)
 	echo "  CC    test/selftest.c"
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 6791ffdb0..994e92c54 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -17,8 +17,8 @@ add_executable(benchmark benchmark.c)
 target_link_libraries(benchmark ${libs})
 
 if(TEST_CPP)
-	add_executable(header_test header_test.cpp)
-	target_link_libraries(header_test ${libs})
+	add_executable(cpp_dummy_build cpp_dummy_build.cpp)
+	target_link_libraries(cpp_dummy_build ${libs})
 endif()
 
 add_executable(ssl_cert_test ssl_cert_test.c)
diff --git a/programs/test/header_test.cpp b/programs/test/cpp_dummy_build.cpp
similarity index 91%
rename from programs/test/header_test.cpp
rename to programs/test/cpp_dummy_build.cpp
index 69d7c4ac8..03373a917 100644
--- a/programs/test/header_test.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -1,6 +1,6 @@
 /*
- *  A C++ program that includes all of the mbed TLS header files, in order to
- *  test if no errors are raised in the process.
+ *  This program is a dummy C++ program to ensure Mbed TLS library header files
+ *  can be included and built with a C++ compiler.
  *
  *  Copyright (C) 2018, ARM Limited, All Rights Reserved
  *  SPDX-License-Identifier: Apache-2.0
@@ -108,8 +108,10 @@
 #include "mbedtls/memory_buffer_alloc.h"
 #endif
 
-int main( int argc, char *argv[] )
+int main()
 {
-    (void) argc;
-    (void) argv;
+    mbedtls_platform_context *ctx = NULL;
+    mbedtls_platform_setup(ctx);
+    mbedtls_printf("CPP Build test\n");
+    mbedtls_platform_teardown(ctx);
 }

From 037ec4b416af07ddd9fa66526da4eeba5bbfbeb0 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 26 Jun 2018 06:57:55 -0400
Subject: [PATCH 171/578] Replace tabs with spaces

---
 CMakeLists.txt               | 4 ++--
 programs/test/CMakeLists.txt | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6133d07fa..4dbe76ecc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,8 +1,8 @@
 cmake_minimum_required(VERSION 2.6)
 if(TEST_CPP)
-	project("mbed TLS" C CXX)
+    project("mbed TLS" C CXX)
 else()
-	project("mbed TLS" C)
+    project("mbed TLS" C)
 endif()
 
 option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 994e92c54..9ca0cb222 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -17,8 +17,8 @@ add_executable(benchmark benchmark.c)
 target_link_libraries(benchmark ${libs})
 
 if(TEST_CPP)
-	add_executable(cpp_dummy_build cpp_dummy_build.cpp)
-	target_link_libraries(cpp_dummy_build ${libs})
+    add_executable(cpp_dummy_build cpp_dummy_build.cpp)
+    target_link_libraries(cpp_dummy_build ${libs})
 endif()
 
 add_executable(ssl_cert_test ssl_cert_test.c)

From 45a671959476f756608fd975dacc31e5613d0b51 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 26 Jun 2018 07:50:19 -0400
Subject: [PATCH 172/578] Add a CXX build to all.sh to execute the C++ dummy
 test by default

---
 tests/scripts/all.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ded43f9c9..1f9d40baf 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -35,6 +35,7 @@
 #   * GNU Make
 #   * CMake
 #   * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
+#   * G++, unless invoked with --no-cxx
 #   * arm-gcc and mingw-gcc
 #   * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
 #   * Yotta build dependencies, unless invoked with --no-yotta
@@ -96,6 +97,7 @@ FORCE=0
 KEEP_GOING=0
 RUN_ARMCC=1
 YOTTA=1
+TEST_CXX=1
 
 # Default commands, can be overriden by the environment
 : ${OPENSSL:="openssl"}
@@ -130,6 +132,7 @@ General options:
      --no-keep-going    Stop at the first error (default).
      --no-memory        No additional memory tests (default).
      --no-yotta         Skip yotta module build.
+     --no-cxx           Skip CXX Compiler build.
      --out-of-source-dir=<path>  Directory used for CMake out-of-source build tests.
      --random-seed      Use a random seed value for randomized tests (default).
   -r|--release-test     Run this script in release mode. This fixes the seed value to 1.
@@ -580,6 +583,17 @@ msg "test/build: key-exchanges (gcc)" # ~ 1 min
 cleanup
 record_status tests/scripts/key-exchanges.pl
 
+if [ $TEST_CXX -ne 0 ]; then
+    msg "build: Unix make, gcc and g++ test" # ~ 30s
+    cleanup
+    make TEST_CPP=1
+
+    msg "build: cmake, gcc and g++ test" # ~ 30s
+    cleanup
+    CC=gcc cmake -D TEST_CPP=YES .
+    make
+fi
+
 msg "build: Unix make, -Os (gcc)" # ~ 30s
 cleanup
 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'

From 05be06cc2dd62a1a1301ce87b72b256ef73fc2ca Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Thu, 28 Jun 2018 04:41:50 -0400
Subject: [PATCH 173/578] Make the C++ test mandatory by removing the --no-cxx
 flag from all.sh

Remove the cmake test
---
 tests/scripts/all.sh | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1f9d40baf..bbfbfbc1c 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -35,7 +35,7 @@
 #   * GNU Make
 #   * CMake
 #   * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
-#   * G++, unless invoked with --no-cxx
+#   * G++
 #   * arm-gcc and mingw-gcc
 #   * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
 #   * Yotta build dependencies, unless invoked with --no-yotta
@@ -97,7 +97,6 @@ FORCE=0
 KEEP_GOING=0
 RUN_ARMCC=1
 YOTTA=1
-TEST_CXX=1
 
 # Default commands, can be overriden by the environment
 : ${OPENSSL:="openssl"}
@@ -132,7 +131,6 @@ General options:
      --no-keep-going    Stop at the first error (default).
      --no-memory        No additional memory tests (default).
      --no-yotta         Skip yotta module build.
-     --no-cxx           Skip CXX Compiler build.
      --out-of-source-dir=<path>  Directory used for CMake out-of-source build tests.
      --random-seed      Use a random seed value for randomized tests (default).
   -r|--release-test     Run this script in release mode. This fixes the seed value to 1.
@@ -583,16 +581,9 @@ msg "test/build: key-exchanges (gcc)" # ~ 1 min
 cleanup
 record_status tests/scripts/key-exchanges.pl
 
-if [ $TEST_CXX -ne 0 ]; then
-    msg "build: Unix make, gcc and g++ test" # ~ 30s
-    cleanup
-    make TEST_CPP=1
-
-    msg "build: cmake, gcc and g++ test" # ~ 30s
-    cleanup
-    CC=gcc cmake -D TEST_CPP=YES .
-    make
-fi
+msg "build: Unix make, gcc and g++ test" # ~ 30s
+cleanup
+make TEST_CPP=1
 
 msg "build: Unix make, -Os (gcc)" # ~ 30s
 cleanup

From 58093c8bec6a410e6f7bbdccf1abd1fa01574b93 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 28 Jun 2018 13:22:05 +0300
Subject: [PATCH 174/578] Add ECC extensions test in ssl-opts.sh

Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
---
 tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9faeb6703..7fade04ec 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4551,6 +4551,40 @@ run_test    "SSL async private: renegotiation: server-initiated; decrypt" \
             -s "Async decrypt callback: using key slot " \
             -s "Async resume (slot [0-9]): decrypt done, status=0"
 
+# Tests for ECC extensions (rfc 4492)
+
+run_test    "Force a non ECC ciphersuite in the client side" \
+            "$P_SRV debug_level=3" \
+            "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+            0 \
+            -C "client hello, adding supported_elliptic_curves extension" \
+            -C "client hello, adding supported_point_formats extension" \
+            -S "found supported elliptic curves extension" \
+            -S "found supported point formats extension"
+
+run_test    "Force a non ECC ciphersuite in the server side" \
+            "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+            "$P_CLI debug_level=3" \
+            0 \
+            -C "found supported_point_formats extension" \
+            -S "server hello, supported_point_formats extension"
+
+run_test    "Force an ECC ciphersuite in the client side" \
+            "$P_SRV debug_level=3" \
+            "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+            0 \
+            -c "client hello, adding supported_elliptic_curves extension" \
+            -c "client hello, adding supported_point_formats extension" \
+            -s "found supported elliptic curves extension" \
+            -s "found supported point formats extension"
+
+run_test    "Force an ECC ciphersuite in the server side" \
+            "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
+            "$P_CLI debug_level=3" \
+            0 \
+            -c "found supported_point_formats extension" \
+            -s "server hello, supported_point_formats extension"
+
 # Tests for DTLS HelloVerifyRequest
 
 run_test    "DTLS cookie: enabled" \

From b056dd86d001ee96abec4a513d75b75085ec8f22 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Thu, 28 Jun 2018 12:58:56 +0200
Subject: [PATCH 175/578] Remove a redundant dependency clause

---
 tests/suites/test_suite_aria.data | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data
index 43373b8aa..8cb2d2aa3 100644
--- a/tests/suites/test_suite_aria.data
+++ b/tests/suites/test_suite_aria.data
@@ -95,5 +95,4 @@ ARIA-256-CFB128 Decrypt - Official Test Vectors 1.0
 aria_decrypt_cfb128:"00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff":"0f1e2d3c4b5a69788796a5b4c3d2e1f0":"26834705b0f2c0e2588d4a7f09009635f28bb93d8c31f870ec1e0bdb082b66fa402dd9c202be300c4517d196b14d4ce11dce97f7aaba54341b0d872cc9b63753a3e8556a14be6f7b3e27e3cfc39caf80f2a355aa50dc83c09c7b11828694f8e4aa726c528976b53f2c877f4991a3a8d28adb63bd751846ffb2350265e179d4990753ae8485ff9b4133ddad5875b84a90cbcfa62a045d726df71b6bda0eeca0be":"11111111aaaaaaaa11111111bbbbbbbb11111111cccccccc11111111dddddddd22222222aaaaaaaa22222222bbbbbbbb22222222cccccccc22222222dddddddd33333333aaaaaaaa33333333bbbbbbbb33333333cccccccc33333333dddddddd44444444aaaaaaaa44444444bbbbbbbb44444444cccccccc44444444dddddddd55555555aaaaaaaa55555555bbbbbbbb55555555cccccccc55555555dddddddd":0
 
 ARIA Selftest
-depends_on:MBEDTLS_SELF_TEST
 aria_selftest:

From 9e02b973f10d9492a957faae41ef10c7d7efac20 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 28 Jun 2018 11:56:57 +0100
Subject: [PATCH 176/578] Add ChangeLog entry for #1257 - key_app_writer writes
 invalid ASN.1

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 609fa79dd..99b778e22 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,10 @@ Features
    authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
    Daniel King (#485).
 
+Bugfix
+   * Fix the key_app_writer example which was writing a leading zero byte which
+     was creating an invalid ASN.1 tag. Found by Aryeh R. Fixes #1257.
+
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.
      Contributed by fbrosson.

From 1ab9b5714852c6810c0a0bfd8c3b5c60a9a15482 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 28 Jun 2018 12:10:56 +0100
Subject: [PATCH 177/578] Add a ChangeLog entry for memory leak in
 mbedtls_x509_csr_parse()

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 74cdfd047..44533d2ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,8 @@ Bugfix
      contributed by tabascoeye in pull request #1600.
    * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
      return value. Found by @davidwu2000. #839
+   * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
+     Philippe Antoine. Fixes #1623.
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.

From 643df7c8a1003c7a190fab411ba8ac43f5a81210 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 28 Jun 2018 16:17:00 +0300
Subject: [PATCH 178/578] Update ssl-opt.sh test to run condition

1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
---
 tests/ssl-opt.sh | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7fade04ec..2366117e3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4553,22 +4553,34 @@ run_test    "SSL async private: renegotiation: server-initiated; decrypt" \
 
 # Tests for ECC extensions (rfc 4492)
 
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 run_test    "Force a non ECC ciphersuite in the client side" \
             "$P_SRV debug_level=3" \
-            "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+            "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
             0 \
             -C "client hello, adding supported_elliptic_curves extension" \
             -C "client hello, adding supported_point_formats extension" \
             -S "found supported elliptic curves extension" \
             -S "found supported point formats extension"
 
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 run_test    "Force a non ECC ciphersuite in the server side" \
-            "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
+            "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
             "$P_CLI debug_level=3" \
             0 \
             -C "found supported_point_formats extension" \
             -S "server hello, supported_point_formats extension"
 
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 run_test    "Force an ECC ciphersuite in the client side" \
             "$P_SRV debug_level=3" \
             "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
@@ -4578,6 +4590,10 @@ run_test    "Force an ECC ciphersuite in the client side" \
             -s "found supported elliptic curves extension" \
             -s "found supported point formats extension"
 
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 run_test    "Force an ECC ciphersuite in the server side" \
             "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
             "$P_CLI debug_level=3" \

From 470dfbabb9812ac056dd0ace4dcca33241bb3b0c Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Thu, 28 Jun 2018 16:23:39 +0200
Subject: [PATCH 179/578] Simplify OID tag parsing in x509_get_cert_ext( )

---
 library/x509_crt.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 0885c8e3b..ca8b4649e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -574,14 +574,10 @@ static int x509_get_crt_ext( unsigned char **p,
         end_ext_data = *p + len;
 
         /* Get extension ID */
-        if( ( end - *p ) < 1 )
-            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
-                    MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-        extn_oid.tag = **p;
-
         if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
+	extn_oid.tag = MBEDTLS_ASN1_OID;
         extn_oid.p = *p;
         *p += extn_oid.len;
 

From dcae78a7a9c0fd83bb26f18e30a19551b132c62f Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Thu, 28 Jun 2018 16:32:54 +0200
Subject: [PATCH 180/578] Make a buffer limit more specific

---
 library/x509_crt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index ca8b4649e..493d6334f 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -574,7 +574,8 @@ static int x509_get_crt_ext( unsigned char **p,
         end_ext_data = *p + len;
 
         /* Get extension ID */
-        if( ( ret = mbedtls_asn1_get_tag( p, end, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
+        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
+				  MBEDTLS_ASN1_OID ) ) != 0 )
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
 	extn_oid.tag = MBEDTLS_ASN1_OID;

From 5a9cb61d6989d80c878162b54b08f1836c522398 Mon Sep 17 00:00:00 2001
From: Ruini Xue <xueruini@gmail.com>
Date: Thu, 28 Jun 2018 23:21:26 +0800
Subject: [PATCH 181/578] Use preserve mode to copy headers.

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index a0fcb2bc5..78c1acb89 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ tests: lib
 ifndef WINDOWS
 install: no_test
 	mkdir -p $(DESTDIR)/include/mbedtls
-	cp -r include/mbedtls $(DESTDIR)/include
+	cp -rp include/mbedtls $(DESTDIR)/include
 
 	mkdir -p $(DESTDIR)/lib
 	cp -RP library/libmbedtls.*    $(DESTDIR)/lib

From 104d85865d1339225f1b706d841597a7430c7e85 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 27 Jun 2018 10:57:33 +0200
Subject: [PATCH 182/578] Add ChangeLog entry

---
 ChangeLog | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 348864c0e..19bdb79f1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,21 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Security
+   * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
+     in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
+     partially recover the plaintext of messages under some conditions by
+     exploiting timing measurements. With DTLS, the attacker could perform
+     this recovery by sending many messages in the same connection. With TLS
+     or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
+     worked if the same secret (for example a HTTP Cookie) has been repeatedly
+     sent over connections manipulated by the attacker. Connections using GCM
+     or CCM instead of CBC, using hash sizes other than SHA-384, or using
+     Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was
+     caused by a miscalculation (for SHA-384) in a countermeasure to the
+     original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
+     Shamir.
+
 API Changes
    * Extend the platform module with a util component that contains
      functionality shared by multiple Mbed TLS modules. At this stage

From 61fa436ad36f9374429a8bb5e5339726fb12553c Mon Sep 17 00:00:00 2001
From: Nicholas Wilson <nicholas.wilson@realvnc.com>
Date: Mon, 25 Jun 2018 12:10:00 +0100
Subject: [PATCH 183/578] Address review comments - tidy usage of macros to use
 minimal values

---
 programs/ssl/ssl_mail_client.c | 4 ++--
 tests/CMakeLists.txt           | 2 +-
 tests/Makefile                 | 5 +++++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 74d5d7270..0f2b32ddc 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -19,8 +19,8 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
-/* Enable definition of hostname() even when compiling with -std=c99. Must be
- * set before config.h, which pulls in glibc's features.h indirectly.
+/* Enable definition of gethostname() even when compiling with -std=c99. Must
+ * be set before config.h, which pulls in glibc's features.h indirectly.
  * Harmless on other platforms. */
 #define _POSIX_C_SOURCE 200112L
 
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 084da59f4..34d649470 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -16,7 +16,7 @@ if(NOT PERL_FOUND)
 endif()
 
 # Enable definition of various functions used throughout the testsuite
-# (hostname, strdup, fileno...) even when compiling with -std=c99. Harmless
+# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
 # on non-POSIX platforms.
 add_definitions("-D_POSIX_C_SOURCE=200809L")
 
diff --git a/tests/Makefile b/tests/Makefile
index d65cd93a2..37e8cbcba 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -12,6 +12,11 @@ LOCAL_LDFLAGS = -L../library 			\
 		-lmbedx509$(SHARED_SUFFIX)	\
 		-lmbedcrypto$(SHARED_SUFFIX)
 
+# Enable definition of various functions used throughout the testsuite
+# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
+# on non-POSIX platforms.
+LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
+
 ifndef SHARED
 DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
 else

From a931265509d84c7e0684ff91162a4cb1dd70fb7d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 29 Jun 2018 15:48:13 +0200
Subject: [PATCH 184/578] Fix ssl-opt.sh not starting when lsof is not
 available

$START_DELAY was used before it was defined.
---
 tests/ssl-opt.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9faeb6703..91f16e1fa 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -308,7 +308,7 @@ if type lsof >/dev/null 2>/dev/null; then
         done
     }
 else
-    echo "Warning: lsof not available, wait_server_start = sleep $START_DELAY"
+    echo "Warning: lsof not available, wait_server_start = sleep"
     wait_server_start() {
         sleep "$START_DELAY"
     }

From ab8d58cb2d0653c84ca44a8d9e3486ed8b9de930 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 17 Jun 2018 14:39:30 +0300
Subject: [PATCH 185/578] Move definition of MBEDTLS_CIPHER_MODE_STREAM

Move definition of `MBEDTLS_CIPHER_MODE_STREAM` to header file
(`mbedtls_cipher_internal.h`), because it is used by more than
one file. Raised by TrinityTonic in #1719
---
 include/mbedtls/cipher_internal.h | 4 ++++
 library/cipher.c                  | 5 -----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index c6def0bef..56107cfff 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -34,6 +34,10 @@
 
 #include "cipher.h"
 
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#define MBEDTLS_CIPHER_MODE_STREAM
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/library/cipher.c b/library/cipher.c
index a913913f0..7ae6c4ac5 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -65,11 +65,6 @@
 #define mbedtls_free   free
 #endif
 
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /* Compare the contents of two buffers in constant time.
  * Returns 0 if the contents are bitwise identical, otherwise returns

From da2a31237e341cb1b996d024a480e0270e9ec77d Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 17 Jun 2018 14:51:59 +0300
Subject: [PATCH 186/578] Add entry in ChangeLog

Add entry in ChangeLog for compilation error fix of #1719
---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 44533d2ae..4ed7490b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,8 @@ Bugfix
      return value. Found by @davidwu2000. #839
    * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
      Philippe Antoine. Fixes #1623.
+   * Fix compilation error when MBEDTLS_ARC4_C is disabled and
+     MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.

From 3fa6c2760e6546314b80057cbc712fbb1efe8af5 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Wed, 27 Jun 2018 18:33:13 +0300
Subject: [PATCH 187/578] Move definition to cipher.h

Define `MBEDTLS_CIPHER_MODE_STREAM` for `MBEDTLS_CIPHER_NULL_CIPHER`
as well, in cipher.h. Remove redundant definition in `cipher_internal.h`
---
 include/mbedtls/cipher.h          | 2 +-
 include/mbedtls/cipher_internal.h | 4 ----
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index a1f4738a9..ea0ce983f 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -45,7 +45,7 @@
 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
 #endif
 
-#if defined(MBEDTLS_ARC4_C)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
 #define MBEDTLS_CIPHER_MODE_STREAM
 #endif
 
diff --git a/include/mbedtls/cipher_internal.h b/include/mbedtls/cipher_internal.h
index 56107cfff..c6def0bef 100644
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@@ -34,10 +34,6 @@
 
 #include "cipher.h"
 
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
 #ifdef __cplusplus
 extern "C" {
 #endif

From 13dfb4e0a983d5e669a7058392841d894c7647d4 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 1 Jul 2018 10:42:54 +0300
Subject: [PATCH 188/578] Revert changes in the configs folder

Revert the changes in the `configs` folder to
align with the `README.txt` file.
---
 configs/config-ccm-psk-tls1_2.h | 2 +-
 configs/config-mini-tls1_1.h    | 2 +-
 configs/config-no-entropy.h     | 2 +-
 configs/config-suite-b.h        | 2 +-
 configs/config-thread.h         | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index 96515a276..a783e6b73 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -83,6 +83,6 @@
  */
 #define MBEDTLS_SSL_MAX_CONTENT_LEN             512
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index a14fc10b4..013bc0300 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -73,6 +73,6 @@
 /* For testing with compat.sh */
 #define MBEDTLS_FS_IO
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 7d34ad52e..d8cc1ab41 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -87,6 +87,6 @@
 /* Miscellaneous options */
 #define MBEDTLS_AES_ROM_TABLES
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 23b53d612..18e2c4036 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -112,6 +112,6 @@
  */
 #define MBEDTLS_SSL_MAX_CONTENT_LEN             1024
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 7c4311333..25db16bf0 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -89,6 +89,6 @@
 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
 
-#include "check_config.h"
+#include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */

From 05fa46e6b7638bb7e1d4c5e2810aa6aa50e42a92 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 2 Jul 2018 12:00:54 +0100
Subject: [PATCH 189/578] Add ChangeLog entry for #992 fix

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 9ee82c685..4240c8538 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Bugfix
+   * Remove unused headers included in x509.c. Found by Chris Hanson and fixed
+     by Brendan Shanks. Part of a fix for #992.
+
 Security
    * Fix a bug in the X.509 module potentially leading to a buffer overread
      during CRT verification or to invalid or omitted checks for certificate

From 991f9fefd9f0db6eeea3ee05076c84a9cccdcb29 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Mon, 2 Jul 2018 09:08:21 -0400
Subject: [PATCH 190/578] all_sh: add a check for header inclusion in
 cpp_dummy_build.cpp

change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
---
 programs/test/cpp_dummy_build.cpp | 11 ++++++-----
 tests/scripts/all.sh              | 18 ++++++++++++++----
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index 03373a917..41c24c981 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -41,6 +41,7 @@
 #include "mbedtls/certs.h"
 #include "mbedtls/chacha20.h"
 #include "mbedtls/chachapoly.h"
+#include "mbedtls/check_config.h"
 #include "mbedtls/cipher.h"
 #include "mbedtls/cipher_internal.h"
 #include "mbedtls/cmac.h"
@@ -61,21 +62,21 @@
 #include "mbedtls/havege.h"
 #include "mbedtls/hkdf.h"
 #include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md.h"
 #include "mbedtls/md2.h"
 #include "mbedtls/md4.h"
 #include "mbedtls/md5.h"
-#include "mbedtls/md.h"
 #include "mbedtls/md_internal.h"
 #include "mbedtls/net.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/padlock.h"
 #include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pk_internal.h"
 #include "mbedtls/pkcs11.h"
 #include "mbedtls/pkcs12.h"
 #include "mbedtls/pkcs5.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
 #include "mbedtls/platform_time.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/poly1305.h"
@@ -85,19 +86,19 @@
 #include "mbedtls/sha1.h"
 #include "mbedtls/sha256.h"
 #include "mbedtls/sha512.h"
+#include "mbedtls/ssl.h"
 #include "mbedtls/ssl_cache.h"
 #include "mbedtls/ssl_ciphersuites.h"
 #include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl.h"
 #include "mbedtls/ssl_internal.h"
 #include "mbedtls/ssl_ticket.h"
 #include "mbedtls/threading.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/version.h"
+#include "mbedtls/x509.h"
 #include "mbedtls/x509_crl.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_csr.h"
-#include "mbedtls/x509.h"
 #include "mbedtls/xtea.h"
 
 #if defined(MBEDTLS_PLATFORM_C)
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index bbfbfbc1c..cafb81cca 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -228,6 +228,14 @@ check_tools()
     done
 }
 
+check_headers_in_cpp () {
+    ls include/mbedtls >headers.txt
+    <programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' |
+    sort |
+    diff headers.txt -
+    rm headers.txt
+}
+
 while [ $# -gt 0 ]; do
     case "$1" in
         --armcc) RUN_ARMCC=1;;
@@ -581,14 +589,16 @@ msg "test/build: key-exchanges (gcc)" # ~ 1 min
 cleanup
 record_status tests/scripts/key-exchanges.pl
 
-msg "build: Unix make, gcc and g++ test" # ~ 30s
-cleanup
-make TEST_CPP=1
-
 msg "build: Unix make, -Os (gcc)" # ~ 30s
 cleanup
 make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
 
+msg "test: verify header list in cpp_dummy_build.cpp"
+record_status check_headers_in_cpp
+
+msg "build: Unix make, incremental g++"
+make TEST_CPP=1
+
 # Full configuration build, without platform support, file IO and net sockets.
 # This should catch missing mbedtls_printf definitions, and by disabling file
 # IO, it should catch missing '#include <stdio.h>'

From 5ffc220f16bd1c30c9f7f48708b657629aebd128 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Wed, 17 May 2017 18:59:53 +0300
Subject: [PATCH 191/578] Documentation error in `mbedtls_ssl_get_session`

Fix Documentation error in `mbedtls_ssl_get_session`.
This function supports deep copying of the session,
and the peer certificate is not lost anymore, Resolves #926
---
 ChangeLog             | 3 +++
 include/mbedtls/ssl.h | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 44533d2ae..10f07736d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,9 @@ Bugfix
      return value. Found by @davidwu2000. #839
    * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
      Philippe Antoine. Fixes #1623.
+   * Remove wrong documentation for `mbedtls_ssl_get_session`.
+     This API has deep copy of the session, and the peer
+     certificate is not lost. #926
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 39b7f290a..ac9a3f3ce 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2737,7 +2737,6 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
  * \brief          Save session in order to resume it later (client-side only)
  *                 Session data is copied to presented session structure.
  *
- * \warning        Currently, peer certificate is lost in the operation.
  *
  * \param ssl      SSL context
  * \param session  session context
@@ -2747,6 +2746,11 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
  *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
  *                 arguments are otherwise invalid
  *
+ * \note           Only the server certificate is copied, and not the chain
+ *                 but this is not a problem because the result of the chain
+ *                 verification is stored in `verify_result` and can be checked
+ *                 with \c mbedtls_ssl_get_verify_result()
+ *
  * \sa             mbedtls_ssl_set_session()
  */
 int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );

From 21f9afed2b03376a4394e51a8687dbb0d131b97e Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Tue, 3 Jul 2018 16:07:29 +0300
Subject: [PATCH 192/578] Remove the namespacing from config-no-entropy.h

Remove the `mbedtls` namespacing from the `config-no-entropy.h` file,
as it is being imported to the include folder.
---
 configs/config-no-entropy.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index d8cc1ab41..7d34ad52e 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -87,6 +87,6 @@
 /* Miscellaneous options */
 #define MBEDTLS_AES_ROM_TABLES
 
-#include "mbedtls/check_config.h"
+#include "check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */

From d50f7865ea3c8424bcdef07112d5fe40c5a45cb7 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 3 Jul 2018 16:11:44 +0100
Subject: [PATCH 193/578] Update the CONTRIBUTING.md file for LTS branches

The CONTRIBUTING.md referred to 'legacy' branches instead of LTS branches, and
also referenced mbedtls-1.3 which is no longer maintained, and omitted
mbedtls-2.7 which is.
---
 CONTRIBUTING.md | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3c6dc74c8..2257a615d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -26,19 +26,22 @@ Making a Contribution
 1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
 1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
 
-Backports
----------
-Mbed TLS maintains some legacy branches, which are released as LTS versions. Mbed TLS should follow backwards compatibility rules, to fit with existing users. As such, backporting to these branches should be handled according to the following rules:
-  
-1. If the contribution is a new feature or enhancement, no backporting is needed.
-1. Bug fixes should be backported to the legacy branches containing these bugs.
-1. Changes in the API do not require backporting. If a bug fix introduced a new API, such as new error codes, the bug fix should be implemented differently in the legacy branch.
+Long Term Support Branches
+--------------------------
+Mbed TLS maintains several LTS (Long Term Support) branches, which are maintained continuously for a given period. The LTS branches are provided to allow users of the library to have a maintained version of the library which contains security fixes and fixes for other defects, without encountering any API changes or requiring changes in their own code. To allow users to take advantage of the LTS branches, these branches maintain backwards compatibility for both the public API and ABI.
+
+When backporting to these branches please observe the following rules:
+
+ 1. Generally, all changes to the library which change the API cannot be backported.
+ 2. All bug fixes must be backported to the LTS branches if they correct a defect in an LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
+ 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to scripts.
+
+It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development).
+
+Currently maintained LTS branches are:
 
-It would be highly appreciated if a contribution would be backported to a legacy branch in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development).
-At the moment, the legacy branches are:
-  
-1. [mbedtls-1.3](https://github.com/ARMmbed/mbedtls/tree/mbedtls-1.3)
 1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1)
+1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
 
 Tests
 -----

From 382c1db6c0a5209416ec66a17e34bc8b3c15fc3c Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Wed, 4 Jul 2018 17:42:47 +0300
Subject: [PATCH 194/578] Minor fixes

1. Rephrase ChangeLog entry.
2. Add a full stop at the end of the fuinction documentation.
---
 ChangeLog             | 4 ++--
 include/mbedtls/ssl.h | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 10f07736d..c0c4cd2a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,9 +18,9 @@ Bugfix
      return value. Found by @davidwu2000. #839
    * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
      Philippe Antoine. Fixes #1623.
-   * Remove wrong documentation for `mbedtls_ssl_get_session`.
+   * Correct the documentation for `mbedtls_ssl_get_session()`.
      This API has deep copy of the session, and the peer
-     certificate is not lost. #926
+     certificate is not lost. Fixes #926.
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index ac9a3f3ce..4c9f9e839 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2744,12 +2744,12 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
  * \return         0 if successful,
  *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
  *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- *                 arguments are otherwise invalid
+ *                 arguments are otherwise invalid.
  *
  * \note           Only the server certificate is copied, and not the chain
  *                 but this is not a problem because the result of the chain
  *                 verification is stored in `verify_result` and can be checked
- *                 with \c mbedtls_ssl_get_verify_result()
+ *                 with \c mbedtls_ssl_get_verify_result().
  *
  * \sa             mbedtls_ssl_set_session()
  */

From 1cc1fb05999aea8067e11f5c4f4fdb32dbe91036 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 28 Jun 2018 12:10:27 +0200
Subject: [PATCH 195/578] Fix Lucky 13 cache attack on MD/SHA padding

The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function gives information about that.

Information about this length (modulo the MD/SHA block size) can be deduced
from how much MD/SHA padding (this is distinct from TLS-CBC padding) is used.
If MD/SHA padding is read from a (static) buffer, a local attacker could get
information about how much is used via a cache attack targeting that buffer.

Let's get rid of this buffer. Now the only buffer used is the internal MD/SHA
one, which is always read fully by the process() function.
---
 ChangeLog        |  7 ++++++
 library/md5.c    | 54 +++++++++++++++++++++++++++-----------------
 library/sha1.c   | 51 +++++++++++++++++++++++++++---------------
 library/sha256.c | 52 +++++++++++++++++++++++++++----------------
 library/sha512.c | 58 ++++++++++++++++++++++++++++--------------------
 5 files changed, 141 insertions(+), 81 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 19bdb79f1..0acb2c625 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,13 @@ Security
      caused by a miscalculation (for SHA-384) in a countermeasure to the
      original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
      Shamir.
+   * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
+     1.2, that allowed a local attacker, able to execute code on the local
+     machine as well as manipulate network packets, to partially recover the
+     plaintext of messages under some conditions (see previous entry) by using
+     a cache attack targetting an internal MD/SHA buffer. Connections using
+     GCM or CCM instead of CBC or using Encrypt-then-Mac (RFC 7366) were not
+     affected. Found by Kenny Paterson, Eyal Ronen and Adi Shamir.
 
 API Changes
    * Extend the platform module with a util component that contains
diff --git a/library/md5.c b/library/md5.c
index 8238c2b81..2a740cda8 100644
--- a/library/md5.c
+++ b/library/md5.c
@@ -309,14 +309,6 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx,
 }
 #endif
 
-static const unsigned char md5_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
 /*
  * MD5 final digest
  */
@@ -324,26 +316,48 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
                             unsigned char output[16] )
 {
     int ret;
-    uint32_t last, padn;
+    uint32_t used;
     uint32_t high, low;
-    unsigned char msglen[8];
 
+    /*
+     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
+     */
+    used = ctx->total[0] & 0x3F;
+
+    ctx->buffer[used++] = 0x80;
+
+    if( used <= 56 )
+    {
+        /* Enough room for padding + length in current block */
+        memset( ctx->buffer + used, 0, 56 - used );
+    }
+    else
+    {
+        /* We'll need an extra block */
+        memset( ctx->buffer + used, 0, 64 - used );
+
+        if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
+            return( ret );
+
+        memset( ctx->buffer, 0, 56 );
+    }
+
+    /*
+     * Add message length
+     */
     high = ( ctx->total[0] >> 29 )
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT32_LE( low,  msglen, 0 );
-    PUT_UINT32_LE( high, msglen, 4 );
+    PUT_UINT32_LE( low,  ctx->buffer, 56 );
+    PUT_UINT32_LE( high, ctx->buffer, 60 );
 
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    if( ( ret = mbedtls_md5_update_ret( ctx, md5_padding, padn ) ) != 0 )
-            return( ret );
-
-    if( ( ret = mbedtls_md5_update_ret( ctx, msglen, 8 ) ) != 0 )
-            return( ret );
+    if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
+        return( ret );
 
+    /*
+     * Output final state
+     */
     PUT_UINT32_LE( ctx->state[0], output,  0 );
     PUT_UINT32_LE( ctx->state[1], output,  4 );
     PUT_UINT32_LE( ctx->state[2], output,  8 );
diff --git a/library/sha1.c b/library/sha1.c
index 1587de480..bab6087c4 100644
--- a/library/sha1.c
+++ b/library/sha1.c
@@ -342,14 +342,6 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
 }
 #endif
 
-static const unsigned char sha1_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
 /*
  * SHA-1 final digest
  */
@@ -357,25 +349,48 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
                              unsigned char output[20] )
 {
     int ret;
-    uint32_t last, padn;
+    uint32_t used;
     uint32_t high, low;
-    unsigned char msglen[8];
 
+    /*
+     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
+     */
+    used = ctx->total[0] & 0x3F;
+
+    ctx->buffer[used++] = 0x80;
+
+    if( used <= 56 )
+    {
+        /* Enough room for padding + length in current block */
+        memset( ctx->buffer + used, 0, 56 - used );
+    }
+    else
+    {
+        /* We'll need an extra block */
+        memset( ctx->buffer + used, 0, 64 - used );
+
+        if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
+            return( ret );
+
+        memset( ctx->buffer, 0, 56 );
+    }
+
+    /*
+     * Add message length
+     */
     high = ( ctx->total[0] >> 29 )
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT32_BE( high, msglen, 0 );
-    PUT_UINT32_BE( low,  msglen, 4 );
+    PUT_UINT32_BE( high, ctx->buffer, 56 );
+    PUT_UINT32_BE( low,  ctx->buffer, 60 );
 
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    if( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 )
+    if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
         return( ret );
 
+    /*
+     * Output final state
+     */
     PUT_UINT32_BE( ctx->state[0], output,  0 );
     PUT_UINT32_BE( ctx->state[1], output,  4 );
     PUT_UINT32_BE( ctx->state[2], output,  8 );
diff --git a/library/sha256.c b/library/sha256.c
index 695485d84..dbb4a8986 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -311,14 +311,6 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
 }
 #endif
 
-static const unsigned char sha256_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
 /*
  * SHA-256 final digest
  */
@@ -326,26 +318,48 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
                                unsigned char output[32] )
 {
     int ret;
-    uint32_t last, padn;
+    uint32_t used;
     uint32_t high, low;
-    unsigned char msglen[8];
 
+    /*
+     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
+     */
+    used = ctx->total[0] & 0x3F;
+
+    ctx->buffer[used++] = 0x80;
+
+    if( used <= 56 )
+    {
+        /* Enough room for padding + length in current block */
+        memset( ctx->buffer + used, 0, 56 - used );
+    }
+    else
+    {
+        /* We'll need an extra block */
+        memset( ctx->buffer + used, 0, 64 - used );
+
+        if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
+            return( ret );
+
+        memset( ctx->buffer, 0, 56 );
+    }
+
+    /*
+     * Add message length
+     */
     high = ( ctx->total[0] >> 29 )
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT32_BE( high, msglen, 0 );
-    PUT_UINT32_BE( low,  msglen, 4 );
+    PUT_UINT32_BE( high, ctx->buffer, 56 );
+    PUT_UINT32_BE( low,  ctx->buffer, 60 );
 
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    if( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 )
+    if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
         return( ret );
 
+    /*
+     * Output final state
+     */
     PUT_UINT32_BE( ctx->state[0], output,  0 );
     PUT_UINT32_BE( ctx->state[1], output,  4 );
     PUT_UINT32_BE( ctx->state[2], output,  8 );
diff --git a/library/sha512.c b/library/sha512.c
index 6de94e99b..a9440e8af 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -341,18 +341,6 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
 }
 #endif
 
-static const unsigned char sha512_padding[128] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
 /*
  * SHA-512 final digest
  */
@@ -360,26 +348,48 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
                                unsigned char output[64] )
 {
     int ret;
-    size_t last, padn;
+    unsigned used;
     uint64_t high, low;
-    unsigned char msglen[16];
 
+    /*
+     * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
+     */
+    used = ctx->total[0] & 0x7F;
+
+    ctx->buffer[used++] = 0x80;
+
+    if( used <= 112 )
+    {
+        /* Enough room for padding + length in current block */
+        memset( ctx->buffer + used, 0, 112 - used );
+    }
+    else
+    {
+        /* We'll need an extra block */
+        memset( ctx->buffer + used, 0, 128 - used );
+
+        if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
+            return( ret );
+
+        memset( ctx->buffer, 0, 112 );
+    }
+
+    /*
+     * Add message length
+     */
     high = ( ctx->total[0] >> 61 )
          | ( ctx->total[1] <<  3 );
     low  = ( ctx->total[0] <<  3 );
 
-    PUT_UINT64_BE( high, msglen, 0 );
-    PUT_UINT64_BE( low,  msglen, 8 );
+    PUT_UINT64_BE( high, ctx->buffer, 112 );
+    PUT_UINT64_BE( low,  ctx->buffer, 120 );
 
-    last = (size_t)( ctx->total[0] & 0x7F );
-    padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last );
-
-    if( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 )
-            return( ret );
-
-    if( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 )
-            return( ret );
+    if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
+        return( ret );
 
+    /*
+     * Output final state
+     */
     PUT_UINT64_BE( ctx->state[0], output,  0 );
     PUT_UINT64_BE( ctx->state[1], output,  8 );
     PUT_UINT64_BE( ctx->state[2], output, 16 );

From 7b42030b5d4b85a662c10024043eeec5349b6adb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 28 Jun 2018 10:38:35 +0200
Subject: [PATCH 196/578] Add counter-measure to cache-based Lucky 13

The basis for the Lucky 13 family of attacks is for an attacker to be able to
distinguish between (long) valid TLS-CBC padding and invalid TLS-CBC padding.
Since our code sets padlen = 0 for invalid padding, the length of the input to
the HMAC function, and the location where we read the MAC, give information
about that.

A local attacker could gain information about that by observing via a
cache attack whether the bytes at the end of the record (at the location of
would-be padding) have been read during MAC verification (computation +
comparison).

Let's make sure they're always read.
---
 ChangeLog         |  8 ++++++++
 library/ssl_tls.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 0acb2c625..e6a5368e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,14 @@ Security
      a cache attack targetting an internal MD/SHA buffer. Connections using
      GCM or CCM instead of CBC or using Encrypt-then-Mac (RFC 7366) were not
      affected. Found by Kenny Paterson, Eyal Ronen and Adi Shamir.
+   * Add a counter-measure against a vulnerability in TLS ciphersuites based
+     on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
+     execute code on the local machine as well as manipulate network packets,
+     to partially recover the plaintext of messages under some conditions (see
+     previous entry) by using a cache attack targeting the SSL input record
+     buffer. Connections using GCM or CCM instead of CBC or using
+     Encrypt-then-Mac (RFC 7366) were not affected. Found by Kenny Paterson,
+     Eyal Ronen and Adi Shamir.
 
 API Changes
    * Extend the platform module with a util component that contains
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4d50497cd..e362abb78 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1276,6 +1276,27 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx,
 #define SSL_SOME_MODES_USE_MAC
 #endif
 
+/* The function below is only used in the Lucky 13 counter-measure in
+ * ssl_decrypt_buf(). These are the defines that guard the call site. */
+#if defined(SSL_SOME_MODES_USE_MAC) && \
+    ( defined(MBEDTLS_SSL_PROTO_TLS1) || \
+      defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
+      defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+/* This function makes sure every byte in the memory region is accessed
+ * (in ascending addresses order) */
+static void ssl_read_memory( unsigned char *p, size_t len )
+{
+    unsigned char acc = 0;
+    volatile unsigned char force;
+
+    for( ; len != 0; p++, len-- )
+        acc ^= *p;
+
+    force = acc;
+    (void) force;
+}
+#endif /* SSL_SOME_MODES_USE_MAC && ( TLS1 || TLS1_1 || TLS1_2 ) */
+
 /*
  * Encryption/decryption functions
  */
@@ -2011,6 +2032,20 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
              * linking an extra division function in some builds).
              */
             size_t j, extra_run = 0;
+
+            /*
+             * The next two sizes are the minimum and maximum values of
+             * in_msglen over all padlen values.
+             *
+             * They're independent of padlen, since we previously did
+             * in_msglen -= padlen.
+             *
+             * Note that max_len + maclen is never more than the buffer
+             * length, as we previously did in_msglen -= maclen too.
+             */
+            const size_t max_len = ssl->in_msglen + padlen;
+            const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
+
             switch( ssl->transform_in->ciphersuite_info->mac )
             {
 #if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
@@ -2042,12 +2077,25 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
             mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 );
             mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg,
                              ssl->in_msglen );
+            /* Make sure we access everything even when padlen > 0. This
+             * makes the synchronisation requirements for just-in-time
+             * Prime+Probe attacks much tighter and hopefully impractical. */
+            ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen );
             mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect );
-            /* Call mbedtls_md_process at least once due to cache attacks */
+
+            /* Call mbedtls_md_process at least once due to cache attacks
+             * that observe whether md_process() was called of not */
             for( j = 0; j < extra_run + 1; j++ )
                 mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg );
 
             mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec );
+
+            /* Make sure we access all the memory that could contain the MAC,
+             * before we check it in the next code block. This makes the
+             * synchronisation requirements for just-in-time Prime+Probe
+             * attacks much tighter and hopefully impractical. */
+            ssl_read_memory( ssl->in_msg + min_len,
+                                 max_len - min_len + ssl->transform_in->maclen );
         }
         else
 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@@ -2057,9 +2105,11 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
 
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
         MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen );
         MBEDTLS_SSL_DEBUG_BUF( 4, "message  mac", ssl->in_msg + ssl->in_msglen,
                                ssl->transform_in->maclen );
+#endif
 
         if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect,
                                       ssl->transform_in->maclen ) != 0 )

From cdb5cc570c348c0907a32e5a06b3d332f071e0fa Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Fri, 6 Jul 2018 11:45:38 +0100
Subject: [PATCH 197/578] tests: dhm: Rename Hallman to Hellman

Fix typo of Diffie-Hallman to Diffie-Hellman.
---
 tests/suites/test_suite_dhm.data | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index e351ebdd4..734fd97ac 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -19,10 +19,10 @@ dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
 Diffie-Hellman zero modulus
 dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
 
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
 dhm_file:"data_files/dhparams.pem":"9e35f430443a09904f3a39a979797d070df53378e79c2438bef4e761f3c714553328589b041c809be1d6c6b5f1fc9f47d3a25443188253a992a56818b37ba9de5a40d362e56eff0be5417474c125c199272c8fe41dea733df6f662c92ae76556e755d10c64e6a50968f67fc6ea73d0dca8569be2ba204e23580d8bca2f4975b3":"02":128
 
-Diffie-Hallman load parameters from file
+Diffie-Hellman load parameters from file
 dhm_file:"data_files/dh.optlen.pem":"b3126aeaf47153c7d67f403030b292b5bd5a6c9eae1c137af34087fce2a36a578d70c5c560ad2bdb924c4a4dbee20a1671be7103ce87defa76908936803dbeca60c33e1289c1a03ac2c6c4e49405e5902fa0596a1cbaa895cc402d5213ed4a5f1f5ba8b5e1ed3da951a4c475afeb0ca660b7368c38c8e809f382d96ae19e60dc984e61cb42b5dfd723322acf327f9e413cda6400c15c5b2ea1fa34405d83982fba40e6d852da3d91019bf23511314254dc211a90833e5b1798ee52a78198c555644729ad92f060367c74ded37704adfc273a4a33fec821bd2ebd3bc051730e97a4dd14d2b766062592f5eec09d16bb50efebf2cc00dd3e0e3418e60ec84870f7":"800abfe7dc667aa17bcd7c04614bc221a65482ccc04b604602b0e131908a938ea11b48dc515dab7abcbb1e0c7fd66511edc0d86551b7632496e03df94357e1c4ea07a7ce1e381a2fcafdff5f5bf00df828806020e875c00926e4d011f88477a1b01927d73813cad4847c6396b9244621be2b00b63c659253318413443cd244215cd7fd4cbe796e82c6cf70f89cc0c528fb8e344809b31876e7ef739d5160d095c9684188b0c8755c7a468d47f56d6db9ea012924ecb0556fb71312a8d7c93bb2898ea08ee54eeb594548285f06a973cbbe2a0cb02e90f323fe045521f34c68354a6d3e95dbfff1eb64692edc0a44f3d3e408d0e479a541e779a6054259e2d854":256
 
 Diffie-Hellman selftest

From a61d123e0eb38509de08e2b32b696860f02fd4c0 Mon Sep 17 00:00:00 2001
From: Brian J Murray <bmurray7jhu@gmail.com>
Date: Fri, 6 Jul 2018 10:02:39 -0700
Subject: [PATCH 198/578] Minor changes to comments in hkdf.c

---
 library/hkdf.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/library/hkdf.c b/library/hkdf.c
index d2e55e869..41d7d8764 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -114,6 +114,10 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
         n++;
     }
 
+    /*
+     * Per RFC 5869 Section 2.3, okm_len must not exceed
+     * 255 times the hash length
+     */
     if( n > 255 )
     {
         return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
@@ -126,7 +130,10 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
         goto exit;
     }
 
-    /* RFC 5869 Section 2.3. */
+    /*
+     * Compute T = T(1) | T(2) | T(3) | ... | T(N)
+     * Where T(N) is defined in RFC 5869 Section 2.3
+     */
     for( i = 1; i <= n; i++ )
     {
         size_t num_to_copy;
@@ -150,7 +157,7 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
             goto exit;
         }
 
-        /* The constant concatenated to the end of each t(n) is a single octet.
+        /* The constant concatenated to the end of each T(n) is a single octet.
          * */
         ret = mbedtls_md_hmac_update( &ctx, &c, 1 );
         if( ret != 0 )

From a5fbfd7cd89738938ae6982d79956a6cd66d7d02 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Fri, 6 Jul 2018 14:42:22 +0200
Subject: [PATCH 199/578] Enable snprintf on FreeBSD

---
 library/x509.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/x509.c b/library/x509.c
index b47599b0d..58d6a8911 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -31,7 +31,7 @@
 
 /* Ensure gmtime_r is available even with -std=c99; must be included before
  * config.h, which pulls in glibc's features.h. Harmless on other platforms. */
-#define _XOPEN_SOURCE 500
+#define _POSIX_C_SOURCE 200112L
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"

From 6a25cfae2a7bf34f206232168942bd2db0886742 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 10 Jul 2018 11:15:36 +0200
Subject: [PATCH 200/578] Avoid debug message that might leak length

The length to the debug message could conceivably leak through the time it
takes to print it, and that length would in turn reveal whether padding was
correct or not.
---
 library/ssl_tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e362abb78..d66c9cfcc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1972,8 +1972,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
     MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption",
                    ssl->in_msg, ssl->in_msglen );
+#endif
 
     /*
      * Authenticate if not done yet.

From 6331cb060726bcab7df4f3235e6a1fa6d6eaf706 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 10 Jul 2018 11:48:42 +0100
Subject: [PATCH 201/578] Fix some whitespace issues in ChangeLog and
 CMakeLists.txt

Stray tab in library/CMakeLists.txt and incorrect formatting in ChangeLog.
---
 ChangeLog              | 4 ++--
 library/CMakeLists.txt | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 44533d2ae..a1d7c8b06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,8 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 Features
    * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
-   authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
-   Daniel King (#485).
+     authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
+     Daniel King (#485).
 
 Bugfix
    * Fix the key_app_writer example which was writing a leading zero byte which
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 28ce0229b..4aba062bc 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -109,7 +109,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
 endif()
 
 if(HAIKU)
-	set(libs ${libs} network)
+    set(libs ${libs} network)
 endif(HAIKU)
 
 if(USE_PKCS11_HELPER_LIBRARY)

From 231d7e56691e1962f6950126c5ab208e4ce9f055 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 10 Jul 2018 11:56:19 +0100
Subject: [PATCH 202/578] Add ChangeLog entry for PR #1567.

ChangeLog entry for platform support for the Haiku OS. PR #1567.
---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index a1d7c8b06..9195fac90 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,8 @@ Features
    * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
      authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
      Daniel King (#485).
+   * Add platform support for the Haiku OS. (https://www.haiku-os.org).
+     Contributed by Augustin Cavalier.
 
 Bugfix
    * Fix the key_app_writer example which was writing a leading zero byte which

From 00af447ba814c9a6323c775f455034fdd9be62af Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 10 Jul 2018 15:35:43 +0100
Subject: [PATCH 203/578] Add ChangeLog entry for PR #536

---
 ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 77bce4ffe..305eef60b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,11 @@ Features
      Daniel King (#485).
    * Add platform support for the Haiku OS. (https://www.haiku-os.org).
      Contributed by Augustin Cavalier.
+   * Make the receive and transmit buffers independent sizes, for situations
+     where the outgoing buffer can be fixed at a smaller size than the incoming
+     buffer, which can save some RAM. If buffer lengths are kept equal, there
+     is no functional difference. Contributed by Angus Gratton, and also
+     independently contributed again by Paul Sokolovsky.
 
 Bugfix
    * Fix the key_app_writer example which was writing a leading zero byte which

From 4b9a3addb6c9a3d4f6b01d3a71f08b3b2b392dba Mon Sep 17 00:00:00 2001
From: Simon Butcher <simonb@redtangent.net>
Date: Tue, 10 Jul 2018 20:18:29 +0100
Subject: [PATCH 204/578] Disable use of the i386 assembly for option -O0

We don't compile in the assembly code if compiler optimisations are disabled as
the number of registers used in the assembly code doesn't work with the -O0
option. Also anyone select -O0 probably doesn't want to compile in the assembly
code anyway.
---
 include/mbedtls/bn_mul.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index e04926043..438aa8cea 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -49,7 +49,14 @@
 /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
 #if defined(__GNUC__) && \
     ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-#if defined(__i386__)
+
+/*
+ * Disable use of the i386 assembly code below if option -O0, to disable all
+ * compiler optimisations, is passed, detected with __OPTIMIZE__
+ * This is done as the number of registers used in the assembly code doesn't
+ * work with the -O0 option.
+ */
+#if defined(__i386__) && !defined(__OPTIMIZE__)
 
 #define MULADDC_INIT                        \
     asm(                                    \

From 8744a023577e8d53fbc2aee9e3620b47b6d1d8ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 11 Jul 2018 12:30:40 +0200
Subject: [PATCH 205/578] Clarify a few comments

The "+" sign could be misinterpreted as addition.
---
 library/ssl_tls.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c6e5f9702..9f323c0a7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1442,7 +1442,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
          */
         if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
         {
-            /* GCM and CCM: concatenate fixed + explicit (=seqnum) */
+            /* GCM and CCM: fixed || explicit (=seqnum) */
             memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
             memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 );
             memcpy( ssl->out_iv, ssl->out_ctr, 8 );
@@ -1450,7 +1450,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
         }
         else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
         {
-            /* ChachaPoly: XOR fixed + sequence number */
+            /* ChachaPoly: fixed XOR sequence number */
             unsigned char i;
 
             memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
@@ -1745,14 +1745,14 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
          */
         if( transform->ivlen == 12 && transform->fixed_ivlen == 4 )
         {
-            /* GCM and CCM: concatenate fixed + explicit (transmitted) */
+            /* GCM and CCM: fixed || explicit (transmitted) */
             memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
             memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 );
 
         }
         else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 )
         {
-            /* ChachaPoly: XOR fixed + sequence number */
+            /* ChachaPoly: fixed XOR sequence number */
             unsigned char i;
 
             memcpy( iv, transform->iv_dec, transform->fixed_ivlen );

From 0e2c07e83e6d2b5b82d00b85483a1dbc11c1ca56 Mon Sep 17 00:00:00 2001
From: Dawid Drozd <dawid.drozd@mobica.com>
Date: Wed, 11 Jul 2018 15:16:53 +0200
Subject: [PATCH 206/578] Remove unnecessary mark as unused #1098

`ret` is used always at line 1305 in statement:
`if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )`
---
 library/pkparse.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/library/pkparse.c b/library/pkparse.c
index ccb7f5409..d6ac987e2 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1261,7 +1261,6 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
         return( ret );
 #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
 #else
-    ((void) ret);
     ((void) pwd);
     ((void) pwdlen);
 #endif /* MBEDTLS_PEM_PARSE_C */

From a47911cb70d1ff82f43bf7f3497dcda2340362f9 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 4 Jul 2018 17:41:58 +0200
Subject: [PATCH 207/578] Fix memory leak in ssl_setup

---
 library/ssl_tls.c | 40 +++++++++++++++++++++++++++++++++-------
 1 file changed, 33 insertions(+), 7 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 185f35ad1..f4a34b17c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5671,27 +5671,30 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
                        const mbedtls_ssl_config *conf )
 {
-    int ret;
+    int err;
+    const size_t len = MBEDTLS_SSL_BUFFER_LEN;
 
     ssl->conf = conf;
 
     /*
      * Prepare base structures
      */
+    ssl->out_buf = NULL; /* Set to NULL in case of an error condition */
+
     ssl->in_buf = mbedtls_calloc( 1, MBEDTLS_SSL_IN_BUFFER_LEN );
     if( ssl->in_buf == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_IN_BUFFER_LEN) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        err = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        goto error;
     }
 
     ssl->out_buf = mbedtls_calloc( 1, MBEDTLS_SSL_OUT_BUFFER_LEN );
     if( ssl->out_buf == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_OUT_BUFFER_LEN) );
-        mbedtls_free( ssl->in_buf );
-        ssl->in_buf = NULL;
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+        err = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        goto error;
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -5725,10 +5728,33 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
         ssl->in_msg = ssl->in_buf + 13;
     }
 
-    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
-        return( ret );
+    if( ( err = ssl_handshake_init( ssl ) ) != 0 )
+        goto error;
 
     return( 0 );
+
+error:
+    mbedtls_free( ssl->in_buf );
+    mbedtls_free( ssl->out_buf );
+
+    ssl->conf = NULL;
+
+    ssl->in_buf = NULL;
+    ssl->out_buf = NULL;
+
+    ssl->in_hdr = NULL;
+    ssl->in_ctr = NULL;
+    ssl->in_len = NULL;
+    ssl->in_iv = NULL;
+    ssl->in_msg = NULL;
+
+    ssl->out_hdr = NULL;
+    ssl->out_ctr = NULL;
+    ssl->out_len = NULL;
+    ssl->out_iv = NULL;
+    ssl->out_msg = NULL;
+
+    return( err );
 }
 
 /*

From 21feae58cbc66c675e7ccf40ae1037ec7111cbd1 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Mon, 9 Jul 2018 14:42:35 +0200
Subject: [PATCH 208/578] Update change log

---
 ChangeLog         | 5 +++++
 library/ssl_tls.c | 1 -
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 305eef60b..115f56ec8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Security
+   * Fix a potential memory leak in mbedtls_ssl_setup( ) function. An allocation
+     failure could leave an unreleased buffer. A handshake init failure would
+     lead to leaving two unreleased buffers.
+
 Features
    * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
      authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed by
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f4a34b17c..661263abd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5672,7 +5672,6 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
                        const mbedtls_ssl_config *conf )
 {
     int err;
-    const size_t len = MBEDTLS_SSL_BUFFER_LEN;
 
     ssl->conf = conf;
 

From 830ce11ebaad029b06d06fcad1e39a67d1cd1b60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 11 Jul 2018 18:27:08 +0200
Subject: [PATCH 209/578] Clarify attack conditions in the ChangeLog.

Referring to the previous entry could imply that the current one was limited
to SHA-384 too, which it isn't.
---
 ChangeLog | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e6a5368e6..e4a05c79f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,10 +19,13 @@ Security
    * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
      1.2, that allowed a local attacker, able to execute code on the local
      machine as well as manipulate network packets, to partially recover the
-     plaintext of messages under some conditions (see previous entry) by using
-     a cache attack targetting an internal MD/SHA buffer. Connections using
-     GCM or CCM instead of CBC or using Encrypt-then-Mac (RFC 7366) were not
-     affected. Found by Kenny Paterson, Eyal Ronen and Adi Shamir.
+     plaintext of messages under some conditions by using a cache attack
+     targetting an internal MD/SHA buffer. With TLS or if
+     mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only worked if
+     the same secret (for example a HTTP Cookie) has been repeatedly sent over
+     connections manipulated by the attacker. Connections using GCM or CCM
+     instead of CBC or using Encrypt-then-Mac (RFC 7366) were not affected.
+     Found by Kenny Paterson, Eyal Ronen and Adi Shamir.
    * Add a counter-measure against a vulnerability in TLS ciphersuites based
      on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
      execute code on the local machine as well as manipulate network packets,

From 6ca436a4576c6b3a02c05fbfaefd159fd999daf2 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Mon, 16 Jul 2018 12:20:10 +0200
Subject: [PATCH 210/578] Update change log

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 9ee82c685..6aeacf128 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@ Security
      a non DER-compliant certificate correctly signed by a trusted CA, or a
      trusted CA with a non DER-compliant certificate. Found by luocm on GitHub.
      Fixes #825.
+   * Fix an issue in the X.509 module which could lead to a buffer overread
+     during certificate extensions parsing. In case of receiving malformed
+     input (extensions length field equal to 0), an illegal read of one byte
+     beyond the input buffer is made. Found and analyzed by Nathan Crandall.
 
 Features
    * Add option MBEDTLS_AES_FEWER_TABLES to dynamically compute 3/4 of the AES tables

From 00115034ea00d8df8d3c009c4e76e98cb1dd893d Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Tue, 17 Jul 2018 11:21:50 +0300
Subject: [PATCH 211/578] Repharse comments

Rephrase comments to clarify them.
---
 include/mbedtls/ssl.h | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4c9f9e839..8b6e0491e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2746,10 +2746,16 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss
  *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
  *                 arguments are otherwise invalid.
  *
- * \note           Only the server certificate is copied, and not the chain
- *                 but this is not a problem because the result of the chain
- *                 verification is stored in `verify_result` and can be checked
- *                 with \c mbedtls_ssl_get_verify_result().
+ * \note           Only the server certificate is copied, and not the full chain,
+ *                 so you should not attempt to validate the certificate again
+ *                 by calling \c mbedtls_x509_crt_verify() on it.
+ *                 Instead, you should use the results from the verification
+ *                 in the original handshake by calling \c mbedtls_ssl_get_verify_result()
+ *                 after loading the session again into a new SSL context
+ *                 using \c mbedtls_ssl_set_session().
+ *
+ * \note           Once the session object is not needed anymore, you should
+ *                 free it by calling \c mbedtls_ssl_session_free().
  *
  * \sa             mbedtls_ssl_set_session()
  */
@@ -3027,6 +3033,9 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
  * \brief          Free referenced items in an SSL session including the
  *                 peer certificate and clear memory
  *
+ * \note           A session object can be freed even if the SSL context
+ *                 that was used to retrieve the session is still in use.
+ *
  * \param session  SSL session
  */
 void mbedtls_ssl_session_free( mbedtls_ssl_session *session );

From ca33cafab0e3f51c1ab2323020c0f2c80d7705f9 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Wed, 18 Jul 2018 17:52:14 +0100
Subject: [PATCH 212/578] Add definition of purpose and use of networking
 module

The purpose of the networking module can sometimes be misunderstood. This adds
a definition and explanation of what the networking module is and what it can be
used for.
---
 include/mbedtls/net_sockets.h | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 0f9b31ebc..dd7dc6733 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -1,7 +1,22 @@
 /**
  * \file net_sockets.h
  *
- * \brief Network communication functions
+ * \brief   Network sockets abstraction layer to integrate Mbed TLS into a
+ *          BSD-style sockets API.
+ *
+ *          The network sockets module provides an example integration of the
+ *          Mbed TLS library into a BSD sockets implementation. The module is
+ *          intended to be both an example of how Mbed TLS can be integrated
+ *          into a networking stack, and also act as Mbed TLS's integration on
+ *          the supported platforms.
+ *
+ *          The module is intended only for the use of the Mbed TLS library and
+ *          is not intended to be used by third party application software.
+ *
+ *          The supported platforms are as follows:
+ *              * Microsoft Windows and Windows CE
+ *              * POSIX/Unix platforms including Linux, OS X
+ *
  */
 /*
  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved

From 4f37bcabf959010bb5bacd0172b518de3b39507e Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 19 Jul 2018 19:52:32 +0100
Subject: [PATCH 213/578] Fix ChangeLog entry for issue #1663

The ChangeLog entry was under the wrong version, and under Changes, not
BugFixes.
---
 ChangeLog | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3e1cd45c1..b31fd45de 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -58,6 +58,8 @@ Bugfix
    * Fix compilation warnings with IAR toolchain, on 32 bit platform.
      Reported by rahmanih in #683
    * Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
+   * Added length checks to some TLS parsing functions. Found and fixed by
+     Philippe Antoine from Catena cyber. #1663.
 
 Changes
    * Changed CMake defaults for IAR to treat all compiler warnings as errors.
@@ -90,9 +92,6 @@ Changes
    * Support TLS testing in out-of-source builds using cmake. Fixes #1193.
    * Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by
      TrinityTonic. #1359.
-   * Adds of lengths checks in different functions (not a security issue as
-     original buffer is overgrown) thanks to Philippe Antoine from Catena
-     cyber. #1663.
 
 = mbed TLS 2.9.0 branch released 2018-04-30
 

From 7c1258dc783933b60a6aea8b0144e92a1c820951 Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Fri, 20 Jul 2018 16:42:14 +0100
Subject: [PATCH 214/578] all.sh: Return error on keep-going failure

When calling all.sh from a script and using "--keep-going", errors were
sometimes missed due to all.sh always returning 0 "success" return code.
Return 1 if there is any failure encountered during a "keep-going" run.
---
 tests/scripts/all.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e1cf3597..b8cca1c6a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -339,6 +339,7 @@ $text"
             echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
             echo "${start_red}FAILED: $failure_count${end_color}$failure_summary"
             echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+            exit 1
         elif [ -z "${1-}" ]; then
             echo "SUCCESS :)"
         fi

From 7870ec12c468ca65511b9865ce85200f6e77063e Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Fri, 20 Jul 2018 19:39:10 +0100
Subject: [PATCH 215/578] Add API/ABI section to CONTRIBUTING.md

Added a section on API/ABI compatibility on the development branch to the
CONTRIBUTING.md guidelines. Also added to the testing section, refined the LTS
section and changed some formatting for consistency.
---
 CONTRIBUTING.md | 62 ++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 49 insertions(+), 13 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 2257a615d..e79feaa3c 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,11 +5,13 @@ We gratefully accept bug reports and contributions from the community. There are
  - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
  - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
 
+
 Contributor License Agreement (CLA)
 -----------------------------------
 - All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
 - To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
 
+
 Coding Standards
 ----------------
 - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections.
@@ -17,6 +19,7 @@ Coding Standards
 - The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs.
 - The code should be secure, and will be reviewed from a security point of view as well.
 
+
 Making a Contribution
 ---------------------
 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
@@ -26,41 +29,74 @@ Making a Contribution
 1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
 1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
 
+
+API/ABI Compatibility
+---------------------
+
+API compatibility is maintained between versions of Mbed TLS on the main development branch. This is to ensure that when users of the library upgrade to a newer version of the library, there will be no API changes that may cause their code to fail to compile and it will not be necessary for them to make any changes to their own code.
+
+Where changes to the interface are necessary, functions in the public interface which need to be removed or replaced will be marked as 'deprecated', with the preprocessor symbols `MBEDTLS_DEPRECATED_WARNING` and `MBEDTLS_DEPRECATED_REMOVED`. Therefore when a build is made with those symbols defined, a compiler warning will be generated to warn a user that the function will be removed at some point in the future.
+
+It is also desirable to preserve ABI compatibility on the main development branch, and generally ABI changes need to be justifiable by enhancement and new features, to extend the interface. This is to again minimise the impact on users upgrading to newer versions of the library.
+
+As a consequence, this means there can be no change to the definition of functions in the public API, nor removal of elements in structs that make up part of the public interface. Instead if a function needs to be changed, a new function needs to be created alongside it, with a new name, and whatever change is necessary, such as a new parameter or the addition of a return value.
+
+Periodically, the library will remove deprecated functions from the library which will be a breaking change in the API, but such changes will be made only in a planned, structured wat that gives sufficient notice to users of the library.
+
+
 Long Term Support Branches
 --------------------------
-Mbed TLS maintains several LTS (Long Term Support) branches, which are maintained continuously for a given period. The LTS branches are provided to allow users of the library to have a maintained version of the library which contains security fixes and fixes for other defects, without encountering any API changes or requiring changes in their own code. To allow users to take advantage of the LTS branches, these branches maintain backwards compatibility for both the public API and ABI.
+Mbed TLS maintains several LTS (Long Term Support) branches, which are maintained continuously for a given period. The LTS branches are provided to allow users of the library to have a maintained, stable version of the library which contains only security fixes and fixes for other defects, without encountering additional features or API extensions which may introduce issues or change the code size or RAM usage, which can be significant considerations on some platforms. To allow users to take advantage of the LTS branches, these branches maintain backwards compatibility for both the public API and ABI.
 
 When backporting to these branches please observe the following rules:
 
- 1. Generally, all changes to the library which change the API cannot be backported.
- 2. All bug fixes must be backported to the LTS branches if they correct a defect in an LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
- 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to scripts.
+ 1. Any change to the library which changes the API or ABI cannot be backported.
 
-It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development).
+ 2. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
+
+ 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to build or test scripts.
+
+It would be highly appreciated if contributions are backported to LTS branches
+in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
 
 Currently maintained LTS branches are:
 
 1. [mbedtls-2.1](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.1)
-1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
+
+2. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
+
 
 Tests
 -----
-As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist.  
-Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
+As mentioned, tests that show the correctness of the feature or bug fix should be added to the pull request, if no such tests exist.
+
+Mbed TLS includes a comprehensive set of test suites in the `tests/` directory that are dynamically generated to produce the actual test source files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
+
+A test script `tests/scripts/basic-build-test.sh` is available to show test
+coverage of the library. New code contributions should provide a similar level
+of code coverage to that which already exists for the library.
 
 Sample applications, if needed, should be modified as well.
 
+
 Continuous Integration Tests
 ----------------------------
-Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures. 
+Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures.
+
 It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
 
+
 Documentation
 -------------
 Mbed TLS should be well documented. If documentation is needed, speak out!
 
 1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation.
-1. Complex parts in the code should include comments.
-1. If needed, a Readme file is advised.
-1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
-1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
+
+2. Complex parts in the code should include comments.
+
+3. If needed, a Readme file is advised.
+
+4. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
+
+5. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
+

From b512bc1d29674a67bddb3ecec4a557e271ab3253 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Tue, 19 Jun 2018 15:57:50 +1000
Subject: [PATCH 216/578] CBC mode: Allow zero-length message fragments (100%
 padding)

Fixes https://github.com/ARMmbed/mbedtls/issues/1632
---
 ChangeLog         |  5 +++++
 library/ssl_tls.c | 14 +++++++-------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a7e6288ee..3b4566064 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,11 @@ Bugfix
      i386 with SSE2. Found by László Langó. Fixes #1550
    * Fix namespacing in header files. Remove the `mbedtls` namespacing in
      the `#include` in the header files. Resolves #857
+   * Fix decryption of zero length messages (all padding) in some circumstances:
+     DTLS 1.0 and 1.2, and CBC ciphersuites using encrypt-then-MAC. Most often
+     seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
+     (#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
+     Systems.
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1c35f0dec..a82ef3357 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1979,28 +1979,28 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
              * and fake check up to 256 bytes of padding
              */
             size_t pad_count = 0, real_count = 1;
-            size_t padding_idx = ssl->in_msglen - padlen - 1;
+            size_t padding_idx = ssl->in_msglen - padlen;
             size_t i;
 
             /*
              * Padding is guaranteed to be incorrect if:
-             *   1. padlen >= ssl->in_msglen
+             *   1. padlen > ssl->in_msglen
              *
-             *   2. padding_idx >= MBEDTLS_SSL_IN_CONTENT_LEN +
+             *   2. padding_idx > MBEDTLS_SSL_IN_CONTENT_LEN +
              *                     ssl->transform_in->maclen
              *
              * In both cases we reset padding_idx to a safe value (0) to
              * prevent out-of-buffer reads.
              */
-            correct &= ( ssl->in_msglen >= padlen + 1 );
-            correct &= ( padding_idx < MBEDTLS_SSL_IN_CONTENT_LEN +
+            correct &= ( padlen <= ssl->in_msglen );
+            correct &= ( padding_idx <= MBEDTLS_SSL_IN_CONTENT_LEN +
                                        ssl->transform_in->maclen );
 
             padding_idx *= correct;
 
-            for( i = 1; i <= 256; i++ )
+            for( i = 0; i < 256; i++ )
             {
-                real_count &= ( i <= padlen );
+                real_count &= ( i < padlen );
                 pad_count += real_count *
                              ( ssl->in_msg[padding_idx + i] == padlen - 1 );
             }

From 34817929ea8716ff212b71b5a59e2307b4696321 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Tue, 19 Jun 2018 15:58:22 +1000
Subject: [PATCH 217/578] TLSv1.2: Treat zero-length fragments as invalid,
 unless they are application data

TLS v1.2 explicitly disallows other kinds of zero length fragments (earlier standards
don't mention zero-length fragments at all).
---
 library/ssl_tls.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a82ef3357..b7c8881fb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2133,6 +2133,16 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
 
     if( ssl->in_msglen == 0 )
     {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3
+            && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
+        {
+            /* TLS v1.2 explicitly disallows zero-length messages which are not application data */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
         ssl->nb_zero++;
 
         /*

From 1a7a17e5484b3f634c0341905f474ac148b9adfc Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Wed, 20 Jun 2018 15:43:50 +1000
Subject: [PATCH 218/578] Check for invalid short Alert messages

(Short Change Cipher Spec & Handshake messages are already checked for.)
---
 ChangeLog         |  2 ++
 library/ssl_tls.c | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 3b4566064..98ebd2d65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -39,6 +39,8 @@ Bugfix
      seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
      (#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
      Systems.
+   * Fail when receiving a TLS alert message with an invalid length, or invalid
+     zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b7c8881fb..f1856e278 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4187,6 +4187,16 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
 
     if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
     {
+        if( ssl->in_msglen != 2 )
+        {
+            /* Note: Standard allows for more than one 2 byte alert
+               to be packed in a single message, but Mbed TLS doesn't
+               currently support this. */
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
+                           ssl->in_msglen ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
                        ssl->in_msg[0], ssl->in_msg[1] ) );
 

From ce6fbac247b3c44b4138fcd7ec3c36162371676e Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 4 Jul 2018 09:29:34 +0100
Subject: [PATCH 219/578] Fix ssl_client2 to send 0-length app data

---
 programs/ssl/ssl_client2.c | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 5d8969dbc..0dd9e3f7b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -246,8 +246,12 @@ int main( void )
     "    server_addr=%%s      default: given by name\n"     \
     "    server_port=%%d      default: 4433\n"              \
     "    request_page=%%s     default: \".\"\n"             \
-    "    request_size=%%d     default: about 34 (basic request)\n" \
-    "                        (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
+    "    request_size=%%d     default: about 34 (basic request)\n"           \
+    "                        (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n"  \
+    "                        If 0, in the first exchange only an empty\n"    \
+    "                        application data message is sent followed by\n" \
+    "                        a second non-empty message before attempting\n" \
+    "                        to read a response from the server\n"           \
     "    debug_level=%%d      default: 0 (disabled)\n"             \
     "    nbio=%%d             default: 0 (blocking I/O)\n"         \
     "                        options: 1 (non-blocking), 2 (added delays)\n"   \
@@ -1663,10 +1667,13 @@ send_request:
 
     if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
     {
-        for( written = 0, frags = 0; written < len; written += ret, frags++ )
+        written = 0;
+        frags = 0;
+
+        do
         {
             while( ( ret = mbedtls_ssl_write( &ssl, buf + written,
-                                              len - written ) ) <= 0 )
+                                              len - written ) ) < 0 )
             {
                 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                     ret != MBEDTLS_ERR_SSL_WANT_WRITE )
@@ -1686,7 +1693,11 @@ send_request:
 #endif
                 }
             }
+
+            frags++;
+            written += ret;
         }
+        while( written < len );
     }
     else /* Not stream, so datagram */
     {
@@ -1730,6 +1741,13 @@ send_request:
     mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n",
                     written, frags, (char *) buf );
 
+    /* Send a non-empty request if request_size == 0 */
+    if ( len == 0 )
+    {
+        opt.request_size = DFL_REQUEST_SIZE;
+        goto send_request;
+    }
+
     /*
      * 7. Read the HTTP response
      */

From 81f0633c165e8e60abff58a44d97b5b9f18fc0eb Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 4 Jul 2018 10:01:39 +0100
Subject: [PATCH 220/578] Add ChangeLog entry for empty app data fix

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 98ebd2d65..54d914573 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,6 +41,9 @@ Bugfix
      Systems.
    * Fail when receiving a TLS alert message with an invalid length, or invalid
      zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
+   * Fix ssl_client2 example to send application data with 0-length content
+     when the request_size argument is set to 0 as stated in the documentation.
+     Fixes #1833.
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.

From 4c761fab7f990a541cd8ab6d8948be3d04986f80 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 10 Jul 2018 20:08:04 +0100
Subject: [PATCH 221/578] Add test for empty app data records to ssl-opt.sh

---
 tests/ssl-opt.sh | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0f6153565..a1c7d0490 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1170,6 +1170,38 @@ run_test    "Fallback SCSV: enabled, max version, openssl client" \
             -s "received FALLBACK_SCSV" \
             -S "inapropriate fallback"
 
+# Test sending and receiving empty application data records
+
+run_test    "Encrypt then MAC: empty application data record" \
+            "$P_SRV auth_mode=none debug_level=4 etm=1" \
+            "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
+            0 \
+            -S "0000:  0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
+            -s "dumping 'input payload after decrypt' (0 bytes)" \
+            -c "0 bytes written in 1 fragments"
+
+run_test    "Default, no Encrypt then MAC: empty application data record" \
+            "$P_SRV auth_mode=none debug_level=4 etm=0" \
+            "$P_CLI auth_mode=none etm=0 request_size=0" \
+            0 \
+            -s "dumping 'input payload after decrypt' (0 bytes)" \
+            -c "0 bytes written in 1 fragments"
+
+run_test    "Encrypt then MAC, DTLS: empty application data record" \
+            "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
+            "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
+            0 \
+            -S "0000:  0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
+            -s "dumping 'input payload after decrypt' (0 bytes)" \
+            -c "0 bytes written in 1 fragments"
+
+run_test    "Default, no Encrypt then MAC, DTLS: empty application data record" \
+            "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
+            "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
+            0 \
+            -s "dumping 'input payload after decrypt' (0 bytes)" \
+            -c "0 bytes written in 1 fragments"
+
 ## ClientHello generated with
 ## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
 ## then manually twiddling the ciphersuite list.

From ccbd46435f455488f55b1fad124b0e25b7cf50cb Mon Sep 17 00:00:00 2001
From: Simon Butcher <simonb@redtangent.net>
Date: Sun, 22 Jul 2018 14:43:39 +0100
Subject: [PATCH 222/578] Increase the memory buffer size for ssl_server2.c

Newer features in the library have increased the overall RAM usage of the
library, when all features are enabled. ssl_server2.c, with all features enabled
was running out of memory for the ssl-opt.sh test 'Authentication: client
max_int chain, server required'.

This commit increases the memory buffer allocation for ssl_server2.c to allow
the test to work with all features enabled.
---
 programs/ssl/ssl_server2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3a413ad5e..26f023d7f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1212,7 +1212,7 @@ int main( int argc, char *argv[] )
     const char *alpn_list[ALPN_LIST_SIZE];
 #endif
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-    unsigned char alloc_buf[100000];
+    unsigned char alloc_buf[120000];
 #endif
 
     int i;

From 7a6da6ed5e3a3e139e8eec2bd7e1d60dee4cd55e Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Wed, 27 Jun 2018 21:52:54 +0100
Subject: [PATCH 223/578] Expand i386 all.sh tests to full config ASan builds

The i386 test builds were only building the default configuration and had
no address sanitisation. This commit expands the test configuration to the full
configuration in all.sh and builds with ASan for when the test suites are
executed.
---
 tests/scripts/all.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e6fd8cd0..034ca7dee 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -750,15 +750,19 @@ if uname -a | grep -F Linux >/dev/null; then
 fi
 
 if uname -a | grep -F x86_64 >/dev/null; then
-    msg "build: i386, make, gcc" # ~ 30s
+    msg "build: i386, make, gcc (ASan build)" # ~ 30s
     cleanup
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32'
+    cp "$CONFIG_H" "$CONFIG_BAK"
+    scripts/config.pl full
+    make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32 -fsanitize=address'
 
-    msg "test: i386, make, gcc"
+    msg "test: i386, make, gcc (ASan build)"
     make test
 
     msg "build: 64-bit ILP32, make, gcc" # ~ 30s
     cleanup
+    cp "$CONFIG_H" "$CONFIG_BAK"
+    scripts/config.pl full
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
 
     msg "test: 64-bit ILP32, make, gcc"

From 8e6a22ac3d8cb1820a0d6a258a2cdaf47ab9c8c5 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Fri, 20 Jul 2018 21:27:33 +0100
Subject: [PATCH 224/578] Add additional i386 tests to all.sh

Added an additional i386 test to all.sh, to allow one test with -O0 which
compiles out inline assembly, and one to test with -01 which includes the inline
assembly.
---
 tests/scripts/all.sh | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 034ca7dee..c12b33355 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -750,13 +750,24 @@ if uname -a | grep -F Linux >/dev/null; then
 fi
 
 if uname -a | grep -F x86_64 >/dev/null; then
-    msg "build: i386, make, gcc (ASan build)" # ~ 30s
+    # Build once with -O0, to compile out the i386 specific inline assembly
+    msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
     cleanup
     cp "$CONFIG_H" "$CONFIG_BAK"
     scripts/config.pl full
-    make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32 -fsanitize=address'
+    make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
 
-    msg "test: i386, make, gcc (ASan build)"
+    msg "test: i386, make, gcc -O0 (ASan build)"
+    make test
+
+    # Build again with -O1, to compile in the i386 specific inline assembly
+    msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
+    cleanup
+    cp "$CONFIG_H" "$CONFIG_BAK"
+    scripts/config.pl full
+    make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
+
+    msg "test: i386, make, gcc -O1 (ASan build)"
     make test
 
     msg "build: 64-bit ILP32, make, gcc" # ~ 30s

From e459f07b551aef3039c6efc65670a44329884949 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 23 Jul 2018 09:44:42 +0100
Subject: [PATCH 225/578] Correct logic to exclude i386 inline assenbly when
 -O0

The i386 MPI inline assembly code was being incorrectly included when
all compiler optimisation was disabled.
---
 include/mbedtls/bn_mul.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 438aa8cea..b587317d9 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -56,7 +56,7 @@
  * This is done as the number of registers used in the assembly code doesn't
  * work with the -O0 option.
  */
-#if defined(__i386__) && !defined(__OPTIMIZE__)
+#if defined(__i386__) && defined(__OPTIMIZE__)
 
 #define MULADDC_INIT                        \
     asm(                                    \

From cce68bec1d47bf985f75485df3b77a371679cea5 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 23 Jul 2018 14:26:09 +0100
Subject: [PATCH 226/578] Add a macro to define the memory size in
 ssl_server2.c

When MBEDTLS_MEMORY_BUFFER_ALLOC_C was defined, the sample ssl_server2.c was
using its own memory buffer for memory allocated by the library. The memory
used wasn't obvious, so this adds a macro for the memory buffer allocated to
make the allocated memory size more obvious and hence easier to configure.
---
 programs/ssl/ssl_server2.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 26f023d7f..7654a6446 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -97,6 +97,10 @@ int main( void )
 #include <windows.h>
 #endif
 
+/* Size of memory to be allocated for the heap, when using the library's memory
+ * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
+#define MEMORY_HEAP_SIZE        120000
+
 #define DFL_SERVER_ADDR         NULL
 #define DFL_SERVER_PORT         "4433"
 #define DFL_DEBUG_LEVEL         0
@@ -1212,7 +1216,7 @@ int main( int argc, char *argv[] )
     const char *alpn_list[ALPN_LIST_SIZE];
 #endif
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-    unsigned char alloc_buf[120000];
+    unsigned char alloc_buf[MEMORY_HEAP_SIZE];
 #endif
 
     int i;

From 5cf4d0694f74496fe9ad1985324eba6b4e3ea63c Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 23 Jul 2018 14:36:40 +0100
Subject: [PATCH 227/578] Refine the definition of net_sockets.h

Clarified the purport of net_socket.h to make its purpose clearer.
---
 include/mbedtls/net_sockets.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index dd7dc6733..9f07eeb4d 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -6,12 +6,13 @@
  *
  *          The network sockets module provides an example integration of the
  *          Mbed TLS library into a BSD sockets implementation. The module is
- *          intended to be both an example of how Mbed TLS can be integrated
- *          into a networking stack, and also act as Mbed TLS's integration on
- *          the supported platforms.
+ *          intended to be an example of how Mbed TLS can be integrated into a
+ *          networking stack, as well as to be Mbed TLS's network integration
+ *          for its supported platforms.
  *
- *          The module is intended only for the use of the Mbed TLS library and
- *          is not intended to be used by third party application software.
+ *          The module is intended only to be used with the Mbed TLS library and
+ *          is not intended to be used by third party application software
+ *          directly.
  *
  *          The supported platforms are as follows:
  *              * Microsoft Windows and Windows CE

From 10f9663fcb933421068efdec0ee24bcbd3e9af09 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 23 Jul 2018 16:10:36 +0100
Subject: [PATCH 228/578] Added clarification to CONTRIBUTING.md

Added rationale as to when API changes are permitted, and clarified why we
try to preserve the API/ABI.
---
 CONTRIBUTING.md | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index e79feaa3c..f55fc288e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,13 +5,11 @@ We gratefully accept bug reports and contributions from the community. There are
  - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
  - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
 
-
 Contributor License Agreement (CLA)
 -----------------------------------
 - All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
 - To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
 
-
 Coding Standards
 ----------------
 - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections.
@@ -19,7 +17,6 @@ Coding Standards
 - The code should be written in a portable generic way, that will benefit the whole community, and not only your own needs.
 - The code should be secure, and will be reviewed from a security point of view as well.
 
-
 Making a Contribution
 ---------------------
 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
@@ -29,20 +26,19 @@ Making a Contribution
 1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
 1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
 
-
 API/ABI Compatibility
 ---------------------
+The project aims to minimise the impact on users upgrading to newer versions of the library and it should not be necessary for a user to make any changes to their own code to work with a newer version of the library. Unless the user has made an active decision to use newer features, a newer generation of the library or a change has been necessary due to a security issue or other significant software defect, no modifications to their own code should be necessary. To achieve this, API compatibility is maintained between different versions of Mbed TLS on the main development branch and in LTS (Long Term Support) branches.
 
-API compatibility is maintained between versions of Mbed TLS on the main development branch. This is to ensure that when users of the library upgrade to a newer version of the library, there will be no API changes that may cause their code to fail to compile and it will not be necessary for them to make any changes to their own code.
+To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change.
 
-Where changes to the interface are necessary, functions in the public interface which need to be removed or replaced will be marked as 'deprecated', with the preprocessor symbols `MBEDTLS_DEPRECATED_WARNING` and `MBEDTLS_DEPRECATED_REMOVED`. Therefore when a build is made with those symbols defined, a compiler warning will be generated to warn a user that the function will be removed at some point in the future.
+Where changes to an existing interface are necessary, functions in the public interface which need to be changed, are marked as 'deprecated'. This is done with the preprocessor symbols `MBEDTLS_DEPRECATED_WARNING` and `MBEDTLS_DEPRECATED_REMOVED`. Then, a new function with a new name but similar if not identical behaviour to the original function containing the necessary changes should be created alongside the existing deprecated function.
 
-It is also desirable to preserve ABI compatibility on the main development branch, and generally ABI changes need to be justifiable by enhancement and new features, to extend the interface. This is to again minimise the impact on users upgrading to newer versions of the library.
+When a build is made with the deprecation preprocessor symbols defined, a compiler warning will be generated to warn a user that the function will be removed at some point in the future, notifying users that they should change from the older deprecated function to the newer function at their own convenience.
 
-As a consequence, this means there can be no change to the definition of functions in the public API, nor removal of elements in structs that make up part of the public interface. Instead if a function needs to be changed, a new function needs to be created alongside it, with a new name, and whatever change is necessary, such as a new parameter or the addition of a return value.
-
-Periodically, the library will remove deprecated functions from the library which will be a breaking change in the API, but such changes will be made only in a planned, structured wat that gives sufficient notice to users of the library.
+Therefore, no changes are permitted to the definition of functions in the public interface which will change the API. Instead the interface can only be changed by its extension. As described above, if a function needs to be changed, a new function needs to be created alongside it, with a new name, and whatever change is necessary, such as a new parameter or the addition of a return value.
 
+Periodically, the library will remove deprecated functions from the library which will be a breaking change in the API, but such changes will be made only in a planned, structured way that gives sufficient notice to users of the library.
 
 Long Term Support Branches
 --------------------------
@@ -78,17 +74,15 @@ of code coverage to that which already exists for the library.
 
 Sample applications, if needed, should be modified as well.
 
-
 Continuous Integration Tests
 ----------------------------
 Once a PR has been made, the Continuous Integration (CI) tests are triggered and run. You should follow the result of the CI tests, and fix failures.
 
 It is advised to enable the [githooks scripts](https://github.com/ARMmbed/mbedtls/tree/development/tests/git-scripts) prior to pushing your changes, for catching some of the issues as early as possible.
 
-
 Documentation
 -------------
-Mbed TLS should be well documented. If documentation is needed, speak out!
+Mbed TLS is well documented, but if you think documentation is needed, speak out!
 
 1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation.
 

From 5a5d03f025dcd170e4580ca5c9c18a6fc85b2f8e Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 23 Jul 2018 16:16:04 +0100
Subject: [PATCH 229/578] Add test guidelines to CONTRIBUTING.md

---
 CONTRIBUTING.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f55fc288e..83e04f8ee 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -68,6 +68,8 @@ As mentioned, tests that show the correctness of the feature or bug fix should b
 
 Mbed TLS includes a comprehensive set of test suites in the `tests/` directory that are dynamically generated to produce the actual test source files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
 
+[A knowledgebase article describing how to add additional tests is available on the Mbed TLS website](https://tls.mbed.org/kb/development/test_suites).
+
 A test script `tests/scripts/basic-build-test.sh` is available to show test
 coverage of the library. New code contributions should provide a similar level
 of code coverage to that which already exists for the library.

From ca2ea4e217bab5fac250a256d4011899982332ba Mon Sep 17 00:00:00 2001
From: Brian J Murray <bmurray7jhu@gmail.com>
Date: Fri, 6 Jul 2018 10:03:58 -0700
Subject: [PATCH 230/578] Fix issue if salt = NULL and salt_len !=0 in
 mbedtls_hkdf_extract()

---
 library/hkdf.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/hkdf.c b/library/hkdf.c
index 41d7d8764..82d8a429f 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -62,6 +62,11 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
     {
         size_t hash_len;
 
+        if( salt_len != 0 )
+        {
+            return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
+        }
+
         hash_len = mbedtls_md_get_size( md );
 
         if( hash_len == 0 )

From 4736e96568b2991e5ff0b38af1d3a27773eec258 Mon Sep 17 00:00:00 2001
From: Brian J Murray <bmurray7jhu@gmail.com>
Date: Fri, 6 Jul 2018 10:05:22 -0700
Subject: [PATCH 231/578] add myself to changelog

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 44533d2ae..f56859ec5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,9 @@ Bugfix
      return value. Found by @davidwu2000. #839
    * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
      Philippe Antoine. Fixes #1623.
+   * Change the default behaviour of mbedtls_hkdf_extract() to return an error
+     when calling with a NULL salt and non-zero salt_len. Contributed by
+     Brian J Murray
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.

From 6965f771de04408d4050d75576c64b7188ecd3f1 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 23 Jul 2018 23:57:07 +0100
Subject: [PATCH 232/578] Fix use of Knowledge Base in documentation

Made the use of 'Knowledge Base' consistent in the CONTRIBUTING.md and
README.md files.
---
 CONTRIBUTING.md | 2 +-
 README.md       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 83e04f8ee..8fb8ab8fa 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -68,7 +68,7 @@ As mentioned, tests that show the correctness of the feature or bug fix should b
 
 Mbed TLS includes a comprehensive set of test suites in the `tests/` directory that are dynamically generated to produce the actual test source files (e.g. `test_suite_mpi.c`). These files are generated from a `function file` (e.g. `suites/test_suite_mpi.function`) and a `data file` (e.g. `suites/test_suite_mpi.data`). The function file contains the test functions. The data file contains the test cases, specified as parameters that will be passed to the test function.
 
-[A knowledgebase article describing how to add additional tests is available on the Mbed TLS website](https://tls.mbed.org/kb/development/test_suites).
+[A Knowledge Base article describing how to add additional tests is available on the Mbed TLS website](https://tls.mbed.org/kb/development/test_suites).
 
 A test script `tests/scripts/basic-build-test.sh` is available to show test
 coverage of the library. New code contributions should provide a similar level
diff --git a/README.md b/README.md
index ced36e192..6345848d2 100644
--- a/README.md
+++ b/README.md
@@ -82,7 +82,7 @@ Please note that setting `CFLAGS` overrides its default value of `-O2` and setti
 
 Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
 
-In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS knowledge base](https://tls.mbed.org/kb).
+In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS Knowledge Base](https://tls.mbed.org/kb).
 
 ### CMake
 
@@ -192,7 +192,7 @@ We provide some non-standard configurations focused on specific use cases in the
 Porting Mbed TLS
 ----------------
 
-Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
+Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following Knowledge Base articles useful:
 
 -   [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
 -   [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)

From 428cc52a73fc3b6ef934c7e4fe94222c30c3f52d Mon Sep 17 00:00:00 2001
From: Dawid Drozd <dawid.drozd@mobica.com>
Date: Tue, 24 Jul 2018 10:02:47 +0200
Subject: [PATCH 233/578] Allow to forward declare of public structs #1215

Thanks to forward declare we can declare `struct` in our header file instead making #include
---
 include/mbedtls/aes.h         | 4 ++--
 include/mbedtls/arc4.h        | 2 +-
 include/mbedtls/aria.h        | 2 +-
 include/mbedtls/bignum.h      | 2 +-
 include/mbedtls/blowfish.h    | 2 +-
 include/mbedtls/camellia.h    | 2 +-
 include/mbedtls/ccm.h         | 3 ++-
 include/mbedtls/chacha20.h    | 2 +-
 include/mbedtls/chachapoly.h  | 2 +-
 include/mbedtls/cipher.h      | 6 ++++--
 include/mbedtls/ctr_drbg.h    | 2 +-
 include/mbedtls/des.h         | 4 ++--
 include/mbedtls/dhm.h         | 2 +-
 include/mbedtls/ecdh.h        | 2 +-
 include/mbedtls/ecjpake.h     | 2 +-
 include/mbedtls/ecp.h         | 8 ++++----
 include/mbedtls/entropy.h     | 4 ++--
 include/mbedtls/gcm.h         | 3 ++-
 include/mbedtls/havege.h      | 2 +-
 include/mbedtls/hmac_drbg.h   | 2 +-
 include/mbedtls/md.h          | 3 ++-
 include/mbedtls/md2.h         | 2 +-
 include/mbedtls/md4.h         | 2 +-
 include/mbedtls/md5.h         | 2 +-
 include/mbedtls/net_sockets.h | 2 +-
 include/mbedtls/oid.h         | 3 ++-
 include/mbedtls/pem.h         | 2 +-
 include/mbedtls/pk.h          | 6 +++---
 include/mbedtls/pkcs11.h      | 3 ++-
 include/mbedtls/platform.h    | 3 ++-
 include/mbedtls/poly1305.h    | 2 +-
 include/mbedtls/ripemd160.h   | 2 +-
 include/mbedtls/rsa.h         | 2 +-
 include/mbedtls/sha1.h        | 2 +-
 include/mbedtls/sha256.h      | 2 +-
 include/mbedtls/sha512.h      | 2 +-
 include/mbedtls/ssl_cookie.h  | 2 +-
 include/mbedtls/ssl_ticket.h  | 4 ++--
 include/mbedtls/threading.h   | 2 +-
 include/mbedtls/timing.h      | 2 +-
 include/mbedtls/x509_crt.h    | 2 +-
 include/mbedtls/xtea.h        | 2 +-
 42 files changed, 60 insertions(+), 52 deletions(-)

diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index f6603d596..4c8dab315 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -79,7 +79,7 @@ extern "C" {
 /**
  * \brief The AES context-type definition.
  */
-typedef struct
+typedef struct mbedtls_aes_context
 {
     int nr;                     /*!< The number of rounds. */
     uint32_t *rk;               /*!< AES round keys. */
@@ -98,7 +98,7 @@ mbedtls_aes_context;
 /**
  * \brief The AES XTS context-type definition.
  */
-typedef struct
+typedef struct mbedtls_aes_xts_context
 {
     mbedtls_aes_context crypt; /*!< The AES context to use for AES block
                                         encryption or decryption. */
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index f11fc5be0..83a7461f3 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -53,7 +53,7 @@ extern "C" {
  *            security risk. We recommend considering stronger ciphers instead.
  *
  */
-typedef struct
+typedef struct mbedtls_arc4_context
 {
     int x;                      /*!< permutation index */
     int y;                      /*!< permutation index */
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index bae0621b2..4a79c1387 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -62,7 +62,7 @@ extern "C" {
 /**
  * \brief The ARIA context-type definition.
  */
-typedef struct
+typedef struct mbedtls_aria_context
 {
     unsigned char nr;           /*!< The number of rounds (12, 14 or 16) */
     /*! The ARIA round keys. */
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 31383b1eb..732ecbef1 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -177,7 +177,7 @@ extern "C" {
 /**
  * \brief          MPI structure
  */
-typedef struct
+typedef struct mbedtls_mpi
 {
     int s;              /*!<  integer sign      */
     size_t n;           /*!<  total # of limbs  */
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index 985faa43f..eea6882f7 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -55,7 +55,7 @@ extern "C" {
 /**
  * \brief          Blowfish context structure
  */
-typedef struct
+typedef struct mbedtls_blowfish_context
 {
     uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
     uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 7e4721af7..fa1e05ee7 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -51,7 +51,7 @@ extern "C" {
 /**
  * \brief          CAMELLIA context structure
  */
-typedef struct
+typedef struct mbedtls_camellia_context
 {
     int nr;                     /*!<  number of rounds  */
     uint32_t rk[68];            /*!<  CAMELLIA round keys    */
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 5d727e7cc..e1dc124b8 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -68,7 +68,8 @@ extern "C" {
  * \brief    The CCM context-type definition. The CCM context is passed
  *           to the APIs called.
  */
-typedef struct {
+typedef struct mbedtls_ccm_context
+{
     mbedtls_cipher_context_t cipher_ctx;    /*!< The cipher context used. */
 }
 mbedtls_ccm_context;
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 47bd7d38b..cfea40a57 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -52,7 +52,7 @@ extern "C" {
 
 #if !defined(MBEDTLS_CHACHA20_ALT)
 
-typedef struct
+typedef struct mbedtls_chacha20_context
 {
     uint32_t state[16];          /*! The state (before round operations). */
     uint8_t  keystream8[64];     /*! Leftover keystream bytes. */
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 42b2b230c..7de6f4e8c 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -60,7 +60,7 @@ mbedtls_chachapoly_mode_t;
 
 #include "chacha20.h"
 
-typedef struct
+typedef struct mbedtls_chachapoly_context
 {
     mbedtls_chacha20_context chacha20_ctx;  /**< The ChaCha20 context. */
     mbedtls_poly1305_context poly1305_ctx;  /**< The Poly1305 context. */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ea0ce983f..3ac17f6a0 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -235,7 +235,8 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
  * Cipher information. Allows calling cipher functions
  * in a generic way.
  */
-typedef struct {
+typedef struct mbedtls_cipher_info_t
+{
     /** Full cipher identifier. For example,
      * MBEDTLS_CIPHER_AES_256_CBC.
      */
@@ -276,7 +277,8 @@ typedef struct {
 /**
  * Generic cipher context.
  */
-typedef struct {
+typedef struct mbedtls_cipher_context_t
+{
     /** Information about the associated cipher. */
     const mbedtls_cipher_info_t *cipher_info;
 
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 3835d7299..3a4b7f3f1 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -108,7 +108,7 @@ extern "C" {
 /**
  * \brief          The CTR_DRBG context structure.
  */
-typedef struct
+typedef struct mbedtls_ctr_drbg_context
 {
     unsigned char counter[16];  /*!< The counter (V). */
     int reseed_counter;         /*!< The reseed counter. */
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 6eb7d03ba..91d16b6fb 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -61,7 +61,7 @@ extern "C" {
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-typedef struct
+typedef struct mbedtls_des_context
 {
     uint32_t sk[32];            /*!<  DES subkeys       */
 }
@@ -70,7 +70,7 @@ mbedtls_des_context;
 /**
  * \brief          Triple-DES context structure
  */
-typedef struct
+typedef struct mbedtls_des3_context
 {
     uint32_t sk[96];            /*!<  3DES subkeys      */
 }
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 75317a8e6..3e1178940 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -96,7 +96,7 @@ extern "C" {
 /**
  * \brief          The DHM context structure.
  */
-typedef struct
+typedef struct mbedtls_dhm_context
 {
     size_t len;         /*!<  The size of \p P in Bytes. */
     mbedtls_mpi P;      /*!<  The prime modulus. */
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 5fdf55a88..95f39805c 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -52,7 +52,7 @@ typedef enum
 /**
  * \brief           The ECDH context structure.
  */
-typedef struct
+typedef struct mbedtls_ecdh_context
 {
     mbedtls_ecp_group grp;   /*!< The elliptic curve used. */
     mbedtls_mpi d;           /*!< The private key. */
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index cc2b316f5..59d12f080 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -68,7 +68,7 @@ typedef enum {
  * convetion from the Thread v1.0 spec. Correspondance is indicated in the
  * description as a pair C: client name, S: server name
  */
-typedef struct
+typedef struct mbedtls_ecjpake_context
 {
     const mbedtls_md_info_t *md_info;   /**< Hash to use                    */
     mbedtls_ecp_group grp;              /**< Elliptic curve                 */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 3a407986d..ed1b9d736 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -92,7 +92,7 @@ typedef enum
 /**
  * Curve information, for use by other modules.
  */
-typedef struct
+typedef struct mbedtls_ecp_curve_info
 {
     mbedtls_ecp_group_id grp_id;    /*!< An internal identifier. */
     uint16_t tls_id;                /*!< The TLS NamedCurve identifier. */
@@ -111,7 +111,7 @@ typedef struct
  *                  Otherwise, \p X and \p Y are its standard (affine)
  *                  coordinates.
  */
-typedef struct
+typedef struct mbedtls_ecp_point
 {
     mbedtls_mpi X;          /*!< The X coordinate of the ECP point. */
     mbedtls_mpi Y;          /*!< The Y coordinate of the ECP point. */
@@ -156,7 +156,7 @@ mbedtls_ecp_point;
  * reduction. It must return 0 on success and non-zero on failure.
  *
  */
-typedef struct
+typedef struct mbedtls_ecp_group
 {
     mbedtls_ecp_group_id id;    /*!< An internal group identifier. */
     mbedtls_mpi P;              /*!< The prime modulus of the base field. */
@@ -251,7 +251,7 @@ mbedtls_ecp_group;
  * \note    Members are deliberately in the same order as in the
  *          ::mbedtls_ecdsa_context structure.
  */
-typedef struct
+typedef struct mbedtls_ecp_keypair
 {
     mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
     mbedtls_mpi d;              /*!<  our secret value                  */
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index a5cb05a58..ca06dc3c5 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -107,7 +107,7 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s
 /**
  * \brief           Entropy source state
  */
-typedef struct
+typedef struct mbedtls_entropy_source_state
 {
     mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
     void *          p_source;   /**< The callback data pointer */
@@ -120,7 +120,7 @@ mbedtls_entropy_source_state;
 /**
  * \brief           Entropy context structure
  */
-typedef struct
+typedef struct mbedtls_entropy_context
 {
     int accumulator_started;
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 87535ab95..d2098eb9f 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -53,7 +53,8 @@ extern "C" {
 /**
  * \brief          The GCM context structure.
  */
-typedef struct {
+typedef struct mbedtls_gcm_context
+{
     mbedtls_cipher_context_t cipher_ctx;  /*!< The cipher context used. */
     uint64_t HL[16];                      /*!< Precalculated HTable low. */
     uint64_t HH[16];                      /*!< Precalculated HTable high. */
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index d4cb3ed38..57e8c4094 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -35,7 +35,7 @@ extern "C" {
 /**
  * \brief          HAVEGE state structure
  */
-typedef struct
+typedef struct mbedtls_havege_state
 {
     int PT1, PT2, offset[2];
     int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 2608de859..3bc675ec7 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -74,7 +74,7 @@ extern "C" {
 /**
  * HMAC_DRBG context.
  */
-typedef struct
+typedef struct mbedtls_hmac_drbg_context
 {
     /* Working state: the key K is not stored explicitely,
      * but is implied by the HMAC context */
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 6b6f5c53d..bf2952498 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -80,7 +80,8 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
 /**
  * The generic message-digest context.
  */
-typedef struct {
+typedef struct mbedtls_md_context_t
+{
     /** Information about the associated message digest. */
     const mbedtls_md_info_t *md_info;
 
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index 08e75b247..a46bddb74 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -55,7 +55,7 @@ extern "C" {
  *                 stronger message digests instead.
  *
  */
-typedef struct
+typedef struct mbedtls_md2_context
 {
     unsigned char cksum[16];    /*!< checksum of the data block */
     unsigned char state[48];    /*!< intermediate digest state  */
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index 8ee4e5cab..1672e9074 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -56,7 +56,7 @@ extern "C" {
  *                 stronger message digests instead.
  *
  */
-typedef struct
+typedef struct mbedtls_md4_context
 {
     uint32_t total[2];          /*!< number of bytes processed  */
     uint32_t state[4];          /*!< intermediate digest state  */
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index 43ead4b74..4c9509010 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -55,7 +55,7 @@ extern "C" {
  *                 stronger message digests instead.
  *
  */
-typedef struct
+typedef struct mbedtls_md5_context
 {
     uint32_t total[2];          /*!< number of bytes processed  */
     uint32_t state[4];          /*!< intermediate digest state  */
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 0f9b31ebc..40f331737 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -68,7 +68,7 @@ extern "C" {
  * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
  * structures for hand-made UDP demultiplexing).
  */
-typedef struct
+typedef struct mbedtls_net_context
 {
     int fd;             /**< The underlying file descriptor                 */
 }
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 408645ece..bd4f179f6 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -388,7 +388,8 @@ extern "C" {
 /**
  * \brief Base OID descriptor structure
  */
-typedef struct {
+typedef struct mbedtls_oid_descriptor_t
+{
     const char *asn1;               /*!< OID ASN.1 representation       */
     size_t asn1_len;                /*!< length of asn1                 */
     const char *name;               /*!< official name (e.g. from RFC)  */
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index 2cf4c0a70..fa82f7bdb 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -51,7 +51,7 @@ extern "C" {
 /**
  * \brief       PEM context structure
  */
-typedef struct
+typedef struct mbedtls_pem_context
 {
     unsigned char *buf;     /*!< buffer for decoded data             */
     size_t buflen;          /*!< length of the buffer                */
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index ee06b2fd2..db54c6a6e 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -87,7 +87,7 @@ typedef enum {
  * \brief           Options for RSASSA-PSS signature verification.
  *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
  */
-typedef struct
+typedef struct mbedtls_pk_rsassa_pss_options
 {
     mbedtls_md_type_t mgf1_hash_id;
     int expected_salt_len;
@@ -107,7 +107,7 @@ typedef enum
 /**
  * \brief           Item to send to the debug module
  */
-typedef struct
+typedef struct mbedtls_pk_debug_item
 {
     mbedtls_pk_debug_type type;
     const char *name;
@@ -125,7 +125,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
 /**
  * \brief           Public key container
  */
-typedef struct
+typedef struct mbedtls_pk_context
 {
     const mbedtls_pk_info_t *   pk_info; /**< Public key informations        */
     void *                      pk_ctx;  /**< Underlying public key context  */
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
index bf65c55a7..02427ddc1 100644
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@@ -50,7 +50,8 @@ extern "C" {
 /**
  * Context for PKCS #11 private keys.
  */
-typedef struct {
+typedef struct mbedtls_pkcs11_context
+{
         pkcs11h_certificate_t pkcs11h_cert;
         int len;
 } mbedtls_pkcs11_context;
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 624cc642a..a40a64f9c 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -315,7 +315,8 @@ int mbedtls_platform_set_nv_seed(
  * \note    This structure may be used to assist platform-specific
  *          setup or teardown operations.
  */
-typedef struct {
+typedef struct mbedtls_platform_context
+{
     char dummy; /**< A placeholder member, as empty structs are not portable. */
 }
 mbedtls_platform_context;
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 54b50abc2..c490cdf2b 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -52,7 +52,7 @@ extern "C" {
 
 #if !defined(MBEDTLS_POLY1305_ALT)
 
-typedef struct
+typedef struct mbedtls_poly1305_context
 {
     uint32_t r[4];      /** The value for 'r' (low 128 bits of the key). */
     uint32_t s[4];      /** The value for 's' (high 128 bits of the key). */
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index a0dac0c36..0c8e568b9 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -46,7 +46,7 @@ extern "C" {
 /**
  * \brief          RIPEMD-160 context structure
  */
-typedef struct
+typedef struct mbedtls_ripemd160_context
 {
     uint32_t total[2];          /*!< number of bytes processed  */
     uint32_t state[5];          /*!< intermediate digest state  */
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 19eb2ee74..6eea5af2f 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -92,7 +92,7 @@ extern "C" {
  *          is deprecated. All manipulation should instead be done through
  *          the public interface functions.
  */
-typedef struct
+typedef struct mbedtls_rsa_context
 {
     int ver;                    /*!<  Always 0.*/
     size_t len;                 /*!<  The size of \p N in Bytes. */
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 65a124c94..7a19da0a4 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -58,7 +58,7 @@ extern "C" {
  *                 stronger message digests instead.
  *
  */
-typedef struct
+typedef struct mbedtls_sha1_context
 {
     uint32_t total[2];          /*!< The number of Bytes processed.  */
     uint32_t state[5];          /*!< The intermediate digest state.  */
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index adf31a82e..33aff2831 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -53,7 +53,7 @@ extern "C" {
  *                 checksum calculations. The choice between these two is
  *                 made in the call to mbedtls_sha256_starts_ret().
  */
-typedef struct
+typedef struct mbedtls_sha256_context
 {
     uint32_t total[2];          /*!< The number of Bytes processed.  */
     uint32_t state[8];          /*!< The intermediate digest state.  */
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 5bb83f43b..014589042 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -52,7 +52,7 @@ extern "C" {
  *                 checksum calculations. The choice between these two is
  *                 made in the call to mbedtls_sha512_starts_ret().
  */
-typedef struct
+typedef struct mbedtls_sha512_context
 {
     uint64_t total[2];          /*!< The number of Bytes processed. */
     uint64_t state[8];          /*!< The intermediate digest state. */
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index 80b65bbbb..6a0ad4fa9 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -50,7 +50,7 @@ extern "C" {
 /**
  * \brief          Context for the default cookie functions.
  */
-typedef struct
+typedef struct mbedtls_ssl_cookie_ctx
 {
     mbedtls_md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
 #if !defined(MBEDTLS_HAVE_TIME)
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 93ad46ac9..b2686df09 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -44,7 +44,7 @@ extern "C" {
 /**
  * \brief   Information for session ticket protection
  */
-typedef struct
+typedef struct mbedtls_ssl_ticket_key
 {
     unsigned char name[4];          /*!< random key identifier              */
     uint32_t generation_time;       /*!< key generation timestamp (seconds) */
@@ -55,7 +55,7 @@ mbedtls_ssl_ticket_key;
 /**
  * \brief   Context for session ticket handling functions
  */
-typedef struct
+typedef struct mbedtls_ssl_ticket_context
 {
     mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
     unsigned char active;           /*!< index of the currently active key  */
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index aeea5d0e1..d45d61361 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -42,7 +42,7 @@ extern "C" {
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
 #include <pthread.h>
-typedef struct
+typedef struct mbedtls_threading_mutex_t
 {
     pthread_mutex_t mutex;
     char is_valid;
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index bbcb90688..a965fe0d3 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -51,7 +51,7 @@ struct mbedtls_timing_hr_time
 /**
  * \brief          Context for mbedtls_timing_set/get_delay()
  */
-typedef struct
+typedef struct mbedtls_timing_delay_context
 {
     struct mbedtls_timing_hr_time   timer;
     uint32_t                        int_ms;
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index ac23cffe8..d41ec93a6 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -105,7 +105,7 @@ mbedtls_x509_crt;
  *
  * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
  */
-typedef struct
+typedef struct mbedtls_x509_crt_profile
 {
     uint32_t allowed_mds;       /**< MDs for signatures         */
     uint32_t allowed_pks;       /**< PK algs for signatures     */
diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h
index 8df708a3a..c70c3fe26 100644
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@@ -50,7 +50,7 @@ extern "C" {
 /**
  * \brief          XTEA context structure
  */
-typedef struct
+typedef struct mbedtls_xtea_context
 {
     uint32_t k[4];       /*!< key */
 }

From ecb635efca154a929039e9b40f212fed923f79e2 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 24 Jul 2018 10:03:41 +0100
Subject: [PATCH 234/578] Add ChangeLog entry for #1098 fix.

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 305eef60b..2b19e3547 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,9 @@ Bugfix
      by Brendan Shanks. Part of a fix for #992.
    * Fix compilation error when MBEDTLS_ARC4_C is disabled and
      MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
+   * Fix compiler warning of 'use before initialisation' in
+     mbedtls_pk_parse_key(). Found by Martin Boye Petersen and fixed by Dawid
+     Drozd. #1098
 
 Changes
    * Change the shebang line in Perl scripts to look up perl in the PATH.

From 463928a74b05219eb42f130eb94e1ea7a0d16821 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Tue, 24 Jul 2018 12:50:59 +0200
Subject: [PATCH 235/578] Fix code formatting

---
 library/x509_crt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 493d6334f..2e7701d4f 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -575,10 +575,10 @@ static int x509_get_crt_ext( unsigned char **p,
 
         /* Get extension ID */
         if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
-				  MBEDTLS_ASN1_OID ) ) != 0 )
+                                          MBEDTLS_ASN1_OID ) ) != 0 )
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
-	extn_oid.tag = MBEDTLS_ASN1_OID;
+        extn_oid.tag = MBEDTLS_ASN1_OID;
         extn_oid.p = *p;
         *p += extn_oid.len;
 
@@ -729,7 +729,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
 
     memcpy( p, buf, crt->raw.len );
 
-    // Direct pointers to the new buffer 
+    // Direct pointers to the new buffer
     p += crt->raw.len - len;
     end = crt_end = p + len;
 

From c9a5f02eabff9ee2440352b6c7fe084f713a6a27 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Tue, 24 Jul 2018 13:53:31 +0200
Subject: [PATCH 236/578] Move comment to a separate line

---
 library/ssl_tls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 661263abd..87af27402 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5678,7 +5678,9 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
     /*
      * Prepare base structures
      */
-    ssl->out_buf = NULL; /* Set to NULL in case of an error condition */
+
+    /* Set to NULL in case of an error condition */
+    ssl->out_buf = NULL;
 
     ssl->in_buf = mbedtls_calloc( 1, MBEDTLS_SSL_IN_BUFFER_LEN );
     if( ssl->in_buf == NULL )

From 05330541eaf9037c92706eea311e9f971da03193 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 24 Jul 2018 12:54:15 +0100
Subject: [PATCH 237/578] Revise ChangeLog entry for empty data records fixes

---
 ChangeLog | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e0e2ea952..8888f994b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,11 +37,12 @@ Bugfix
    * Fix compiler warning of 'use before initialisation' in
      mbedtls_pk_parse_key(). Found by Martin Boye Petersen and fixed by Dawid
      Drozd. #1098
-   * Fix decryption of zero length messages (all padding) in some circumstances:
-     DTLS 1.0 and 1.2, and CBC ciphersuites using encrypt-then-MAC. Most often
-     seen when communicating with OpenSSL using TLS 1.0. Reported by @kFYatek
-     (#1632) and by Conor Murphy on the forum. Fix contributed by Espressif
-     Systems.
+   * Fix decryption for zero length messages (which contain all padding) when a
+     CBC based ciphersuite is used together with Encrypt-then-MAC. Previously,
+     such a message was wrongly reported as an invalid record and therefore lead
+     to the connection being terminated. Seen most often with OpenSSL using
+     TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix
+     contributed by Espressif Systems. Fixes #1632
    * Fail when receiving a TLS alert message with an invalid length, or invalid
      zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
    * Fix ssl_client2 example to send application data with 0-length content

From 466a57fbbe5f88dd8ac0b4ff4b617296d728eacc Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 3 May 2018 16:54:28 +0300
Subject: [PATCH 238/578] Key wrapping API definition

Define the Key Wrapping API
---
 include/mbedtls/check_config.h |   5 +
 include/mbedtls/config.h       |  14 +++
 include/mbedtls/nist_kw.h      | 178 +++++++++++++++++++++++++++++++++
 library/version_features.c     |   6 ++
 4 files changed, 203 insertions(+)
 create mode 100644 include/mbedtls/nist_kw.h

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 4689f3a4d..9e6bb8a46 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -87,6 +87,11 @@
 #error "MBEDTLS_CMAC_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_NIST_KW_C) && \
+    ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
+#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
 #error "MBEDTLS_ECDH_C defined, but not all prerequisites"
 #endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 17208b589..70820be56 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -308,6 +308,7 @@
 //#define MBEDTLS_DHM_ALT
 //#define MBEDTLS_ECJPAKE_ALT
 //#define MBEDTLS_GCM_ALT
+//#define MBEDTLS_NIST_KW_ALT
 //#define MBEDTLS_MD2_ALT
 //#define MBEDTLS_MD4_ALT
 //#define MBEDTLS_MD5_ALT
@@ -2248,6 +2249,19 @@
  */
 #define MBEDTLS_HMAC_DRBG_C
 
+/**
+ * \def MBEDTLS_NIST_KW_C
+ *
+ * Enable the Key Wrapping mode for 128-bit block ciphers,
+ * as defined in NIST SP 800-38F. Only KW and KWP modes
+ * are supported. At the moment, only AES is approved by NIST.
+ *
+ * Module:  library/nist_kw.c
+ *
+ * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
+ */
+//#define MBEDTLS_NIST_KW_C
+
 /**
  * \def MBEDTLS_MD_C
  *
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
new file mode 100644
index 000000000..5a0f656a8
--- /dev/null
+++ b/include/mbedtls/nist_kw.h
@@ -0,0 +1,178 @@
+/**
+ * \file nist_kw.h
+ *
+ * \brief This file provides an API for key wrapping (KW) and key wrapping with
+ *        padding (KWP) as defined in NIST SP 800-38F.
+ *        https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
+ *
+ *        Key wrapping specifies a deterministic authenticated-encryption mode
+ *        of operation, according to <em>NIST SP 800-38F: Recommendation for
+ *        Block Cipher Modes of Operation: Methods for Key Wrapping</em>. Its
+ *        purpose is to protect cryptographic keys.
+ *
+ *        Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
+ *        https://tools.ietf.org/html/rfc3394
+ *        https://tools.ietf.org/html/rfc5649
+ *
+ */
+/*
+ *  Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_NIST_KW_H
+#define MBEDTLS_NIST_KW_H
+
+#include "cipher.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum
+{
+    MBEDTLS_KW_MODE_KW = 0,
+    MBEDTLS_KW_MODE_KWP = 1
+} mbedtls_nist_kw_mode_t;
+
+#if !defined(MBEDTLS_NIST_KW_ALT)
+// Regular implementation
+//
+
+/**
+ * \brief    The key wrapping context-type definition. The key wrapping context is passed
+ *           to the APIs called.
+ *
+ * \note     The definition of this type may change in future library versions.
+ *           Don't make any assumptions on this context!
+ */
+typedef struct {
+    mbedtls_cipher_context_t cipher_ctx;    /*!< The cipher context used. */
+} mbedtls_nist_kw_context;
+
+#else  /* MBEDTLS_NIST_key wrapping_ALT */
+#include "nist_kw_alt.h"
+#endif /* MBEDTLS_NIST_KW_ALT */
+
+/**
+ * \brief           This function initializes the specified key wrapping context
+ *                  to make references valid and prepare the context
+ *                  for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free().
+ *
+ * \param ctx       The key wrapping context to initialize.
+ *
+ */
+void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
+
+/**
+ * \brief           This function initializes the key wrapping context set in the
+ *                  \p ctx parameter and sets the encryption key.
+ *
+ * \param ctx       The key wrapping context.
+ * \param cipher    The 128-bit block cipher to use. Only AES is supported.
+ * \param key       The Key Encryption Key (KEK).
+ * \param keybits   The KEK size in bits. This must be acceptable by the cipher.
+ * \param is_wrap   Specify whether the operation within the context is wrapping or unwrapping
+ *
+ * \return          \c 0 on success.
+ * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input.
+ * \return          \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers
+ *                  which are not supported.
+ * \return          cipher-specific error code on failure of the underlying cipher.
+ */
+int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
+                            mbedtls_cipher_id_t cipher,
+                            const unsigned char *key,
+                            unsigned int keybits,
+                            const int is_wrap );
+
+/**
+ * \brief   This function releases and clears the specified key wrapping context
+ *          and underlying cipher sub-context.
+ *
+ * \param ctx       The key wrapping context to clear.
+ */
+void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
+
+/**
+ * \brief           This function encrypts a buffer using key wrapping.
+ *
+ * \param ctx       The key wrapping context to use for encryption.
+ * \param mode      The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
+ * \param input     The buffer holding the input data.
+ * \param in_len    The length of the input data in Bytes.
+ *                  The input uses units of 8 Bytes called semiblocks.
+ *                  <ul><li>For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive. </li>
+ *                  <li>For KWP mode: any length between 1 and 2^32-1 inclusive.</li></ul>
+ * \param[out] output    The buffer holding the output data.
+ *                  <ul><li>For KW mode: Must be at least 8 bytes larger than \p in_len.</li>
+ *                  <li>For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of
+ *                  8 bytes for KWP (15 bytes at most).</li></ul>
+ * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
+ * \param[in] out_size The capacity of the output buffer.
+ *
+ * \return          \c 0 on success.
+ * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
+ * \return          cipher-specific error code on failure of the underlying cipher.
+ */
+int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
+                          const unsigned char *input, size_t in_len,
+                          unsigned char *output, size_t* out_len, size_t out_size );
+
+/**
+ * \brief           This function decrypts a buffer using key wrapping.
+ *
+ * \param ctx       The key wrapping context to use for decryption.
+ * \param mode      The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
+ * \param input     The buffer holding the input data.
+ * \param in_len    The length of the input data in Bytes.
+ *                  The input uses units of 8 Bytes called semiblocks.
+ *                  The input must be a multiple of semiblocks.
+ *                  <ul><li>For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive. </li>
+ *                  <li>For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.</li></ul>
+ * \param[out] output    The buffer holding the output data.
+ *                  The output buffer's minimal length is 8 bytes shorter than \p in_len.
+ * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
+ *                  For KWP mode, the length could be up to 15 bytes shorter than \p in_len,
+ *                  depending on how much padding was added to the data.
+ * \param[in] out_size The capacity of the output buffer.
+ *
+ * \return          \c 0 on success.
+ * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
+ * \return          \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
+ * \return          cipher-specific error code on failure of the underlying cipher.
+ */
+int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
+                            const unsigned char *input, size_t in_len,
+                            unsigned char *output, size_t* out_len, size_t out_size);
+
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+/**
+ * \brief          The key wrapping checkup routine.
+ *
+ * \return         \c 0 on success.
+ * \return         \c 1 on failure.
+ */
+int mbedtls_nist_kw_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_NIST_KW_H */
diff --git a/library/version_features.c b/library/version_features.c
index b6135462f..777b6034c 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -126,6 +126,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_GCM_ALT)
     "MBEDTLS_GCM_ALT",
 #endif /* MBEDTLS_GCM_ALT */
+#if defined(MBEDTLS_NIST_KW_ALT)
+    "MBEDTLS_NIST_KW_ALT",
+#endif /* MBEDTLS_NIST_KW_ALT */
 #if defined(MBEDTLS_MD2_ALT)
     "MBEDTLS_MD2_ALT",
 #endif /* MBEDTLS_MD2_ALT */
@@ -618,6 +621,9 @@ static const char *features[] = {
 #if defined(MBEDTLS_HMAC_DRBG_C)
     "MBEDTLS_HMAC_DRBG_C",
 #endif /* MBEDTLS_HMAC_DRBG_C */
+#if defined(MBEDTLS_NIST_KW_C)
+    "MBEDTLS_NIST_KW_C",
+#endif /* MBEDTLS_NIST_KW_C */
 #if defined(MBEDTLS_MD_C)
     "MBEDTLS_MD_C",
 #endif /* MBEDTLS_MD_C */

From cb349ac27943c06283290a498653925995351572 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 15 Jul 2018 09:29:47 +0300
Subject: [PATCH 239/578] Implement the KW and KWP algorithm

1. Add kw to the Makefiles
2. Implement the algorithms as defined in SP800-38F, and RFC 3394.
---
 library/CMakeLists.txt         |   1 +
 library/Makefile               |  10 +-
 library/nist_kw.c              | 537 +++++++++++++++++++++++++++++++++
 visualc/VS2010/mbedTLS.vcxproj |   2 +
 4 files changed, 545 insertions(+), 5 deletions(-)
 create mode 100644 library/nist_kw.c

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 4aba062bc..70fff520a 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -40,6 +40,7 @@ set(src_crypto
     md5.c
     md_wrap.c
     memory_buffer_alloc.c
+    nist_kw.c
     oid.c
     padlock.c
     pem.c
diff --git a/library/Makefile b/library/Makefile
index b1597e0e5..ac88d4c3f 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -76,11 +76,11 @@ OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 		hkdf.o						\
 		hmac_drbg.o	md.o		md2.o		\
 		md4.o		md5.o		md_wrap.o	\
-		memory_buffer_alloc.o		oid.o		\
-		padlock.o	pem.o		pk.o		\
-		pk_wrap.o	pkcs12.o	pkcs5.o		\
-		pkparse.o	pkwrite.o	platform.o	\
-		platform_util.o	poly1305.o			\
+		memory_buffer_alloc.o		nist_kw.o	\
+		oid.o		padlock.o	pem.o		\
+		pk.o		pk_wrap.o	pkcs12.o	\
+		pkcs5.o		pkparse.o	pkwrite.o	\
+		platform.o	platform_util.o	poly1305.o	\
 		ripemd160.o	rsa_internal.o	rsa.o  		\
 		sha1.o		sha256.o	sha512.o	\
 		threading.o	timing.o	version.o	\
diff --git a/library/nist_kw.c b/library/nist_kw.c
new file mode 100644
index 000000000..b7790d73c
--- /dev/null
+++ b/library/nist_kw.c
@@ -0,0 +1,537 @@
+/*
+ *  Implementation of NIST SP 800-38F key wrapping, supporting KW and KWP modes
+ *  only
+ *
+ *  Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+/*
+ * Definition of Key Wrapping:
+ * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
+ * RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm"
+ * RFC 5649 "Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm"
+ *
+ * Note: RFC 3394 defines different methodology for intermediate operations for
+ * the wrapping and unwrapping operation than the definition in NIST SP 800-38F.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_NIST_KW_C)
+
+#include "mbedtls/nist_kw.h"
+#include "mbedtls/platform_util.h"
+
+#include <stdint.h>
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif /* MBEDTLS_PLATFORM_C */
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
+#if !defined(MBEDTLS_NIST_KW_ALT)
+
+#define KW_SEMIBLOCK_LENGTH    8
+#define MIN_SEMIBLOCKS_COUNT   3
+
+/* constant-time buffer comparison */
+static inline unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n )
+{
+    size_t i;
+    volatile const unsigned char *A = (volatile const unsigned char *) a;
+    volatile const unsigned char *B = (volatile const unsigned char *) b;
+    volatile unsigned char diff = 0;
+
+    for( i = 0; i < n; i++ )
+    {
+        /* Read volatile data in order before computing diff.
+         * This avoids IAR compiler warning:
+         * 'the order of volatile accesses is undefined ..' */
+        unsigned char x = A[i], y = B[i];
+        diff |= x ^ y;
+    }
+
+    return( diff );
+}
+
+/*! The 64-bit default integrity check value (ICV) for KW mode. */
+static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
+/*! The 32-bit default integrity check value (ICV) for KWP mode. */
+static const  unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
+
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i)                            \
+do {                                                    \
+    (n) = ( (uint32_t) (b)[(i)    ] << 24 )             \
+        | ( (uint32_t) (b)[(i) + 1] << 16 )             \
+        | ( (uint32_t) (b)[(i) + 2] <<  8 )             \
+        | ( (uint32_t) (b)[(i) + 3]       );            \
+} while( 0 )
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i)                            \
+do {                                                    \
+    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
+    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
+    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
+    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
+} while( 0 )
+#endif
+
+/*
+ * Initialize context
+ */
+void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx )
+{
+    memset( ctx, 0, sizeof( mbedtls_nist_kw_context ) );
+}
+
+int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
+                            mbedtls_cipher_id_t cipher,
+                            const unsigned char *key,
+                            unsigned int keybits,
+                            const int is_wrap )
+{
+    int ret;
+    const mbedtls_cipher_info_t *cipher_info;
+
+    cipher_info = mbedtls_cipher_info_from_values( cipher,
+                                                   keybits,
+                                                   MBEDTLS_MODE_ECB );
+    if( cipher_info == NULL )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    if( cipher_info->block_size != 16 )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+
+    /*
+     * SP 800-38F currently defines AES cipher as the only block cipher allowed:
+     * "For KW and KWP, the underlying block cipher shall be approved, and the
+     *  block size shall be 128 bits. Currently, the AES block cipher, with key
+     *  lengths of 128, 192, or 256 bits, is the only block cipher that fits
+     *  this profile."
+     *  Currently we don't support other 128 bit block ciphers for key wrapping,
+     *  such as Camellia and Aria.
+     */
+    if( cipher != MBEDTLS_CIPHER_ID_AES )
+        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+
+    mbedtls_cipher_free( &ctx->cipher_ctx );
+
+    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
+        return( ret );
+
+    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
+                                       is_wrap ? MBEDTLS_ENCRYPT :
+                                                 MBEDTLS_DECRYPT )
+                                                                   ) != 0 )
+    {
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+/*
+ * Free context
+ */
+void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx )
+{
+    mbedtls_cipher_free( &ctx->cipher_ctx );
+    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_nist_kw_context ) );
+}
+
+/*
+ * Helper function for Xoring the uint64_t "t" with the encrypted A.
+ * Defined in NIST SP 800-38F section 6.1
+ */
+static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
+{
+    size_t i = 0;
+    for( i = 0; i < sizeof( t ); i++ )
+    {
+        A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff;
+    }
+}
+
+/*
+ * KW-AE as defined in SP 800-38F section 6.2
+ * KWP-AE as defined in SP 800-38F section 6.3
+ */
+int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
+                          mbedtls_nist_kw_mode_t mode,
+                          const unsigned char *input, size_t in_len,
+                          unsigned char *output, size_t *out_len, size_t out_size )
+{
+    int ret = 0;
+    size_t semiblocks = 0;
+    size_t s;
+    size_t olen, padlen = 0;
+    uint64_t t = 0;
+    unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
+    unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
+    unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
+    unsigned char *A = output;
+
+    *out_len = 0;
+    /*
+     * Generate the String to work on
+     */
+    if( mode == MBEDTLS_KW_MODE_KW )
+    {
+        if( out_size < in_len + KW_SEMIBLOCK_LENGTH )
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        /*
+         * According to SP 800-38F Table 1, the plaintext length for KW
+         * must be between 2 to 2^54-1 semiblocks inclusive.
+         */
+        if( in_len < 16 ||
+#if SIZE_MAX > 0x1FFFFFFFFFFFFF8
+            in_len > 0x1FFFFFFFFFFFFF8 ||
+#endif
+            in_len % KW_SEMIBLOCK_LENGTH != 0 )
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        memcpy( output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH );
+        memmove( output + KW_SEMIBLOCK_LENGTH, input, in_len );
+    }
+    else
+    {
+        if( in_len % 8 != 0 )
+        {
+            padlen = ( 8 - ( in_len % 8 ) );
+        }
+
+        if( out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen )
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        /*
+         * According to SP 800-38F Table 1, the plaintext length for KWP
+         * must be between 1 and 2^32-1 octets inclusive.
+         */
+        if( in_len < 1
+#if SIZE_MAX > 0xFFFFFFFF
+            || in_len > 0xFFFFFFFF
+#endif
+          )
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
+        PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
+                       KW_SEMIBLOCK_LENGTH / 2 );
+
+        memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
+        memset( output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen );
+    }
+    semiblocks = ( ( in_len + padlen ) / KW_SEMIBLOCK_LENGTH ) + 1;
+
+    s = 6 * ( semiblocks - 1 );
+
+    if( mode == MBEDTLS_KW_MODE_KWP
+        && in_len <= KW_SEMIBLOCK_LENGTH )
+    {
+        memcpy( inbuff, output, 16 );
+        ret = mbedtls_cipher_update( &ctx->cipher_ctx,
+                                     inbuff, 16, output, &olen );
+        if( ret != 0 )
+            goto cleanup;
+    }
+    else
+    {
+        /*
+         * Do the wrapping function W, as defined in RFC 3394 section 2.2.1
+         */
+        if( semiblocks < MIN_SEMIBLOCKS_COUNT )
+        {
+            ret = MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+            goto cleanup;
+        }
+
+        /* Calculate intermediate values */
+        for( t = 1; t <= s; t++ )
+        {
+            memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
+            memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH );
+
+            ret = mbedtls_cipher_update( &ctx->cipher_ctx,
+                                         inbuff, 16, outbuff, &olen );
+            if( ret != 0 )
+                goto cleanup;
+
+            memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
+            calc_a_xor_t( A, t );
+
+            memcpy( R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
+            R2 += KW_SEMIBLOCK_LENGTH;
+            if( R2 >= output + ( semiblocks * KW_SEMIBLOCK_LENGTH ) )
+                R2 = output + KW_SEMIBLOCK_LENGTH;
+        }
+    }
+
+    *out_len = semiblocks * KW_SEMIBLOCK_LENGTH;
+
+cleanup:
+
+    if( ret != 0)
+    {
+        memset( output, 0, semiblocks * KW_SEMIBLOCK_LENGTH );
+    }
+    mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
+    mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
+    mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
+    return( ret );
+}
+
+/*
+ * W-1 function as defined in RFC 3394 section 2.2.2
+ * This function assumes the following:
+ * 1. Output buffer is at least of size ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH.
+ * 2. The input buffer is of size semiblocks * KW_SEMIBLOCK_LENGTH.
+ * 3. Minimal number of semiblocks is 3.
+ * 4. A is a buffer to hold the first semiblock of the input buffer.
+ */
+static int unwrap( mbedtls_nist_kw_context *ctx,
+                   const unsigned char *input, size_t semiblocks,
+                   unsigned char A[KW_SEMIBLOCK_LENGTH],
+                   unsigned char *output, size_t* out_len )
+{
+    int ret = 0;
+    const size_t s = 6 * ( semiblocks - 1 );
+    size_t olen;
+    uint64_t t = 0;
+    unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
+    unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
+    unsigned char *R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
+    *out_len = 0;
+
+    if( semiblocks < MIN_SEMIBLOCKS_COUNT )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+    memcpy( A, input, KW_SEMIBLOCK_LENGTH );
+    memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
+
+    /* Calculate intermediate values */
+    for( t = s; t >= 1; t-- )
+    {
+        calc_a_xor_t( A, t );
+
+        memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
+        memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH );
+
+        ret = mbedtls_cipher_update( &ctx->cipher_ctx,
+                                     inbuff, 16, outbuff, &olen );
+        if( ret != 0 )
+            goto cleanup;
+
+        memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
+
+        /* Set R as LSB64 of outbuff */
+        memcpy( R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
+
+        if( R == output )
+            R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
+        else
+            R -= KW_SEMIBLOCK_LENGTH;
+    }
+
+    *out_len = ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH;
+
+cleanup:
+    if( ret != 0)
+        memset( output, 0, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
+    mbedtls_platform_zeroize( inbuff, sizeof( inbuff )  );
+    mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
+
+    return( ret );
+}
+
+/*
+ * KW-AD as defined in SP 800-38F section 6.2
+ * KWP-AD as defined in SP 800-38F section 6.3
+ */
+int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
+                            mbedtls_nist_kw_mode_t mode,
+                            const unsigned char *input, size_t in_len,
+                            unsigned char *output, size_t *out_len, size_t out_size )
+{
+    int ret = 0;
+    size_t i, olen;
+    unsigned char A[KW_SEMIBLOCK_LENGTH];
+    unsigned char diff, bad_padding = 0;
+
+    *out_len = 0;
+    if( out_size < in_len - KW_SEMIBLOCK_LENGTH )
+    {
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+    }
+
+    if( mode == MBEDTLS_KW_MODE_KW )
+    {
+        /*
+         * According to SP 800-38F Table 1, the ciphertext length for KW
+         * must be between 3 to 2^54 semiblocks inclusive.
+         */
+        if( in_len < 24 ||
+#if SIZE_MAX > 0x200000000000000
+            in_len > 0x200000000000000 ||
+#endif
+            in_len % KW_SEMIBLOCK_LENGTH != 0 )
+        {
+            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
+                      A, output, out_len );
+        if( ret != 0 )
+            goto cleanup;
+
+        /* Check ICV in "constant-time" */
+        diff = mbedtls_nist_kw_safer_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
+
+        if( diff != 0 )
+        {
+            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+            goto cleanup;
+        }
+
+    }
+    else if( mode == MBEDTLS_KW_MODE_KWP )
+    {
+        size_t padlen = 0;
+        uint32_t Plen;
+        /*
+         * According to SP 800-38F Table 1, the ciphertext length for KWP
+         * must be between 2 to 2^29 semiblocks inclusive.
+         */
+        if( in_len < KW_SEMIBLOCK_LENGTH * 2 ||
+#if SIZE_MAX > 0x100000000
+            in_len > 0x100000000 ||
+#endif
+            in_len % KW_SEMIBLOCK_LENGTH != 0 )
+        {
+            return(  MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        }
+
+        if( in_len == KW_SEMIBLOCK_LENGTH * 2 )
+        {
+            unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
+            ret = mbedtls_cipher_update( &ctx->cipher_ctx,
+                                         input, 16, outbuff, &olen );
+            if( ret != 0 )
+                goto cleanup;
+
+            memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
+            memcpy( output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
+            mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
+            *out_len = KW_SEMIBLOCK_LENGTH;
+        }
+        else
+        {
+            /* in_len >=  KW_SEMIBLOCK_LENGTH * 3 */
+            ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
+                          A, output, out_len );
+            if( ret != 0 )
+                goto cleanup;
+        }
+
+        /* Check ICV in "constant-time" */
+        diff = mbedtls_nist_kw_safer_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
+
+        if( diff != 0 )
+        {
+            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+        }
+
+        GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 );
+
+        /*
+         * Plen is the length of the plaintext, when the input is valid.
+         * If Plen is larger than the plaintext and padding, padlen will be
+         * larger than 8, because of the type wrap around.
+         */
+        padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
+        if ( padlen > 7 )
+        {
+            padlen &= 7;
+            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+        }
+
+        /* Check padding in "constant-time" */
+        for( diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++ )
+        {
+             if( i >= KW_SEMIBLOCK_LENGTH - padlen )
+                 diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+             else
+                 bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
+        }
+
+        if( diff != 0 )
+        {
+            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
+        }
+
+        if( ret != 0 )
+        {
+            goto cleanup;
+        }
+        memset( output + Plen, 0, padlen );
+        *out_len = Plen;
+    }
+    else
+    {
+        ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
+        goto cleanup;
+    }
+
+cleanup:
+    if( ret != 0 )
+    {
+        memset( output, 0, *out_len );
+        *out_len = 0;
+    }
+
+    mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
+    mbedtls_platform_zeroize( &diff, sizeof( diff ) );
+    mbedtls_platform_zeroize( A, sizeof( A ) );
+    mbedtls_cipher_finish( &ctx->cipher_ctx, NULL, &olen );
+    return( ret );
+}
+
+#endif /* !MBEDTLS_NIST_KW_ALT */
+
+#endif /* MBEDTLS_NIST_KW_C */
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index e58a2fbc2..73c92bda5 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -191,6 +191,7 @@
     <ClInclude Include="..\..\include\mbedtls\memory_buffer_alloc.h" />
     <ClInclude Include="..\..\include\mbedtls\net.h" />
     <ClInclude Include="..\..\include\mbedtls\net_sockets.h" />
+    <ClInclude Include="..\..\include\mbedtls\nist_kw.h" />
     <ClInclude Include="..\..\include\mbedtls\oid.h" />
     <ClInclude Include="..\..\include\mbedtls\padlock.h" />
     <ClInclude Include="..\..\include\mbedtls\pem.h" />
@@ -265,6 +266,7 @@
     <ClCompile Include="..\..\library\md_wrap.c" />
     <ClCompile Include="..\..\library\memory_buffer_alloc.c" />
     <ClCompile Include="..\..\library\net_sockets.c" />
+    <ClCompile Include="..\..\library\nist_kw.c" />
     <ClCompile Include="..\..\library\oid.c" />
     <ClCompile Include="..\..\library\padlock.c" />
     <ClCompile Include="..\..\library\pem.c" />

From 9ab746c7c95b7658a8f71e7063a9f715043da64a Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 15 Jul 2018 09:33:07 +0300
Subject: [PATCH 240/578] Add selftests

Add selftests for key wrapping
---
 library/nist_kw.c        | 218 +++++++++++++++++++++++++++++++++++++++
 programs/test/selftest.c |   4 +
 2 files changed, 222 insertions(+)

diff --git a/library/nist_kw.c b/library/nist_kw.c
index b7790d73c..176af9fe0 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -534,4 +534,222 @@ cleanup:
 
 #endif /* !MBEDTLS_NIST_KW_ALT */
 
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+
+#define KW_TESTS 3
+
+/*
+ * Test vectors taken from NIST
+ * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES#KW
+ */
+static const unsigned int key_len[KW_TESTS] = { 16, 24, 32 };
+
+static const unsigned char kw_key[KW_TESTS][32] = {
+    { 0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2,
+      0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6 },
+    { 0x2d, 0x85, 0x26, 0x08, 0x1d, 0x02, 0xfb, 0x5b,
+      0x85, 0xf6, 0x9a, 0xc2, 0x86, 0xec, 0xd5, 0x7d,
+      0x40, 0xdf, 0x5d, 0xf3, 0x49, 0x47, 0x44, 0xd3 },
+    { 0x11, 0x2a, 0xd4, 0x1b, 0x48, 0x56, 0xc7, 0x25,
+      0x4a, 0x98, 0x48, 0xd3, 0x0f, 0xdd, 0x78, 0x33,
+      0x5b, 0x03, 0x9a, 0x48, 0xa8, 0x96, 0x2c, 0x4d,
+      0x1c, 0xb7, 0x8e, 0xab, 0xd5, 0xda, 0xd7, 0x88 }
+};
+
+static const unsigned char kw_msg[KW_TESTS][40] = {
+    { 0x42, 0x13, 0x6d, 0x3c, 0x38, 0x4a, 0x3e, 0xea,
+      0xc9, 0x5a, 0x06, 0x6f, 0xd2, 0x8f, 0xed, 0x3f },
+    { 0x95, 0xc1, 0x1b, 0xf5, 0x35, 0x3a, 0xfe, 0xdb,
+      0x98, 0xfd, 0xd6, 0xc8, 0xca, 0x6f, 0xdb, 0x6d,
+      0xa5, 0x4b, 0x74, 0xb4, 0x99, 0x0f, 0xdc, 0x45,
+      0xc0, 0x9d, 0x15, 0x8f, 0x51, 0xce, 0x62, 0x9d,
+      0xe2, 0xaf, 0x26, 0xe3, 0x25, 0x0e, 0x6b, 0x4c },
+    { 0x1b, 0x20, 0xbf, 0x19, 0x90, 0xb0, 0x65, 0xd7,
+      0x98, 0xe1, 0xb3, 0x22, 0x64, 0xad, 0x50, 0xa8,
+      0x74, 0x74, 0x92, 0xba, 0x09, 0xa0, 0x4d, 0xd1 }
+};
+
+static const size_t kw_msg_len[KW_TESTS] = { 16, 40, 24 };
+static const size_t kw_out_len[KW_TESTS] = { 24, 48, 32 };
+static const unsigned char kw_res[KW_TESTS][48] = {
+    { 0x03, 0x1f, 0x6b, 0xd7, 0xe6, 0x1e, 0x64, 0x3d,
+      0xf6, 0x85, 0x94, 0x81, 0x6f, 0x64, 0xca, 0xa3,
+      0xf5, 0x6f, 0xab, 0xea, 0x25, 0x48, 0xf5, 0xfb },
+    { 0x44, 0x3c, 0x6f, 0x15, 0x09, 0x83, 0x71, 0x91,
+      0x3e, 0x5c, 0x81, 0x4c, 0xa1, 0xa0, 0x42, 0xec,
+      0x68, 0x2f, 0x7b, 0x13, 0x6d, 0x24, 0x3a, 0x4d,
+      0x6c, 0x42, 0x6f, 0xc6, 0x97, 0x15, 0x63, 0xe8,
+      0xa1, 0x4a, 0x55, 0x8e, 0x09, 0x64, 0x16, 0x19,
+      0xbf, 0x03, 0xfc, 0xaf, 0x90, 0xb1, 0xfc, 0x2d },
+    { 0xba, 0x8a, 0x25, 0x9a, 0x47, 0x1b, 0x78, 0x7d,
+      0xd5, 0xd5, 0x40, 0xec, 0x25, 0xd4, 0x3d, 0x87,
+      0x20, 0x0f, 0xda, 0xdc, 0x6d, 0x1f, 0x05, 0xd9,
+      0x16, 0x58, 0x4f, 0xa9, 0xf6, 0xcb, 0xf5, 0x12 }
+};
+
+static const unsigned char kwp_key[KW_TESTS][32] = {
+    { 0x78, 0x65, 0xe2, 0x0f, 0x3c, 0x21, 0x65, 0x9a,
+      0xb4, 0x69, 0x0b, 0x62, 0x9c, 0xdf, 0x3c, 0xc4 },
+    { 0xf5, 0xf8, 0x96, 0xa3, 0xbd, 0x2f, 0x4a, 0x98,
+      0x23, 0xef, 0x16, 0x2b, 0x00, 0xb8, 0x05, 0xd7,
+      0xde, 0x1e, 0xa4, 0x66, 0x26, 0x96, 0xa2, 0x58 },
+    { 0x95, 0xda, 0x27, 0x00, 0xca, 0x6f, 0xd9, 0xa5,
+      0x25, 0x54, 0xee, 0x2a, 0x8d, 0xf1, 0x38, 0x6f,
+      0x5b, 0x94, 0xa1, 0xa6, 0x0e, 0xd8, 0xa4, 0xae,
+      0xf6, 0x0a, 0x8d, 0x61, 0xab, 0x5f, 0x22, 0x5a }
+};
+
+static const unsigned char kwp_msg[KW_TESTS][31] = {
+    { 0xbd, 0x68, 0x43, 0xd4, 0x20, 0x37, 0x8d, 0xc8,
+      0x96 },
+    { 0x6c, 0xcd, 0xd5, 0x85, 0x18, 0x40, 0x97, 0xeb,
+      0xd5, 0xc3, 0xaf, 0x3e, 0x47, 0xd0, 0x2c, 0x19,
+      0x14, 0x7b, 0x4d, 0x99, 0x5f, 0x96, 0x43, 0x66,
+      0x91, 0x56, 0x75, 0x8c, 0x13, 0x16, 0x8f },
+    { 0xd1 }
+};
+static const size_t kwp_msg_len[KW_TESTS] = { 9, 31, 1 };
+
+static const unsigned char kwp_res[KW_TESTS][48] = {
+    { 0x41, 0xec, 0xa9, 0x56, 0xd4, 0xaa, 0x04, 0x7e,
+      0xb5, 0xcf, 0x4e, 0xfe, 0x65, 0x96, 0x61, 0xe7,
+      0x4d, 0xb6, 0xf8, 0xc5, 0x64, 0xe2, 0x35, 0x00 },
+    { 0x4e, 0x9b, 0xc2, 0xbc, 0xbc, 0x6c, 0x1e, 0x13,
+      0xd3, 0x35, 0xbc, 0xc0, 0xf7, 0x73, 0x6a, 0x88,
+      0xfa, 0x87, 0x53, 0x66, 0x15, 0xbb, 0x8e, 0x63,
+      0x8b, 0xcc, 0x81, 0x66, 0x84, 0x68, 0x17, 0x90,
+      0x67, 0xcf, 0xa9, 0x8a, 0x9d, 0x0e, 0x33, 0x26 },
+    { 0x06, 0xba, 0x7a, 0xe6, 0xf3, 0x24, 0x8c, 0xfd,
+      0xcf, 0x26, 0x75, 0x07, 0xfa, 0x00, 0x1b, 0xc4  }
+};
+static const size_t kwp_out_len[KW_TESTS] = { 24, 40, 16 };
+
+int mbedtls_nist_kw_self_test( int verbose )
+{
+    mbedtls_nist_kw_context ctx;
+    unsigned char out[48];
+    size_t olen;
+    int i;
+    int ret = 0;
+    mbedtls_nist_kw_init( &ctx );
+
+    for( i = 0; i < KW_TESTS; i++ )
+    {
+        if( verbose != 0 )
+            mbedtls_printf( "  KW-AES-%u ", (unsigned int) key_len[i] * 8 );
+
+        ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
+                                      kw_key[i], key_len[i] * 8, 1 );
+        if( ret != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "  KW: setup failed " );
+
+            goto end;
+        }
+
+        ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
+                                    kw_msg_len[i], out, &olen, sizeof( out ) );
+        if( ret != 0 || kw_out_len[i] != olen ||
+            memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed. ");
+
+            ret = 1;
+            goto end;
+        }
+
+        if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
+                                            kw_key[i], key_len[i] * 8, 0 ) )
+              != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "  KW: setup failed ");
+
+            goto end;
+        }
+
+        ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KW,
+                                      out, olen, out, &olen, sizeof( out ) );
+
+        if( ret != 0 || olen != kw_msg_len[i] ||
+            memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed\n" );
+
+            ret = 1;
+            goto end;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( " passed\n" );
+    }
+
+    for( i = 0; i < KW_TESTS; i++ )
+    {
+        olen = sizeof( out );
+        if( verbose != 0 )
+            mbedtls_printf( "  KWP-AES-%u ", (unsigned int) key_len[i] * 8 );
+
+        ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i],
+                                      key_len[i] * 8, 1 );
+        if( ret  != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "  KWP: setup failed " );
+
+            goto end;
+        }
+        ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i],
+                                    kwp_msg_len[i], out, &olen, sizeof( out ) );
+
+        if( ret != 0 || kwp_out_len[i] != olen ||
+            memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed. ");
+
+            ret = 1;
+            goto end;
+        }
+
+        if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
+                                            kwp_key[i], key_len[i] * 8, 0 ) )
+              != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "  KWP: setup failed ");
+
+            goto end;
+        }
+
+        ret = mbedtls_nist_kw_unwrap(  &ctx, MBEDTLS_KW_MODE_KWP, out,
+                                       olen, out, &olen, sizeof( out ) );
+
+        if( ret != 0 || olen != kwp_msg_len[i] ||
+            memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
+        {
+            if( verbose != 0 )
+                mbedtls_printf( "failed. ");
+
+            ret = 1;
+            goto end;
+        }
+
+        if( verbose != 0 )
+            mbedtls_printf( " passed\n" );
+    }
+end:
+    mbedtls_nist_kw_free( &ctx );
+
+    if( verbose != 0 )
+        mbedtls_printf( "\n" );
+
+    return( ret );
+}
+
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+
 #endif /* MBEDTLS_NIST_KW_C */
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index df5634de5..f923a43f5 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -57,6 +57,7 @@
 #include "mbedtls/ecp.h"
 #include "mbedtls/ecjpake.h"
 #include "mbedtls/timing.h"
+#include "mbedtls/nist_kw.h"
 
 #include <string.h>
 
@@ -208,6 +209,9 @@ const selftest_t selftests[] =
 #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
     {"ccm", mbedtls_ccm_self_test},
 #endif
+#if defined(MBEDTLS_NIST_KW_C) && defined(MBEDTLS_AES_C)
+    {"nist_kw", mbedtls_nist_kw_self_test},
+#endif
 #if defined(MBEDTLS_CMAC_C)
     {"cmac", mbedtls_cmac_self_test},
 #endif

From 9cf0d53adc701dfbae80d766c10168931bbffaf9 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 15 Jul 2018 09:34:35 +0300
Subject: [PATCH 241/578] Add ChangeLog

Add entry in ChangeLog for the Key Wrapping feature.
---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index a7e6288ee..8e20dccee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,8 @@ Features
      buffer, which can save some RAM. If buffer lengths are kept equal, there
      is no functional difference. Contributed by Angus Gratton, and also
      independently contributed again by Paul Sokolovsky.
+   * Add support for key wrapping modes based on AES as defined by
+     NIST SP 800-38F algorithms KW and KWP and by RFC's 3394 and 5649.
 
 Bugfix
    * Fix the key_app_writer example which was writing a leading zero byte which

From 8dd03cd1aa1c1e903106d59099cbbda97d1f52e9 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 15 Jul 2018 09:37:28 +0300
Subject: [PATCH 242/578] Add tests for the nist key wrapping feature

Add tests for Key wrapping.
Test vectors taken from the standards.
---
 tests/CMakeLists.txt                     |   1 +
 tests/Makefile                           |   5 +
 tests/suites/test_suite_nist_kw.data     | 462 +++++++++++++++++++++++
 tests/suites/test_suite_nist_kw.function | 343 +++++++++++++++++
 4 files changed, 811 insertions(+)
 create mode 100644 tests/suites/test_suite_nist_kw.data
 create mode 100644 tests/suites/test_suite_nist_kw.function

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 1377dc655..28331ba23 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -96,6 +96,7 @@ add_test_suite(md)
 add_test_suite(mdx)
 add_test_suite(memory_buffer_alloc)
 add_test_suite(mpi)
+add_test_suite(nist_kw)
 add_test_suite(pem)
 add_test_suite(pkcs1_v15)
 add_test_suite(pkcs1_v21)
diff --git a/tests/Makefile b/tests/Makefile
index 281e82c0b..a592d9e8b 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -83,6 +83,7 @@ APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
 	test_suite_md$(EXEXT)		test_suite_mdx$(EXEXT)		\
 	test_suite_memory_buffer_alloc$(EXEXT)				\
 	test_suite_mpi$(EXEXT)						\
+	test_suite_nist_kw$(EXEXT)						\
 	test_suite_pem$(EXEXT)			test_suite_pkcs1_v15$(EXEXT)	\
 	test_suite_pkcs1_v21$(EXEXT)	test_suite_pkcs5$(EXEXT)	\
 	test_suite_pkparse$(EXEXT)	test_suite_pkwrite$(EXEXT)	\
@@ -428,6 +429,10 @@ test_suite_mpi$(EXEXT): test_suite_mpi.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
+test_suite_nist_kw$(EXEXT): test_suite_nist_kw.c $(DEP)
+	echo "  CC    $<"
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
 test_suite_pem$(EXEXT): test_suite_pem.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_nist_kw.data b/tests/suites/test_suite_nist_kw.data
new file mode 100644
index 000000000..eee45743e
--- /dev/null
+++ b/tests/suites/test_suite_nist_kw.data
@@ -0,0 +1,462 @@
+NIST KW self test
+mbedtls_nist_kw_self_test:
+
+NIST KW mix contexts and modes
+mbedtls_nist_kw_mix_contexts:
+
+NIST KW init #1 wrapping AES-128: OK
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_AES:128:1:0
+
+NIST KW init #2 unwrapping AES-128: OK
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_AES:128:1:0
+
+NIST KW init #3 CAMELLIA-256: unsupported cipher
+depends_on:MBEDTLS_CAMELLIA_C
+mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:256:0:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+
+NIST KW init #4 AES-224: bad key size
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_AES:224:1:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW init #5 BLOWFISH-128: bad cipher
+depends_on:MBEDTLS_BLOWFISH_C
+mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_BLOWFISH:128:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #1 KW plaintext OK (2 to 2^54 - 1 semiblocks)
+nist_kw_plaintext_lengths:16:24:MBEDTLS_KW_MODE_KW:0
+
+NIST KW lengths #2 KWP plaintext OK (1 to 2^32 - 1 octets)
+nist_kw_plaintext_lengths:5:16:MBEDTLS_KW_MODE_KWP:0
+
+NIST KW lengths #3 KW ciphertext OK (3 to 2^54 semiblocks)
+nist_kw_ciphertext_lengths:32:24:MBEDTLS_KW_MODE_KW:0
+
+NIST KW lengths #4 KWP ciphertext OK (2 to 2^29 semiblocks)
+nist_kw_ciphertext_lengths:24:16:MBEDTLS_KW_MODE_KWP:0
+
+NIST KW lengths #5 KW plaintext too short (2 to 2^54 - 1 semiblocks)
+nist_kw_plaintext_lengths:5:13:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #6 KWP plaintext too short (1 to 2^32 - 1 octets)
+nist_kw_plaintext_lengths:0:8:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #8 KW ciphertext too short (3 to 2^54 semiblocks)
+nist_kw_ciphertext_lengths:16:8:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #9 KWP ciphertext too short (2 to 2^29 semiblocks)
+nist_kw_ciphertext_lengths:8:8:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #10 KW plaintext not a multiple of semiblocks.
+nist_kw_plaintext_lengths:21:29:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #11 KW ciphertext not a multiple of semiblocks.
+nist_kw_ciphertext_lengths:34:26:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #12 KWP ciphertext not a multiple of semiblocks.
+nist_kw_ciphertext_lengths:30:22:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #13 KW wrapping output buffer too short
+nist_kw_plaintext_lengths:16:16:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #14 KWP wrapping output buffer too short
+nist_kw_plaintext_lengths:5:10:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #15 KW unwrapping output buffer too short
+nist_kw_ciphertext_lengths:32:16:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #16 KWP unwrapping output buffer too short
+nist_kw_ciphertext_lengths:24:12:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW wrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 128 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"095e293f31e317ba6861114b95c90792":"64349d506ae85ecd84459c7a5c423f55":"97de4425572274bd7fb2d6688d5afd4454d992348d42a643"
+
+NIST KW wrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 256 count 11
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"ca8f6c56a9c9300549e9eae75a4604b8":"1542b8662136245162c64d45af1a982302f69f1d01a1a6bc29ef8facafbeaea0":"4d340c10bbbddf5b2014ded264bffce49901bd22adaee074b0f25a2d19c134eb3c7f38c5d0444766"
+
+NIST KW wrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 192 count 8
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"b4902b13ea73f17829b4e334fb359ec4":"2073399c7794c8b73dd782dc250dab31c80a8cba33477ab2":"37eda4eec3096135f5193c37bdeaf498b71e3a205c5638682fe746f236566b11"
+
+NIST KW wrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 320 count 14
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"579448a3d638f093742ae6b24d729849":"464d3162469899955d8bc8bfc0a22555bce609b2415bedf17a942abfe96ad4e124d4a832fbcff49f":"dadd1440a06946eabddf18e784b7719d36caa33cb626aa03aca057585584ea07a8714ecb90ceb232d6b0760845105fbb"
+
+NIST KW wrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"98311985c4661d7e811ee56070e6fecf":"18840c96813864ef3093b48cdde6ac5d78248b96d4a2cd1f15f0b56f98213dbf87e1ccad04e0d4f1954c233ea3e48fdad8f2b1156e54e19e3b5f4a66d2e9149032b876c51249165fe8c28e112a685b2d228a8ac308017574274af36a4ea3877bcc9850bafe8fc0e0a712faca0dea98396f9143bc5819fe4933a806e9b965133e3c695a45f0fbd6961798c400d7477287df64798b651e0d3009c13f7a2246c28f983509b9e5339919f2cdffcdfc550693cba9491c00334c4a62d878c4d0ca57b1104bc0174968ea8e3730b9e68db49678b23cd508ebe3e12e94b0ad3791023a8ef95473f0b32f906738f34e94e45a4480ad768072e1853adb63996b9ac27a1dade70804b82290a2274c6dcc3ccd40a8b38a56a5eb03f59075de015e8f9096f53549f6374e02da947fb849287a447f757cc340b6bded71d480988b6d2fcd984fba841470519830304667fef0a577b4cf84f76aef9deb84dde36abfbd76673c17113dbea7a3e24bf9b57a8fd17173a1ef91497b732b3fa8889bed58a503a0d3e20bc27ec4dbf5d13a93cbad05495e3df15e1fe34a3a6d6f648ea4aa60b2f114f30944ae593675dac2db188f90a3c483fb82cec0f0d295544d798b62cdcb51c6c036af1a341d78babf87b92609c1d866e311a46abccc8ba8c6a41420359bb061d7e752c0ed25990eef57c9f9e190572203f8c473edf8cfc8c26d34e37240f45ded97":"625aea9122b7b57b9f36446f9053acc42c6435a7f69d91b41547026f833291d488e477c7ccba698c143633a304f463d6af4a3e72c189234fcfc360013e65b07b7f7a36c529d3fdbbdbd6224bf100c14bc5354893b44790f54c739a2b1f5bda82d70fb600ed9b0606dbddea52e508b492b72d8779856274aaaaddc0a3edb6cfc788b603101bedfcc3f44baa62336bd950c2e349d5daf04f2e23ec2628893d214e277569c565e5e6aa8b72ffa14118a3b57f814b4deb179980b5eeefa4fd93f1751850466e929be537801babc2120f3ff1ffe5fea813ec7788eaf43f5ef657e5af48395c3ad11aaf741549090b58670695f7c95c68e00576ca18ef0313f2b4b757219fc8db3dc2db28721d6f912547ebfebcd96935c3100aa4e4df9955acae1b4e2c10df1166d46c4285ab631c6d2ce58ad3ae99c07c019dcd15958694055281ccd6f803af290431f188cc4c429e84a4c30fd9c63968dfd0951c417efb71921c207de172a9546bdd3e2bb35b45e140892c649f88c31a438f864e801a69f8010aa3d77a26601a7a89067c81b0f7e70d8e82f21f88c7d0bb0c8ca0db875d6c3f8c6f6d709bbb31c7da2e31f3571daa2c5ab13bfc16624cf35abd526e84269fb45bbd2fcd8c383d6fbb700bc4b5205b3ef8c4323dc0d9e0370e56a3d1e5e76aa4de082e4c2a0afd092845bd5dab52a45943181461b76e3984b95f48bea80a94944241d04b5634c86274e7"
+
+NIST KW wrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 128 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"13df8fa68a6e096b9b5bbaebb64ace2e6a05485b5cb7e43f":"3ee9367f631fb375ba47241966ad4ab8":"d0309b1291a06c595fcaa6dcf97817dbd7b7ad2cf48ddec2"
+
+NIST KW wrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 256 count 11
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"17c25023ac76a8af777a6f71c0c0f97931554b0a15a79222":"15227ef52412346e83a18c54a75374f69a24de6a07cfba9082596eeb5d758bb0":"0f8e2fe4f3a28c1fcebf20fef2bfd3489deb284e03d057337496285f4ffe62f074bafa0a0a6e44e4"
+
+NIST KW wrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 192 count 8
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"49d1c4ec51f2695ad7e47554efd24170ab03f628eba7d5fb":"8bf961097a6fa75694cf0ea47cfda23928fc433d5fc762e6":"dc72c58faca0dd662e5fefd05cd714987cc2470219db77baf779fca865f31529"
+
+NIST KW wrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 320 count 14
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"e06ebf0145b178ea45687abe366fdec559877dbc9300a653":"f0104e9546628d801c4f7e875f1ca4f385e915b0c7bd52ed158b6b42d7301f1df6dd5bfc80d0318a":"5b4b1d4ef349fcf5eb7d720d84b2e79fbabf3db18277ada0752b9883c21f0e24281854420e6751af8fbcc4b98be0c1d7"
+
+NIST KW wrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"932ed6ee1db1c4cf7fd81efce5609641cb5f3409563089dc":"da8dd9c1dc8cbf95b0fa280747c1007ecb086b7c944b0db4dfa3bdf6ed0c9725901cb838c2e30131250188c22bd92b068aa0871ce58a0c22307671612fc4884a655329851d54afd48a9d3a7f97976850d6fd842034548aee67df1272b06f155eb21966858731c3c35d4bb94a1ea351ef5a8c4779c077d648ec1c4f27cfaa48f47541a8f36831e35a961b076307bea928e1856e448d7695a0f7fbcd8c82800d12f530c2086f3b67bc5081d384010b47d327120def5c92f815aaae31d32893cdd18a71ba4e208445ff3a2f68a0a46689458b0f2d6d9cd3726284e56b4c020b97a82d4463f74098cfd7bd7a5f12157a0bc812266b8f2c215933cb67518f900602f0825538e05765318b6d31150007e410b92d5d957e119c5d94aadba193cf6da230387b1c5e6448515f9789a8867571ea82ad34dc5b912d6cd243bd4fc2f19d132bd8f1f5cef00a141e30ec4d3f7a546a215d5b0c7e70c3b0ec4fc34b66c4170bf403ef910dd3897caef33405827a55f943904c4e1b1aee4cc3ffd0ad27e316c164e2b5bbcf73df60d8859201b6602be01ba638aff468f3136120c117ca848ae161ecafade668e2d04b227437d4b91c6fc40ebd9490f211bcd21fd7005d200ef584f37aa2c4c769174551cec0d7f2936ae78f6c389382212703d0e7c82aef1a736056ed9c45e71439731537a2edb8a63741825c678a11c42e5b2281b43e203b0523":"76b6772984932bb6314d1eab8f625e044920f9494789e9a0ac2affd9a209cabb72ee83331a30472934e02ef28697d541a071eff9eb5c7dd49862f11384d46e8f4c2ddb084e76ef382117a285993e4a9f89e1e0ba6612f63b3c8a54784f940d7e6baf12cb67d27038e91d1ad4feceb5bc44daf7444f76fd140ec7a94869b4f99b9fcf6dd68e78c6a0a4794d55a1c91756ceb9d28b43d9c72b26fafc25c71e63dc175b29282d4a70813b833c35354983f29796909a9ba515cc5c37c58e95aa6f35b850500ea933b27a5922188c2da64680362602d71d169f853af0564b53bc613c15772ed82f89c2f8625670179a83536972332509e7ae4e0726271c5381501d3d88a3cc34a56d80e3e553b9b595e358615e92f361d695837734cdaddd7068c441b310aa511407b53806f1fed984a73862ea2ded1ee67d14feb5d8661ed94a62f5768829d6feea30db392bf24f0ea103fd2a60acf1fcd4bb2465641712113375bc2c8d73650795689f9061608b65e0e608f9948f5efcc0fba62c50b8cd97f67df2b0eec4f5a0cd354e982ae6a62070f4127b6556714bb2267d558112638f10c78be201ba165e57ac9cab6f3e35a762b7fe83b3c7c050b77174a4bf14eb2cac4d6d58a94f0c02727ad020a6a05d9ed145151d4f1ed41d5a6d06c50c0e1d5c24d09100d4f06c50d06a332a95845f4192ef577dc484e7acb91f0b2a57c1f8bef97c23294c59099eea13b3"
+
+NIST KW wrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 128 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"e823c6ef53b110eeb3f178871cf436887cca9df061d1f26409ec3b410033d967":"f90c279e9e6423804a6505e8effd924c":"0abb50b222af66058646156d106df7c85c28b708395eb9dd"
+
+NIST KW wrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 256 count 11
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"e5cca71056548467bc9c2849aba67cfe0fd74c44d514535d2314022a3f3e6ec8":"326b6da4dce95c94226b63c2d38c4e005c566191b00028b59cc788e0af5261cc":"2a4f331f451589fd103d9a9cbbeae5d5f5be7acf15aa6e21c45e09362263cf34b0ccab7c8a28dfed"
+
+NIST KW wrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 192 count 8
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"6a077f95496aba1bb80831280e7563f3a187e6d014342028349f766b791108ce":"a77b3ddac0e78c9176b7445f9ec349b2d85aa2f57e6cb362":"7c065be0a2173e0f14a3418779e7f3eb6eb7fbb7a3c20fd6c08b37d408bd9423"
+
+NIST KW wrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 320 count 14
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"752b21422647f1006de116360e88e2f6601eeb5aafd27cba56c20193fc1b941a":"a5948c20bc611187d688cb03caa04fb17774aa4f99ae3da5d821bcccfae950d72ca74b3a870008aa":"d71109224edc4233db8819aaca4db9c61ab5aad2806d0e985f1830acd8adde23ce75046b2057e0a23dec7a053bac6c4c"
+
+NIST KW wrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"931bf2c55eac657ae56fc0a9505a6ea7cc9af5162d844ccf01f19debfad09cbe":"aa8074a195abd88930825b947cbf3cca9810eb829d2e7a09f9e9cb1f8271986d00c5be478150fbbe990de8c61af879495274a60d83f98cfecb2473a35d86fba6ce839d259ede318a362e7abc1f8a18168606d5e680f456f1ca19942e67e5aee382536df7c28204b7842b99023336b735a861cf28363e7773d7b0bcf32b5fab14cb524249863fd7ce49a7a7882b53728f7ecd020393852494df09d9a69189ea713e730e002252af18864b948a642d7c0fb17b0cd5671f14ae340fb0e83b4bda920445927b8de8a82ac93158edbbd57fddcc1d908688770a07c27d2bdb7151d986e85cdf1606b0c1c959542e75090d8fdce9c2a9c162e6fd988746c9bc916ff3f20f054690173d143212b74c5a8961cd46663958744ca1334f6c1dfc13fa83c0a9cc229a1030c6c84d01751ffef54d0f9edb2a4851a187d02f097a5c716f8fbae29eae76738239516ed08c14f24f9378451e9e696742a4bcdd9e0ecba49fd05eb93698afaa1b0d5558521c7b4e77b15ca2612619bbd78f670a1562a9a0a0215fe64211115e60476525444b351a4f8ff5551dd198655423f3fcfb5967c4f77e25d3911504de1d034176d3ccecaeb31bd29677c7569c858ea24d7017ce0b31f1911f4fa14b2afa429c06115bc285ea8b90bbedbcc63f5f0829dddcb17e8f9d21bd71501679e514147e1957ccf986e7e96a0e63ded70a9d017162658a901f55b1001d":"6b75fa8070291ef7c89f5cc2060c56270f5077a6df65a8095cc76b717167e67af70dcce96de4aa32293c17d0812f666e1f42e7e662cef7a3148486d2be7f314631ed6606f326e9781c3ed6be1735bef8cd5d3ac7d2b45c4419ea61462baccc0ff87b83b9b6cc85278c0b20bc15e6baa0a15eedd9e99df82c8e61476529c98aebbc9d40d417f9af26e6da5d115acdd6007d83206c616a39fbe21c6331cc45af11c578532a7cac50aaba21f3cf317534564c2ee093ef127484aea62c7a90327fe9bbe8e45627974306d8cc7452e96033f0c8c30ba2d7fb644796a49c9b502d3db7d4995f920fe21962fd2b634c15be0d82e9cf0ae3fd2b6d45524e1003ab9788ee56cff3e2e62c5784061a5ff586b5907098b8ab54bb70fbc6cb066b071fedce10e013014d82162e3cc6f9be3b4067555907a4df55012a9b1001888c55dd94b4f8528bb29e7985ecb8a7958fc8559831db05002479b1f39e5de3659f3a6e8289d9b8ff4eaa3f864b1ea101d84b4c6138aa6ffb95dea4f825d23f5d368727ca0a8cacb74f7bfd70fccbc951db99f2f4a580425c31a8552fa27397cf8b7f420f13fdcddca553a5f31d8645615b98a88795fb4472bc7cd6e8e54707d7be1f3dd7d4871725f6bc0e65762f1e42e22c411fee6dfd8139068798c7ae9781c8e5bcf4732a83f9142edce36e1ee6e20142adf46c5abaea0ca78f61e16b6875927d4141f6b215da1f48748bd33c"
+
+NIST KWP wrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 8 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"d060e5faa705b6c600ecfcd5252bbfba":"3d":"28ccc6da03cd79b78c7207946fcee402"
+
+NIST KWP wrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 64 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"663ee3d40628059fe01a9766d5c1c31f":"1c6ccd67438f20de":"c2717ed6e51bb4314388cd26464f4d18"
+
+NIST KWP wrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 72 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"7865e20f3c21659ab4690b629cdf3cc4":"bd6843d420378dc896":"41eca956d4aa047eb5cf4efe659661e74db6f8c564e23500"
+
+NIST KWP wrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 248 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"02a92285d0baa874ac94f6648988d44f":"6ac78aff505805e3145fac44eaeb6ac92945ca12d9bc0b6fee8b1e5b983f37":"18b251cf54d2a51ac903af2fd008f6aa2b1bf491fa2e0458dba272866821e98ad037eae4af654811"
+
+NIST KWP wrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"6b8ba9cc9b31068ba175abfcc60c1338":"8af887c58dfbc38ee0423eefcc0e032dcc79dd116638ca65ad75dca2a2459f13934dbe61a62cb26d8bbddbabf9bf52bbe137ef1d3e30eacf0fe456ec808d6798dc29fe54fa1f784aa3c11cf39405009581d3f1d596843813a6685e503fac8535e0c06ecca8561b6a1f22c578eefb691912be2e1667946101ae8c3501e6c66eb17e14f2608c9ce6fbab4a1597ed49ccb3930b1060f98c97d8dc4ce81e35279c4d30d1bf86c9b919a3ce4f0109e77929e58c4c3aeb5de1ec5e0afa38ae896df9121c72c255141f2f5c9a51be5072547cf8a3b067404e62f9615a02479cf8c202e7feb2e258314e0ebe62878a5c4ecd4e9df7dab2e1fa9a7b532c2169acedb7998d5cd8a7118848ce7ee9fb2f68e28c2b279ddc064db70ad73c6dbe10c5e1c56a709c1407f93a727cce1075103a4009ae2f7731b7d71756eee119b828ef4ed61eff164935532a94fa8fe62dc2e22cf20f168ae65f4b6785286c253f365f29453a479dc2824b8bdabd962da3b76ae9c8a720155e158fe389c8cc7fa6ad522c951b5c236bf964b5b1bfb098a39835759b95404b72b17f7dbcda936177ae059269f41ecdac81a49f5bbfd2e801392a043ef06873550a67fcbc039f0b5d30ce490baa979dbbaf9e53d45d7e2dff26b2f7e6628ded694217a39f454b288e7906b79faf4a407a7d207646f93096a157f0d1dca05a7f92e318fc1ff62ce2de7f129b187053":"aea19443d7f8ad7d4501c1ecadc6b5e3f1c23c29eca608905f9cabdd46e34a55e1f7ac8308e75c903675982bda99173a2ba57d2ccf2e01a02589f89dfd4b3c7fd229ec91c9d0c46ea5dee3c048cd4611bfeadc9bf26daa1e02cb72e222cf3dab120dd1e8c2dd9bd58bbefa5d14526abd1e8d2170a6ba8283c243ec2fd5ef07030b1ef5f69f9620e4b17a3639341005887b9ffc793533594703e5dcae67bd0ce7a3c98ca65815a4d067f27e6e66d6636cebb789732566a52ac3970e14c37310dc2fcee0e739a16291029fd2b4d534e30445474b26711a8b3e1ee3cc88b09e8b1745b6cc0f067624ecb232db750b01fe5457fdea77b251b10fe95d3eeedb083bdf109c41dba26cc9654f787bf95735ff07070b175cea8b62302e6087b91a0415474605691099f1a9e2b626c4b3bb7aeb8ead9922bc3617cb427c669b88be5f98aea7edb8b0063bec80af4c081f89778d7c7242ddae88e8d3aff1f80e575e1aab4a5d115bc27636fd14d19bc59433f697635ecd870d17e7f5b004dee4001cddc34ab6e377eeb3fb08e9476970765105d93e4558fe3d4fc6fe053aab9c6cf032f1116e70c2d65f7c8cdeb6ad63ac4291f93d467ebbb29ead265c05ac684d20a6bef09b71830f717e08bcb4f9d3773bec928f66eeb64dc451e958e357ebbfef5a342df28707ac4b8e3e8c854e8d691cb92e87c0d57558e44cd754424865c229c9e1abb28e003b6819400b"
+
+NIST KWP wrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 8 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"959b4595778d7b860e08fcb5e24b11f118fd5d67089f2ea4":"65":"1cf986a0fb2208977c37a4c3830eba72"
+
+NIST KWP wrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 64 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"02dfb6662e0c1b95d34aaba7eb6c1fdd41c52b89213d5b18":"27361c34c2601fe6":"089f835f3210734aa1a2282c6ff30ef9"
+
+NIST KWP wrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 72 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"9464f1af6aabad076661328bcfd15777da16a288a2660009":"431527c3a644c106bb":"d9b257b400d808a0b0386af3be9154fc7f2fb2d7edc06201"
+
+NIST KWP wrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 248 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"df419ca84650ef28a1c5d1cb47917e4480a3aca4bd29dd5e":"3d84df372bc0b854c058441e952738ec79474b673c94e32dc78d23745fb5e7":"497e966414475938204c3b3d606d5160461c54dfdfe903b6624208d7cfc90bb403f384bfd54d1ed2"
+
+NIST KWP wrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"a85b4359ebd240012ec749459bc928eaa52c84e887ababb9":"9db71e2a2d40f6fcc1b8311167ae13fb101bdf7b5c4e078373c0c3cb3f3a3ca39a91a6985d3fdd48d93f2b5a09b2a69350da2846ce6a37d018dda95ddac93a92fda7b7c3bb6518dd78f367f70e34e0bf19dbba46fd13d3f3e0a1776350f27138c64b177aa39c54dc06184b320016b6305c2dea19fa6da634cd613d5a4f71bc045f555a1ccee39b8f1ab90840b5bae555932e08719bf38f72bc1057875e8c077a70629f46be91281b977ed6f2a71171a7cbaf8e0566e55da6220a85a7655758de3b372144ef76d0337d3133004c0db096b2c41f524f95706247a331d08a6ff72b425395fee8e1ad308ccfe5b0525c40803e529db72063731fe1644891bdc0d5961397006e1f5d6521ad4e5aee3544da101fd3cf6bcf879220a612b7016e5eefe7369f136086e8f5109ae83e8687519f2008406d20992b64ba1d27b436ea5db1fd734340f3b2279e026a96e3f9c5c7b99553e35ada9e1d7d708a73774718f9b7073c0889a298f212d47ff5960e04743070338f99b11687396da2120b8f132535c0911b04505c0e6c32590c82bf59486fadfbdc0f16a224b2f52082eb66201f041d64b34809e5e91cda89d80d78fe1e15862bcf84f65a301ae68d097c9be09f3411c11cf83225733dbc9306ad2630eb7994a0d112ba83dc542966414137fd008fbb7995f649edf844fe5ee86b94acade1a04f42dae21928b9b0cdde8cc66095772d":"72880f9f173f0ef4d99e3ae71f6f3b94f66a08aaa22be1d206faf431718c1a29bd0a574b1a28b69f0e64d56d3e43617dc73506a939b7de9005ef0ee3f02b9265e91a32aaec58b7ab990f39774f6769c9be9ced3339f6bf0159055abe237c4c755613a6c03271abea3bc89527f284a3e1557ae26b3910b779a77a128e773d11d7d641479d02f4888c989cbb8d928da0136b965531730a3c0c32404351f4c2390d996dff58985ed1d4f4021a5d6ccedf4555066a826a04055cdf8c9c44bdae26619390b3e22b064f86b28382094a3e299d55ab335ade601699e85f19d6f6f12407caf84ad47f03d75198691f1a9b2aa9ed95e508d8551b19601418922f3289fc1efc3abb1ebc2f4886dfe325cddfe25dd908e5aef8ad197ce2703e692b9c46a12201fa71ebc2e323ff8926ecc059ffeeacc0446d3f28496f17f1b4ad6504e4e24188862e25f3dfc36adc7f79920d88e6c53269cc4e5dbbebbba1a2347154683c840d178476ae11d6ce574c26b8b895957b8623807e8831b87b5639aeb415adf1bbef394046deb3bbe91a5c17f2f67131ae5f696352a488e3bed40df025e0a0846e0037847350fe8ae3cf73141d0ec550d82b89c05bbff7337bfe846411d3f0bd012e4de2fe5b83c7210214c0404b40e08abdd3f4bc441f9b6e1efdaa4ac13b85d139f670a6060a1ba8d2528bcd19f241d9ee5077d20c120f2b484c67c9c598b1b209824c3b8aec2b7b"
+
+NIST KWP wrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 8 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"0070492ff3aaa190496c72bb0affdb6fac7fa9cb32e6e91a46ea34863422f807":"39":"643a9706af6bd06410b70ee38f546bc2"
+
+NIST KWP wrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 64 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"c6e882f5b8e361e43bb3e54d5a7b8c690f485bcbec2dd2183c7e623f6b02c5fc":"99ae80eec64630ed":"de0680b34f7374539ad9b75f08f4d8e6"
+
+NIST KWP wrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 72 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"70da43aac823c6dd37d1109f5b18feb4503c973288989745e2cc1cc21d9570c6":"edf17d966ed896aee3":"d67b5b2ad15c645450e23b5e7b6d682f8ae20e716d470db7"
+
+NIST KWP wrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 248 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"e941febe4b683c02dce56194a86b72d4c569e1fc84bc7a6f24c3ae2b39bf5440":"c168cf12acb6679c24d424baa62ed56559caee163a4efa946478ad43d7dbd6":"4ad9979caa72fddff0876c0295a57fcf74e5980fec2cf622191ec6b5aebb75e0adebb12d0862ffae"
+
+NIST KWP wrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"20f31cded60b8ed8d9d3fd1e1fa6244e76c7cb7628bfd28a5d63ce8aa2c9494d":"f07225202842c8dede42215301e44b9bb7e625d3812f74f9b6ddbcd024ebd1f33e2cbf280b9004941f3cbf86c880a2357f88f92a6dcf8dad9da7dddcd00f3635efdff0af4382024e93c2af66b991e565eacca6b886f07178c9b4adad6f0d6ada5ff6aa7cd0712519a947a8089cea5e1e3e40ffe1806010b0149f9ffc7c4dd3c31b3d08d5ae1997c52369393d58611dff9bec501c1ab35e6ed3e7f9445a34e211010a8236686f154e0a5ae3433d6a844eb3884961aa6592216d93952b46bb58a4195aa80966ad0ccd4a7e23823912556a90d5ee9c3bb952ecbb9d895dabd3b11ab4f2e3a6c2582de50403289230ef4dc46e7c0d870a3f0cba9d643a0349503c1b162ddb6350e699589eb47bd563999f55a1adb6b78b52f006901b0427ea7d3394bb0adae4637b4f1ad5d5425e2c8ff3083506d7ad7ba4c7405a778b0a3a11760c96900a5256956cc9710091d073a19f46a985d004651fe2b6448ed761bf9bc81619cf273a6783d868d090753bf01318be21afd88d9f3a961a69f93e9d9fb822c80acc7b48cf14a08b5b7ef15c66975721b7cde9761a145b679155472a44dea8fedc0f86ae7ebf6283ecfde5f2444b51569e6723a7a19e28cdf8dec6791ccc14af95abad018f741575b343cb1a20a2a9adf4248f99728069a1e2e78ad8966c41c9918fb7019ef56c153a183a6247d22d9956564bb03075cbfd1b43d96818b28484":"a5b63618fc0c4512960f00a1f226d9837a90480baea75265453b9553b12a58c72153080842d7f8710f317f88fbbbf97caf879ab4bf416ba767ee9aeb34357f4a2d0e8b9571054d98e28804a70bc4d74807f2bfd95ee955bfdbb6f4d6969a0c3c3b541a514647d5cd8c9740ac3496095c3f145c50c97ec98b935158fbdf89705d5330015e48ece89188b8c1bcb2ad6825d865b375a9b9056b743dac720feeac033c9f757f6fe73dd7c4a747661b64cf490a0dd43b547cd791a5d78dac97efcd355f7ebac248fa2a33e4fad640dc34e0d40b0d36588aa32f0864c9446739a6b44ff84666d723bd7d646c5172cda932fec34ddaaba342b02a9604087ef042a2be4774194b5d32cb3fb112438fbf2801050b5424635fa2d3d3fb10332965c73e6669e65195310a3a30602640e9809179cdfc50de585aa1c0072423c626815d281a06eac3b6ffa137716318e288e3f9970e415ef0451bdc557968febf9eb6772c1f77cb8e95701246d9c567048142bb25e340351b87d7391822d9ee7fe51378bc0d08135f9f39cf44b348b87937939dc61f430dfe308cada632722e23aed5a0699e039cf0563ab8025163744b136a13ce3c62c748c89f5e17540f105e7c6ec9ba13515b504342f9e6dc7d65b9a633d8c0b5c9fa858dbb9b3a594406d478a81bb9abfa289730408c1e303c663a61d5caca00f615065312580042862397b9aa8c80ca812887664c439c8c68"
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 128 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"e63c2cb1a2c1282d473b66753494a591":"084532f86949dfb7be2cdf09d2b7505418e7bca5185661e1":"a26e8ee007ab90f599a1bc31cdabd5fe":0
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 256 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"83da6e02404d5abfd47d15da591840e2":"3f4cbf3a98029243da87a756b3c52553f91366f4ff4b103b2c73e68aa8ca81f01ebda35d718741ac":"67dfd627346ebd217849a5ba5bca6e9ce07a7747bed1ba119ec01503202a075a":0
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 192 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"e5c2fc20f9263da4f15b817874dd987d":"0538fdca42f1fd72afadbe689fa8a396996d734e4f082c8c4ef41ef11dc6246e":"35a261169f240dffe4701ce41f6dff986764afa6e84f63c9":0
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 320 count 8
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"3f5501341f617cae30dd0afbfa247c09":"72fcc9e5942344d11c3b23503b170e39cd635da3a83aa9ffb196cfb1d6eeae6dc5f5683238da6e9b49edbf95819bbbdf":"e2a34da9ea2ad66e130251f8a7798b87d7bd7601abc5ae8f7305b024ddb4b3e00351484165e16d25":0
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"adf44a10a05e64f2df87db52f3ae18d3":"a940cfea67b90c81b4ccd793f186dd7c6a3c0ff5a6feb5bbef99eaae2b14a979f1acee92b5e4cd750f40571804d380f470e1f5201a389476f97bf29f6699053f468bf102975895f4c1a679a46cf627b22c8d956679ce53775702899afa223c87621f859dccb876d317f2a486d0a4d4ad6ab7e2d9ebf7a956c394ffcff423377e21b274f8ca3a379273dc8de738c97bfd318871330abfe2539a49d4f03d0eef65856c01ebd426f2e76fab90466acbed8c4c9dc09898929d80244eed4fd51e7eff567c2b340e928f298ec00cc8839e1ce9ccdff40a7edd04e01440f2288c384c673de8a758ba50f6f910b8002e0786d2eb633da0ef7eff025f37b45f7c9b918863a56e2da1f3fcd12b990f959051289a1113054c38c135336f19672c86a51200763678cc4ef50ed290d96fec4afaa53af165aa7ebc11d787ab1c535a0abd00b477b914855759477df2afd516a85a66f8b91fb5f5e98232e601e249b3faa856bc6b26f1945f48542601bb4ff1c0dc46f44ae023c0a33ec9faa7467b1cdf1c08df7d00b800ef28e2f77f1e6941db9ce8e71fcf82a14cc8983614e2ce3cb4b3e976a8dec76e4309492ca68486d119cd566b9692d1a513ff30675737d1777a3a1a95b6588685b5a64d890cb8f79578fae8f1d22b83747bf876da582e56e5267ee8e734e0fa9271f5455c40fd599082c0acb442927643aeefffa5bca0a88c38671db14899adbb4819dd1e2d":"a2b43c25c5f530a6a29c5314319bee95e0ad5a630aa8dd614b3751205118e35117c31de7d1ac41f9d782ae8456ef0387cff49eecfbcedf2d9c0b18182f5e043e3202c527be77e6f0404a9746ea1b18978a916cd47d40093813a3b0ba1cb22280fd7f00a7fb4f8def6a0cc1ef848a45106fc389e0ea00652151b1e61dff2cf2be83fccfbccd4fdce86f19859ac927a3dd08645cf072c3525624b3845a532e5a37d99db5cc943a0a9d42be4bc81134f314fd9e22ebd386e7a896bc2d56c933326edb18120c072579989c5bbb1991993a698f2a19387612b25a303e699d12003072fbea6e45569444107ff9a17675f5454440a6c3cc02c1ba513e26502b74a0cb6d397ff6d7d11877100fbfb5370fd882892ba09635fa3fa78d5344fa00008f488395f04a7185ec7819dbf3b165ee52b35bb4ebd10354f2d85514b2fdc1f825a4a2968ba44b3ff2812d1acc13c24ac49c22343b6080f2a7e7efafe86c6435195cb742c35d8178fe20ede0ca08278db49faeca90f95b9b17fc1ffb9d7b1d064f2266d32bbb6f3e28f3b17deeb9faa64f7c127c90241579399294eaf1dac93346943a3cadfd84d7cae1aec66877e892cfa31b5ae35eaf7c35faa6f4cd9212ef7cb2cf9df5748ed8194c380c3298734e1ccb87d0feaf49be1d275142f8421727b5a6c3415fb30ca44ab598597d136bd6d12435ae6ec3db72f6b85462878d833dfe5e6f":0
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 128 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"5d4899ee66beff1bda1fc717a1ad4c50":"bb7fd0bce778bd775e4e88d904d26a7134364c53a6c493a0":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 256 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"84bc6ce7ee4fd9db512536669d0686da":"c383db930ffd02c0073ac2cc79ec289e6866bdcc6a135a3b776aa42f14ee04f9cca06ed6c0b22901":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 192 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"266b009e911bb55f9aa0661539a6fdd5":"db9c94e7236ec56982d7ddeb9427c24580bc1fb96db98ab19340e03670045b7a":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 320 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"51c2e3d090a74bfa10db090b63ae53aa":"598a16c226e6c848a78ca30fa514edc9467f704b529c02c5522d1890b4dc21588ed6c3b070ed952adc733d865eb9d468":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 4
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"6a7814a80acae9d03eda69cad200ffe5":"e1ebfaad7f6d46cd03c50ce4e9543ff01150e9a9a69c4bc8198fc08601ed71203e39375d600f69fd762b196bf50a7dee2be55574196005c8ad53234d789a9fa6f2f0eb7d7b53c7e39a7c70e9ef93c58bcd45c0f592fbcda19b5ea9a118bc2a0d49c8cf367d4c90823eafab86165db3aaa22eee9323de7d23b7729f7f088be9db421fc8256c20e5874bd0c8348c4a6e50436fc94136e568d0aa4c29d7b65136bb378ef010db091085c9c0802466d565eace2c0bd91648fa82f8045c57cc25c46bd8c9e4060ceb00e092f7beeaece1d4f8a2a01b5b1dc9de3c7d2ada7a44d4600085b7e76929198b9823b5ae0f74c652fb8793cae7c16cf062f39136789b213d1d500d560bda89bfc0df0e6bcb07fb4a48914e1af9058b73751aa4d98ef0363e48f9d1ed42230eca1b7b24631cbad80b2d4bfbc00ad1ab797c1c459214be8f64470b4d267ab576fc1d3c86a42610b8282437dc071336c325e606c2d36de1b24595f4888cfb2ddffb46557c964a4ac53ccc1d214d44ac84b8322c93db03bdf2a04b303de4f8482b8e7ee25030aa5ad8a8bfc5dd683726a0286486356f5a965599313a2c39034774ebf646fa7ccbda35316c54d443c6da466d9c95d716016326603c3989bd7545e3506333ab3e2ad7b45b225bc43ecb37e4c301b389e06b95f09b1a10beb5fd5320234fd6d488d5691ae2e078630f9f57dd0870cd617c30bd67ac8dbf4b3a8cf61067f7":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 128 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"26045402548ee6196fc0a60208ffde21137ddb1c6c5d2ba0":"fcd55c2c60ff6de19ec3e6b13490c2821f0c565abf10be2d":"94b8276743184d086962ce6c4e63bd53":0
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 256 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"b3a0aa60fb14b658e1eb1c1a5a8e1f60307c9b9faa2f1587":"fdeda2a10e51da1817af2ba4c9f200414aec67545f5e71c608e85d14da8c5567bf51dec4ff2d8c05":"65986b3a6a3658a66cb5beb302540bb032b36c76d040b24fe278a1473ad4c32f":0
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 192 count 6
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"f0ee8ab6f804a2629e163b58c1a9e9039b53ac60493df11d":"3593dda0daead2dcf850f8670b7d0692332f57068213a772a8244d058e5634d7":"401df0c06aa4c58a71b9438e11a11a239f577b6037adf350":0
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 320 count 8
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"579e58b2bf9c34c31e8c644faef6b698131624063fb2d795":"b39acd09d9bf9daaa89304f76402065cc3d863e12df8a966f037146db9619e7be5ccbf50206773c5eca35e36492ef4b7":"9c1f66267c2083a42f3da4e754a073c1ff151681e2bc070e6e4682065fd109088a096e72024fdcb0":0
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"366af2c7a1d7a1ee5a7c239fd526024472f674ab039bba25":"36fb77bd3890aa0a4a4d6f65d671156683c48214a327e5b2b0916c0031f9f4f2c643ca721aa22e84853096bcedd7ef57ab2ae05628099bdbb55111358a06c1e99233b94a568a3f59b06d8a64332acf888cb5bd1fe8ed344937137eff629bee3ad57c73344df80b303994889bbfcd0ec08b13b687ec909cc847f383d3ba91d108c84254af4ab4c22df19897fef44b62d88b0c1b269163de9a2db56a26c4dbd0481026d27e5003153eec761f21c02f4d04898dd3ed961ab158e572aaf3b828a30eedf62a8a7b0911eff27db48ce1b7bb79b14ba43d7ecc1f87c82664c99ea857746c99a993db5807f0fb06114c00428b85ddeb9cfb698d282b1d70eb7c17d4d12575e58103ef1ed37c558d7c312f0fb1d72cbadb84561a41e4745492c8b1eea557efb9f1e9664ee995aa82e7f2a1c86dabed0b2fecd9e938c796dbf2f9b4dc269545ece94e354ca3436e4c6936b51cea7abcd2e49fa263f79757c4b5a8d18c2c6a26435fbbaf3fc759bb323ffb962bdd445dc7e5c84f9d98812e7eae254d19a06ea378b1b262daf22b634dc30aaf9d911cfff0905e5e2cfdd7dde4dbca75729bf33ef6d27d5993f19c9a3e60fccf5fa201963cea0e7caec99d79f83435d11e3a90905103c302851c8d33cef77b39c104ad4d8f45abdb111780c46784e6fd6a78e57862350a671ecbf01dd936b8dae4ce4a91d86efad8b04724d7c17a89b1d43d8abd650f88e17f5df1":"40bc409ed0ba1966e733be4b2ff9d23691e6a9f44b0abebe971a47b4ebd51bb13bcf70bc1359f6b5e670be2e6b008ce9d219abd61ad20edd97aff7458b81e6114ea6d9c85a03400477b1a32f09ac5cd1a963731246011ef4908bacdbfae5e5921cba143b9395d17386e924db6ce40361740c6ae5acfdc979d45c8af70b443878adbb04bad439c9937a30bbecfc50b7005782bd01e3a87538220ca149286855129bd189f9bdb55ed1f7ab786f99c289032123c814e683db2f10970db79d2ef87f5a8a2cbbf7b9e2c447cb22d2a9d0f8c2b093a4d8aee57f0b05c2ac4f4ef780bad406b847d3c9d175f659105795236b072e96738043cbb8499292ad45acf7e576d8decdb635aeda6611da6c00a1badc11962dfa0643a83b865099de79416c86448280aad32f6797ef2fd879ba46abf36c9da45da4d0c936f6e25240cf30ffc79647720bf10ee18743f1ee3397dc0ed967445bb7b0df8eff0887d3f84abf20f0b2036837dd0308ed4a01f9d6447a9eccc9c471e75bd32f7d760216c326901ecd8590afcc2e697311e29f9d704dbeec409cc8c7fecc12fcf70cf9f718c12579fd17cef1e6bb44f89ad418005c2629a96275965f08c54a53e31cabcd4fb17021889bdcd4851ad33bb0d5438e55ba3b759dbf3c50fe20e6f3b8f1989f560818db1f2079b91b1e2d8bb22a7523c3137e9a30ab970f6019eca225e4b42bbe061f3b7b43":0
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 128 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"9200a0f688d86c0b6bfd9abeff66341684a373fe3f9a3057":"5c685c8596e374710fe327bafc45cd09190215fdcc03d010":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 256 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"95c9e644559919cace6f93f545dbfe48b130808ed66d0964":"7b8d1307e992221f6ffdcc7909d972d5f02e92187139cfd77f79345cb998bbdbabedb3ac00a6cdc4":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 192 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"ffdbcbd0abc94c7f15e5b6e8a7190f1ed4f01be11f4f7ccb":"e9ad95c8e9185a001509c50ae0098d45f7032575c7b8fd90a561716d2e5804fb":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 320 count 9
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"253a5cbe79a291c0af1a3d7460e7f284bd672cd026753fc4":"f71014ba711602df5cff2b93e86253775ea308bf83fde65fbc9a9a7852f87357330450072aaa3d6ef8dffbee20d2de7c":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-192 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"ff8666e4e538a6cf0a2a002b63716b06ec5f187785c2fc1b":"f5bfda19b535cf39e240d5b42db06f385fb002be273e46d9e5ceed6be4b5f636031bd0622ea0b3abd0087a7280844ce7260594201214e601ada0f686da6e9b45fedbe36c7d13db025746fa6bba2e540a417a29cdde32f9a7ff56325233bf60929bfd49f80e21acc23f3abf572d81e96b556f6f4f20a7e00c1cacd6fad07df30d40de593c99f73dbd61bf9d9d5269a56006ae85d588324f7e140d9775403af631e695f7856b1bcaa377aa7f4f12c68096a974ef703435102d7110f4eeaca787744c942be1186d132bff2b39f160157617bcead75ae59288880fc0e7db9877d854f553e90e1c917a99b8f357082c50bf3b71cd30d016f164ccb85bff50212bab13cca8dcfff0be984daead905ab13054eb12908a73f37ed42c5638a5a410ba182a2bee2caa84e76af2a715ddd24e837988ec475e506faa130f0241e08d92567a69c9645fc2be3945d65a77387cfa307562c9b6c7055f98956c547ccc109da9277292f47cf43e3cbc0d2e91c916e4fbd70df4a980e9430f5c1c8cfbd6c83f0f756c436bc07e86d5c75aec7e4c039349f71fbb959db709427a33869c523c3486be0095c1fd61ac912cafb9065b94916afd9166d73678ffbcc396a037ebe75e44cd824b2196903950b528f537c8baa70530251bfd8a6f37b202453993534c06aada0d1dbf760879d0898026997f1baf63e343e94ae076da7d41ea325dd23ff2a9cbee74baca05a538543d":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 128 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"e594f0067cedb74e883e7746d29ba725c884c25375323f367cf49d17ad0f567b":"3b51ae2b0e3ddeed94efd7bfdc22630187e1f7624d15ed78":"587e3f6c75644bb5c3db9c74714f5556":0
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 256 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"049c7bcba03e04395c2a22e6a9215cdae0f762b077b1244b443147f5695799fa":"776b1e91e935d1f80a537902186d6b00dfc6afc12000f1bde913df5d67407061db8227fcd08953d4":"e617831c7db8038fda4c59403775c3d435136a566f3509c273e1da1ef9f50aea":0
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 192 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"e86b9c1f74cc87ab8ca6a2fa1723fef173077e684345b90dacd3d485f587d320":"c97e8c25d498430300982cdcef592e34176e33e45cd59b19f7605f52e3c7b997":"261313cbea4b246e53affe1f84bd4c900c9b1d1842d79337":0
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 320 count 8
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"5b7f48b8ce77007481667e9900f3077a0c9407a70082b0de29bbfbd716a07149":"3ed16c7e4fed98d76092936e94fa5696c787ab63cb764e930fd37f917be4e7e60c90f327f0865d279e6c449b96301ed7":"4e0e6c45137efbf858ce896c815268a10d9869ef5668a90739b7eff99617691fe63b911afa53feca":0
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"9e92fc974e09541e6cdf1415575511436ac04a56db186bc0e60f0fac9bd58c6a":"201010a2a33fac1d20230bf5254204801de29e66cc44eb391b8e77284b3dbcfa3fabbdd4d9423d96af64ee0dde35786d79b7433021da27d6be753f91d2c1d63b40e9dc265b4a27cb2a61018a60ba5e29813c012b6acbf7d7d101ce227e45b5bc8a16c604c83a99ef35aaaa44fcd2033cddb6122db2dfb944d4b5c16dce911c5f4a1d8db46785534e7a090e31fd2192be64fe5b72efaa8b7965552bab4a20c8eac9a9e7b35e77df0277a90b0b1167e14a8be8d0bc37757354eff920ef93ad65c5a49b04bd553883efe9376811986002d4270d25c5749ee1454270a191084fdca53ae693f5a31b13929fbfd68b331a4fdd2259031f812ecf50d042a55fab302375057cb5b36735bcd2d75f745fd4a92580ecfd0fec44313ba9ca8cb1893f7a329638c17608c170de0ef68123c2233fea878fb1b49ec7478d9cf70591101bfd2d6b0328a27f7c497061b79289b6db4e46199c5db8121e9e1adcc8d64c85c27e329883775073d5f61b0bc470169ce8837b61fc23bbbe7e07d265b32cda5a94acea4bb2e52af17e13818a7ea424ca7fae7677caf405f04e37c2cad0c77eadfb4ead593f79ecbd8292e47b7838d775af9d9e252c6ceb147ccc2aadb01f8541871e5080109f9d94afc9103579bc9dbfcff8791d5eaa68521806590eeea74f411731b920a91c4f4542a60e6ffccb1285dd30e74292d5f37f33d4cb74742ac98c7a0475e069828dcd7d8301fc":"4b6f2257197b0692e6026d531bbe2f222a6764fe1cf277b0320a6bdf9efea0a3f304e94fd22372712f751aa377264b1600f3c1e7e0ada846082ab4885a5c9a51b1b25a593a269a7ca1b62a28f1a11b80fde57f0b9c0fc0e38e8edea8a294e18b4b1e0e24a5ae0e9d9fa0d8cf02378e592b322ff04c5a487332b5f58ad3fe9a0c20a205f6872c9e2d0c52c5b29c5c2f008444a3e8400b4822d39f646f9ed390c352615c4cca8cc0099ac1ec23ad7ef581ed33f9fd4a8a58eb240fc79bfc2df7c1606cc52fb97493fa59a0dc8dc01fdd9fc9fb51a2f1e9fd6a89cba67f001d105c456d99c3b1fd68dc9d01b1b8e0e4c2ed4eed63c0110ea6ee96b54eebcd56c5446dda210a9e143366014e72d5e4bf78bacc230641789ae7caa0e37682190d8007aad0a0983e7c970a6feb1112ee5920f628ba03493cc3b340aa9452e6698f818e6e409cd0a7f660094df05646ea0e6c6aa94e933f4fa4feae6207eb473f9d80e335d6020138f1fcd085a336bdea158823cd47079a89ac18bc8541918ccb6bbbe1aab5ba7d9c6b5fc9ba17cae707a556c2bf7d1f991f9a8ebe0f9aa6e395defecbb508cbbf68db8da443ce8fc40149c3c84314986615ca5685e5e2162ebc617929a7e402a6262a28e646d7f503253c30ff2e37ed6580676a9978aa2f5b4fe82e1c2fb83754fa855ee54a61e64a16b64a680732b14671ff55b3f2a6415233206188":0
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 128 count 4
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"08c936b25b567a0aa679c29f201bf8b190327df0c2563e39cee061f149f4d91b":"e227eb8ae9d239ccd8928adec39c28810ca9b3dc1f366444":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 256 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"605b22935f1eee56ba884bc7a869febc159ac306b66fb9767a7cc6ab7068dffa":"6607f5a64c8f9fd96dc6f9f735b06a193762cdbacfc367e410926c1bfe6dd715490adbad5b9697a6":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 192 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"81c93da5baa5157bf700fd38d7d67662670778b690cfbca9fe11e06268b35605":"875e1ca385586f83d1e23e44ca201006df04e1854e41b933fd607a7383ae1a39":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 320 count 4
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"c42c53da9bd5393e63818ecc1336ec6dfcf1d633e51ebb51c68fb0997c979e7a":"52f7b481f72bc2d41edade5388d38c2ff75765939576e49bab400040a14ff488848bef57d1502c06a3faad471f5c3178":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KW unwrap AES-256 CAVS 17.4 PLAINTEXT LENGTH = 4096 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"7b51259246dd7252f6a7215fb11fbeabfabafb0f8856afae525af8feb81d3490":"c625853da9fdb8665264c30539a258ba61da8bbd214f3f493e292f686dce73c003aea5c4070ea94b19e486019b18a2f3f1d836b85414bab14eb99baa283cafffabc8498cf1151489a6a6a0d01e7041633c94f9cc6cc3dfcd661c9c4a0bf77d9be168eec29cb0efef33c74d2dad18ae2ac2b5efb519f4c1f12eaa7a7d7959e7a6dec681e4d1878b20054b7925d2da0b2f8730604445ff3fca3a06285a4a2d86648f10a2bc3cd422646f70224ec9025e7ce701c8b521c0392fd7d2ac883f2a37bb7e4d53a92a620e65e090b91dbcdd616a13b3948eb1b5a6b1bde80f03dad61aba3223fd91ca3df68b0749fd049813a7ab0268445793b16677bc1af00f877097cb14798777ac817d0df82507aec246f755ddf95b19bb56ef9f2e730bcf2863648d8b164656df37977d54eaf05063b0ee8ba61c2a2ba7dda8fae337d5f6ba965d9e643b4534ed9f4eea7b2b26680fff50260e245fa0d63139b40e2f152da3a976589e957be22cb0885cd582aa9468b08f08a22b486767a6b99c1778ecbd763ebfe2bd83c6191f4e8a84972e4920452b2b2dd28be5d7bda05dc3422419793ca8c26defd3b42b2cc99bbad98e7461f034abf137d7b3166c94e20bdba091653c6a17ccc4faf86a7ba6d2abc0ecada9103e73d9ee4659b6e991a1a209d2ebd96c24759c69ad13a03431ddc05abc20dc8581b1e526f4d98f6352ca4c77f5479db234125fa585ba275fbcbdbf":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 8 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"20501013aa1578ab32704a4287029098":"382179a39d75756f57763486d038b50f":"14":0
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 64 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"a099fff482dbaeb53aad84f81b916da0":"b831c7137facaed059cbf268767e230f":"0d24299443bcc444":0
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 72 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"4d49e260348172c38a79eb925b189b12":"54755a93ff5173aec60d1eaa8fd7d4090f00f638c2831aa9":"2bbe64479da7c45976":0
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 248 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"6a5a5ac4ccedf055d7562ac58ee7819c":"46904a5583e8a22f4b2f5aa8d071f5cbfc938130f1b33f2e6401aee7cccdef2159a89c9b682cfaf4":"33ac6837955300e569b29958985cdbd434c18208779a949d20b110b0b719e1":0
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"1dd51f0d3a0a784174ba81b2c9f89005":"e1bde6d2df3b8e48ca127f97b56b5dc2672b3736cc3157c7b80a0316ef1efbdbbce19fea23da831836ccd2e002b2c1dfad206b5cec358446b8434d7f4c39e65b0e0b50897642ffc34bfb3cb3e233aa9c1058ff0d4fd48e98bc8cc3d214c06d514dd97db2278093a308f91f4ae92626d85771fb1447b36a3467fff02ac7e81ddbd0fdbcd02d1acd4f053c989ef3dcc2c01e23bc2f6090f3e8c0ba5f0082341200b1c37b99daa9cb6fec78bce3429aec5badb9fd28fdbdbdc5d53570675a9e39535b4594095658ef950ecd79a162223b60d2eb91765e022dc6e1bbdd86f1bcc280ed9df350da08a801fa16a1bf2701947acfb08f19fdfcaa1d76f466a5de2458a78fb82f6af3e1be68f405a4289f25896f4c9830005c9e895c86e67eceab0ad544856071b8d9585835b5e85a07ab01515f7ab54f98dffb4ca49a15068eefc6a01f7f52fd1adbe3631c59f6f43f79d2b4f2a691e2b30bb1d43a848dc3ee39c7f2e50f0c9deb7ab51e33bf40903ac255bb1510fd61676a6c13c3c776b8aacc6cefb95e24973ebb11192e2692dd0c6a085b58f86e11cc28ee2194988c123e3666da7339c0a4ac6afbacc83f1f100fbb39efff7cc605c9213828224a17c476395aeb9bb0a3150fb8889a8c2a494c8c526203f261642bfa69a94b86de9e6d3d932fe20fffe4bd76d502c0d437a3e1d0d8727b7a8dc0e361967109e93566326b6c517663731c4c9bdd0295d8":"1a4eed4bf5b8d2e2a58f1f1277f164cc32cdadaed848f76fe634034082ff9aa1711870bf3936d01a2aa48de30de5143b9148cf56f4490f9d480dda0b672e8e17a012cd26cec3c68837bd5b2f9beb13e0110f21c6c36343e09e027f39557d1596d4ca406e3e7aa113e9bb8623106bae25f0ea23d46bc29970ba2596f83fe4f73a6f978a4d949fa7c271570a2ae5d2b50792d5ab5c43d455f359fb83c35ca3da37cd73cd66b6adce94d78ecdeabf667daa47ea70799af299e1d898ccf3fca6c42c6fff8cf2ec992f596fed4a0cdb502a00f9b5689302931d15cba691e2f8079a0411332438b714ace5234b91e4aebee8f8dda0e1968c2016fed350430a65d8d206c9436f40b79ce03083b8dc207d6960be1ce97007ed22a388ebb7b3d8f7d2b7d9f8f49731fbcb21e21db0cdd15674c795d5af2b2cd727f83e634e8c47157ed0c6873a5c9419e683f16f4a7827b444967812f9d1adb9201b89a0e66bbcf0591465f5d7036a21cdda0e10099feb819dfc37fdd3105120044dab716882d3971f312e3f4459006fd5a1eab08ff63edf6718f47ddaa37f7f40c9c372995f3aec97bc45e287b64fc8cf5559ab04a4d4d3ed482f5d61d3abd99cc87ee406da3ab9c9cd22ba3b8d191b26754aa94a2412f39e332d77fe72210adb0cbb5c96adebdbde036f1f1aaafad74a7ac2594f81efa734054e2e16dc931d49b970b81756862705fcd4":0
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 8 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"30be7ff51227f0eef786cb7be2482510":"7f61a0a8b2fe7803f2947d233ec3a255":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 64 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"9ad15907cd05d77b844816b1dd806c92":"7aa0e5d322363afbdd71b531e50d4935":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 72 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"2005cbe9cc66a35cafdff1af119ae6ce":"60f9c736ec3619efdcc7cccc6b90ae5cdb8bb9eceea5dd96":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 248 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"2c3b49efbf60ed01a3ef27ee24ac90b0":"5fa5a87bec09a3e05864656f8966cd38e1c4af48a06b1dab4ec9cca35dd0f92b54015fe5332bdef9":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-128 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"4b4c43c9de4fb4a2a7a7adafeabe2dbd":"6e4d08b8124f7d3e23303fac1a842014f95e3d71c438f8f1990307842796dc5e404ad81802e35c183fe000390a12c81ee684c5cf26c1d90e414cfffe6931b0f352936fcf0b31429eb5c7612cc359a15371390e518cf5c6a6bff1bb0348d14e2c39b98c9f30672ed2af1d96296df8b5567db25b9510a2083461810e119735490058ed1b46b7fdfa885041d8749f90a072b43ba49f2f51fbcda0dbf3cf99fca1d8f46330e5f6fe079d6679cfa26214c8831b782aaa023a2e0ea91050d277dab876aa6865f2bb3fc1a4a77db52f6179d5e5325993280948b6b7002b572829641d35ed3d735d8423e5b24673c4570ca25064fc2c2ad4840632536bcfaf2a7a814f3eaed92b4d501bc51c1719a0d8d8f420b66db845682bb41c88038cfedf13417143a3a701b521a9bf0bb639875a728c3b5ce6ca7e7a45bc75285c193902e6b5e7a4c6e720493d3937bf485e587bff894f70fd6165a1d0129cc673a992e0a4f5489d228a066b1df60002ec0521924f8d672cd1452fec927e58e75807b2a390256f920743fa4d0fc8f59f2469a595ef65095ca0c80adfc843e9e69b6d4a3f824af47b2bfbf2a7a6c1b650378f096f6f0bfabc752c8f279d4f45d56d09dce97962c119de3a64d83b93ea55066f24d4238a229ae86e6a7857af1d8aba823370a72fe358046049a84a70213ef31d9e77a722def8e21480e79b71299438070946bd459a7251707446c911e381":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 8 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"716da5cce5877d8f305b5478d671f6c73eb1bff4de15df07":"dbd5247ad2445575cafb00ee7707c218":"bf":0
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 64 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"b94bc10b85a8c2f74a66fa723a25ea1b398a4f627efe1ce0":"18eef64a022b2c7db27648cbb5f1d5e6":"19c0f2f78606fae7":0
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 72 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"f61cde8e515d59a8ca95efb1a98ed4216c4a9649151babf2":"83fce85e9bfc6ed784b052472e5780fee662f17a91faf1a9":"1c6883862ede37b31b":0
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 248 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"1c883af75147bae6f34205cd656ad30ec97e617456591ce6":"f24f6747711cf72fab0422026c6d548ccdba786d77ab900ac3fb8f39f116d38e92c82d5fd9a045dd":"bdd793f086d8733f69055bd79bbc448be857286e918fd4c54be4acf4eca5e4":0
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"1b38d4b366f844e71a8db6be2b77a05a9e81720d2d3f31ee":"62ddc158ecb048250bde439dc7aad34dbe7667d330a349026266c24cee9742953b623d1e247e501641b45b60cfbab665e68040ce06ebce478d9d77f5f344943a1edb14f0d9f165ecfe407031707961fedcd016559228bff5761cd6542944a5d86f9acf4e0a4114682c2312b8d4e8285d3efe1a7c1526642c73c332a9e484377a1c86714e3cb687781928c8a5fe28b4aa74e79f53ecd00793e00041b39b172e5fedef3d4164dcc6b2d2e47994e73f2ab048a4adb8cd94fcd7767314ae40f8cdbef2b26d25f74277a2f88f1de56342a0ec97fde4df2d052e6ebc62622f65725d845f670a647808666c7325725a3428e26fefe725c2badb8a8b8f04e30456bd1fd39fd0f7c782b7a2bc9d8c53922a54c5f103551271af6d7243133b96cd1c108811e4beb9a56472c1f9823a1e88832c5505e07cb93b9041f4b8d69cd27403680a18bb3848c269babbc52aaf568ee8245f4f72e177257103dd4bdffeee9b48e0660d6c2f4dfdce52462d0ed5cc5114dc0aa5a35601c9a644a1fdd3c57c3153e65a108eb94eea3bc9979a67a2f569eb7398a4bd24547c15faa361bb2950a379a1cad1737f56e7c210652aaea7581f39f07ee09a101fde8c34c3cfc404f2b8f682735fc4c721eceb4bd2295d8a74ee3cb858329509eba9049e7e791e04d8452b50c6e6225b94a8cc10ec1d262588fd2f05eee08113414e770c83caa84d310559286c393799117c177089a2":"b1c88d3e5648218ee085abcfcaf7f362f33e4d6de363cb84182af9f18a31475f0e14ae8eff76ca67455726392a110ca262b90d040abf49beb036db096be053d493787a67e983b63945277044acf648172c75b38d7f81dcd58e3bbcecb963dc95863877784ac04eba83481152c30b1ca9e9b78fe537deee6c95933e1b5fb414cfaf7ca1dbbae8b114f0538f4cbf433ef214b776faec9ce1d29f680f4c88ff7b9ba0e964898dd253f5f82ec9f25663ece9dbff5e284f63b0e0fd07fb13b41aa8359f1ba1666bcb26e65d28b1f899952beb28b8f902f048e31efb6ab4817cafc6d84c7f4676b50936715667a67df7ca965b3ab2a5fc472375b1446c810242eb1cb78b9ac496ed4715e0f89a4e1ae0e2724edd59c954f54196ab55ac1947528fa14e716b7707aeb023bd0a2242da7ac97f3feb7795d9be05cd5b1cc33095599ab4c4d8d583c9e2a4d4ed12b836722370569737fae2d6fa60c8a5b8a80fd71129fe29395746eb746528a8845c5a9d50e7bc4372e7f3f9c6333feec791529a6ae1bc0f620feb604f56969e4ea3445810c72dd0772856feb58f09796f461f7ab1b454c303c810eec7526aeb397520b6114f57a4d906e974e8d4a910afafbb0f030b18887b951052d18578022cb7e33408578cdca34f32012f62d3dd35cb74e9d0fecac52231c5cf5a34d470d3b5413644c4e2af1f1613093a3b0550f8df26d033a35b9b":0
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 8 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"df8f5124b1e03228f2b96f0df31924bac1d3b5d094da22e6":"230bb26c1ea9d5c8fcf7c122ea994f41":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 64 count 7
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"94c8dae772a43b5e00468e0947699b239dfe30ab5f90e2f6":"239c6bceee3583fe7825011e02f01cc0":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 72 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"d81b7162dc6e9e18bea6e258bddb53a1c9f22a4a7177d9dd":"4f3a2b7b229a665776f9cfa42e0c2a615a81f69cc0f0f465":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 248 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"688833d56cf1a0f492bf1f7e35c2fa6299a2b1b5ca2a2823":"4b7c17d7a7189e7955c03abb0ca95fc0c780953787972097ae596d46fe2a8cd75995e6309780ae5f":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-192 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"4b0faa630930b0ff8e624aeb4ddfa018a858cfa653132675":"1640db081e87ef7797a9f17509f5bc67d40beaef096131748f413cac3d2500462b61140b31bc3965958af51351903549e4a71db589a6bc67d72ec33b8605a25a539a2043704389e3e0781152dffa9b64d6ec186ed144847434345e6dccefbe26626eebc4c22e3957b2145c46fa11d7819d4195cb43a9db8d2de507c023607548b56a07628ce4c706939fde1bdef8364b2b8fb7db30fc5c8e99f29876130d9f71a8486d99f2c7fc09f646918d4c60e53c7b9f9a8a1e9a023d70448f6b79c3f35cc6b9ace0535147f7f27be66d918895b9106cc83eda1aacdc2bfb7daa75b2867ae63109ecbf9423526511c64c4261e395d9b5a68dd2503ada57cf1b8a18336b8d63d248ec4dedb6e30662336546c86ef83b53504bc3bedd85a027b6b9f0323bd9380d9ba696b77072d98f96b77f9b3ad9e219715122b2dd033529eaf7ecced8be6d1e6467b8e4a61105be9b7a7ce208b6dd6bd34481f80b3bf534fb87904d45986931a088480a8040047c681dc4e8ec1c625a5449d9ab28709d04989c4b1a4ef0f1e379d37fe6f0641b9e705207e9a0652463cd5da71cd50321116d4ff1cbae08063df336482eadc0d117bf119e01f2577afe182e7fa477ec53b754e347a2c742960b9bd355f969e6ae1df2210e75bb44c598b683dd4c8692f4cd1b92125ac9ed10ec4cef6289d3f815cb894e74dff0bb72d51c43cb420d74a31c681c10ad7f9258d77f1f186c926a":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 8 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"da862b25a629d328cf9fac7be0d6ead1cb2404e9bab87a2381a46eb1a81187c5":"5e01a2b9b8413f303a3578d2cc255fda":"d4":0
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 64 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"362586d516d38e4d58b50a441443e75064cf6d6cdb6420862932ba7b0480b0fd":"ea7ee0f5af3a271a9777838ed13c61af":"f1b92d0db744bfee":0
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 72 count 1
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"0e6d542f960c7e61ca190d7fd719fda157030a0a013164613a8c522b52ae685d":"b5cae8a82095abb3478ab167dbc0201d2f4dfc5f81bbe44e":"a957eb4ea02e68ba8b":0
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 248 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"0445b86d13b7b76c0089a63dec70c32fded9607af63714b7c3cc724f49c1c6e2":"7f63167976e71e43b7b135c8cd12148f826f56e73f6fb6e7f6cefa23c34302ff374d44dd66b6bb01":"7af8c3b32e61f8b5c027383a273927b8fd09b75692bd0b713ec8ecec0bdd2c":0
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"08f5c088acec18e6cf1f03a8f85d772e327e7fb07f8c2939eb554e84c42ab93d":"dff30fd43647d4be54cf2dfd6187e2ddffb55267313f980fb09c833a9c2bfa558a95861711f0acb2a5c7e731ba22f24a9c4dfdd9e9b0216e9088f817a175b9835b0e17615687a20f68c067205626494cd04fbabc0b3eea7c0a4cd6236bc8b3e52e721dfc357fb8a3722bfcc4c690d8f63dbb864bb6e3a15805aea7270f8eb748deebaa2d066fcda11c2e67221f9a91d2c29a6c79ffae76aa80a2590b4f9e35f623fbf2f8ceb2a205493077556a186e25e5bd52dcff7bcc6909b37a66c1d1431be1b363bb40da25386eaaf5fcabc7be6422a04434a21d1d3105328e7c56770b9f59b03395e4138f5f06fc7e6b80dab87b08caa7bfffc45a095c15263efd3f06c651ded6f58074efc20620d704997fc84721a0a8e9e5b9f5cd330bbb156b31d9d1b1c260e4a24535f30404dc5b2dd6b35d916a1391b25a7d8790be09d85483ed1522074a2785812005bda10dd55acb245b3bd3d9bb777dd23f9b02538ba1a114ba53386d7ca4d9524b2f8a18e0ffb21580b560540bb2146f08f04974b90eb324547d56222df95f44bc6e5f183bef283e4816fb1b2933f9c7c6726a245a495e304d8318d0008c51b0be8090f8f668fbc3f31e073be4b9e97468f4dd8c798e9d682868df493db8a85738b58cfd005190f365849072577772672c6f82555c65046eb34e86fe61103327a063bacbbe33cea7eaa3d1de45471b7269e1b6b38608626e323447a3d5fe0599a6":"8b68f66a3d2f59d419851b94d9a6f2f0e667f8125e11d463a6bc2cea46b12dcc40ce8018b204972c735fdd6d2d05b628f4905c6690f5ac5b1b51e12f3af2dc3ae9b9dab616f0a2a66a1ac197592fd5b15900547f32f54110b58d51a0340aa80e9eeb7b2e0eb97e80aa22ba918f2fe1c678c730ed5c3d8d24774f17d8ab6e01a06243d36e764df1dbb8af1faadbc55281f0242abd7a162c984fd0b05ab8b0bcaedffb2962024f009a8d7c9e71281c09f52ec0707ee3bbeb1ecb918be6ae3e9c1fabbcd3512af928db3ba6c109ff9e9839a616b2a53f092160a48222b84d53cd52490515ef93e1ebb33897263492ab8ec6fad2e633276ae367f76d7f926309478c0205d4f22506a451795dc98f5410d8f5d3e049cbedf381620861e7b4ae08f2d8a71abc1f230248cb636a2d7b4e7717ab2b7b5f2dc6e5b5a18e8043254208b50fd6f8929eaf974c48551233661ad67321b64d69245d536d9a8ca2a6a10966dddb9d2ce36641c9281c460ae524b077867258f638e6ac872cb5f5c6fb216b1ae60a9d0c5ea0dbcd060f255da26111175af4e9935df59ddade6a2a70cddff8cae6a98e4f3843c2dd59d09053b07b648a46f5de0eb21ebb192828279a386ea3eedf2cdc355d73d51111e8c1d522e059752bc56226a4225bcab713bfaaaec78167d7cfd33e913b26fda93ca7524aa8a8b17977c88ff9bc23ea810b4de59eac18d1523b":0
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 8 count 5
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"5fc3ef43eef256993fb00e6ccc90f60319f10a3bc9fe5ca4ec876c165e2a7720":"f3d922a948969acca293bc3daa027e48":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 64 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"398444df32841be9e699c64faa92630c834564b8384876dceb471c4056fc8299":"30032c9a3ed00d29512d8c725fa86a4b":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 72 count 0
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"64b69233fe392c0bcda28a931cc3527b1a8f29235c1adf6256556c685cb89b9f":"6b5fd75ad16eda04a8b29f1bc0411ae28befbad9e474f2d8":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 248 count 2
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"8c35fb77766d04f48d5b52275c5c5f31f568078419e5c2335918965fbe53cedd":"bacccb1714dbaa4908c2654aa8dbb1ddbddd8ab819429b026619fb1c0fa75a8247372b2feeab1e1d":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+NIST KWP unwrap AES-256 CAVS 21.4 PLAINTEXT LENGTH = 4096 count 3
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"1726706350c11e6883955f24ea11ab247ce3b2ab54d05e67ad9770b5564483dd":"b006f26a67d0e1e2cbeb5c23b6b300adc1526d1f17bbe964fe8237ae244878158e6b04cb488786b5258ac973c3a2eafd7fcf3a7ca6c825155659fbc53d112bc78b3a770cf059fdd5e68f2b4bfa36de3721231102e5041c947fba3d906bff39592ec3901a398da23035f1190e99b58659330cc2e856ee87ad4197dcc7d16e1f062275bced1ed5cd82163ae3e58da7368dc2aadac855385bd4fa0b8baadef608d0a5c27172d12b88c70b136eeccf37f36364361a990dc50815743cab1636e661bff04ca8345520c30b935a060b450526b1d6ac09170e5b0a327b88f42327b85c9a621d2ca745963c2815a2bfcf509d50b6058ed6e67f369b5608d2aa885238b67d1b8e0d83f9464aa473bf109350fcc02e360c2619236cbfbf895b607895530d8d3d2e41450750dad05b1c37ef15db7fb4707597ac252e8e58d4c1ab2713b427643d198164c908b5d8ff36e9700157284009c7b283633d8b27b378bb65eff8aa59b5fe5e6437a1d53a99c106c2c4d033d3d23950e313a10eb31d68524ae9f8e4f56437acf66db3e8f77407a15bbff4b393e5559908993146d93c673d2aeb7d4cb8fc8d0169de7ed6e2bbe6ce9958a0f5d201419e7acb17e47da827ba380d6b3ad3b5a8c2101c5fb501110c727169065f23297947f538ab3ec165d61edc1f6a9e1735e9b7fc06d4d3406cf8f9c6a68b196cf262324a986705fbc802cdd2e6b4ebcf68e6bb9e793ae644":"":MBEDTLS_ERR_CIPHER_AUTH_FAILED
+
+KW AES-128 wrap rfc 3394
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"000102030405060708090A0B0C0D0E0F":"00112233445566778899AABBCCDDEEFF":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5"
+
+KW AES-192 wrap rfc 3394
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"000102030405060708090A0B0C0D0E0F1011121314151617":"00112233445566778899AABBCCDDEEFF":"96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D"
+
+KW AES-256 wrap rfc 3394
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"00112233445566778899AABBCCDDEEFF":"64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7"
+
+KW AES-128 unwrap rfc 3394
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"000102030405060708090A0B0C0D0E0F":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5":"00112233445566778899AABBCCDDEEFF":0
+
+KW AES-192 unwrap rfc 3394
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"000102030405060708090A0B0C0D0E0F1011121314151617":"031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2":"00112233445566778899AABBCCDDEEFF0001020304050607":0
+
+KW AES-256 unwrap rfc 3394
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_unwrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1":"00112233445566778899AABBCCDDEEFF0001020304050607":0
+
+KWP AES-192 wrap rfc 5649
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8":"c37b7e6492584340bed12207808941155068f738":"138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a"
+
+KWP AES-192 wrap rfc 5649
+depends_on:MBEDTLS_AES_C
+mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8":"466f7250617369":"afbeb0f07dfbf5419200f2ccb50bb24f"
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
new file mode 100644
index 000000000..eb67c03f0
--- /dev/null
+++ b/tests/suites/test_suite_nist_kw.function
@@ -0,0 +1,343 @@
+/* BEGIN_HEADER */
+#include "mbedtls/nist_kw.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_NIST_KW_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
+void mbedtls_nist_kw_self_test( )
+{
+    TEST_ASSERT( mbedtls_nist_kw_self_test( 1 ) == 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
+void mbedtls_nist_kw_mix_contexts( )
+{
+    mbedtls_nist_kw_context ctx1, ctx2;
+    unsigned char key[16];
+    unsigned char plaintext[32];
+    unsigned char ciphertext1[40];
+    unsigned char ciphertext2[40];
+    size_t output_len, i;
+
+    memset( plaintext, 0, sizeof( plaintext ) );
+    memset( ciphertext1, 0, sizeof( ciphertext1 ) );
+    memset( ciphertext2, 0, sizeof( ciphertext2 ) );
+    memset( key, 0, sizeof( key ) );
+
+    /*
+     * 1. Check wrap and unwrap with two seperate contexts
+     */
+    mbedtls_nist_kw_init( &ctx1 );
+    mbedtls_nist_kw_init( &ctx2 );
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx1,
+                                         MBEDTLS_CIPHER_ID_AES,
+                                         key, sizeof( key ) * 8,
+                                         1 ) == 0 );
+
+    TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KW,
+                                       plaintext, sizeof( plaintext ),
+                                       ciphertext1, &output_len,
+                                       sizeof( ciphertext1 ) ) == 0 );
+    TEST_ASSERT( output_len == sizeof( ciphertext1 ) );
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx2,
+                                         MBEDTLS_CIPHER_ID_AES,
+                                         key, sizeof( key ) * 8,
+                                         0 ) == 0 );
+
+    TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KW,
+                                         ciphertext1, output_len,
+                                         plaintext, &output_len,
+                                         sizeof( plaintext ) ) == 0 );
+
+    TEST_ASSERT( output_len == sizeof( plaintext ) );
+    for( i = 0; i < sizeof( plaintext ); i++ )
+    {
+        TEST_ASSERT( plaintext[i] == 0 );
+    }
+    mbedtls_nist_kw_free( &ctx1 );
+    mbedtls_nist_kw_free( &ctx2 );
+
+    /*
+     * 2. Check wrapping with two modes, on same context
+     */
+    mbedtls_nist_kw_init( &ctx1 );
+    mbedtls_nist_kw_init( &ctx2 );
+    output_len = sizeof( ciphertext1 );
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx1,
+                                         MBEDTLS_CIPHER_ID_AES,
+                                         key, sizeof( key ) * 8,
+                                         1 ) == 0 );
+
+    TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KW,
+                                       plaintext, sizeof( plaintext ),
+                                       ciphertext1, &output_len,
+                                       sizeof( ciphertext1 ) ) == 0 );
+    TEST_ASSERT( output_len == sizeof( ciphertext1 ) );
+
+    TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KWP,
+                                       plaintext, sizeof( plaintext ),
+                                       ciphertext2, &output_len,
+                                       sizeof( ciphertext2 ) ) == 0 );
+
+    TEST_ASSERT( output_len == sizeof( ciphertext2 ) );
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx2,
+                                         MBEDTLS_CIPHER_ID_AES,
+                                         key, sizeof( key ) * 8,
+                                         0 ) == 0 );
+
+    TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KW,
+                                         ciphertext1, sizeof( ciphertext1 ),
+                                         plaintext, &output_len,
+                                         sizeof( plaintext ) ) == 0 );
+
+    TEST_ASSERT( output_len == sizeof( plaintext ) );
+
+    for( i = 0; i < sizeof( plaintext ); i++ )
+    {
+        TEST_ASSERT( plaintext[i] == 0 );
+    }
+
+    TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KWP,
+                                         ciphertext2, sizeof( ciphertext2 ),
+                                         plaintext, &output_len,
+                                         sizeof( plaintext ) ) == 0 );
+
+    TEST_ASSERT( output_len == sizeof( plaintext ) );
+
+    for( i = 0; i < sizeof( plaintext ); i++ )
+    {
+        TEST_ASSERT( plaintext[i] == 0 );
+    }
+
+exit:
+    mbedtls_nist_kw_free( &ctx1 );
+    mbedtls_nist_kw_free( &ctx2 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_nist_kw_setkey( int cipher_id, int key_size,
+                             int is_wrap, int result )
+{
+    mbedtls_nist_kw_context ctx;
+    unsigned char key[32];
+    int ret;
+
+    mbedtls_nist_kw_init( &ctx );
+
+    memset( key, 0x2A, sizeof( key ) );
+    TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
+
+    ret = mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_size, is_wrap );
+    TEST_ASSERT( ret == result );
+
+exit:
+    mbedtls_nist_kw_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
+void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res )
+{
+    mbedtls_nist_kw_context ctx;
+    unsigned char key[16];
+    unsigned char *plaintext = NULL;
+    unsigned char *ciphertext = NULL;
+    size_t output_len = out_len;
+
+    mbedtls_nist_kw_init( &ctx );
+
+    memset( key, 0, sizeof( key ) );
+
+    if (in_len == 0)
+    {
+        /* mbedtls_calloc can return NULL for zero-length buffers. Make sure we
+         * always have a plaintext buffer, even if the length is 0. */
+        plaintext = mbedtls_calloc( 1, 1 );
+    }
+    else
+    {
+        plaintext = mbedtls_calloc( 1, in_len );
+    }
+    TEST_ASSERT( plaintext != NULL );
+    ciphertext = mbedtls_calloc( 1, output_len );
+    TEST_ASSERT( ciphertext != NULL );
+
+    memset( plaintext, 0, in_len );
+    memset( ciphertext, 0, output_len );
+
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
+                                         key, 8 * sizeof( key ), 1 ) == 0 );
+
+    TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, plaintext, in_len,
+                                      ciphertext, &output_len,
+                                      output_len ) == res );
+    if( res == 0 )
+    {
+        if( mode == MBEDTLS_KW_MODE_KWP )
+            TEST_ASSERT( output_len == (size_t) in_len + 8 -
+                         ( in_len % 8 ) + 8 );
+        else
+            TEST_ASSERT( output_len == (size_t) in_len + 8 );
+    }
+    else
+    {
+        TEST_ASSERT( output_len == 0 );
+    }
+
+exit:
+    mbedtls_free( ciphertext );
+    mbedtls_free( plaintext );
+    mbedtls_nist_kw_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
+void nist_kw_ciphertext_lengths( int in_len, int out_len, int mode, int res )
+{
+    mbedtls_nist_kw_context ctx;
+    unsigned char key[16];
+    unsigned char *plaintext = NULL;
+    unsigned char *ciphertext = NULL;
+    int unwrap_ret;
+    size_t output_len = out_len;
+
+    mbedtls_nist_kw_init( &ctx );
+
+    memset( key, 0, sizeof( key ) );
+
+    plaintext = mbedtls_calloc( 1, output_len );
+    TEST_ASSERT( plaintext != NULL );
+    ciphertext = mbedtls_calloc( 1, in_len );
+    TEST_ASSERT( ciphertext != NULL );
+
+    memset( plaintext, 0, output_len );
+    memset( ciphertext, 0, in_len );
+
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
+                                         key, 8 * sizeof( key ), 0 ) == 0 );
+    unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len,
+                                         plaintext, &output_len,
+                                         output_len );
+
+    if( res == 0 )
+        TEST_ASSERT( unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
+    else
+        TEST_ASSERT( unwrap_ret == res );
+
+    TEST_ASSERT( output_len == 0 );
+
+exit:
+    mbedtls_free( ciphertext );
+    mbedtls_free( plaintext );
+    mbedtls_nist_kw_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_nist_kw_wrap( int cipher_id, int mode,
+                           char *key_hex, char *msg_hex,
+                           char *result_hex )
+{
+    unsigned char key[32];
+    unsigned char msg[512];
+    unsigned char result[528];
+    unsigned char expected_result[528];
+    mbedtls_nist_kw_context ctx;
+    size_t key_len, msg_len, output_len, result_len, i, padlen;
+
+    mbedtls_nist_kw_init( &ctx );
+
+    memset( key, 0x00, sizeof( key ) );
+    memset( msg, 0x00, sizeof( msg ) );
+    memset( result, '+', sizeof( result ) );
+
+    key_len = unhexify( key, key_hex );
+    msg_len = unhexify( msg, msg_hex );
+    result_len = unhexify( expected_result, result_hex );
+    output_len = sizeof( result );
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 )
+                 == 0 );
+
+    /* Test with input == output */
+    TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg, msg_len,
+                 result, &output_len, sizeof( result ) ) == 0 );
+
+    TEST_ASSERT( output_len == result_len );
+
+    TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 );
+
+    padlen = ( msg_len % 8 != 0 ) ? 8 - (msg_len % 8 ) : 0;
+    /* Check that the function didn't write beyond the end of the buffer. */
+    for( i = msg_len + 8 + padlen; i < sizeof( result ); i++ )
+    {
+        TEST_ASSERT( result[i] == '+' );
+    }
+
+exit:
+    mbedtls_nist_kw_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_nist_kw_unwrap( int cipher_id, int mode,
+                             char *key_hex, char *msg_hex,
+                             char *result_hex, int expected_ret )
+{
+    unsigned char key[32];
+    unsigned char msg[528];
+    unsigned char result[528];
+    unsigned char expected_result[528];
+    mbedtls_nist_kw_context ctx;
+    size_t key_len, msg_len, output_len, result_len, i;
+
+    mbedtls_nist_kw_init( &ctx );
+
+    memset( key, 0x00, sizeof( key ) );
+    memset( msg, 0x00, sizeof( msg ) );
+    memset( result, '+', sizeof( result ) );
+    memset( expected_result, 0x00, sizeof( expected_result ) );
+
+    key_len = unhexify( key, key_hex );
+    msg_len = unhexify( msg, msg_hex );
+    result_len = unhexify( expected_result, result_hex );
+    output_len = sizeof( result );
+
+    TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 )
+                 == 0 );
+
+    /* Test with input == output */
+    TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg, msg_len,
+                 result, &output_len, sizeof( result ) ) == expected_ret );
+    if( expected_ret == 0 )
+    {
+        TEST_ASSERT( output_len == result_len );
+        TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 );
+    }
+    else
+    {
+        TEST_ASSERT( output_len == 0 );
+    }
+
+    /* Check that the function didn't write beyond the end of the buffer. */
+    for( i = msg_len - 8; i < sizeof( result ); i++ )
+    {
+        TEST_ASSERT( result[i] == '+' );
+    }
+
+exit:
+    mbedtls_nist_kw_free( &ctx );
+}
+/* END_CASE */

From 488fd08e11b9e3f24838bdda341e514370b5dc19 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 15 Jul 2018 09:38:39 +0300
Subject: [PATCH 243/578] Add aes KW OIDs as defined

Add the KW and KWP OIDs for aes, as defined in RFC 5649.
---
 include/mbedtls/oid.h | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 408645ece..f82554844 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -97,6 +97,8 @@
 /* ISO arc for standard certificate and CRL extensions */
 #define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
 
+#define MBEDTLS_OID_NIST_ALG                    MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
+
 /**
  * Private Internet Extensions
  * { iso(1) identified-organization(3) dod(6) internet(1)
@@ -219,12 +221,12 @@
 #define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
 #define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
 #define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
 
-#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
 
-#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
 
 #define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
 
@@ -241,7 +243,20 @@
  */
 #define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
 #define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+#define MBEDTLS_OID_AES                         MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
 
+/*
+ * Key Wrapping algorithms
+ */
+/*
+ * RFC 5649
+ */
+#define MBEDTLS_OID_AES128_KW                   MBEDTLS_OID_AES "\x05" /** id-aes128-wrap     OBJECT IDENTIFIER ::= { aes 5 } */
+#define MBEDTLS_OID_AES128_KWP                  MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
+#define MBEDTLS_OID_AES192_KW                   MBEDTLS_OID_AES "\x19" /** id-aes192-wrap     OBJECT IDENTIFIER ::= { aes 25 } */
+#define MBEDTLS_OID_AES192_KWP                  MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
+#define MBEDTLS_OID_AES256_KW                   MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap     OBJECT IDENTIFIER ::= { aes 45 } */
+#define MBEDTLS_OID_AES256_KWP                  MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
 /*
  * PKCS#5 OIDs
  */

From 4ed32d065bb389f1a954a806b74bf8eed1f625d7 Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Tue, 24 Jul 2018 16:51:09 +0100
Subject: [PATCH 244/578] cpp_dummy_build: Add NIST key wrapping header

---
 programs/test/cpp_dummy_build.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
index 41c24c981..c65288404 100644
--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@@ -69,6 +69,7 @@
 #include "mbedtls/md_internal.h"
 #include "mbedtls/net.h"
 #include "mbedtls/net_sockets.h"
+#include "mbedtls/nist_kw.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/padlock.h"
 #include "mbedtls/pem.h"

From 269e999a359fd095a48e2aea92c2cf2006c5f39b Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 24 Jul 2018 14:41:02 +0100
Subject: [PATCH 245/578] Remove unnecessary newlines in CONTRIBUTING.md

---
 CONTRIBUTING.md | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 8fb8ab8fa..3433ed001 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -52,8 +52,7 @@ When backporting to these branches please observe the following rules:
 
  3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be addtional test cases or quality improvements such as changes to build or test scripts.
 
-It would be highly appreciated if contributions are backported to LTS branches
-in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
+It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
 
 Currently maintained LTS branches are:
 
@@ -70,9 +69,7 @@ Mbed TLS includes a comprehensive set of test suites in the `tests/` directory t
 
 [A Knowledge Base article describing how to add additional tests is available on the Mbed TLS website](https://tls.mbed.org/kb/development/test_suites).
 
-A test script `tests/scripts/basic-build-test.sh` is available to show test
-coverage of the library. New code contributions should provide a similar level
-of code coverage to that which already exists for the library.
+A test script `tests/scripts/basic-build-test.sh` is available to show test coverage of the library. New code contributions should provide a similar level of code coverage to that which already exists for the library.
 
 Sample applications, if needed, should be modified as well.
 

From 193c86425e69dadc935addfa71c4847a0c1cf071 Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Wed, 25 Jul 2018 15:33:39 +0100
Subject: [PATCH 246/578] Update version to 2.12.0

---
 ChangeLog                            | 2 +-
 doxygen/input/doc_mainpage.h         | 2 +-
 doxygen/mbedtls.doxyfile             | 2 +-
 include/mbedtls/version.h            | 8 ++++----
 library/CMakeLists.txt               | 6 +++---
 tests/suites/test_suite_version.data | 4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c997b2c3b..44558256c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x branch released xxxx-xx-xx
+= mbed TLS 2.12.0 branch released 2018-07-25
 
 Security
    * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index ed78eb4b5..f695dd232 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.11.0 source code documentation
+ * @mainpage mbed TLS v2.12.0 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index fdeab7a55..317eb0dc9 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.11.0"
+PROJECT_NAME           = "mbed TLS v2.12.0"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index c8050b9ba..eaf25d908 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,7 +39,7 @@
  * Major, Minor, Patchlevel
  */
 #define MBEDTLS_VERSION_MAJOR  2
-#define MBEDTLS_VERSION_MINOR  11
+#define MBEDTLS_VERSION_MINOR  12
 #define MBEDTLS_VERSION_PATCH  0
 
 /**
@@ -47,9 +47,9 @@
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x020B0000
-#define MBEDTLS_VERSION_STRING         "2.11.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.11.0"
+#define MBEDTLS_VERSION_NUMBER         0x020C0000
+#define MBEDTLS_VERSION_STRING         "2.12.0"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.12.0"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 70fff520a..5115b961f 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
     add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.11.0 SOVERSION 3)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.12.0 SOVERSION 3)
     target_link_libraries(mbedcrypto ${libs})
 
     add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.11.0 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.12.0 SOVERSION 0)
     target_link_libraries(mbedx509 ${libs} mbedcrypto)
 
     add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.11.0 SOVERSION 11)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.12.0 SOVERSION 11)
     target_link_libraries(mbedtls ${libs} mbedx509)
 
     install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 763179129..402c8b89a 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.11.0"
+check_compiletime_version:"2.12.0"
 
 Check runtime library version
-check_runtime_version:"2.11.0"
+check_runtime_version:"2.12.0"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0

From f11a7cda73e46efd2b73b45745d43a523da3bb17 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Wed, 25 Jul 2018 17:26:56 +0100
Subject: [PATCH 247/578] Clarify Changelog entries

Corrected the Changelog to move an entry in the wrong place after a merge, some
entries which were Changes not bugfixes, and corrected style issues.
---
 ChangeLog | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c997b2c3b..e4ae7aa4c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,7 +38,7 @@ Security
 Features
    * Add new crypto primitives from RFC 7539: stream cipher Chacha20, one-time
      authenticator Poly1305 and AEAD construct Chacha20-Poly1305. Contributed
-     by Daniel King (#485).
+     by Daniel King.
    * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905.
    * Add platform support for the Haiku OS. (https://www.haiku-os.org).
      Contributed by Augustin Cavalier.
@@ -48,7 +48,7 @@ Features
      is no functional difference. Contributed by Angus Gratton, and also
      independently contributed again by Paul Sokolovsky.
    * Add support for key wrapping modes based on AES as defined by
-     NIST SP 800-38F algorithms KW and KWP and by RFC's 3394 and 5649.
+     NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649.
 
 Bugfix
    * Fix the key_app_writer example which was writing a leading zero byte which
@@ -56,7 +56,7 @@ Bugfix
    * Fix compilation error on C++, because of a variable named new.
      Found and fixed by Hirotaka Niisato in #1783.
    * Fix "no symbols" warning issued by ranlib when building on Mac OS X. Fix
-     contributed by tabascoeye in pull request #1600.
+     contributed by tabascoeye.
    * Clarify documentation for mbedtls_ssl_write() to include 0 as a valid
      return value. Found by @davidwu2000. #839
    * Fix a memory leak in mbedtls_x509_csr_parse(), found by catenacyber,
@@ -65,6 +65,8 @@ Bugfix
      by Brendan Shanks. Part of a fix for #992.
    * Fix compilation error when MBEDTLS_ARC4_C is disabled and
      MBEDTLS_CIPHER_NULL_CIPHER is enabled. Found by TrinityTonic in #1719.
+   * Added length checks to some TLS parsing functions. Found and fixed by
+     Philippe Antoine from Catena cyber. #1663.
    * Fix the inline assembly for the MPI multiply helper function for i386 and
      i386 with SSE2. Found by László Langó. Fixes #1550
    * Fix namespacing in header files. Remove the `mbedtls` namespacing in
@@ -78,20 +80,19 @@ Bugfix
      to the connection being terminated. Seen most often with OpenSSL using
      TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix
      contributed by Espressif Systems. Fixes #1632
-   * Fail when receiving a TLS alert message with an invalid length, or invalid
-     zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
    * Fix ssl_client2 example to send application data with 0-length content
      when the request_size argument is set to 0 as stated in the documentation.
      Fixes #1833.
-   * Change the default behaviour of mbedtls_hkdf_extract() to return an error
-     when calling with a NULL salt and non-zero salt_len. Contributed by
-     Brian J Murray
-   * Correct the documentation for `mbedtls_ssl_get_session()`.
-     This API has deep copy of the session, and the peer
-     certificate is not lost. Fixes #926.
+   * Correct the documentation for `mbedtls_ssl_get_session()`. This API has
+     deep copy of the session, and the peer certificate is not lost. Fixes #926.
    * Fix build using -std=c99. Fixed by Nick Wilson.
 
 Changes
+   * Fail when receiving a TLS alert message with an invalid length, or invalid
+     zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
+   * Change the default behaviour of mbedtls_hkdf_extract() to return an error
+     when calling with a NULL salt and non-zero salt_len. Contributed by
+     Brian J Murray
    * Change the shebang line in Perl scripts to look up perl in the PATH.
      Contributed by fbrosson.
    * Allow overriding the time on Windows via the platform-time abstraction.
@@ -120,8 +121,6 @@ Bugfix
    * Fix compilation warnings with IAR toolchain, on 32 bit platform.
      Reported by rahmanih in #683
    * Fix braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden, #552.
-   * Added length checks to some TLS parsing functions. Found and fixed by
-     Philippe Antoine from Catena cyber. #1663.
 
 Changes
    * Changed CMake defaults for IAR to treat all compiler warnings as errors.

From 608a487b9cf1b40fed7c02d18296b3224a8dd4b1 Mon Sep 17 00:00:00 2001
From: Angus Gratton <angus@espressif.com>
Date: Wed, 6 Sep 2017 15:07:17 +1000
Subject: [PATCH 248/578] Fix memory leak in ecp_mul_comb() if
 ecp_precompute_comb() fails

In ecp_mul_comb(), if (!p_eq_g && grp->T == NULL) and then ecp_precompute_comb() fails (which can
happen due to OOM), then the new array of points T will be leaked (as it's newly allocated, but
hasn't been asigned to grp->T yet).

Symptom was a memory leak in ECDHE key exchange under low memory conditions.
---
 ChangeLog     | 2 ++
 library/ecp.c | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 4c09593b7..7ea276b1a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -86,6 +86,8 @@ Bugfix
    * Correct the documentation for `mbedtls_ssl_get_session()`. This API has
      deep copy of the session, and the peer certificate is not lost. Fixes #926.
    * Fix build using -std=c99. Fixed by Nick Wilson.
+   * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
+     Fix contributed by Espressif Systems.
 
 Changes
    * Fail when receiving a TLS alert message with an invalid length, or invalid
diff --git a/library/ecp.c b/library/ecp.c
index 41db3fbe5..68c6f4914 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1446,7 +1446,12 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
 
 cleanup:
 
-    if( T != NULL && ! p_eq_g )
+    /* There are two cases where T is not stored in grp:
+     * - P != G
+     * - An intermediate operation failed before setting grp->T
+     * In either case, T must be freed.
+     */
+    if( T != NULL && T != grp->T )
     {
         for( i = 0; i < pre_len; i++ )
             mbedtls_ecp_point_free( &T[i] );

From c796573487178f527654e871d71352b40ca01caa Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Fri, 27 Jul 2018 17:13:39 +0100
Subject: [PATCH 249/578] Add Chacha dependency to the stream cipher field

When MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER were disabled, the stream
cipher function wasn't being include in the cipher struct, yet Chacha20 requires
it.
---
 include/mbedtls/cipher.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index ea0ce983f..7f3477a42 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -45,7 +45,8 @@
 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
 #endif
 
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
+#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
+    defined(MBEDTLS_CHACHA20_C)
 #define MBEDTLS_CIPHER_MODE_STREAM
 #endif
 

From 5f26b11ffa23f242fc52b51299c28cf6e7e06fd9 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Fri, 27 Jul 2018 17:15:39 +0100
Subject: [PATCH 250/578] Change test dependencies to RC4 from DES

Some tests were dependent on DES yet actually used RC4. Likely a copy and paste
error. This change fixes them.
---
 tests/suites/test_suite_pkparse.data | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index cbbbd5b78..4add252df 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -207,15 +207,15 @@ depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
 
 Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der":"PolarSSLTest":0
 
 Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der":"PolarSSLTest":0
 
 Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0
 
 Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
@@ -1033,11 +1033,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
 
 Parse EC Key #6 (PKCS8 encrypted DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0
 
 Parse EC Key #7 (PKCS8 encrypted PEM)
-depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
 pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0
 
 Parse EC Key #8 (SEC1 PEM, secp224r1)

From 1b9b217abffd67db8bba3d06c74cbbb94740060b Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Thu, 26 Apr 2018 14:15:01 +0300
Subject: [PATCH 251/578] enforce input and output of ccm selftest on stack

In `mbedtls_ccm_self_test()`, enforce input and output
buffers sent to the ccm API to be contigous and aligned,
by copying the test vectors to buffers on the stack.
---
 library/ccm.c | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/library/ccm.c b/library/ccm.c
index 804eaf80f..90cab8e14 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -381,7 +381,8 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
  */
 
 #define NB_TESTS 3
-
+#define CCM_SELFTEST_PT_MAX_LEN 24
+#define CCM_SELFTEST_CT_MAX_LEN 32
 /*
  * The data is the same for all tests, only the used length changes
  */
@@ -401,7 +402,7 @@ static const unsigned char ad[] = {
     0x10, 0x11, 0x12, 0x13
 };
 
-static const unsigned char msg[] = {
+static const unsigned char msg[CCM_SELFTEST_PT_MAX_LEN] = {
     0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
     0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
     0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
@@ -412,7 +413,7 @@ static const size_t add_len[NB_TESTS] = { 8, 16, 20 };
 static const size_t msg_len[NB_TESTS] = { 4, 16, 24 };
 static const size_t tag_len[NB_TESTS] = { 4, 6,  8  };
 
-static const unsigned char res[NB_TESTS][32] = {
+static const unsigned char res[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
     {   0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
     {   0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
         0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
@@ -426,7 +427,13 @@ static const unsigned char res[NB_TESTS][32] = {
 int mbedtls_ccm_self_test( int verbose )
 {
     mbedtls_ccm_context ctx;
-    unsigned char out[32];
+    /*
+     * Some hardware accelerators require the input and output buffers
+     * would be in RAM, because the flash is not accessible.
+     * Use buffers on the stack to hold the test vectors data.
+     */
+    unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
+    unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
     size_t i;
     int ret;
 
@@ -445,27 +452,32 @@ int mbedtls_ccm_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "  CCM-AES #%u: ", (unsigned int) i + 1 );
 
+        memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
+        memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
+        memcpy( plaintext, msg, msg_len[i] );
+
         ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len[i],
-                                   iv, iv_len[i], ad, add_len[i],
-                                   msg, out,
-                                   out + msg_len[i], tag_len[i] );
+                                           iv, iv_len[i], ad, add_len[i],
+                                           plaintext, ciphertext,
+                                           ciphertext + msg_len[i], tag_len[i] );
 
         if( ret != 0 ||
-            memcmp( out, res[i], msg_len[i] + tag_len[i] ) != 0 )
+            memcmp( ciphertext, res[i], msg_len[i] + tag_len[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed\n" );
 
             return( 1 );
         }
+        memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
 
         ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len[i],
-                                iv, iv_len[i], ad, add_len[i],
-                                res[i], out,
-                                res[i] + msg_len[i], tag_len[i] );
+                                        iv, iv_len[i], ad, add_len[i],
+                                        ciphertext, plaintext,
+                                        ciphertext + msg_len[i], tag_len[i] );
 
         if( ret != 0 ||
-            memcmp( out, msg, msg_len[i] ) != 0 )
+            memcmp( plaintext, msg, msg_len[i] ) != 0 )
         {
             if( verbose != 0 )
                 mbedtls_printf( "failed\n" );

From b363382ba4c0489b6045112dbaf100758ec72cc2 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 30 Jul 2018 22:10:48 +0100
Subject: [PATCH 252/578] Add ChangeLog entry for bug #1890

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 4c09593b7..bda3de8f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
+     MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
+
 = mbed TLS 2.12.0 branch released 2018-07-25
 
 Security

From 9f7798ed3ffdc23359576ca84238cf4eef830599 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Tue, 31 Jul 2018 16:52:32 +0200
Subject: [PATCH 253/578] Revert change of a return variable name

---
 library/ssl_tls.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 87af27402..3327b2ca0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5671,7 +5671,7 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
                        const mbedtls_ssl_config *conf )
 {
-    int err;
+    int ret;
 
     ssl->conf = conf;
 
@@ -5686,7 +5686,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
     if( ssl->in_buf == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_IN_BUFFER_LEN) );
-        err = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto error;
     }
 
@@ -5694,7 +5694,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
     if( ssl->out_buf == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_OUT_BUFFER_LEN) );
-        err = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+        ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
         goto error;
     }
 
@@ -5729,7 +5729,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
         ssl->in_msg = ssl->in_buf + 13;
     }
 
-    if( ( err = ssl_handshake_init( ssl ) ) != 0 )
+    if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
         goto error;
 
     return( 0 );
@@ -5755,7 +5755,7 @@ error:
     ssl->out_iv = NULL;
     ssl->out_msg = NULL;
 
-    return( err );
+    return( ret );
 }
 
 /*

From 5b559ac7ab88849a340e652022f991ebbd8f076b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 3 Aug 2018 09:40:07 +0100
Subject: [PATCH 254/578] Fix mbedtls_ssl_get_record_expansion() for ChaChaPoly
 and CBC

`mbedtls_ssl_get_record_expansion()` is supposed to return the maximum
difference between the size of a protected record and the size of the
encapsulated plaintext.

It had the following two bugs:
(1) It did not consider the new ChaChaPoly ciphersuites, returning
    the error code #MBEDTLS_ERR_SSL_INTERNAL_ERROR in this case.
(2) It did not correctly estimate the maximum record expansion in case
    of CBC ciphersuites in (D)TLS versions 1.1 and higher, in which
    case the ciphertext is prefixed by an explicit IV.

This commit fixes both bugs.
---
 library/ssl_tls.c | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 91f96c8ab..5905a6d92 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6841,6 +6841,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
 {
     size_t transform_expansion;
     const mbedtls_ssl_transform *transform = ssl->transform_out;
+    unsigned block_size;
 
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
@@ -6854,13 +6855,33 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
     {
         case MBEDTLS_MODE_GCM:
         case MBEDTLS_MODE_CCM:
+        case MBEDTLS_MODE_CHACHAPOLY:
         case MBEDTLS_MODE_STREAM:
             transform_expansion = transform->minlen;
             break;
 
         case MBEDTLS_MODE_CBC:
-            transform_expansion = transform->maclen
-                      + mbedtls_cipher_get_block_size( &transform->cipher_ctx_enc );
+
+            block_size = mbedtls_cipher_get_block_size(
+                &transform->cipher_ctx_enc );
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
+            if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+            {
+                /* Expansion due to addition of
+                 * - MAC
+                 * - CBC padding (theoretically up to 256 bytes, but
+                 *                we never use more than block_size)
+                 * - explicit IV
+                 */
+                transform_expansion = transform->maclen + 2 * block_size;
+            }
+            else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
+            {
+                /* No explicit IV prior to TLS 1.1. */
+                transform_expansion = transform->maclen + block_size;
+            }
             break;
 
         default:

From 448146407f9d02aaf577700817fefea123067181 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 3 Aug 2018 09:53:48 +0100
Subject: [PATCH 255/578] Adapt ChangeLog

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index bda3de8f5..d5101f409 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
+   * Fix a miscalculation of the maximum record expansion in
+     mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
+     or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
 
 = mbed TLS 2.12.0 branch released 2018-07-25
 

From 94aefaf314c026035ee21c1d88df5018c8de49d6 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <azim.khan@arm.com>
Date: Thu, 23 Mar 2017 12:32:54 +0000
Subject: [PATCH 256/578] Optimise makefile targets

---
 tests/Makefile | 574 +++++++++++--------------------------------------
 1 file changed, 131 insertions(+), 443 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 363255449..975be94a2 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -7,7 +7,7 @@ WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -W
 LDFLAGS ?=
 
 LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_LDFLAGS = -L../library 			\
+LOCAL_LDFLAGS = -L../library			\
 		-lmbedtls$(SHARED_SUFFIX)	\
 		-lmbedx509$(SHARED_SUFFIX)	\
 		-lmbedcrypto$(SHARED_SUFFIX)
@@ -50,465 +50,153 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
-APPS =	test_suite_aes.ecb$(EXEXT)	test_suite_aes.cbc$(EXEXT)	\
-	test_suite_aes.cfb$(EXEXT)	test_suite_aes.ofb$(EXEXT)	\
-	test_suite_aes.xts$(EXEXT)					\
-	test_suite_aes.rest$(EXEXT)	test_suite_arc4$(EXEXT)		\
-	test_suite_aria$(EXEXT)		test_suite_asn1write$(EXEXT)	\
-	test_suite_base64$(EXEXT)	test_suite_blowfish$(EXEXT)	\
-	test_suite_camellia$(EXEXT)	test_suite_ccm$(EXEXT)		\
-	test_suite_chacha20$(EXEXT)	test_suite_chachapoly$(EXEXT)	\
-	test_suite_cmac$(EXEXT)						\
-	test_suite_cipher.chachapoly$(EXEXT)				\
-	test_suite_cipher.aes$(EXEXT)					\
-	test_suite_cipher.arc4$(EXEXT)	test_suite_cipher.ccm$(EXEXT)	\
-	test_suite_cipher.chacha20$(EXEXT)				\
-	test_suite_cipher.gcm$(EXEXT)					\
-	test_suite_cipher.blowfish$(EXEXT)				\
-	test_suite_cipher.camellia$(EXEXT)				\
-	test_suite_cipher.des$(EXEXT)	test_suite_cipher.null$(EXEXT)	\
-	test_suite_cipher.padding$(EXEXT)				\
-	test_suite_ctr_drbg$(EXEXT)	test_suite_debug$(EXEXT)	\
-	test_suite_des$(EXEXT)		test_suite_dhm$(EXEXT)		\
-	test_suite_ecdh$(EXEXT)		test_suite_ecdsa$(EXEXT)	\
-	test_suite_ecjpake$(EXEXT)	test_suite_ecp$(EXEXT)		\
-	test_suite_error$(EXEXT)	test_suite_entropy$(EXEXT)	\
-	test_suite_gcm.aes128_de$(EXEXT)				\
-	test_suite_gcm.aes192_de$(EXEXT)				\
-	test_suite_gcm.aes256_de$(EXEXT)				\
-	test_suite_gcm.aes128_en$(EXEXT)				\
-	test_suite_gcm.aes192_en$(EXEXT)				\
-	test_suite_gcm.aes256_en$(EXEXT)				\
-	test_suite_gcm.camellia$(EXEXT)					\
-	test_suite_hkdf$(EXEXT)						\
-	test_suite_hmac_drbg.misc$(EXEXT)				\
-	test_suite_hmac_drbg.no_reseed$(EXEXT)				\
-	test_suite_hmac_drbg.nopr$(EXEXT)				\
-	test_suite_hmac_drbg.pr$(EXEXT)					\
-	test_suite_md$(EXEXT)		test_suite_mdx$(EXEXT)		\
-	test_suite_memory_buffer_alloc$(EXEXT)				\
-	test_suite_mpi$(EXEXT)						\
-	test_suite_nist_kw$(EXEXT)						\
-	test_suite_pem$(EXEXT)			test_suite_pkcs1_v15$(EXEXT)	\
-	test_suite_pkcs1_v21$(EXEXT)	test_suite_pkcs5$(EXEXT)	\
-	test_suite_pkparse$(EXEXT)	test_suite_pkwrite$(EXEXT)	\
-	test_suite_pk$(EXEXT)						\
-	test_suite_poly1305$(EXEXT)					\
-	test_suite_rsa$(EXEXT)		test_suite_shax$(EXEXT)		\
-	test_suite_ssl$(EXEXT)		test_suite_timing$(EXEXT)			\
-	test_suite_x509parse$(EXEXT)	test_suite_x509write$(EXEXT)	\
-	test_suite_xtea$(EXEXT)		test_suite_version$(EXEXT)
+APPS =	test_suite_aes.ecb	test_suite_aes.cbc		\
+	test_suite_aes.cfb	test_suite_aes.ofb		\
+	test_suite_aes.xts					\
+	test_suite_aes.rest	test_suite_arc4			\
+	test_suite_aria		test_suite_asn1write		\
+	test_suite_base64	test_suite_blowfish		\
+	test_suite_camellia	test_suite_ccm			\
+	test_suite_chacha20	test_suite_chachapoly		\
+	test_suite_cmac						\
+	test_suite_cipher.chachapoly				\
+	test_suite_cipher.aes					\
+	test_suite_cipher.arc4	test_suite_cipher.ccm		\
+	test_suite_cipher.chacha20				\
+	test_suite_cipher.gcm					\
+	test_suite_cipher.blowfish				\
+	test_suite_cipher.camellia				\
+	test_suite_cipher.des	test_suite_cipher.null		\
+	test_suite_cipher.padding				\
+	test_suite_ctr_drbg	test_suite_debug		\
+	test_suite_des		test_suite_dhm			\
+	test_suite_ecdh		test_suite_ecdsa		\
+	test_suite_ecjpake	test_suite_ecp			\
+	test_suite_error	test_suite_entropy		\
+	test_suite_gcm.aes128_de				\
+	test_suite_gcm.aes192_de				\
+	test_suite_gcm.aes256_de				\
+	test_suite_gcm.aes128_en				\
+	test_suite_gcm.aes192_en				\
+	test_suite_gcm.aes256_en				\
+	test_suite_gcm.camellia					\
+	test_suite_hkdf						\
+	test_suite_hmac_drbg.misc				\
+	test_suite_hmac_drbg.no_reseed				\
+	test_suite_hmac_drbg.nopr				\
+	test_suite_hmac_drbg.pr					\
+	test_suite_md		test_suite_mdx			\
+	test_suite_memory_buffer_alloc				\
+	test_suite_mpi						\
+	test_suite_nist_kw					\
+	test_suite_pem		test_suite_pkcs1_v15		\
+	test_suite_pkcs1_v21	test_suite_pkcs5		\
+	test_suite_pkparse	test_suite_pkwrite		\
+	test_suite_pk						\
+	test_suite_poly1305					\
+	test_suite_rsa		test_suite_shax			\
+	test_suite_ssl		test_suite_timing		\
+	test_suite_x509parse	test_suite_x509write		\
+	test_suite_xtea		test_suite_version
+
+BINARIES := $(addsuffix $(EXEXT),$(APPS))
+
+# Look up for associated function files
+func.test_suite_aes.ecb.c := test_suite_aes
+func.test_suite_aes.cbc.c := test_suite_aes
+func.test_suite_aes.cfb.c := test_suite_aes
+func.test_suite_aes.ofb.c := test_suite_aes
+func.test_suite_aes.xts.c := test_suite_aes
+func.test_suite_aes.rest.c := test_suite_aes
+func.test_suite_arc4.c := test_suite_arc4
+func.test_suite_aria.c := test_suite_aria
+func.test_suite_asn1write.c := test_suite_asn1write
+func.test_suite_base64.c := test_suite_base64
+func.test_suite_blowfish.c := test_suite_blowfish
+func.test_suite_camellia.c := test_suite_camellia
+func.test_suite_ccm.c := test_suite_ccm
+func.test_suite_chacha20.c := test_suite_chacha20
+func.test_suite_chachapoly.c := test_suite_chachapoly
+func.test_suite_cmac.c := test_suite_cmac
+func.test_suite_cipher.chachapoly.c := test_suite_cipher
+func.test_suite_cipher.aes.c := test_suite_cipher
+func.test_suite_cipher.arc4.c := test_suite_cipher
+func.test_suite_cipher.ccm.c := test_suite_cipher
+func.test_suite_cipher.chacha20.c := test_suite_cipher
+func.test_suite_cipher.gcm.c := test_suite_cipher
+func.test_suite_cipher.blowfish.c := test_suite_cipher
+func.test_suite_cipher.camellia.c := test_suite_cipher
+func.test_suite_cipher.des.c := test_suite_cipher
+func.test_suite_cipher.null.c := test_suite_cipher
+func.test_suite_cipher.padding.c := test_suite_cipher
+func.test_suite_ctr_drbg.c := test_suite_ctr_drbg
+func.test_suite_debug.c := test_suite_debug
+func.test_suite_des.c := test_suite_des
+func.test_suite_dhm.c := test_suite_dhm
+func.test_suite_ecdh.c := test_suite_ecdh
+func.test_suite_ecdsa.c := test_suite_ecdsa
+func.test_suite_ecjpake.c := test_suite_ecjpake
+func.test_suite_ecp.c := test_suite_ecp
+func.test_suite_error.c := test_suite_error
+func.test_suite_entropy.c := test_suite_entropy
+func.test_suite_gcm.aes128_de.c := test_suite_gcm
+func.test_suite_gcm.aes192_de.c := test_suite_gcm
+func.test_suite_gcm.aes256_de.c := test_suite_gcm
+func.test_suite_gcm.aes128_en.c := test_suite_gcm
+func.test_suite_gcm.aes192_en.c := test_suite_gcm
+func.test_suite_gcm.aes256_en.c := test_suite_gcm
+func.test_suite_gcm.camellia.c := test_suite_gcm
+func.test_suite_hkdf.c := test_suite_hkdf
+func.test_suite_hmac_drbg.misc.c := test_suite_hmac_drbg
+func.test_suite_hmac_drbg.no_reseed.c := test_suite_hmac_drbg
+func.test_suite_hmac_drbg.nopr.c := test_suite_hmac_drbg
+func.test_suite_hmac_drbg.pr.c := test_suite_hmac_drbg
+func.test_suite_md.c := test_suite_md
+func.test_suite_mdx.c := test_suite_mdx
+func.test_suite_memory_buffer_alloc.c := test_suite_memory_buffer_alloc
+func.test_suite_mpi.c := test_suite_mpi
+func.test_suite_nist_kw.c := test_suite_nist_kw
+func.test_suite_pem.c := test_suite_pem
+func.test_suite_pkcs1_v15.c := test_suite_pkcs1_v15
+func.test_suite_pkcs1_v21.c := test_suite_pkcs1_v21
+func.test_suite_pkcs5.c := test_suite_pkcs5
+func.test_suite_pkparse.c := test_suite_pkparse
+func.test_suite_pkwrite.c := test_suite_pkwrite
+func.test_suite_pk.c := test_suite_pk
+func.test_suite_poly1305.c := test_suite_poly1305
+func.test_suite_rsa.c := test_suite_rsa
+func.test_suite_shax.c := test_suite_shax
+func.test_suite_ssl.c := test_suite_ssl
+func.test_suite_timing.c := test_suite_timing
+func.test_suite_x509parse.c := test_suite_x509parse
+func.test_suite_x509write.c := test_suite_x509write
+func.test_suite_xtea.c := test_suite_xtea
+func.test_suite_version.c := test_suite_version
 
 .SILENT:
 
 .PHONY: all check test clean
 
-all: $(APPS)
-
 $(DEP):
 	$(MAKE) -C ../library
 
 # invoke perl explicitly for the sake of mingw32-make
 
-test_suite_aes.ecb.c : suites/test_suite_aes.function suites/test_suite_aes.ecb.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
+C_FILES := $(addsuffix .c,$(APPS))
+
+.SECONDEXPANSION:
+$(C_FILES): %.c: suites/$$(func.$$*.c).function suites/%.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
 	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.ecb
+	perl scripts/generate_code.pl suites $(func.$@) $*
 
-test_suite_aes.cbc.c : suites/test_suite_aes.function suites/test_suite_aes.cbc.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.cbc
 
-test_suite_aes.cfb.c : suites/test_suite_aes.function suites/test_suite_aes.cfb.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.cfb
-
-test_suite_aes.ofb.c : suites/test_suite_aes.function suites/test_suite_aes.ofb.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.ofb
-
-test_suite_aes.rest.c : suites/test_suite_aes.function suites/test_suite_aes.rest.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.rest
-
-test_suite_aes.xts.c : suites/test_suite_aes.function suites/test_suite_aes.xts.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_aes test_suite_aes.xts
-
-test_suite_cipher.aes.c : suites/test_suite_cipher.function suites/test_suite_cipher.aes.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.aes
-
-test_suite_cipher.arc4.c : suites/test_suite_cipher.function suites/test_suite_cipher.arc4.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.arc4
-
-test_suite_cipher.ccm.c : suites/test_suite_cipher.function suites/test_suite_cipher.ccm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.ccm
-
-test_suite_cipher.chacha20.c : suites/test_suite_cipher.function suites/test_suite_cipher.chacha20.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.chacha20
-
-test_suite_cipher.chachapoly.c : suites/test_suite_cipher.function suites/test_suite_cipher.chachapoly.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.chachapoly
-
-test_suite_cipher.gcm.c : suites/test_suite_cipher.function suites/test_suite_cipher.gcm.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.gcm
-
-test_suite_cipher.blowfish.c : suites/test_suite_cipher.function suites/test_suite_cipher.blowfish.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.blowfish
-
-test_suite_cipher.camellia.c : suites/test_suite_cipher.function suites/test_suite_cipher.camellia.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.camellia
-
-test_suite_cipher.des.c : suites/test_suite_cipher.function suites/test_suite_cipher.des.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.des
-
-test_suite_cipher.null.c : suites/test_suite_cipher.function suites/test_suite_cipher.null.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.null
-
-test_suite_cipher.padding.c : suites/test_suite_cipher.function suites/test_suite_cipher.padding.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.padding
-
-test_suite_gcm.aes128_de.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes128_de.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes128_de
-
-test_suite_gcm.aes192_de.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes192_de.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes192_de
-
-test_suite_gcm.aes256_de.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes256_de.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes256_de
-
-test_suite_gcm.aes128_en.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes128_en.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes128_en
-
-test_suite_gcm.aes192_en.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes192_en.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes192_en
-
-test_suite_gcm.aes256_en.c : suites/test_suite_gcm.function suites/test_suite_gcm.aes256_en.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.aes256_en
-
-test_suite_gcm.camellia.c : suites/test_suite_gcm.function suites/test_suite_gcm.camellia.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.camellia
-
-test_suite_hkdf.c : suites/test_suite_hkdf.function suites/test_suite_hkdf.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_hkdf test_suite_hkdf
-
-test_suite_hmac_drbg.misc.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.misc.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.misc
-
-test_suite_hmac_drbg.no_reseed.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.no_reseed.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.no_reseed
-
-test_suite_hmac_drbg.nopr.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.nopr.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.nopr
-
-test_suite_hmac_drbg.pr.c : suites/test_suite_hmac_drbg.function suites/test_suite_hmac_drbg.pr.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites test_suite_hmac_drbg test_suite_hmac_drbg.pr
-
-%.c : suites/%.function suites/%.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
-	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites $* $*
-
-test_suite_aes.ecb$(EXEXT): test_suite_aes.ecb.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.cbc$(EXEXT): test_suite_aes.cbc.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.cfb$(EXEXT): test_suite_aes.cfb.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.ofb$(EXEXT): test_suite_aes.ofb.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.rest$(EXEXT): test_suite_aes.rest.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aes.xts$(EXEXT): test_suite_aes.xts.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_arc4$(EXEXT): test_suite_arc4.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_asn1write$(EXEXT): test_suite_asn1write.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_base64$(EXEXT): test_suite_base64.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_blowfish$(EXEXT): test_suite_blowfish.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_camellia$(EXEXT): test_suite_camellia.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ccm$(EXEXT): test_suite_ccm.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_chacha20$(EXEXT): test_suite_chacha20.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_chachapoly$(EXEXT): test_suite_chachapoly.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cmac$(EXEXT): test_suite_cmac.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.aes$(EXEXT): test_suite_cipher.aes.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.arc4$(EXEXT): test_suite_cipher.arc4.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.ccm$(EXEXT): test_suite_cipher.ccm.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.chacha20$(EXEXT): test_suite_cipher.chacha20.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.chachapoly$(EXEXT): test_suite_cipher.chachapoly.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.gcm$(EXEXT): test_suite_cipher.gcm.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.blowfish$(EXEXT): test_suite_cipher.blowfish.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.camellia$(EXEXT): test_suite_cipher.camellia.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.des$(EXEXT): test_suite_cipher.des.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.null$(EXEXT): test_suite_cipher.null.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_cipher.padding$(EXEXT): test_suite_cipher.padding.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ctr_drbg$(EXEXT): test_suite_ctr_drbg.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_des$(EXEXT): test_suite_des.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_dhm$(EXEXT): test_suite_dhm.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecdh$(EXEXT): test_suite_ecdh.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecdsa$(EXEXT): test_suite_ecdsa.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecjpake$(EXEXT): test_suite_ecjpake.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_ecp$(EXEXT): test_suite_ecp.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_entropy$(EXEXT): test_suite_entropy.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_error$(EXEXT): test_suite_error.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes128_de$(EXEXT): test_suite_gcm.aes128_de.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes192_de$(EXEXT): test_suite_gcm.aes192_de.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes256_de$(EXEXT): test_suite_gcm.aes256_de.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes128_en$(EXEXT): test_suite_gcm.aes128_en.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes192_en$(EXEXT): test_suite_gcm.aes192_en.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.aes256_en$(EXEXT): test_suite_gcm.aes256_en.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_gcm.camellia$(EXEXT): test_suite_gcm.camellia.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hkdf$(EXEXT): test_suite_hkdf.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.misc$(EXEXT): test_suite_hmac_drbg.misc.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.no_reseed$(EXEXT): test_suite_hmac_drbg.no_reseed.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.nopr$(EXEXT): test_suite_hmac_drbg.nopr.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_hmac_drbg.pr$(EXEXT): test_suite_hmac_drbg.pr.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_md$(EXEXT): test_suite_md.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_mdx$(EXEXT): test_suite_mdx.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_memory_buffer_alloc$(EXEXT): test_suite_memory_buffer_alloc.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_mpi$(EXEXT): test_suite_mpi.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_nist_kw$(EXEXT): test_suite_nist_kw.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pem$(EXEXT): test_suite_pem.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkcs1_v15$(EXEXT): test_suite_pkcs1_v15.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkcs1_v21$(EXEXT): test_suite_pkcs1_v21.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkcs5$(EXEXT): test_suite_pkcs5.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkparse$(EXEXT): test_suite_pkparse.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pkwrite$(EXEXT): test_suite_pkwrite.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_pk$(EXEXT): test_suite_pk.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_poly1305$(EXEXT): test_suite_poly1305.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_rsa$(EXEXT): test_suite_rsa.c $(DEP)
+$(BINARIES): %$(EXEXT): %.c $(DEP)
 	echo "  CC    $<"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-test_suite_shax$(EXEXT): test_suite_shax.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-test_suite_ssl$(EXEXT): test_suite_ssl.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_timing$(EXEXT): test_suite_timing.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_x509parse$(EXEXT): test_suite_x509parse.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+all: $(BINARIES)
 
-test_suite_x509write$(EXEXT): test_suite_x509write.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_xtea$(EXEXT): test_suite_xtea.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_debug$(EXEXT): test_suite_debug.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_version$(EXEXT): test_suite_version.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-test_suite_aria$(EXEXT): test_suite_aria.c $(DEP)
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
 clean:
 ifndef WINDOWS
@@ -517,7 +205,7 @@ else
 	del /Q /F *.c *.exe
 endif
 
-check: $(APPS)
+check: $(BINARIES)
 	perl scripts/run-test-suites.pl
 
 test: check

From 1f29be724106c80abbf386df887b9a07e8d67ce3 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <azim.khan@arm.com>
Date: Mon, 20 Mar 2017 22:21:22 +0000
Subject: [PATCH 257/578] Make target for on mbed testing

New target gen-mbed-test generates mebdtls tests in mbed-os test format.
i.e. a dir tree like TESTS/<testgroup>/[<sub testgroup>/]<test case>.
The TESTS dir can then be imported into mbed-os to compile tests with mbed-os.
---
 tests/Makefile | 169 ++++++++++++++++++++++++++++---------------------
 1 file changed, 96 insertions(+), 73 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 975be94a2..a21a0b9a9 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -102,76 +102,75 @@ APPS =	test_suite_aes.ecb	test_suite_aes.cbc		\
 BINARIES := $(addsuffix $(EXEXT),$(APPS))
 
 # Look up for associated function files
-func.test_suite_aes.ecb.c := test_suite_aes
-func.test_suite_aes.cbc.c := test_suite_aes
-func.test_suite_aes.cfb.c := test_suite_aes
-func.test_suite_aes.ofb.c := test_suite_aes
-func.test_suite_aes.xts.c := test_suite_aes
-func.test_suite_aes.rest.c := test_suite_aes
-func.test_suite_arc4.c := test_suite_arc4
-func.test_suite_aria.c := test_suite_aria
-func.test_suite_asn1write.c := test_suite_asn1write
-func.test_suite_base64.c := test_suite_base64
-func.test_suite_blowfish.c := test_suite_blowfish
-func.test_suite_camellia.c := test_suite_camellia
-func.test_suite_ccm.c := test_suite_ccm
-func.test_suite_chacha20.c := test_suite_chacha20
-func.test_suite_chachapoly.c := test_suite_chachapoly
-func.test_suite_cmac.c := test_suite_cmac
-func.test_suite_cipher.chachapoly.c := test_suite_cipher
-func.test_suite_cipher.aes.c := test_suite_cipher
-func.test_suite_cipher.arc4.c := test_suite_cipher
-func.test_suite_cipher.ccm.c := test_suite_cipher
-func.test_suite_cipher.chacha20.c := test_suite_cipher
-func.test_suite_cipher.gcm.c := test_suite_cipher
-func.test_suite_cipher.blowfish.c := test_suite_cipher
-func.test_suite_cipher.camellia.c := test_suite_cipher
-func.test_suite_cipher.des.c := test_suite_cipher
-func.test_suite_cipher.null.c := test_suite_cipher
-func.test_suite_cipher.padding.c := test_suite_cipher
-func.test_suite_ctr_drbg.c := test_suite_ctr_drbg
-func.test_suite_debug.c := test_suite_debug
-func.test_suite_des.c := test_suite_des
-func.test_suite_dhm.c := test_suite_dhm
-func.test_suite_ecdh.c := test_suite_ecdh
-func.test_suite_ecdsa.c := test_suite_ecdsa
-func.test_suite_ecjpake.c := test_suite_ecjpake
-func.test_suite_ecp.c := test_suite_ecp
-func.test_suite_error.c := test_suite_error
-func.test_suite_entropy.c := test_suite_entropy
-func.test_suite_gcm.aes128_de.c := test_suite_gcm
-func.test_suite_gcm.aes192_de.c := test_suite_gcm
-func.test_suite_gcm.aes256_de.c := test_suite_gcm
-func.test_suite_gcm.aes128_en.c := test_suite_gcm
-func.test_suite_gcm.aes192_en.c := test_suite_gcm
-func.test_suite_gcm.aes256_en.c := test_suite_gcm
-func.test_suite_gcm.camellia.c := test_suite_gcm
-func.test_suite_hkdf.c := test_suite_hkdf
-func.test_suite_hmac_drbg.misc.c := test_suite_hmac_drbg
-func.test_suite_hmac_drbg.no_reseed.c := test_suite_hmac_drbg
-func.test_suite_hmac_drbg.nopr.c := test_suite_hmac_drbg
-func.test_suite_hmac_drbg.pr.c := test_suite_hmac_drbg
-func.test_suite_md.c := test_suite_md
-func.test_suite_mdx.c := test_suite_mdx
-func.test_suite_memory_buffer_alloc.c := test_suite_memory_buffer_alloc
-func.test_suite_mpi.c := test_suite_mpi
-func.test_suite_nist_kw.c := test_suite_nist_kw
-func.test_suite_pem.c := test_suite_pem
-func.test_suite_pkcs1_v15.c := test_suite_pkcs1_v15
-func.test_suite_pkcs1_v21.c := test_suite_pkcs1_v21
-func.test_suite_pkcs5.c := test_suite_pkcs5
-func.test_suite_pkparse.c := test_suite_pkparse
-func.test_suite_pkwrite.c := test_suite_pkwrite
-func.test_suite_pk.c := test_suite_pk
-func.test_suite_poly1305.c := test_suite_poly1305
-func.test_suite_rsa.c := test_suite_rsa
-func.test_suite_shax.c := test_suite_shax
-func.test_suite_ssl.c := test_suite_ssl
-func.test_suite_timing.c := test_suite_timing
-func.test_suite_x509parse.c := test_suite_x509parse
-func.test_suite_x509write.c := test_suite_x509write
-func.test_suite_xtea.c := test_suite_xtea
-func.test_suite_version.c := test_suite_version
+func.test_suite_aes.ecb := test_suite_aes
+func.test_suite_aes.cbc := test_suite_aes
+func.test_suite_aes.cfb := test_suite_aes
+func.test_suite_aes.ofb := test_suite_aes
+func.test_suite_aes.xts := test_suite_aes
+func.test_suite_aes.rest := test_suite_aes
+func.test_suite_arc4 := test_suite_arc4
+func.test_suite_aria := test_suite_aria
+func.test_suite_asn1write := test_suite_asn1write
+func.test_suite_base64 := test_suite_base64
+func.test_suite_blowfish := test_suite_blowfish
+func.test_suite_camellia := test_suite_camellia
+func.test_suite_ccm := test_suite_ccm
+func.test_suite_chacha20 := test_suite_chacha20
+func.test_suite_chachapoly := test_suite_chachapoly
+func.test_suite_cmac := test_suite_cmac
+func.test_suite_cipher.chachapoly := test_suite_cipher
+func.test_suite_cipher.aes := test_suite_cipher
+func.test_suite_cipher.arc4 := test_suite_cipher
+func.test_suite_cipher.ccm := test_suite_cipher
+func.test_suite_cipher.chacha20 := test_suite_cipher
+func.test_suite_cipher.gcm := test_suite_cipher
+func.test_suite_cipher.blowfish := test_suite_cipher
+func.test_suite_cipher.camellia := test_suite_cipher
+func.test_suite_cipher.des := test_suite_cipher
+func.test_suite_cipher.null := test_suite_cipher
+func.test_suite_cipher.padding := test_suite_cipher
+func.test_suite_ctr_drbg := test_suite_ctr_drbg
+func.test_suite_debug := test_suite_debug
+func.test_suite_des := test_suite_des
+func.test_suite_dhm := test_suite_dhm
+func.test_suite_ecdh := test_suite_ecdh
+func.test_suite_ecdsa := test_suite_ecdsa
+func.test_suite_ecjpake := test_suite_ecjpake
+func.test_suite_ecp := test_suite_ecp
+func.test_suite_error := test_suite_error
+func.test_suite_entropy := test_suite_entropy
+func.test_suite_gcm.aes128_de := test_suite_gcm
+func.test_suite_gcm.aes192_de := test_suite_gcm
+func.test_suite_gcm.aes256_de := test_suite_gcm
+func.test_suite_gcm.aes128_en := test_suite_gcm
+func.test_suite_gcm.aes192_en := test_suite_gcm
+func.test_suite_gcm.aes256_en := test_suite_gcm
+func.test_suite_gcm.camellia := test_suite_gcm
+func.test_suite_hkdf := test_suite_hkdf
+func.test_suite_hmac_drbg.misc := test_suite_hmac_drbg
+func.test_suite_hmac_drbg.no_reseed := test_suite_hmac_drbg
+func.test_suite_hmac_drbg.nopr := test_suite_hmac_drbg
+func.test_suite_hmac_drbg.pr := test_suite_hmac_drbg
+func.test_suite_md := test_suite_md
+func.test_suite_mdx := test_suite_mdx
+func.test_suite_memory_buffer_alloc := test_suite_memory_buffer_alloc
+func.test_suite_mpi := test_suite_mpi
+func.test_suite_nist_kw := test_suite_nist_kw
+func.test_suite_pem := test_suite_pem
+func.test_suite_pkcs1_v15 := test_suite_pkcs1_v15
+func.test_suite_pkcs1_v21 := test_suite_pkcs1_v21
+func.test_suite_pkcs5 := test_suite_pkcs5
+func.test_suite_pkparse := test_suite_pkparse
+func.test_suite_pkwrite := test_suite_pkwrite
+func.test_suite_pk := test_suite_pk
+func.test_suite_rsa := test_suite_rsa
+func.test_suite_shax := test_suite_shax
+func.test_suite_ssl := test_suite_ssl
+func.test_suite_timing := test_suite_timing
+func.test_suite_x509parse := test_suite_x509parse
+func.test_suite_x509write := test_suite_x509write
+func.test_suite_xtea := test_suite_xtea
+func.test_suite_version := test_suite_version
 
 .SILENT:
 
@@ -185,9 +184,9 @@ $(DEP):
 C_FILES := $(addsuffix .c,$(APPS))
 
 .SECONDEXPANSION:
-$(C_FILES): %.c: suites/$$(func.$$*.c).function suites/%.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
+$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
 	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites $(func.$@) $*
+	perl scripts/generate_code.pl suites $(func.$*) $*
 
 
 $(BINARIES): %$(EXEXT): %.c $(DEP)
@@ -200,12 +199,36 @@ all: $(BINARIES)
 
 clean:
 ifndef WINDOWS
-	rm -f $(APPS) *.c
+	rm -rf $(APPS) *.c TESTS
 else
 	del /Q /F *.c *.exe
+	rmdir /Q /S TESTS
 endif
 
 check: $(BINARIES)
 	perl scripts/run-test-suites.pl
 
 test: check
+
+# Create separate targets for generating mbed-os tests.
+MBED_APPS := $(addprefix mbed_,$(APPS))
+
+# FIXME: description needs change
+# Each test suite name is stripped off of prefix test_suite_. mbed-os test dir
+# structure requires format TESTS/<testgroup>[/<sub testgroups..>]/<test case>
+# Test app names are split on "." and end part is used as the test dir name.
+# Prevous parts are used as the test group dirs. For tests without "." same
+# name is used as the test group dir.
+
+.SECONDEXPANSION:
+$(MBED_APPS): mbed_%: suites/$$(func.$$*).function suites/%.data scripts/gen_mbed_code.py suites/helpers.function suites/main_test.function
+	echo "  Gen  ./TESTS/mbedtls/$*/main.c"
+	python scripts/gen_mbed_code.py -f suites/$(func.$*).function \
+		-d suites/$*.data \
+		-t suites/mbed_test.function \
+		-s suites  \
+		--help-file suites/helpers.function \
+		-o ./TESTS
+
+gen-mbed-test: $(MBED_APPS)
+

From fff4904e6bfd5f1eb245fc34ddce88f16c70b1ef Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <azim.khan@arm.com>
Date: Tue, 28 Mar 2017 01:48:31 +0100
Subject: [PATCH 258/578] mbed-os test code generator

---
 tests/Makefile                                |  24 +-
 tests/scripts/gen_mbed_code.py                | 623 +++++++++++++++++
 tests/suites/desktop_test.function            | 644 ++++++++++++++++++
 tests/suites/embedded_test.function           | 364 ++++++++++
 tests/suites/mbed_test.function               | 173 +++++
 .../suites/test_suite_cipher.chachapoly.data  |   2 +-
 6 files changed, 1821 insertions(+), 9 deletions(-)
 create mode 100644 tests/scripts/gen_mbed_code.py
 create mode 100644 tests/suites/desktop_test.function
 create mode 100644 tests/suites/embedded_test.function
 create mode 100644 tests/suites/mbed_test.function

diff --git a/tests/Makefile b/tests/Makefile
index a21a0b9a9..f0da1cf24 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -2,7 +2,7 @@
 # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
 # To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
 
-CFLAGS	?= -O2
+CFLAGS	?= -g3 #-O2
 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
 LDFLAGS ?=
 
@@ -184,9 +184,16 @@ $(DEP):
 C_FILES := $(addsuffix .c,$(APPS))
 
 .SECONDEXPANSION:
-$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_code.pl suites/helpers.function suites/main_test.function
+$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/gen_mbed_code.py suites/helpers.function suites/mbed_test.function suites/desktop_test.function
 	echo "  Gen   $@"
-	perl scripts/generate_code.pl suites $(func.$*) $*
+#	perl scripts/generate_code.pl suites $(func.$*) $*
+	python scripts/gen_mbed_code.py -f suites/$(func.$*).function \
+		-d suites/$*.data \
+		-t suites/mbed_test.function \
+		-p suites/desktop_test.function \
+		-s suites  \
+		--help-file suites/helpers.function \
+		-o .
 
 
 $(BINARIES): %$(EXEXT): %.c $(DEP)
@@ -199,9 +206,9 @@ all: $(BINARIES)
 
 clean:
 ifndef WINDOWS
-	rm -rf $(APPS) *.c TESTS
+	rm -rf $(APPS) *.c *.data TESTS
 else
-	del /Q /F *.c *.exe
+	del /Q /F *.c *.exe *.data
 	rmdir /Q /S TESTS
 endif
 
@@ -221,14 +228,15 @@ MBED_APPS := $(addprefix mbed_,$(APPS))
 # name is used as the test group dir.
 
 .SECONDEXPANSION:
-$(MBED_APPS): mbed_%: suites/$$(func.$$*).function suites/%.data scripts/gen_mbed_code.py suites/helpers.function suites/main_test.function
-	echo "  Gen  ./TESTS/mbedtls/$*/main.c"
+$(MBED_APPS): mbed_%: suites/$$(func.$$*).function suites/%.data scripts/gen_mbed_code.py suites/helpers.function suites/mbed_test.function suites/embedded_test.function
+	echo "  Gen  ./TESTS/mbedtls/$*/$*.c"
 	python scripts/gen_mbed_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
 		-t suites/mbed_test.function \
+		-p suites/embedded_test.function \
 		-s suites  \
 		--help-file suites/helpers.function \
-		-o ./TESTS
+		-o ./TESTS/mbedtls/$*
 
 gen-mbed-test: $(MBED_APPS)
 
diff --git a/tests/scripts/gen_mbed_code.py b/tests/scripts/gen_mbed_code.py
new file mode 100644
index 000000000..9fd9a0045
--- /dev/null
+++ b/tests/scripts/gen_mbed_code.py
@@ -0,0 +1,623 @@
+"""
+mbed SDK
+Copyright (c) 2017-2018 ARM Limited
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+import os
+import re
+import argparse
+import shutil
+
+
+"""
+Generates code in following structure.
+
+<output dir>/
+|-- host_tests/
+|   |-- mbedtls_test.py
+|   |-- suites/
+|   |   |-- *.data files
+|   |-- mbedtls/
+|   |   |-- <test suite #1>/
+|   |   |    |-- main.c
+|   |   ...
+|   |   |-- <test suite #n>/
+|   |   |    |-- main.c
+|   |   |
+"""
+
+
+BEGIN_HEADER_REGEX = '/\*\s*BEGIN_HEADER\s*\*/'
+END_HEADER_REGEX = '/\*\s*END_HEADER\s*\*/'
+
+BEGIN_DEP_REGEX = 'BEGIN_DEPENDENCIES'
+END_DEP_REGEX = 'END_DEPENDENCIES'
+
+BEGIN_CASE_REGEX = '/\*\s*BEGIN_CASE\s*(.*?)\s*\*/'
+END_CASE_REGEX = '/\*\s*END_CASE\s*\*/'
+
+
+class InvalidFileFormat(Exception):
+    """
+    Exception to indicate invalid file format. 
+    """
+    pass
+
+
+def gen_deps(deps):
+    """
+    Generates dependency i.e. if def and endif code
+
+    :param deps:
+    :return:
+    """
+    dep_start = ''
+    dep_end = ''
+    for dep in deps:
+        if dep[0] == '!':
+            noT = '!'
+            dep = dep[1:]
+        else:
+            noT = ''
+        dep_start += '#if %sdefined(%s)\n' % (noT, dep)
+        dep_end = '#endif /* %s%s */\n' % (noT, dep) + dep_end
+    return dep_start, dep_end
+
+
+def gen_deps_one_line(deps):
+    """
+    Generates dependency checks in one line. Useful for writing code in #else case.
+
+    :param deps:
+    :return:
+    """
+    defines = []
+    for dep in deps:
+        if dep[0] == '!':
+            noT = '!'
+            dep = dep[1:]
+        else:
+            noT = ''
+        defines.append('%sdefined(%s)' % (noT, dep))
+    return '#if ' + ' && '.join(defines)
+
+
+def gen_function_wrapper(name, args_dispatch):
+    """
+    Creates test function code
+
+    :param name:
+    :param args_dispatch:
+    :return:
+    """
+    # Then create the wrapper
+    wrapper = '''
+void {name}_wrapper( void ** params )
+{{
+    {unused_params}
+    {name}( {args} );
+}}
+'''.format(name=name, unused_params='(void)params;' if len(args_dispatch) == 0 else '', args=', '.join(args_dispatch))
+    return wrapper
+
+
+def gen_dispatch(name, deps):
+    """
+    Generates dispatch condition for the functions.
+
+    :param name:
+    :param deps:
+    :return:
+    """
+    if len(deps):
+        ifdef = gen_deps_one_line(deps)
+        dispatch_code = '''
+{ifdef}
+    {name}_wrapper,
+#else
+    NULL,
+#endif
+'''.format(ifdef=ifdef, name=name)
+    else:
+        dispatch_code = '''
+    {name}_wrapper,
+'''.format(name=name)
+
+    return dispatch_code
+
+
+def parse_suite_headers(line_no, funcs_f):
+    """
+    Parses function headers.
+    
+    :param line_no:
+    :param funcs_f: 
+    :return: 
+    """
+    headers = '#line %d "%s"\n' % (line_no + 1, funcs_f.name)
+    for line in funcs_f:
+        line_no += 1
+        if re.search(END_HEADER_REGEX, line):
+            break
+        headers += line
+    else:
+        raise InvalidFileFormat("file: %s - end header pattern [%s] not found!" % (funcs_f.name, END_HEADER_REGEX))
+
+    return line_no, headers
+
+
+def parse_suite_deps(line_no, funcs_f):
+    """
+    Parses function dependencies.
+    
+    :param line_no:
+    :param funcs_f: 
+    :return: 
+    """
+    deps = []
+    for line in funcs_f:
+        line_no += 1
+        m = re.search('depends_on\:(.*)', line.strip())
+        if m:
+            deps += [x.strip() for x in m.group(1).split(':')]
+        if re.search(END_DEP_REGEX, line):
+            break
+    else:
+        raise InvalidFileFormat("file: %s - end dependency pattern [%s] not found!" % (funcs_f.name, END_DEP_REGEX))
+
+    return line_no, deps
+
+
+def parse_function_deps(line):
+    """
+    
+    :param line: 
+    :return: 
+    """
+    deps = []
+    m = re.search(BEGIN_CASE_REGEX, line)
+    dep_str = m.group(1)
+    if len(dep_str):
+        m = re.search('depends_on:(.*)', dep_str)
+        if m:
+            deps = m.group(1).strip().split(':')
+    return deps
+
+
+def parse_function_signature(line):
+    """
+    Parsing function signature
+    
+    :param line: 
+    :return: 
+    """
+    args = []
+    args_dispatch = []
+    m = re.search('\s*void\s+(\w+)\s*\(', line, re.I)
+    if not m:
+        raise ValueError("Test function should return 'void'\n%s" % line)
+    name = m.group(1)
+    line = line[len(m.group(0)):]
+    arg_idx = 0
+    for arg in line[:line.find(')')].split(','):
+        arg = arg.strip()
+        if arg == '':
+            continue
+        if re.search('int\s+.*', arg.strip()):
+            args.append('int')
+            args_dispatch.append('*( (int *) params[%d] )' % arg_idx)
+        elif re.search('char\s*\*\s*.*', arg.strip()):
+            args.append('char*')
+            args_dispatch.append('(char *) params[%d]' % arg_idx)
+        else:
+            raise ValueError("Test function arguments can only be 'int' or 'char *'\n%s" % line)
+        arg_idx += 1
+
+    return name, args, args_dispatch
+
+
+def parse_function_code(line_no, funcs_f, deps, suite_deps):
+    """
+    
+    :param line_no: 
+    :param funcs_f: 
+    :param deps:
+    :param suite_deps:
+    :return: 
+    """
+    code = '#line %d "%s"\n' % (line_no + 1, funcs_f.name)
+    for line in funcs_f:
+        line_no += 1
+        # Check function signature
+        m = re.match('.*?\s+(\w+)\s*\(', line, re.I)
+        if m:
+            # check if we have full signature i.e. split in more lines
+            if not re.match('.*\)', line):
+                for lin in funcs_f:
+                    line += lin
+                    line_no += 1
+                    if re.search('.*?\)', line):
+                        break
+            name, args, args_dispatch = parse_function_signature(line)
+            code += line.replace(name, 'test_' + name)
+            name = 'test_' + name
+            break
+    else:
+        raise InvalidFileFormat("file: %s - Test functions not found!" % funcs_f.name)
+
+    for line in funcs_f:
+        line_no += 1
+        if re.search(END_CASE_REGEX, line):
+            break
+        code += line
+    else:
+        raise InvalidFileFormat("file: %s - end case pattern [%s] not found!" % (funcs_f.name, END_CASE_REGEX))
+
+    # Add exit label if not present
+    if code.find('exit:') == -1:
+        s = code.rsplit('}', 1)
+        if len(s) == 2:
+            code = """
+exit:
+    ;;
+}
+""".join(s)
+
+    code += gen_function_wrapper(name, args_dispatch)
+    ifdef, endif = gen_deps(deps)
+    dispatch_code = gen_dispatch(name, suite_deps + deps)
+    return line_no, name, args, ifdef + code + endif, dispatch_code
+
+
+def parse_functions(funcs_f):
+    """
+    Returns functions code pieces
+    
+    :param funcs_f: 
+    :return:
+    """
+    line_no = 0
+    suite_headers = ''
+    suite_deps = []
+    suite_functions = ''
+    func_info = {}
+    function_idx = 0
+    dispatch_code = ''
+    for line in funcs_f:
+        line_no += 1
+        if re.search(BEGIN_HEADER_REGEX, line):
+            line_no, headers = parse_suite_headers(line_no, funcs_f)
+            suite_headers += headers
+        elif re.search(BEGIN_DEP_REGEX, line):
+            line_no, deps = parse_suite_deps(line_no, funcs_f)
+            suite_deps += deps
+        elif re.search(BEGIN_CASE_REGEX, line):
+            deps = parse_function_deps(line)
+            line_no, func_name, args, func_code, func_dispatch = parse_function_code(line_no, funcs_f, deps, suite_deps)
+            suite_functions += func_code
+            # Generate dispatch code and enumeration info
+            assert func_name not in func_info, "file: %s - function %s re-declared at line %d" % \
+                                               (funcs_f.name, func_name, line_no)
+            func_info[func_name] = (function_idx, args)
+            dispatch_code += '/* Function Id: %d */\n' % function_idx
+            dispatch_code += func_dispatch
+            function_idx += 1
+
+    ifdef, endif = gen_deps(suite_deps)
+    func_code = ifdef + suite_functions + endif
+    return dispatch_code, suite_headers, func_code, func_info
+
+
+def escaped_split(str, ch):
+    """
+    Split str on character ch but ignore escaped \{ch}
+
+    :param str:
+    :param ch:
+    :return:
+    """
+    if len(ch) > 1:
+        raise ValueError('Expected split character. Found string!')
+    out = []
+    part = ''
+    escape = False
+    for i in range(len(str)):
+        if not escape and str[i] == ch:
+            out.append(part)
+            part = ''
+        else:
+            part += str[i]
+            escape = not escape and str[i] == '\\'
+    if len(part):
+        out.append(part)
+    return out
+
+
+def parse_test_data(data_f):
+    """
+    Parses .data file
+    
+    :param data_f: 
+    :return: 
+    """
+    STATE_READ_NAME = 0
+    STATE_READ_ARGS = 1
+    state = STATE_READ_NAME
+    deps = []
+
+    for line in data_f:
+        line = line.strip()
+        if len(line) and line[0] == '#': # Skip comments
+            continue
+
+        # skip blank lines
+        if len(line) == 0:
+            continue
+
+        if state == STATE_READ_NAME:
+            # Read test name
+            name = line
+            state = STATE_READ_ARGS
+        elif state == STATE_READ_ARGS:
+            # Check dependencies
+            m = re.search('depends_on\:(.*)', line)
+            if m:
+                deps = m.group(1).split(':')
+            else:
+                # Read test vectors
+                parts = escaped_split(line, ':')
+                function = parts[0]
+                args = parts[1:]
+                yield name, function, deps, args
+                deps = []
+                state = STATE_READ_NAME
+
+
+def gen_dep_check(dep_id, dep):
+    """
+    Generate code for the dependency.
+    
+    :param dep_id: 
+    :param dep: 
+    :return: 
+    """
+    if dep[0] == '!':
+        noT = '!'
+        dep = dep[1:]
+    else:
+        noT = ''
+    dep_check = '''
+if ( dep_id == {id} )
+{{
+#if {noT}defined({macro})
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}}
+else
+'''.format(noT=noT, macro=dep, id=dep_id)
+
+    return dep_check
+
+
+def gen_expression_check(exp_id, exp):
+    """
+    Generates code for expression check
+    
+    :param exp_id: 
+    :param exp: 
+    :return: 
+    """
+    exp_code = '''
+if ( exp_id == {exp_id} )
+{{
+    *out_value = {expression};
+}}
+else
+'''.format(exp_id=exp_id, expression=exp)
+    return exp_code
+
+
+def gen_from_test_data(data_f, out_data_f, func_info):
+    """
+    Generates dependency checks, expression code and intermediate data file from test data file.
+    
+    :param data_f: 
+    :param out_data_f:
+    :param func_info: 
+    :return: 
+    """
+    unique_deps = []
+    unique_expressions = []
+    dep_check_code = ''
+    expression_code = ''
+    for test_name, function_name, test_deps, test_args in parse_test_data(data_f):
+        out_data_f.write(test_name + '\n')
+
+        func_id, func_args = func_info['test_' + function_name]
+        if len(test_deps):
+            out_data_f.write('depends_on')
+            for dep in test_deps:
+                if dep not in unique_deps:
+                    unique_deps.append(dep)
+                    dep_id = unique_deps.index(dep)
+                    dep_check_code += gen_dep_check(dep_id, dep)
+                else:
+                    dep_id = unique_deps.index(dep)
+                out_data_f.write(':' + str(dep_id))
+            out_data_f.write('\n')
+
+        assert len(test_args) == len(func_args), \
+            "Invalid number of arguments in test %s. See function %s signature." % (test_name, function_name)
+        out_data_f.write(str(func_id))
+        for i in xrange(len(test_args)):
+            typ = func_args[i]
+            val = test_args[i]
+
+            # check if val is a non literal int val
+            if typ == 'int' and not re.match('\d+', val):  # its an expression # FIXME: Handle hex format. Tip: instead try converting int(str, 10) and int(str, 16)
+                typ = 'exp'
+                if val not in unique_expressions:
+                    unique_expressions.append(val)
+                    # exp_id can be derived from len(). But for readability and consistency with case of existing let's
+                    # use index().
+                    exp_id = unique_expressions.index(val)
+                    expression_code += gen_expression_check(exp_id, val)
+                    val = exp_id
+                else:
+                    val = unique_expressions.index(val)
+            out_data_f.write(':' + typ + ':' + str(val))
+        out_data_f.write('\n\n')
+
+    # void unused params
+    if len(dep_check_code) == 0:
+        dep_check_code = '(void) dep_id;\n'
+    if len(expression_code) == 0:
+        expression_code = '(void) exp_id;\n'
+        expression_code += '(void) out_value;\n'
+
+    return dep_check_code, expression_code
+
+
+def gen_mbed_code(funcs_file, data_file, template_file, platform_file, help_file, suites_dir, c_file, out_data_file):
+    """
+    Generate mbed-os test code.
+
+    :param funcs_file:
+    :param dat  a_file:
+    :param template_file:
+    :param platform_file:
+    :param help_file:
+    :param suites_dir:
+    :param c_file:
+    :param out_data_file:
+    :return:
+    """
+    for name, path in [('Functions file', funcs_file),
+                       ('Data file', data_file),
+                       ('Template file', template_file),
+                       ('Platform file', platform_file),
+                       ('Help code file', help_file),
+                       ('Suites dir', suites_dir)]:
+        if not os.path.exists(path):
+            raise IOError("ERROR: %s [%s] not found!" % (name, path))
+
+    snippets = {'generator_script' : os.path.basename(__file__)}
+
+    # Read helpers
+    with open(help_file, 'r') as help_f, open(platform_file, 'r') as platform_f:
+        snippets['test_common_helper_file'] = help_file
+        snippets['test_common_helpers'] = help_f.read()
+        snippets['test_platform_file'] = platform_file
+        snippets['platform_code'] = platform_f.read().replace('DATA_FILE',
+                                                              out_data_file.replace('\\', '\\\\')) # escape '\'
+
+    # Function code
+    with open(funcs_file, 'r') as funcs_f, open(data_file, 'r') as data_f, open(out_data_file, 'w') as out_data_f:
+        dispatch_code, func_headers, func_code, func_info = parse_functions(funcs_f)
+        snippets['function_headers'] = func_headers
+        snippets['functions_code'] = func_code
+        snippets['dispatch_code'] = dispatch_code
+        dep_check_code, expression_code = gen_from_test_data(data_f, out_data_f, func_info)
+        snippets['dep_check_code'] = dep_check_code
+        snippets['expression_code'] = expression_code
+
+    snippets['test_file'] = c_file
+    snippets['test_main_file'] = template_file
+    snippets['test_case_file'] = funcs_file
+    snippets['test_case_data_file'] = data_file
+    # Read Template
+    # Add functions
+    #
+    with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
+        line_no = 1
+        for line in template_f.readlines():
+            snippets['line_no'] = line_no + 1 # Increment as it sets next line number
+            code = line.format(**snippets)
+            c_f.write(code)
+            line_no += 1
+
+
+def check_cmd():
+    """
+    Command line parser.
+
+    :return:
+    """
+    parser = argparse.ArgumentParser(description='Generate code for mbed-os tests.')
+
+    parser.add_argument("-f", "--functions-file",
+                        dest="funcs_file",
+                        help="Functions file",
+                        metavar="FUNCTIONS",
+                        required=True)
+
+    parser.add_argument("-d", "--data-file",
+                        dest="data_file",
+                        help="Data file",
+                        metavar="DATA",
+                        required=True)
+
+    parser.add_argument("-t", "--template-file",
+                        dest="template_file",
+                        help="Template file",
+                        metavar="TEMPLATE",
+                        required=True)
+
+    parser.add_argument("-s", "--suites-dir",
+                        dest="suites_dir",
+                        help="Suites dir",
+                        metavar="SUITES",
+                        required=True)
+
+    parser.add_argument("--help-file",
+                        dest="help_file",
+                        help="Help file",
+                        metavar="HELPER",
+                        required=True)
+
+    parser.add_argument("-p", "--platform-file",
+                        dest="platform_file",
+                        help="Platform code file",
+                        metavar="PLATFORM_FILE",
+                        required=True)
+
+    parser.add_argument("-o", "--out-dir",
+                        dest="out_dir",
+                        help="Dir where generated code and scripts are copied",
+                        metavar="OUT_DIR",
+                        required=True)
+
+    args = parser.parse_args()
+
+    data_file_name = os.path.basename(args.data_file)
+    data_name = os.path.splitext(data_file_name)[0]
+
+    out_c_file = os.path.join(args.out_dir, data_name + '.c')
+    out_data_file = os.path.join(args.out_dir, data_file_name)
+
+    out_c_file_dir = os.path.dirname(out_c_file)
+    out_data_file_dir = os.path.dirname(out_data_file)
+    for d in [out_c_file_dir, out_data_file_dir]:
+        if not os.path.exists(d):
+            os.makedirs(d)
+
+    gen_mbed_code(args.funcs_file, args.data_file, args.template_file, args.platform_file,
+                  args.help_file, args.suites_dir, out_c_file, out_data_file)
+
+
+if __name__ == "__main__":
+    check_cmd()
diff --git a/tests/suites/desktop_test.function b/tests/suites/desktop_test.function
new file mode 100644
index 000000000..6e7fd075c
--- /dev/null
+++ b/tests/suites/desktop_test.function
@@ -0,0 +1,644 @@
+#line 2 "suites/desktop_test.function"
+
+/**
+ * \brief       Varifies that string is in string parameter format i.e. "<str>"
+ *              It also strips enclosing '"' from the input string.
+ *
+ * \param str   String parameter.
+ *
+ * \return      0 if success else 1
+ */
+int verify_string( char **str )
+{
+    if( (*str)[0] != '"' ||
+        (*str)[strlen( *str ) - 1] != '"' )
+    {
+        mbedtls_fprintf( stderr,
+            "Expected string (with \"\") for parameter and got: %s\n", *str );
+        return( -1 );
+    }
+
+    (*str)++;
+    (*str)[strlen( *str ) - 1] = '\0';
+
+    return( 0 );
+}
+
+/**
+ * \brief       Varifies that string is an integer. Also gives the converted
+ *              integer value.
+ *
+ * \param str   Input string.
+ * \param value Pointer to int for output value.
+ *
+ * \return      0 if success else 1
+ */
+int verify_int( char *str, int *value )
+{
+    size_t i;
+    int minus = 0;
+    int digits = 1;
+    int hex = 0;
+
+    for( i = 0; i < strlen( str ); i++ )
+    {
+        if( i == 0 && str[i] == '-' )
+        {
+            minus = 1;
+            continue;
+        }
+
+        if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
+            str[i - 1] == '0' && str[i] == 'x' )
+        {
+            hex = 1;
+            continue;
+        }
+
+        if( ! ( ( str[i] >= '0' && str[i] <= '9' ) ||
+                ( hex && ( ( str[i] >= 'a' && str[i] <= 'f' ) ||
+                           ( str[i] >= 'A' && str[i] <= 'F' ) ) ) ) )
+        {
+            digits = 0;
+            break;
+        }
+    }
+
+    if( digits )
+    {
+        if( hex )
+            *value = strtol( str, NULL, 16 );
+        else
+            *value = strtol( str, NULL, 10 );
+
+        return( 0 );
+    }
+
+    mbedtls_fprintf( stderr,
+                    "Expected integer for parameter and got: %s\n", str );
+    return( KEY_VALUE_MAPPING_NOT_FOUND );
+}
+
+
+/**
+ * \brief       Usage string.
+ *
+ */
+#define USAGE \
+    "Usage: %s [OPTIONS] files...\n\n" \
+    "   Command line arguments:\n" \
+    "     files...          One or more test data file. If no file is specified\n" \
+    "                       the followimg default test case is used:\n" \
+    "                           %s\n\n" \
+    "   Options:\n" \
+    "     -v | --verbose    Display full information about each test\n" \
+    "     -h | --help       Display this information\n\n", \
+    argv[0], \
+    "TESTCASE_FILENAME"
+
+
+/**
+ * \brief       Read a line from the passed file pointer.
+ *
+ * \param f     FILE pointer
+ * \param buf   Pointer to memory to hold read line.
+ * \param len   Length of the buf.
+ *
+ * \return      0 if success else -1
+ */
+int get_line( FILE *f, char *buf, size_t len )
+{
+    char *ret;
+    int i = 0, str_len = 0, has_string = 0;
+
+    /* Read until we get a valid line */
+    do
+    {
+        ret = fgets( buf, len, f );
+        if( ret == NULL )
+            return( -1 );
+
+        str_len = strlen( buf );
+
+        /* Skip empty line and comment */
+        if ( str_len == 0 || buf[0] == '#' )
+            continue;
+        has_string = 0;
+        for ( i = 0; i < str_len; i++ )
+        {
+            char c = buf[i];
+            if ( c != ' ' && c != '\t' && c != '\n' &&
+                 c != '\v' && c != '\f' && c != '\r' )
+            {
+                has_string = 1;
+                break;
+            }
+        }
+    } while( !has_string );
+
+    /* Strip new line and carriage return */
+    ret = buf + strlen( buf );
+    if( ret-- > buf && *ret == '\n' )
+        *ret = '\0';
+    if( ret-- > buf && *ret == '\r' )
+        *ret = '\0';
+
+    return( 0 );
+}
+
+/**
+ * \brief       Splits string delimited by ':'. Ignores '\:'.
+ *
+ * \param buf           Input string
+ * \param len           Input string length
+ * \param params        Out params found
+ * \param params_len    Out params array len
+ *
+ * \return      Count of strings found.
+ */
+static int parse_arguments( char *buf, size_t len, char **params,
+                            size_t params_len )
+{
+    size_t cnt = 0, i;
+    char *cur = buf;
+    char *p = buf, *q;
+
+    params[cnt++] = cur;
+
+    while( *p != '\0' && p < buf + len )
+    {
+        if( *p == '\\' )
+        {
+            p++;
+            p++;
+            continue;
+        }
+        if( *p == ':' )
+        {
+            if( p + 1 < buf + len )
+            {
+                cur = p + 1;
+                assert( cnt < params_len );
+                params[cnt++] = cur;
+            }
+            *p = '\0';
+        }
+
+        p++;
+    }
+
+    /* Replace newlines, question marks and colons in strings */
+    for( i = 0; i < cnt; i++ )
+    {
+        p = params[i];
+        q = params[i];
+
+        while( *p != '\0' )
+        {
+            if( *p == '\\' && *(p + 1) == 'n' )
+            {
+                p += 2;
+                *(q++) = '\n';
+            }
+            else if( *p == '\\' && *(p + 1) == ':' )
+            {
+                p += 2;
+                *(q++) = ':';
+            }
+            else if( *p == '\\' && *(p + 1) == '?' )
+            {
+                p += 2;
+                *(q++) = '?';
+            }
+            else
+                *(q++) = *(p++);
+        }
+        *q = '\0';
+    }
+
+    return( cnt );
+}
+
+/**
+ * \brief       Converts parameters into test function consumable parameters.
+ *              Example: Input:  {"int", "0", "char*", "Hello",
+ *                                "hex", "abef", "exp", "1"}
+ *                      Output:  {
+ *                                0,                // Verified int
+ *                                "Hello",          // Verified string
+ *                                2, { 0xab, 0xef },// Converted len,hex pair
+ *                                9600              // Evaluated expression
+ *                               }
+ *
+ *
+ * \param cnt               Input string.
+ * \param params            Out array of found strings.
+ * \param int_params_store  Memory for storing processed integer parameters.
+ *
+ * \return      0 for success else 1
+ */
+static int convert_params( size_t cnt , char ** params , int * int_params_store )
+{
+    char ** cur = params;
+    char ** out = params;
+    int ret = ( DISPATCH_TEST_SUCCESS );
+
+    while ( cur - params < (int) cnt )
+    {
+        char * type = *cur++;
+        char * val = *cur++;
+
+        if ( strcmp( type, "char*" ) == 0 )
+        {
+            if ( verify_string( &val ) == 0 )
+            {
+              *out++ = val;
+            }
+            else
+            {
+                ret = ( DISPATCH_INVALID_TEST_DATA );
+                break;
+            }
+        }
+        else if ( strcmp( type, "int" ) == 0 )
+        {
+            if ( verify_int ( val, int_params_store ) == 0 )
+            {
+              *out++ = (char *) int_params_store++;
+            }
+            else
+            {
+                ret = ( DISPATCH_INVALID_TEST_DATA );
+                break;
+            }
+        }
+        else if ( strcmp( type, "hex" ) == 0 )
+        {
+            *int_params_store = unhexify( (unsigned char *) val, val );
+            *out++ = (char *)int_params_store++;
+            *out++ = val;
+        }
+        else if ( strcmp( type, "exp" ) == 0 )
+        {
+            int exp_id = strtol( val, NULL, 10 );
+            if ( get_expression ( exp_id, int_params_store ) == 0 )
+            {
+              *out++ = (char *)int_params_store++;
+            }
+            else
+            {
+              ret = ( DISPATCH_INVALID_TEST_DATA );
+              break;
+            }
+        }
+        else
+        {
+          ret = ( DISPATCH_INVALID_TEST_DATA );
+          break;
+        }
+    }
+    return( ret );
+}
+
+/**
+ * \brief       Tests snprintf implementation with test input.
+ *
+ * \param n         Buffer test length.
+ * \param ref_buf   Expected buffer.
+ * \param ref_ret   Expected snprintf return value.
+ *
+ * \return      0 for success else 1
+ */
+static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
+{
+    int ret;
+    char buf[10] = "xxxxxxxxx";
+    const char ref[10] = "xxxxxxxxx";
+
+    ret = mbedtls_snprintf( buf, n, "%s", "123" );
+    if( ret < 0 || (size_t) ret >= n )
+        ret = -1;
+
+    if( strncmp( ref_buf, buf, sizeof( buf ) ) != 0 ||
+        ref_ret != ret ||
+        memcmp( buf + n, ref + n, sizeof( buf ) - n ) != 0 )
+    {
+        return( 1 );
+    }
+
+    return( 0 );
+}
+
+/**
+ * \brief       Tests snprintf implementation.
+ *
+ * \param none
+ *
+ * \return      0 for success else 1
+ */
+static int run_test_snprintf( void )
+{
+    return( test_snprintf( 0, "xxxxxxxxx",  -1 ) != 0 ||
+            test_snprintf( 1, "",           -1 ) != 0 ||
+            test_snprintf( 2, "1",          -1 ) != 0 ||
+            test_snprintf( 3, "12",         -1 ) != 0 ||
+            test_snprintf( 4, "123",         3 ) != 0 ||
+            test_snprintf( 5, "123",         3 ) != 0 );
+}
+
+
+/**
+ * \brief       Desktop implementation of execute_tests().
+ *              Parses command line and executes tests from
+ *              supplied or default data file.
+ *
+ * \param argc  Command line argument count.
+ * \param argv  Argument array.
+ *
+ * \return      Program exit status.
+ */
+int execute_tests( int argc , const char ** argv )
+{
+    /* Local Configurations and options */
+    const char *default_filename = "DATA_FILE";
+    const char *test_filename = NULL;
+    const char **test_files = NULL;
+    int testfile_count = 0;
+    int option_verbose = 0;
+
+    /* Other Local variables */
+    int arg_index = 1;
+    const char *next_arg;
+    int testfile_index, ret, i, cnt;
+    int total_errors = 0, total_tests = 0, total_skipped = 0;
+    FILE *file;
+    char buf[5000];
+    char *params[50];
+    int int_params[50]; // Store for proccessed integer params.
+    void *pointer;
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+    int stdout_fd = -1;
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+    !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
+    unsigned char alloc_buf[1000000];
+    mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
+#endif
+
+    /*
+     * The C standard doesn't guarantee that all-bits-0 is the representation
+     * of a NULL pointer. We do however use that in our code for initializing
+     * structures, which should work on every modern platform. Let's be sure.
+     */
+    memset( &pointer, 0, sizeof( void * ) );
+    if( pointer != NULL )
+    {
+        mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" );
+        return( 1 );
+    }
+
+    /*
+     * Make sure we have a snprintf that correctly zero-terminates
+     */
+    if( run_test_snprintf() != 0 )
+    {
+        mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" );
+        return( 0 );
+    }
+
+    while( arg_index < argc )
+    {
+        next_arg = argv[ arg_index ];
+
+        if( strcmp(next_arg, "--verbose" ) == 0 ||
+                 strcmp(next_arg, "-v" ) == 0 )
+        {
+            option_verbose = 1;
+        }
+        else if( strcmp(next_arg, "--help" ) == 0 ||
+                 strcmp(next_arg, "-h" ) == 0 )
+        {
+            mbedtls_fprintf( stdout, USAGE );
+            mbedtls_exit( EXIT_SUCCESS );
+        }
+        else
+        {
+            /* Not an option, therefore treat all further arguments as the file
+             * list.
+             */
+            test_files = &argv[ arg_index ];
+            testfile_count = argc - arg_index;
+        }
+
+        arg_index++;
+    }
+
+    /* If no files were specified, assume a default */
+    if ( test_files == NULL || testfile_count == 0 )
+    {
+        test_files = &default_filename;
+        testfile_count = 1;
+    }
+
+    /* Initialize the struct that holds information about the last test */
+    memset( &test_info, 0, sizeof( test_info ) );
+
+    /* Now begin to execute the tests in the testfiles */
+    for ( testfile_index = 0;
+          testfile_index < testfile_count;
+          testfile_index++ )
+    {
+        int unmet_dep_count = 0;
+        char *unmet_dependencies[20];
+
+        test_filename = test_files[ testfile_index ];
+
+        file = fopen( test_filename, "r" );
+        if( file == NULL )
+        {
+            mbedtls_fprintf( stderr, "Failed to open test file: %s\n",
+                             test_filename );
+            return( 1 );
+        }
+
+        while( !feof( file ) )
+        {
+            if( unmet_dep_count > 0 )
+            {
+                mbedtls_fprintf( stderr,
+                    "FATAL: Dep count larger than zero at start of loop\n" );
+                mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+            }
+            unmet_dep_count = 0;
+
+            if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
+                break;
+            mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf );
+            mbedtls_fprintf( stdout, " " );
+            for( i = strlen( buf ) + 1; i < 67; i++ )
+                mbedtls_fprintf( stdout, "." );
+            mbedtls_fprintf( stdout, " " );
+            fflush( stdout );
+
+            total_tests++;
+
+            if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
+                break;
+            cnt = parse_arguments( buf, strlen( buf ), params,
+                                   sizeof( params ) / sizeof( params[0] ) );
+
+            if( strcmp( params[0], "depends_on" ) == 0 )
+            {
+                for( i = 1; i < cnt; i++ )
+                {
+                    int dep_id = strtol( params[i], NULL, 10 );
+                    if( dep_check( dep_id ) != DEPENDENCY_SUPPORTED )
+                    {
+                        if( 0 == option_verbose )
+                        {
+                            /* Only one count is needed if not verbose */
+                            unmet_dep_count++;
+                            break;
+                        }
+
+                        unmet_dependencies[ unmet_dep_count ] = strdup( params[i] );
+                        if(  unmet_dependencies[ unmet_dep_count ] == NULL )
+                        {
+                            mbedtls_fprintf( stderr, "FATAL: Out of memory\n" );
+                            mbedtls_exit( MBEDTLS_EXIT_FAILURE );
+                        }
+                        unmet_dep_count++;
+                    }
+                }
+
+                if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
+                    break;
+                cnt = parse_arguments( buf, strlen( buf ), params,
+                                       sizeof( params ) / sizeof( params[0] ) );
+            }
+
+            // If there are no unmet dependencies execute the test
+            if( unmet_dep_count == 0 )
+            {
+                test_info.failed = 0;
+
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+                /* Suppress all output from the library unless we're verbose
+                 * mode
+                 */
+                if( !option_verbose )
+                {
+                    stdout_fd = redirect_output( &stdout, "/dev/null" );
+                    if( stdout_fd == -1 )
+                    {
+                        /* Redirection has failed with no stdout so exit */
+                        exit( 1 );
+                    }
+                }
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+                ret = convert_params( cnt - 1, params + 1, int_params );
+                if ( DISPATCH_TEST_SUCCESS == ret )
+                {
+                    int function_id = strtol( params[0], NULL, 10 );
+                    ret = dispatch_test( function_id, (void **)( params + 1 ) );
+                }
+
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+                if( !option_verbose && restore_output( &stdout, stdout_fd ) )
+                {
+                        /* Redirection has failed with no stdout so exit */
+                        exit( 1 );
+                }
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+            }
+
+            if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
+            {
+                total_skipped++;
+                mbedtls_fprintf( stdout, "----" );
+
+                if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE )
+                {
+                    mbedtls_fprintf( stdout, "\n   Test Suite not enabled" );
+                }
+
+                if( 1 == option_verbose && unmet_dep_count > 0 )
+                {
+                    mbedtls_fprintf( stdout, "\n   Unmet dependencies: " );
+                    for( i = 0; i < unmet_dep_count; i++ )
+                    {
+                        mbedtls_fprintf( stdout, "%s  ",
+                                        unmet_dependencies[i] );
+                        free( unmet_dependencies[i] );
+                    }
+                }
+                mbedtls_fprintf( stdout, "\n" );
+                fflush( stdout );
+
+                unmet_dep_count = 0;
+            }
+            else if( ret == DISPATCH_TEST_SUCCESS )
+            {
+                if( test_info.failed == 0 )
+                {
+                    mbedtls_fprintf( stdout, "PASS\n" );
+                }
+                else
+                {
+                    total_errors++;
+                    mbedtls_fprintf( stdout, "FAILED\n" );
+                    mbedtls_fprintf( stdout, "  %s\n  at line %d, %s\n",
+                                     test_info.test, test_info.line_no,
+                                     test_info.filename );
+                }
+                fflush( stdout );
+            }
+            else if( ret == DISPATCH_INVALID_TEST_DATA )
+            {
+                mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
+                fclose( file );
+                mbedtls_exit( 2 );
+            }
+            else if( ret == DISPATCH_TEST_FN_NOT_FOUND )
+            {
+                mbedtls_fprintf( stderr, "FAILED: FATAL TEST FUNCTION NOT FUND\n" );
+                fclose( file );
+                mbedtls_exit( 2 );
+            }
+            else
+                total_errors++;
+        }
+        fclose( file );
+
+        /* In case we encounter early end of file */
+        for( i = 0; i < unmet_dep_count; i++ )
+            free( unmet_dependencies[i] );
+    }
+
+    mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
+    if( total_errors == 0 )
+        mbedtls_fprintf( stdout, "PASSED" );
+    else
+        mbedtls_fprintf( stdout, "FAILED" );
+
+    mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n",
+             total_tests - total_errors, total_tests, total_skipped );
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+    !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
+#if defined(MBEDTLS_MEMORY_DEBUG)
+    mbedtls_memory_buffer_alloc_status();
+#endif
+    mbedtls_memory_buffer_alloc_free();
+#endif
+
+#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
+    if( stdout_fd != -1 )
+        close_output( stdout );
+#endif /* __unix__ || __APPLE__ __MACH__ */
+
+    return( total_errors != 0 );
+}
diff --git a/tests/suites/embedded_test.function b/tests/suites/embedded_test.function
new file mode 100644
index 000000000..21a5caba7
--- /dev/null
+++ b/tests/suites/embedded_test.function
@@ -0,0 +1,364 @@
+#line 2 "embedded_test.function"
+
+#include "greentea-client/test_env_c.h"
+
+/**
+ * \brief       Increments pointer and asserts that it does not overflow.
+ *
+ * \param p     Pointer to byte array
+ * \param start Pointer to start of byte array
+ * \param len   Length of byte array
+ * \param step  Increment size
+ *
+ */
+#define INCR_ASSERT(p, start, len, step) do                     \
+{                                                               \
+    assert( p >= start );                                       \
+    assert( sizeof( *p ) == sizeof( *start ) );                 \
+    /* <= is checked to support use inside a loop where         \
+       pointer is incremented after reading data.       */      \
+    assert( (uint32_t)( (p - start) + step ) <= len );          \
+    p += step;                                                  \
+}                                                               \
+while( 0 )
+
+
+/**
+ * \brief       4 byte align unsigned char pointer
+ *
+ * \param p     Pointer to byte array
+ * \param start Pointer to start of byte array
+ * \param len   Length of byte array
+ *
+ */
+#define ALIGN_32BIT(p, start, len) do           \
+{                                               \
+    uint32_t align = ( - (uintptr_t)p ) % 4;    \
+    INCR_ASSERT(p, start, len, align);          \
+}                                               \
+while( 0 )
+
+
+/**
+ * \brief       Verify dependencies. Dependency identifiers are
+ *              encoded in the buffer as 8 bit unsigned integers.
+ *
+ * \param count     Number of dependencies.
+ * \param dep_p     Pointer to buffer.
+ *
+ * \return          DEPENDENCY_SUPPORTED if success else DEPENDENCY_NOT_SUPPORTED.
+ */
+int verify_dependencies( uint8_t count, uint8_t * dep_p )
+{
+    uint8_t i;
+    for ( i = 0; i < count; i++ )
+    {
+        if ( dep_check( (int)(dep_p[i]) ) != DEPENDENCY_SUPPORTED )
+            return( DEPENDENCY_NOT_SUPPORTED );
+    }
+    return( DEPENDENCY_SUPPORTED );
+}
+
+
+/**
+ * \brief       Receives unsigned integer on serial interface.
+ *              Integers are encoded in network order.
+ *
+ * \param none
+ *
+ * \return      unsigned int
+ */
+uint32_t receive_uint32()
+{
+    uint32_t value;
+    value =  (uint8_t)greentea_getc() << 24;
+    value |= (uint8_t)greentea_getc() << 16;
+    value |= (uint8_t)greentea_getc() << 8;
+    value |= (uint8_t)greentea_getc();
+    return( (uint32_t)value );
+}
+
+/**
+ * \brief       Parses out an unsigned 32 int value from the byte array.
+ *              Integers are encoded in network order.
+ *
+ * \param p     Pointer to byte array
+ *
+ * \return      unsigned int
+ */
+uint32_t parse_uint32( uint8_t * p )
+{
+    uint32_t value;
+    value =  *p++ << 24;
+    value |= *p++ << 16;
+    value |= *p++ << 8;
+    value |= *p;
+    return( value );
+}
+
+
+/**
+ * \brief       Receives test data on serial as greentea key,value pair:
+ *              {{<length>;<byte array>}}
+ *
+ * \param data_len  Out pointer to hold received data length.
+ *
+ * \return      Byte array.
+ */
+uint8_t * receive_data( uint32_t * data_len )
+{
+    uint32_t i = 0, errors = 0;
+    char c;
+    uint8_t * data = NULL;
+
+    /* Read opening braces */
+    i = 0;
+    while ( i < 2 )
+    {
+        c = greentea_getc();
+        /* Ignore any prevous CR LF characters */
+        if ( c == '\n' || c == '\r' )
+            continue;
+        i++;
+        if ( c != '{' )
+            return( NULL );
+    }
+
+    /* Read data length */
+    *data_len = receive_uint32();
+    data = (uint8_t *)malloc( *data_len );
+    assert( data != NULL );
+
+    greentea_getc(); // read ';' received after key i.e. *data_len
+
+    for( i = 0; i < *data_len; i++ )
+        data[i] = greentea_getc();
+
+    /* Read closing braces */
+    for( i = 0; i < 2; i++ )
+    {
+        c = greentea_getc();
+        if ( c != '}' )
+        {
+            errors++;
+            break;
+        }
+    }
+
+    if ( errors )
+    {
+        free( data );
+        data = NULL;
+        *data_len = 0;
+    }
+
+    return( data );
+}
+
+/**
+ * \brief       Parses received byte array for test parameters.
+ *
+ * \param count     Parameter count
+ * \param data      Received Byte array
+ * \param data_len  Byte array length
+ * \param error     Parsing error out variable.
+ *
+ * \return      Array of parsed parameters allocated on heap.
+ *              Note: Caller has the responsibility to delete
+ *                    the memory after use.
+ */
+void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
+                            int * error )
+{
+    uint32_t i = 0;
+    char c;
+    void ** params = NULL;
+    void ** cur = NULL;
+    uint8_t * p = NULL;
+
+    params = (void **)malloc( sizeof( void *) * ( count + 1 ) );
+    assert( params != NULL );
+    params[count] = NULL;
+    cur = params;
+
+    p = data;
+
+    /* Parameters */
+    for( i = 0; i < count; i++ )
+    {
+        c = (char)*p;
+        INCR_ASSERT( p, data, data_len, 1 );
+
+        /* Align p to 4 bytes for int, expression, string len or hex length */
+        ALIGN_32BIT( p, data, data_len );
+
+        /* Network to host conversion */
+        *( (int32_t *)p ) = (int32_t)parse_uint32( p );
+
+        switch( c )
+        {
+            case 'E':
+                {
+                    if ( get_expression( *( (int32_t *)p ), (int32_t *)p ) )
+                    {
+                        *error = KEY_VALUE_MAPPING_NOT_FOUND;
+                        goto exit;
+                    }
+                } /* Intentional fall through */
+            case 'I':
+                {
+                    *cur++ = (void *)p;
+                    INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
+                }
+                break;
+            case 'H':
+                {
+                    *cur++ = (void *)p;
+                } /* Intentional fall through */
+            case 'S':
+                {
+                    uint32_t sz = *( (int32_t *)p );
+                    INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
+                    *cur++ = (void *)p;
+                    INCR_ASSERT( p, data, data_len, sz );
+                }
+                break;
+            default:
+                    {
+                        *error = DISPATCH_INVALID_TEST_DATA;
+                        goto exit;
+                    }
+                break;
+        }
+    }
+
+exit:
+    if ( *error )
+    {
+        free( params );
+        params = NULL;
+    }
+
+    return( params );
+}
+
+/**
+ * \brief       Sends greentea key and int value pair to host.
+ *
+ * \param key   key string
+ * \param value integer value
+ *
+ * \return      void
+ */
+void send_key_integer( char * key, int value )
+{
+    char str[50];
+    snprintf( str, sizeof( str ), "%d", value );
+    greentea_send_kv_c( key, str );
+}
+
+/**
+ * \brief       Sends test setup failure to the host.
+ *
+ * \param failure   Test set failure
+ *
+ * \return      void
+ */
+void send_failure( int failure )
+{
+    send_key_integer( "F", failure );
+}
+
+/**
+ * \brief       Sends test status to the host.
+ *
+ * \param status    Test status (PASS=0/FAIL=!0)
+ *
+ * \return      void
+ */
+void send_status( int status )
+{
+    send_key_integer( "R", status );
+}
+
+
+/**
+ * \brief       Embedded implementation of execute_tests().
+ *              Ignores command line and received test data
+ *              on serial.
+ *
+ * \param argc  not used
+ * \param argv  not used
+ *
+ * \return      Program exit status.
+ */
+int execute_tests( int args, const char ** argv )
+{
+    int ret = 0;
+    uint32_t data_len = 0;
+    uint8_t count = 0, function_id;
+    void ** params = NULL;
+    uint8_t * data = NULL, * p = NULL;
+
+    GREENTEA_SETUP_C( 180, "mbedtls_test" );
+    greentea_send_kv_c( "GO", " " );
+
+    while ( 1 )
+    {
+        ret = 0;
+        test_info.failed = 0;
+        data_len = 0;
+
+        data = receive_data( &data_len );
+        if ( data == NULL )
+            continue;
+        p = data;
+
+        do
+        {
+            /* Read dependency count */
+            count = *p;
+            assert( count < data_len );
+            INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
+            ret = verify_dependencies( count, p );
+            if ( ret != DEPENDENCY_SUPPORTED )
+                break;
+
+            INCR_ASSERT( p, data, data_len, count );
+
+            /* Read function id */
+            function_id = *p;
+            INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
+
+            /* Read number of parameters */
+            count = *p;
+            INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
+
+            params = parse_parameters( count, p, data_len - (p - data), &ret );
+            if ( ret )
+                break;
+
+            ret = dispatch_test( function_id, params );
+        }
+        while ( 0 );
+
+        if ( data )
+        {
+            free(data);
+            data = NULL;
+        }
+
+        if ( params )
+        {
+            free( params );
+            params = NULL;
+        }
+
+        if ( ret )
+            send_failure( ret );
+        else
+            send_status( test_info.failed );
+    }
+    return( 0 );
+}
+
diff --git a/tests/suites/mbed_test.function b/tests/suites/mbed_test.function
new file mode 100644
index 000000000..e09ed705c
--- /dev/null
+++ b/tests/suites/mbed_test.function
@@ -0,0 +1,173 @@
+#line 2 "suites/mbed_test.function"
+/*
+ * *** THIS FILE HAS BEEN MACHINE GENERATED ***
+ *
+ * This file has been machine generated using the script:
+ * {generator_script}
+ *
+ * Test file      : {test_file}
+ *
+ * The following files were used to create this file.
+ *
+ *      Main code file      : {test_main_file}
+ *      Platform code file  : {test_platform_file}
+ *      Helper file         : {test_common_helper_file}
+ *      Test suite file     : {test_case_file}
+ *      Test suite data     : {test_case_data_file}
+ *
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include <mbedtls/config.h>
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+
+/*----------------------------------------------------------------------------*/
+/* Common helper code */
+
+{test_common_helpers}
+
+#line {line_no} "suites/mbed_test.function"
+
+
+/*----------------------------------------------------------------------------*/
+/* Test Suite Code */
+
+
+#define TEST_SUITE_ACTIVE
+
+{function_headers}
+
+{functions_code}
+
+#line {line_no} "suites/mbed_test.function"
+
+
+/*----------------------------------------------------------------------------*/
+/* Test dispatch code */
+
+
+/**
+ * \brief       Evaluates an expression/macro into its literal integer value.
+ *              For optimizing space for embedded targets each expression/macro
+ *              is identified by a unique identifier instead of string literals.
+ *              Identifiers and evaluation code is generated by script:
+ *              {generator_script}
+ *
+ * \param exp_id    Expression identifier.
+ * \param out_value Pointer to int to hold the integer.
+ *
+ * \return       0 if exp_id is found. 1 otherwise.
+ */
+int get_expression( int32_t exp_id, int32_t * out_value )
+{{
+{expression_code}
+#line {line_no} "suites/mbed_test.function"
+    {{
+        return( KEY_VALUE_MAPPING_NOT_FOUND );
+    }}
+    return( KEY_VALUE_MAPPING_FOUND );
+}}
+
+
+/**
+ * \brief       Checks if the dependency i.e. the compile flag is set.
+ *              For optimizing space for embedded targets each dependency
+ *              is identified by a unique identifier instead of string literals.
+ *              Identifiers and check code is generated by script:
+ *              {generator_script}
+ *
+ * \param exp_id    Dependency identifier.
+ *
+ * \return       DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED
+ */
+int dep_check( int dep_id )
+{{
+{dep_check_code}
+#line {line_no} "suites/mbed_test.function"
+    {{
+         return( DEPENDENCY_NOT_SUPPORTED );
+    }}
+}}
+
+
+/**
+ * \brief       Function pointer type for test function wrappers.
+ *
+ *
+ * \param void **   Pointer to void pointers. Represents an array of test
+ *                  function parameters.
+ *
+ * \return       void
+ */
+typedef void (*TestWrapper_t)( void ** );
+
+
+/**
+ * \brief       Table of test function wrappers. Used by dispatch_test().
+ *              This table is populated by script:
+ *              {generator_script}
+ *
+ */
+TestWrapper_t test_funcs[] =
+{{
+{dispatch_code} 
+#line {line_no} "suites/mbed_test.function"
+}};
+
+
+/**
+ * \brief       Dispatches test functions based on function index.
+ *
+ * \param exp_id    Test function index.
+ *
+ * \return       DISPATCH_TEST_SUCCESS if found
+ *               DISPATCH_TEST_FN_NOT_FOUND if not found
+ *               DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
+ */
+int dispatch_test( int func_idx, void ** params )
+{{
+    int ret = DISPATCH_TEST_SUCCESS;
+    TestWrapper_t fp = NULL;
+
+    if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
+    {{
+        fp = test_funcs[func_idx];
+        if ( fp )
+            fp( params );
+        else
+            ret = ( DISPATCH_UNSUPPORTED_SUITE );
+    }} else
+    {{
+        ret = ( DISPATCH_TEST_FN_NOT_FOUND );
+    }}
+
+    return( ret );
+}}
+
+
+{platform_code}
+
+#line {line_no} "suites/mbed_test.function"
+
+/*----------------------------------------------------------------------------*/
+/* Main Test code */
+
+
+/**
+ * \brief       Program main. Invokes platform specific execute_tests().
+ *
+ * \param argc      Command line arguments count.
+ * \param argv      Array of command line arguments.
+ *
+ * \return       Exit code.
+ */
+int main( int argc, const char *argv[] )
+{{
+    return execute_tests( argc, argv );
+}}
+
diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index 1760dc09d..ed2455fd5 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -1,5 +1,5 @@
 Decrypt empty buffer
-depends_on:MBEDTLS_CHACHAPOLY_C:
+depends_on:MBEDTLS_CHACHAPOLY_C
 dec_empty_buf:
 
 ChaCha20+Poly1305 Encrypt and decrypt 0 bytes

From 7a0d84fccc9f8ee86db5de0c9d06d620f2e74c2b Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <azim.khan@arm.com>
Date: Sat, 1 Apr 2017 03:18:20 +0100
Subject: [PATCH 259/578] On target test host test script

---
 tests/scripts/mbedtls_test.py | 243 ++++++++++++++++++++++++++++++++++
 1 file changed, 243 insertions(+)
 create mode 100644 tests/scripts/mbedtls_test.py

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
new file mode 100644
index 000000000..32521a8f9
--- /dev/null
+++ b/tests/scripts/mbedtls_test.py
@@ -0,0 +1,243 @@
+"""
+mbed SDK
+Copyright (c) 2011-2013 ARM Limited
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+import re
+import os
+import time
+from mbed_host_tests import BaseHostTest, event_callback
+
+
+class TestDataParser(object):
+    """
+    parser for mbedtls test data files.
+    """
+
+    def __init__(self):
+        """
+        Constructor
+        """
+        self.tests = []
+
+    def parse(self, data_file):
+        """
+
+        """
+        with open(data_file, 'r') as f:
+            self.__parse(f)
+
+    @staticmethod
+    def __escaped_split(str, ch):
+        """
+        """
+        if len(ch) > 1:
+            raise ValueError('Expected split character. Found string!')
+        out = []
+        part = ''
+        escape = False
+        for i in range(len(str)):
+            if not escape and str[i] == ch:
+                out.append(part)
+                part = ''
+            else:
+                part += str[i]
+                escape = not escape and str[i] == '\\'
+        if len(part):
+            out.append(part)
+        return out
+
+    def __parse(self, file):
+        """
+        """
+        line = file.readline().strip()
+        while line:
+            line = line.strip()
+            if len(line) == 0:
+                line = file.readline()
+                continue
+            # Read test name
+            name = line
+
+            # Check dependencies
+            deps = []
+            line = file.readline().strip()
+            m = re.search('depends_on\:(.*)', line)
+            if m:
+                deps = [int(x) for x in m.group(1).split(':')]
+                line = file.readline().strip()
+
+            # Read test vectors
+            line = line.replace('\\n', '\n#')
+            parts = self.__escaped_split(line, ':')
+            function = int(parts[0])
+            x = parts[1:]
+            l = len(x)
+            assert l % 2 == 0, "Number of test arguments should be even: %s" % line
+            args = [(x[i * 2], x[(i * 2) + 1]) for i in range(len(x)/2)]
+            self.tests.append((name, function, deps, args))
+            line = file.readline()
+
+    def get_test_data(self):
+        """
+        """
+        return self.tests
+
+
+class MbedTlsTest(BaseHostTest):
+    """
+    Host test for mbed-tls target tests.
+    """
+    # From suites/helpers.function
+    DEPENDENCY_SUPPORTED = 0
+    KEY_VALUE_MAPPING_FOUND = DEPENDENCY_SUPPORTED
+    DISPATCH_TEST_SUCCESS = DEPENDENCY_SUPPORTED
+
+    KEY_VALUE_MAPPING_NOT_FOUND = -1
+    DEPENDENCY_NOT_SUPPORTED = -2
+    DISPATCH_TEST_FN_NOT_FOUND = -3
+    DISPATCH_INVALID_TEST_DATA = -4
+    DISPATCH_UNSUPPORTED_SUITE = -5
+
+    def __init__(self):
+        """
+        """
+        super(MbedTlsTest, self).__init__()
+        self.tests = []
+        self.test_index = -1
+        self.dep_index = 0
+        self.error_str = dict()
+        self.error_str[self.DEPENDENCY_SUPPORTED] = 'DEPENDENCY_SUPPORTED'
+        self.error_str[self.KEY_VALUE_MAPPING_NOT_FOUND] = 'KEY_VALUE_MAPPING_NOT_FOUND'
+        self.error_str[self.DEPENDENCY_NOT_SUPPORTED] = 'DEPENDENCY_NOT_SUPPORTED'
+        self.error_str[self.DISPATCH_TEST_FN_NOT_FOUND] = 'DISPATCH_TEST_FN_NOT_FOUND'
+        self.error_str[self.DISPATCH_INVALID_TEST_DATA] = 'DISPATCH_INVALID_TEST_DATA'
+        self.error_str[self.DISPATCH_UNSUPPORTED_SUITE] = 'DISPATCH_UNSUPPORTED_SUITE'
+
+    def setup(self):
+        """
+        """
+        binary_path = self.get_config_item('image_path')
+        script_dir = os.path.split(os.path.abspath(__file__))[0]
+        suite_name = os.path.splitext(os.path.basename(binary_path))[0]
+        data_file = ".".join((suite_name, 'data'))
+        data_file = os.path.join(script_dir, '..', 'mbedtls', suite_name, data_file)
+        if os.path.exists(data_file):
+            self.log("Running tests from %s" % data_file)
+            parser = TestDataParser()
+            parser.parse(data_file)
+            self.tests = parser.get_test_data()
+            self.print_test_info()
+        else:
+            self.log("Data file not found: %s" % data_file)
+            self.notify_complete(False)
+
+    def print_test_info(self):
+        """
+        """
+        self.log('{{__testcase_count;%d}}' % len(self.tests))
+        for name, _, _, _ in self.tests:
+            self.log('{{__testcase_name;%s}}' % name)
+
+    @staticmethod
+    def align_32bit(b):
+        """
+        4 byte aligns byte array.
+
+        :return:
+        """
+        b += bytearray((4 - (len(b))) % 4)
+
+    def parameters_to_bytes(self, b, parameters):
+        for typ, param in parameters:
+            if typ == 'int' or typ == 'exp':
+                i = int(param)
+                b += 'I' if typ == 'int' else 'E'
+                self.align_32bit(b)
+                b += bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+            elif typ == 'char*':
+                param = param.strip('"')
+                i = len(param) + 1  # + 1 for null termination
+                b += 'S'
+                self.align_32bit(b)
+                b += bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+                b += bytearray(list(param))
+                b += '\0'   # Null terminate
+        return b
+
+    def run_next_test(self):
+        """
+        Send next test function to the target.
+
+        """
+        self.test_index += 1
+        self.dep_index = 0
+        if self.test_index < len(self.tests):
+            name, function, deps, args = self.tests[self.test_index]
+            self.log("Running: %s" % name)
+            bytes = bytearray([len(deps)])
+            if len(deps):
+                bytes += bytearray(deps)
+            bytes += bytearray([function, len(args)])
+            self.parameters_to_bytes(bytes, args)
+            key = bytearray([((len(bytes) >> x) & 0xff) for x in [24, 16, 8, 0]])
+            #self.log("Bytes: " + " ".join(["%x '%c'" % (x, x) for x in bytes]))
+            self.send_kv(key, bytes)
+        else:
+            self.notify_complete(True)
+
+    @staticmethod
+    def get_result(value):
+        try:
+            return int(value)
+        except ValueError:
+            ValueError("Result should return error number. Instead received %s" % value)
+        return 0
+
+    @event_callback('GO')
+    def on_go(self, key, value, timestamp):
+        self.run_next_test()
+
+    @event_callback("R")
+    def on_result(self, key, value, timestamp):
+        """
+        Handle result.
+
+        """
+        int_val = self.get_result(value)
+        name, function, deps, args = self.tests[self.test_index]
+        self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
+                                                     int_val != 0))
+        self.run_next_test()
+
+    @event_callback("F")
+    def on_failure(self, key, value, timestamp):
+        """
+        Handles test execution failure. Hence marking test as skipped.
+
+        :param key:
+        :param value:
+        :param timestamp:
+        :return:
+        """
+        int_val = self.get_result(value)
+        name, function, deps, args = self.tests[self.test_index]
+        if int_val in self.error_str:
+            err = self.error_str[int_val]
+        else:
+            err = 'Unknown error'
+        # For skip status, do not write {{__testcase_finish;...}}
+        self.log("Error: %s" % err)
+        self.run_next_test()

From 67735d540bc53acaa8e678ab9a1a5381d6692fe7 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <azim.khan@arm.com>
Date: Thu, 6 Apr 2017 11:55:43 +0100
Subject: [PATCH 260/578] Fix name conflict and implicit use of functions from
 string.h

---
 tests/suites/test_suite_ctr_drbg.function  | 1 +
 tests/suites/test_suite_debug.function     | 1 +
 tests/suites/test_suite_entropy.function   | 1 +
 tests/suites/test_suite_hmac_drbg.function | 1 +
 tests/suites/test_suite_x509parse.function | 1 +
 5 files changed, 5 insertions(+)

diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index d8ffebe46..73f63b976 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -1,5 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/ctr_drbg.h"
+#include "string.h"
 
 static int test_offset_idx;
 static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len )
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 98f98b061..a32eba0c2 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -1,5 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/debug.h"
+#include "string.h"
 
 struct buffer_data
 {
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 2bab796d1..9930c0386 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -1,6 +1,7 @@
 /* BEGIN_HEADER */
 #include "mbedtls/entropy.h"
 #include "mbedtls/entropy_poll.h"
+#include "string.h"
 
 /*
  * Number of calls made to entropy_dummy_source()
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index a413f5e18..21b300e7c 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -1,5 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/hmac_drbg.h"
+#include "string.h"
 
 typedef struct
 {
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 06f010828..d02068d5f 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -6,6 +6,7 @@
 #include "mbedtls/pem.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/base64.h"
+#include "string.h"
 
 #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
 #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \

From ec024483ae80e68f5e055fb0a6f12d4dda09e5cc Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Tue, 9 May 2017 17:20:21 +0100
Subject: [PATCH 261/578] Fix line no. directive

---
 tests/suites/helpers.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 8f04885a5..6234cb361 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -1,4 +1,4 @@
-#line 1 "helpers.function"
+#line 2 "suites/helpers.function"
 /*----------------------------------------------------------------------------*/
 /* Headers */
 

From ee6c0189df92f8994eb8006ded7cdb588088a6de Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 19 May 2017 17:34:17 +0100
Subject: [PATCH 262/578] Unify test setup errors for sending to host

---
 tests/suites/helpers.function | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 6234cb361..1df450d05 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -42,16 +42,15 @@ typedef UINT32 uint32_t;
 /*----------------------------------------------------------------------------*/
 /* Constants */
 
-#define DEPENDENCY_SUPPORTED        0
-#define DEPENDENCY_NOT_SUPPORTED    1
+#define DEPENDENCY_SUPPORTED            0
+#define KEY_VALUE_MAPPING_FOUND         0
+#define DISPATCH_TEST_SUCCESS           0
 
-#define KEY_VALUE_MAPPING_FOUND     0
-#define KEY_VALUE_MAPPING_NOT_FOUND -1
-
-#define DISPATCH_TEST_SUCCESS       0
-#define DISPATCH_TEST_FN_NOT_FOUND  1
-#define DISPATCH_INVALID_TEST_DATA  2
-#define DISPATCH_UNSUPPORTED_SUITE  3
+#define KEY_VALUE_MAPPING_NOT_FOUND     -1
+#define DEPENDENCY_NOT_SUPPORTED        -2
+#define DISPATCH_TEST_FN_NOT_FOUND      -3
+#define DISPATCH_INVALID_TEST_DATA      -4
+#define DISPATCH_UNSUPPORTED_SUITE      -5
 
 
 /*----------------------------------------------------------------------------*/

From 0574632b304ef722d49732ddd089952ed35aa8d0 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Tue, 23 May 2017 13:00:35 +0100
Subject: [PATCH 263/578] Update Greentea client API calls

---
 tests/suites/embedded_test.function | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/suites/embedded_test.function b/tests/suites/embedded_test.function
index 21a5caba7..e885a0e99 100644
--- a/tests/suites/embedded_test.function
+++ b/tests/suites/embedded_test.function
@@ -254,7 +254,7 @@ void send_key_integer( char * key, int value )
 {
     char str[50];
     snprintf( str, sizeof( str ), "%d", value );
-    greentea_send_kv_c( key, str );
+    greentea_send_kv( key, str );
 }
 
 /**
@@ -300,8 +300,8 @@ int execute_tests( int args, const char ** argv )
     void ** params = NULL;
     uint8_t * data = NULL, * p = NULL;
 
-    GREENTEA_SETUP_C( 180, "mbedtls_test" );
-    greentea_send_kv_c( "GO", " " );
+    GREENTEA_SETUP( 180, "mbedtls_test" );
+    greentea_send_kv( "GO", " " );
 
     while ( 1 )
     {

From 3499a9e41b8d4fe4813bebf269efd5d07e51c8ff Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Tue, 30 May 2017 00:06:49 +0100
Subject: [PATCH 264/578] Add hex comparison function

---
 tests/suites/helpers.function | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 1df450d05..6bab65f65 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -441,3 +441,23 @@ static void test_fail( const char *test, int line_no, const char* filename )
     test_info.line_no = line_no;
     test_info.filename = filename;
 }
+
+int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len)
+{
+    int ret = 0;
+    uint32_t i = 0;
+
+    if ( a_len != b_len )
+        return( a_len - b_len );
+
+    for( i = 0; i < a_len; i++ )
+    {
+        if ( a[i] != b[i] )
+        {
+            ret = -1;
+            break;
+        }
+    }
+    return ret;
+}
+

From 9079170f6e71cd4b3e6822ee472ecad06b272f32 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Tue, 30 May 2017 00:57:11 +0100
Subject: [PATCH 265/578] Adapt code for scripting out hexify/unhexify code

---
 tests/suites/test_suite_asn1write.function | 12 +++++++++---
 tests/suites/test_suite_rsa.function       |  6 ++----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index fc5fd8a2e..40f1fed0f 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -18,7 +18,9 @@ void mbedtls_asn1_write_octet_string( char *hex_str, char *hex_asn1,
     unsigned char buf[150];
     unsigned char str[150] = { 0 };
     unsigned char asn1[150] = { 0 };
-    size_t str_len, asn1_len, i;
+    size_t str_len;
+    size_t asn1_len;
+    size_t i;
     unsigned char *p;
 
     memset( buf, GUARD_VAL, sizeof( buf ) );
@@ -54,7 +56,9 @@ void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1,
     int ret;
     unsigned char buf[150];
     unsigned char asn1[150] = { 0 };
-    size_t str_len, asn1_len, i;
+    size_t str_len;
+    size_t asn1_len;
+    size_t i;
     unsigned char *p;
 
     memset( buf, GUARD_VAL, sizeof( buf ) );
@@ -91,7 +95,9 @@ void mbedtls_asn1_write_len( int len, char *check_str, int buf_len,
     unsigned char buf[150];
     unsigned char asn1[150];
     unsigned char *p;
-    size_t asn1_len, i, read_len;
+    size_t asn1_len;
+    size_t i;
+    size_t read_len;
 
     memset( buf, GUARD_VAL, sizeof( buf ) );
     memset( asn1, 0, sizeof( asn1 ) );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index fd632dad6..4d58049df 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -519,8 +519,7 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
         {
             hexify( output_str, output, ctx.len );
 
-            TEST_ASSERT( strcasecmp( (char *) output_str,
-                                              result_hex_str ) == 0 );
+            TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
         }
     }
 
@@ -539,8 +538,7 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
     {
         hexify( output_str, output, ctx2.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str,
-                                          result_hex_str ) == 0 );
+        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
     }
 
 exit:

From f1aaec9888bfb341f2f80fdf136d108e6887a256 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Tue, 30 May 2017 14:23:15 +0100
Subject: [PATCH 266/578] Intermediate hexify out change

---
 tests/suites/test_suite_aes.function          | 166 ++++----------
 tests/suites/test_suite_arc4.function         |  20 +-
 tests/suites/test_suite_asn1write.function    |  30 +--
 tests/suites/test_suite_base64.function       |  14 +-
 tests/suites/test_suite_blowfish.function     | 148 ++++---------
 tests/suites/test_suite_camellia.function     | 128 +++--------
 tests/suites/test_suite_ccm.function          |  56 ++---
 tests/suites/test_suite_cipher.function       | 105 +++------
 tests/suites/test_suite_cmac.function         |  90 ++++----
 tests/suites/test_suite_ctr_drbg.function     |  55 ++---
 tests/suites/test_suite_debug.function        |  26 +--
 tests/suites/test_suite_des.function          | 166 ++++----------
 tests/suites/test_suite_dhm.function          |   4 +-
 tests/suites/test_suite_ecdh.function         |  14 +-
 tests/suites/test_suite_ecdsa.function        |  19 +-
 tests/suites/test_suite_ecjpake.function      |   8 +-
 tests/suites/test_suite_ecp.function          |  62 +++---
 tests/suites/test_suite_entropy.function      |  13 +-
 tests/suites/test_suite_error.function        |   2 +-
 tests/suites/test_suite_gcm.function          |  76 ++-----
 tests/suites/test_suite_hmac_drbg.function    |  72 ++----
 tests/suites/test_suite_md.function           | 107 +++------
 tests/suites/test_suite_mdx.function          |  40 ++--
 .../test_suite_memory_buffer_alloc.function   |  11 +-
 tests/suites/test_suite_mpi.function          | 156 ++++++-------
 tests/suites/test_suite_pem.function          |  10 +-
 tests/suites/test_suite_pk.function           |  84 +++----
 tests/suites/test_suite_pkcs1_v15.function    |  82 +++----
 tests/suites/test_suite_pkcs1_v21.function    | 102 ++++-----
 tests/suites/test_suite_pkcs5.function        |  25 +--
 tests/suites/test_suite_pkparse.function      |  17 +-
 tests/suites/test_suite_pkwrite.function      |   4 +-
 tests/suites/test_suite_rsa.function          | 209 +++++++-----------
 tests/suites/test_suite_shax.function         |  66 ++----
 tests/suites/test_suite_timing.function       |   1 +
 tests/suites/test_suite_version.function      |   4 +-
 tests/suites/test_suite_x509parse.function    |  68 +++---
 tests/suites/test_suite_x509write.function    |   7 +-
 tests/suites/test_suite_xtea.function         |  76 ++-----
 39 files changed, 780 insertions(+), 1563 deletions(-)

diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index e346dc7c3..ad65a1b36 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -8,32 +8,23 @@
  */
 
 /* BEGIN_CASE */
-void aes_encrypt_ecb( char *hex_key_string, char *hex_src_string,
-                      char *hex_dst_string, int setkey_result )
+void aes_encrypt_ecb( uint8_t * key_str, uint32_t key_len, uint8_t * src_str,
+                      uint32_t src_str_len, uint8_t * hex_dst_string,
+                      uint32_t hex_dst_string_len, int setkey_result )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
         TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str, output ) == 0 );
-        hexify( dst_str, output, 16 );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -42,32 +33,23 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void aes_decrypt_ecb( char *hex_key_string, char *hex_src_string,
-                      char *hex_dst_string, int setkey_result )
+void aes_decrypt_ecb( uint8_t * key_str, uint32_t key_len, uint8_t * src_str,
+                      uint32_t src_str_len, uint8_t * hex_dst_string,
+                      uint32_t hex_dst_string_len, int setkey_result )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
         TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str, output ) == 0 );
-        hexify( dst_str, output, 16 );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -76,36 +58,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                      char *hex_src_string, char *hex_dst_string,
-                      int cbc_result )
+void aes_encrypt_cbc( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
+                      uint32_t iv_str_len, uint8_t * src_str,
+                      uint32_t data_len, uint8_t * hex_dst_string,
+                      uint32_t hex_dst_string_len, int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
-    int key_len, data_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    data_len = unhexify( src_str, hex_src_string );
 
     mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, data_len, iv_str, src_str, output ) == cbc_result );
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, data_len );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -114,36 +84,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                      char *hex_src_string, char *hex_dst_string,
-                      int cbc_result )
+void aes_decrypt_cbc( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
+                      uint32_t iv_str_len, uint8_t * src_str,
+                      uint32_t data_len, uint8_t * hex_dst_string,
+                      uint32_t hex_dst_string_len, int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
-    int key_len, data_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    data_len = unhexify( src_str, hex_src_string );
 
     mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, data_len, iv_str, src_str, output ) == cbc_result );
     if( cbc_result == 0)
     {
-        hexify( dst_str, output, data_len );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -276,34 +234,24 @@ exit:
 
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb128( char *hex_key_string, char *hex_iv_string,
-                         char *hex_src_string, char *hex_dst_string )
+void aes_encrypt_cfb128( uint8_t * key_str, uint32_t key_len,
+                         uint8_t * iv_str, uint32_t iv_str_len,
+                         uint8_t * src_str, uint32_t src_str_len,
+                         uint8_t * hex_dst_string, uint32_t hex_dst_string_len
+                         )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
     size_t iv_offset = 0;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, 16 );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
@@ -311,34 +259,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb128( char *hex_key_string, char *hex_iv_string,
-                         char *hex_src_string, char *hex_dst_string )
+void aes_decrypt_cfb128( uint8_t * key_str, uint32_t key_len,
+                         uint8_t * iv_str, uint32_t iv_str_len,
+                         uint8_t * src_str, uint32_t src_str_len,
+                         uint8_t * hex_dst_string, uint32_t hex_dst_string_len
+                         )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
     size_t iv_offset = 0;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, 16 );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
@@ -346,33 +284,22 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb8( char *hex_key_string, char *hex_iv_string,
-                       char *hex_src_string, char *hex_dst_string )
+void aes_encrypt_cfb8( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
+                       uint32_t iv_str_len, uint8_t * src_str,
+                       uint32_t src_len, uint8_t * hex_dst_string,
+                       uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
-    int key_len, src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_len, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, src_len );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
@@ -380,33 +307,22 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb8( char *hex_key_string, char *hex_iv_string,
-                       char *hex_src_string, char *hex_dst_string )
+void aes_decrypt_cfb8( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
+                       uint32_t iv_str_len, uint8_t * src_str,
+                       uint32_t src_len, uint8_t * hex_dst_string,
+                       uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_aes_context ctx;
-    int key_len, src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_aes_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_len, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, src_len );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
@@ -471,7 +387,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void aes_selftest()
+void aes_selftest(  )
 {
     TEST_ASSERT( mbedtls_aes_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index a4b401b62..e3ff30376 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -8,30 +8,22 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_arc4_crypt( char *hex_src_string, char *hex_key_string,
-                 char *hex_dst_string )
+void mbedtls_arc4_crypt( uint8_t * src_str, uint32_t src_len,
+                         uint8_t * key_str, uint32_t key_len,
+                         uint8_t * hex_dst_string, uint32_t hex_dst_string_len
+                         )
 {
-    unsigned char src_str[1000];
-    unsigned char key_str[1000];
     unsigned char dst_str[1000];
-    unsigned char dst_hexstr[2000];
-    int src_len, key_len;
     mbedtls_arc4_context ctx;
 
-    memset(src_str, 0x00, 1000);
-    memset(key_str, 0x00, 1000);
     memset(dst_str, 0x00, 1000);
-    memset(dst_hexstr, 0x00, 2000);
     mbedtls_arc4_init( &ctx );
 
-    src_len = unhexify( src_str, hex_src_string );
-    key_len = unhexify( key_str, hex_key_string );
 
     mbedtls_arc4_setup(&ctx, key_str, key_len);
     TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_len, src_str, dst_str ) == 0 );
-    hexify( dst_hexstr, dst_str, src_len );
 
-    TEST_ASSERT( strcmp( (char *) dst_hexstr, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( dst_str, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_arc4_free( &ctx );
@@ -39,7 +31,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void arc4_selftest()
+void arc4_selftest(  )
 {
     TEST_ASSERT( mbedtls_arc4_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index 40f1fed0f..3befa44d2 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -11,22 +11,17 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_octet_string( char *hex_str, char *hex_asn1,
-                              int buf_len, int result )
+void mbedtls_asn1_write_octet_string( uint8_t * str, uint32_t str_len,
+                                      uint8_t * asn1, uint32_t asn1_len,
+                                      int buf_len, int result )
 {
     int ret;
     unsigned char buf[150];
-    unsigned char str[150] = { 0 };
-    unsigned char asn1[150] = { 0 };
-    size_t str_len;
-    size_t asn1_len;
     size_t i;
     unsigned char *p;
 
     memset( buf, GUARD_VAL, sizeof( buf ) );
 
-    str_len = unhexify( str, hex_str );
-    asn1_len = unhexify( asn1, hex_asn1 );
 
     p = buf + GUARD_LEN + buf_len;
 
@@ -41,7 +36,6 @@ void mbedtls_asn1_write_octet_string( char *hex_str, char *hex_asn1,
 
     if( result >= 0 )
     {
-        TEST_ASSERT( (size_t) ret == asn1_len );
         TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
 
         TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
@@ -50,21 +44,19 @@ void mbedtls_asn1_write_octet_string( char *hex_str, char *hex_asn1,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1,
-                            int buf_len, int result )
+void mbedtls_asn1_write_ia5_string( char * str, uint8_t * asn1,
+                                    uint32_t asn1_len, int buf_len, int result
+                                    )
 {
     int ret;
     unsigned char buf[150];
-    unsigned char asn1[150] = { 0 };
     size_t str_len;
-    size_t asn1_len;
     size_t i;
     unsigned char *p;
 
     memset( buf, GUARD_VAL, sizeof( buf ) );
 
     str_len = strlen( str );
-    asn1_len = unhexify( asn1, hex_asn1 );
 
     p = buf + GUARD_LEN + buf_len;
 
@@ -79,7 +71,6 @@ void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1,
 
     if( result >= 0 )
     {
-        TEST_ASSERT( (size_t) ret == asn1_len );
         TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
 
         TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
@@ -88,20 +79,16 @@ void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_len( int len, char *check_str, int buf_len,
-                             int result )
+void mbedtls_asn1_write_len( int len, uint8_t * asn1, uint32_t asn1_len,
+                             int buf_len, int result )
 {
     int ret;
     unsigned char buf[150];
-    unsigned char asn1[150];
     unsigned char *p;
-    size_t asn1_len;
     size_t i;
     size_t read_len;
 
     memset( buf, GUARD_VAL, sizeof( buf ) );
-    memset( asn1, 0, sizeof( asn1 ) );
-    asn1_len = unhexify( asn1, check_str );
 
     p = buf + GUARD_LEN + buf_len;
 
@@ -118,7 +105,6 @@ void mbedtls_asn1_write_len( int len, char *check_str, int buf_len,
 
     if( result >= 0 )
     {
-        TEST_ASSERT( (size_t) ret == asn1_len );
         TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
 
         TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 77fa7fded..3077f16aa 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -8,8 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_base64_encode( char *src_string, char *dst_string, int dst_buf_size,
-                    int result )
+void mbedtls_base64_encode( char * src_string, char * dst_string,
+                            int dst_buf_size, int result )
 {
     unsigned char src_str[1000];
     unsigned char dst_str[1000];
@@ -28,7 +28,7 @@ void mbedtls_base64_encode( char *src_string, char *dst_string, int dst_buf_size
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_base64_decode( char *src_string, char *dst_string, int result )
+void mbedtls_base64_decode( char * src_string, char * dst_string, int result )
 {
     unsigned char src_str[1000];
     unsigned char dst_str[1000];
@@ -49,7 +49,7 @@ void mbedtls_base64_decode( char *src_string, char *dst_string, int result )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_encode_hex( char *src_hex, char *dst, int dst_buf_size,
+void base64_encode_hex( char * src_hex, char * dst, int dst_buf_size,
                         int result )
 {
     unsigned char *src = NULL, *res = NULL;
@@ -72,7 +72,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_decode_hex( char *src, char *dst_hex, int dst_buf_size,
+void base64_decode_hex( char * src, char * dst_hex, int dst_buf_size,
                         int result )
 {
     unsigned char *dst = NULL, *res = NULL;
@@ -96,7 +96,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_decode_hex_src( char *src_hex, char *dst_ref, int result )
+void base64_decode_hex_src( char * src_hex, char * dst_ref, int result )
 {
     unsigned char dst[1000] = { 0 };
     unsigned char *src;
@@ -117,7 +117,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void base64_selftest()
+void base64_selftest(  )
 {
     TEST_ASSERT( mbedtls_base64_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index e3c225290..55ab619fc 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -8,32 +8,24 @@
  */
 
 /* BEGIN_CASE */
-void blowfish_encrypt_ecb( char *hex_key_string, char *hex_src_string,
-                           char *hex_dst_string, int setkey_result )
+void blowfish_encrypt_ecb( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * src_str, uint32_t src_str_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int setkey_result )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_blowfish_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
         TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str, output ) == 0 );
-        hexify( dst_str, output, 8 );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -42,32 +34,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void blowfish_decrypt_ecb( char *hex_key_string, char *hex_src_string,
-                           char *hex_dst_string, int setkey_result )
+void blowfish_decrypt_ecb( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * src_str, uint32_t src_str_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int setkey_result )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_blowfish_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
         TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str, output ) == 0 );
-        hexify( dst_str, output, 8 );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -76,37 +60,26 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                           char *hex_src_string, char *hex_dst_string,
-                           int cbc_result )
+void blowfish_encrypt_cbc( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * iv_str, uint32_t iv_str_len,
+                           uint8_t * src_str, uint32_t data_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
-    int key_len, data_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_blowfish_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    data_len = unhexify( src_str, hex_src_string );
 
     mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
 
     TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, data_len , iv_str, src_str, output ) == cbc_result );
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, data_len );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -115,36 +88,25 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                           char *hex_src_string, char *hex_dst_string,
-                           int cbc_result )
+void blowfish_decrypt_cbc( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * iv_str, uint32_t iv_str_len,
+                           uint8_t * src_str, uint32_t data_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
-    int key_len, data_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_blowfish_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    data_len = unhexify( src_str, hex_src_string );
 
     mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, data_len , iv_str, src_str, output ) == cbc_result );
     if( cbc_result == 0)
     {
-        hexify( dst_str, output, data_len );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -153,34 +115,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_encrypt_cfb64( char *hex_key_string, char *hex_iv_string,
-                             char *hex_src_string, char *hex_dst_string )
+void blowfish_encrypt_cfb64( uint8_t * key_str, uint32_t key_len,
+                             uint8_t * iv_str, uint32_t iv_str_len,
+                             uint8_t * src_str, uint32_t src_len,
+                             uint8_t * hex_dst_string,
+                             uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
     size_t iv_offset = 0;
-    int key_len, src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_blowfish_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_len, &iv_offset, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, src_len );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_blowfish_free( &ctx );
@@ -188,34 +140,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_decrypt_cfb64( char *hex_key_string, char *hex_iv_string,
-                             char *hex_src_string, char *hex_dst_string )
+void blowfish_decrypt_cfb64( uint8_t * key_str, uint32_t key_len,
+                             uint8_t * iv_str, uint32_t iv_str_len,
+                             uint8_t * src_str, uint32_t src_len,
+                             uint8_t * hex_dst_string,
+                             uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
     size_t iv_offset = 0;
-    int key_len, src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_blowfish_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_len, &iv_offset, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, src_len );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_blowfish_free( &ctx );
@@ -223,36 +165,26 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void blowfish_encrypt_ctr( char *hex_key_string, char *hex_iv_string,
-                           char *hex_src_string, char *hex_dst_string )
+void blowfish_encrypt_ctr( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * iv_str, uint32_t iv_str_len,
+                           uint8_t * src_str, uint32_t src_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
     unsigned char stream_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
     size_t iv_offset = 0;
-    int key_len, src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
     memset(stream_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_blowfish_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_len, &iv_offset, iv_str, stream_str, src_str, output ) == 0 );
-    hexify( dst_str, output, src_len );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_blowfish_free( &ctx );
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 9df6482a8..96d25a251 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -8,32 +8,24 @@
  */
 
 /* BEGIN_CASE */
-void camellia_encrypt_ecb( char *hex_key_string, char *hex_src_string,
-                           char *hex_dst_string, int setkey_result )
+void camellia_encrypt_ecb( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * src_str, uint32_t src_str_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int setkey_result )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_camellia_context ctx;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_camellia_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
         TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str, output ) == 0 );
-        hexify( dst_str, output, 16 );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -42,32 +34,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void camellia_decrypt_ecb( char *hex_key_string, char *hex_src_string,
-                           char *hex_dst_string, int setkey_result )
+void camellia_decrypt_ecb( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * src_str, uint32_t src_str_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int setkey_result )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_camellia_context ctx;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_camellia_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_camellia_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
         TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str, output ) == 0 );
-        hexify( dst_str, output, 16 );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -76,36 +60,25 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                           char *hex_src_string, char *hex_dst_string,
-                           int cbc_result )
+void camellia_encrypt_cbc( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * iv_str, uint32_t iv_str_len,
+                           uint8_t * src_str, uint32_t data_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_camellia_context ctx;
-    int key_len, data_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_camellia_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    data_len = unhexify( src_str, hex_src_string );
 
     mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, data_len, iv_str, src_str, output) == cbc_result );
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, data_len );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -114,36 +87,25 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                           char *hex_src_string, char *hex_dst_string,
-                           int cbc_result )
+void camellia_decrypt_cbc( uint8_t * key_str, uint32_t key_len,
+                           uint8_t * iv_str, uint32_t iv_str_len,
+                           uint8_t * src_str, uint32_t data_len,
+                           uint8_t * hex_dst_string,
+                           uint32_t hex_dst_string_len, int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_camellia_context ctx;
-    int key_len, data_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_camellia_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    data_len = unhexify( src_str, hex_src_string );
 
     mbedtls_camellia_setkey_dec( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_DECRYPT, data_len, iv_str, src_str, output ) == cbc_result );
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, data_len );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -152,34 +114,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_encrypt_cfb128( char *hex_key_string, char *hex_iv_string,
-                              char *hex_src_string, char *hex_dst_string )
+void camellia_encrypt_cfb128( uint8_t * key_str, uint32_t key_len,
+                              uint8_t * iv_str, uint32_t iv_str_len,
+                              uint8_t * src_str, uint32_t src_str_len,
+                              uint8_t * hex_dst_string,
+                              uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_camellia_context ctx;
     size_t iv_offset = 0;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_camellia_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, 16 );
 
-    TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_camellia_free( &ctx );
@@ -187,34 +139,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_decrypt_cfb128( char *hex_key_string, char *hex_iv_string,
-                              char *hex_src_string, char *hex_dst_string )
+void camellia_decrypt_cfb128( uint8_t * key_str, uint32_t key_len,
+                              uint8_t * iv_str, uint32_t iv_str_len,
+                              uint8_t * src_str, uint32_t src_str_len,
+                              uint8_t * hex_dst_string,
+                              uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_camellia_context ctx;
     size_t iv_offset = 0;
-    int key_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_camellia_init( &ctx );
 
-    key_len = unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
     TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
-    hexify( dst_str, output, 16 );
 
-    TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_camellia_free( &ctx );
@@ -222,7 +164,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void camellia_selftest()
+void camellia_selftest(  )
 {
     TEST_ASSERT( mbedtls_camellia_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 58c856985..c845f44ff 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -8,7 +8,7 @@
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
-void mbedtls_ccm_self_test( )
+void mbedtls_ccm_self_test(  )
 {
     TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 );
 }
@@ -116,32 +116,19 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_encrypt_and_tag( int cipher_id,
-                          char *key_hex, char *msg_hex,
-                          char *iv_hex, char *add_hex,
-                          char *result_hex )
+void mbedtls_ccm_encrypt_and_tag( int cipher_id, uint8_t * key,
+                                  uint32_t key_len, uint8_t * msg,
+                                  uint32_t msg_len, uint8_t * iv,
+                                  uint32_t iv_len, uint8_t * add,
+                                  uint32_t add_len, uint8_t * result,
+                                  uint32_t result_len )
 {
-    unsigned char key[32];
-    unsigned char msg[50];
-    unsigned char iv[13];
-    unsigned char add[32];
-    unsigned char result[50];
     mbedtls_ccm_context ctx;
-    size_t key_len, msg_len, iv_len, add_len, tag_len, result_len;
+    size_t tag_len;
 
     mbedtls_ccm_init( &ctx );
 
-    memset( key, 0x00, sizeof( key ) );
-    memset( msg, 0x00, sizeof( msg ) );
-    memset( iv, 0x00, sizeof( iv ) );
-    memset( add, 0x00, sizeof( add ) );
-    memset( result, 0x00, sizeof( result ) );
 
-    key_len = unhexify( key, key_hex );
-    msg_len = unhexify( msg, msg_hex );
-    iv_len = unhexify( iv, iv_hex );
-    add_len = unhexify( add, add_hex );
-    result_len = unhexify( result, result_hex );
     tag_len = result_len - msg_len;
 
     TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
@@ -161,38 +148,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_auth_decrypt( int cipher_id,
-                       char *key_hex, char *msg_hex,
-                       char *iv_hex, char *add_hex,
-                       int tag_len, char *result_hex )
+void mbedtls_ccm_auth_decrypt( int cipher_id, uint8_t * key, uint32_t key_len,
+                               uint8_t * msg, uint32_t msg_len, uint8_t * iv,
+                               uint32_t iv_len, uint8_t * add,
+                               uint32_t add_len, int tag_len,
+                               uint8_t * result, uint32_t result_len )
 {
-    unsigned char key[32];
-    unsigned char msg[50];
-    unsigned char iv[13];
-    unsigned char add[32];
     unsigned char tag[16];
-    unsigned char result[50];
     mbedtls_ccm_context ctx;
-    size_t key_len, msg_len, iv_len, add_len, result_len;
     int ret;
 
     mbedtls_ccm_init( &ctx );
 
-    memset( key, 0x00, sizeof( key ) );
-    memset( msg, 0x00, sizeof( msg ) );
-    memset( iv, 0x00, sizeof( iv ) );
-    memset( add, 0x00, sizeof( add ) );
     memset( tag, 0x00, sizeof( tag ) );
-    memset( result, 0x00, sizeof( result ) );
 
-    key_len = unhexify( key, key_hex );
-    msg_len = unhexify( msg, msg_hex );
-    iv_len = unhexify( iv, iv_hex );
-    add_len = unhexify( add, add_hex );
     msg_len -= tag_len;
     memcpy( tag, msg + msg_len, tag_len );
 
-    if( strcmp( "FAIL", result_hex ) == 0 )
+    if( strcmp( "FAIL", (char *)result ) == 0 )
     {
         ret = MBEDTLS_ERR_CCM_AUTH_FAILED;
         result_len = -1;
@@ -200,7 +173,6 @@ void mbedtls_ccm_auth_decrypt( int cipher_id,
     else
     {
         ret = 0;
-        result_len = unhexify( result, result_hex );
     }
 
     TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 52526a898..e2463a8fc 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -12,7 +12,7 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_cipher_list( )
+void mbedtls_cipher_list(  )
 {
     const int *cipher_type;
 
@@ -22,7 +22,7 @@ void mbedtls_cipher_list( )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void cipher_null_args( )
+void cipher_null_args(  )
 {
     mbedtls_cipher_context_t ctx;
     const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) );
@@ -92,7 +92,7 @@ void cipher_null_args( )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_AES_C */
-void cipher_special_behaviours( )
+void cipher_special_behaviours(  )
 {
     const mbedtls_cipher_info_t *cipher_info;
     mbedtls_cipher_context_t ctx;
@@ -130,7 +130,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
+void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
                   int length_val, int pad_mode )
 {
     size_t length = length_val, outlen, total_len, i, block_size;
@@ -255,8 +255,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void enc_fail( int cipher_id, int pad_mode, int key_len,
-               int length_val, int ret )
+void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val,
+               int ret )
 {
     size_t length = length_val;
     unsigned char key[32];
@@ -307,7 +307,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void dec_empty_buf()
+void dec_empty_buf(  )
 {
     unsigned char key[32];
     unsigned char iv[16];
@@ -471,44 +471,22 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void decrypt_test_vec( int cipher_id, int pad_mode,
-                       char *hex_key, char *hex_iv,
-                       char *hex_cipher, char *hex_clear,
-                       char *hex_ad, char *hex_tag,
-                       int finish_result, int tag_result )
+void decrypt_test_vec( int cipher_id, int pad_mode, uint8_t * key,
+                       uint32_t key_len, uint8_t * iv, uint32_t iv_len,
+                       uint8_t * cipher, uint32_t cipher_len, uint8_t * clear,
+                       uint32_t clear_len, uint8_t * ad, uint32_t ad_len,
+                       uint8_t * tag, uint32_t tag_len, int finish_result,
+                       int tag_result )
 {
-    unsigned char key[50];
-    unsigned char iv[50];
-    unsigned char cipher[265]; /* max length of test data so far */
-    unsigned char clear[265];
     unsigned char output[265];
-    unsigned char ad[200];
-    unsigned char tag[20];
-    size_t key_len, iv_len, cipher_len, clear_len;
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-    size_t ad_len, tag_len;
-#endif
     mbedtls_cipher_context_t ctx;
     size_t outlen, total_len;
 
     mbedtls_cipher_init( &ctx );
 
-    memset( key, 0x00, sizeof( key ) );
-    memset( iv, 0x00, sizeof( iv ) );
-    memset( cipher, 0x00, sizeof( cipher ) );
-    memset( clear, 0x00, sizeof( clear ) );
-    memset( ad, 0x00, sizeof( ad ) );
-    memset( tag, 0x00, sizeof( tag ) );
     memset( output, 0x00, sizeof( output ) );
 
-    key_len = unhexify( key, hex_key );
-    iv_len = unhexify( iv, hex_iv );
-    cipher_len = unhexify( cipher, hex_cipher );
-    clear_len = unhexify( clear, hex_clear );
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-    ad_len = unhexify( ad, hex_ad );
-    tag_len = unhexify( tag, hex_tag );
-#else
+#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
     ((void) hex_ad);
     ((void) hex_tag);
 #endif
@@ -553,39 +531,22 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
-void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
-                    char *hex_ad, char *hex_cipher,
-                    char *hex_tag, char *hex_clear )
+void auth_crypt_tv( int cipher_id, uint8_t * key, uint32_t key_len,
+                    uint8_t * iv, uint32_t iv_len, uint8_t * ad,
+                    uint32_t ad_len, uint8_t * cipher, uint32_t cipher_len,
+                    uint8_t * tag, uint32_t tag_len, uint8_t * clear,
+                    uint32_t clear_len )
 {
     int ret;
-    unsigned char key[50];
-    unsigned char iv[50];
-    unsigned char cipher[265]; /* max size of test data so far */
-    unsigned char clear[265];
     unsigned char output[267]; /* above + 2 (overwrite check) */
-    unsigned char ad[200];
-    unsigned char tag[20];
     unsigned char my_tag[20];
-    size_t key_len, iv_len, cipher_len, clear_len, ad_len, tag_len;
     mbedtls_cipher_context_t ctx;
     size_t outlen;
 
     mbedtls_cipher_init( &ctx );
 
-    memset( key,    0x00, sizeof( key    ) );
-    memset( iv,     0x00, sizeof( iv     ) );
-    memset( cipher, 0x00, sizeof( cipher ) );
-    memset( clear,  0x00, sizeof( clear  ) );
-    memset( ad,     0x00, sizeof( ad     ) );
-    memset( tag,    0x00, sizeof( tag    ) );
-    memset( my_tag, 0xFF, sizeof( my_tag ) );
     memset( output, 0xFF, sizeof( output ) );
 
-    key_len     = unhexify( key,    hex_key     );
-    iv_len      = unhexify( iv,     hex_iv      );
-    cipher_len  = unhexify( cipher, hex_cipher  );
-    ad_len      = unhexify( ad,     hex_ad      );
-    tag_len     = unhexify( tag,    hex_tag     );
 
     /* Prepare context */
     TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
@@ -602,7 +563,7 @@ void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
     TEST_ASSERT( output[outlen + 1] == 0xFF );
 
     /* make sure the message is rejected if it should be */
-    if( strcmp( hex_clear, "FAIL" ) == 0 )
+    if( strcmp( clear, "FAIL" ) == 0 )
     {
         TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
         goto exit;
@@ -611,7 +572,6 @@ void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
     /* otherwise, make sure it was decrypted properly */
     TEST_ASSERT( ret == 0 );
 
-    clear_len = unhexify( clear,  hex_clear   );
     TEST_ASSERT( outlen == clear_len );
     TEST_ASSERT( memcmp( output, clear, clear_len ) == 0 );
 
@@ -641,34 +601,22 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void test_vec_ecb( int cipher_id, int operation, char *hex_key,
-                   char *hex_input, char *hex_result,
-                   int finish_result )
+void test_vec_ecb( int cipher_id, int operation, uint8_t * key,
+                   uint32_t key_len, uint8_t * input, uint32_t input_len,
+                   uint8_t * result, uint32_t result_len, int finish_result )
 {
-    unsigned char key[50];
-    unsigned char input[16];
-    unsigned char result[16];
-    size_t key_len;
     mbedtls_cipher_context_t ctx;
     unsigned char output[32];
     size_t outlen;
 
     mbedtls_cipher_init( &ctx );
 
-    memset( key, 0x00, sizeof( key ) );
-    memset( input, 0x00, sizeof( input ) );
-    memset( result, 0x00, sizeof( result ) );
     memset( output, 0x00, sizeof( output ) );
 
     /* Prepare context */
     TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
                                        mbedtls_cipher_info_from_type( cipher_id ) ) );
 
-    key_len = unhexify( key, hex_key );
-    TEST_ASSERT( unhexify( input, hex_input ) ==
-                 (int) mbedtls_cipher_get_block_size( &ctx ) );
-    TEST_ASSERT( unhexify( result, hex_result ) ==
-                 (int) mbedtls_cipher_get_block_size( &ctx ) );
 
     TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) );
 
@@ -710,12 +658,12 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void check_padding( int pad_mode, char *input_str, int ret, int dlen_check )
+void check_padding( int pad_mode, uint8_t * input, uint32_t ilen, int ret,
+                    int dlen_check )
 {
     mbedtls_cipher_info_t cipher_info;
     mbedtls_cipher_context_t ctx;
-    unsigned char input[16];
-    size_t ilen, dlen;
+    size_t dlen;
 
     /* build a fake context just for getting access to get_padding */
     mbedtls_cipher_init( &ctx );
@@ -724,7 +672,6 @@ void check_padding( int pad_mode, char *input_str, int ret, int dlen_check )
 
     TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
 
-    ilen = unhexify( input, input_str );
 
     TEST_ASSERT( ret == ctx.get_padding( input, ilen, &dlen ) );
     if( 0 == ret )
diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index 4b31ab2ff..7bae762e9 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -9,14 +9,14 @@
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mbedtls_cmac_self_test( )
+void mbedtls_cmac_self_test(  )
 {
     TEST_ASSERT( mbedtls_cmac_self_test( 1 ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_cmac_null_args( )
+void mbedtls_cmac_null_args(  )
 {
     mbedtls_cipher_context_t ctx;
     const mbedtls_cipher_info_t *cipher_info;
@@ -99,8 +99,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_cmac_setkey( int cipher_type, int key_size,
-                          int result )
+void mbedtls_cmac_setkey( int cipher_type, int key_size, int result )
 {
     const mbedtls_cipher_info_t *cipher_info;
     unsigned char key[32];
@@ -120,32 +119,22 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_cmac_multiple_blocks( int cipher_type,
-                                   char *key_string, int keybits,
-                                   int block_size,
-                                   char *block1_string, int block1_len,
-                                   char *block2_string, int block2_len,
-                                   char *block3_string, int block3_len,
-                                   char *block4_string, int block4_len,
-                                   char *expected_result_string )
+void mbedtls_cmac_multiple_blocks( int cipher_type, uint8_t * key,
+                                   uint32_t key_len, int keybits,
+                                   int block_size, uint8_t * block1,
+                                   uint32_t block1_len, int block1_len,
+                                   uint8_t * block2, uint32_t block2_len,
+                                   int block2_len, uint8_t * block3,
+                                   uint32_t block3_len, int block3_len,
+                                   uint8_t * block4, uint32_t block4_len,
+                                   int block4_len, uint8_t * expected_result,
+                                   uint32_t expected_result_len )
 {
-    unsigned char key[100];
-    unsigned char block1[100];
-    unsigned char block2[100];
-    unsigned char block3[100];
-    unsigned char block4[100];
-    unsigned char expected_result[100];
     const mbedtls_cipher_info_t *cipher_info;
     mbedtls_cipher_context_t ctx;
     unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
     /* Convert the test parameters to binary data */
-    unhexify( key, key_string );
-    unhexify( block1, block1_string );
-    unhexify( block2, block2_string );
-    unhexify( block3, block3_string );
-    unhexify( block4, block4_string );
-    unhexify( expected_result, expected_result_string );
 
     mbedtls_cipher_init( &ctx );
 
@@ -198,41 +187,40 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
-                                   char *key_string, int keybits,
-                                   int block_size,
-                                   char *block_a1_string, int block_a1_len,
-                                   char *block_a2_string, int block_a2_len,
-                                   char *block_a3_string, int block_a3_len,
-                                   char *expected_result_a_string,
-                                   char *block_b1_string, int block_b1_len,
-                                   char *block_b2_string, int block_b2_len,
-                                   char *block_b3_string, int block_b3_len,
-                                   char *expected_result_b_string )
+                                                uint8_t * key,
+                                                uint32_t key_len, int keybits,
+                                                int block_size,
+                                                uint8_t * block_a1,
+                                                uint32_t block_a1_len,
+                                                int block_a1_len,
+                                                uint8_t * block_a2,
+                                                uint32_t block_a2_len,
+                                                int block_a2_len,
+                                                uint8_t * block_a3,
+                                                uint32_t block_a3_len,
+                                                int block_a3_len,
+                                                uint8_t * expected_result_a,
+                                                uint32_t expected_result_a_len,
+                                                uint8_t * block_b1,
+                                                uint32_t block_b1_len,
+                                                int block_b1_len,
+                                                uint8_t * block_b2,
+                                                uint32_t block_b2_len,
+                                                int block_b2_len,
+                                                uint8_t * block_b3,
+                                                uint32_t block_b3_len,
+                                                int block_b3_len,
+                                                uint8_t * expected_result_b,
+                                                uint32_t expected_result_b_len
+                                                )
 {
-    unsigned char key[100];
-    unsigned char block_a1[100];
-    unsigned char block_a2[100];
-    unsigned char block_a3[100];
-    unsigned char block_b1[100];
-    unsigned char block_b2[100];
-    unsigned char block_b3[100];
-    unsigned char expected_result_a[100], expected_result_b[100];
     const mbedtls_cipher_info_t *cipher_info;
     mbedtls_cipher_context_t ctx;
     unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
     /* Convert the test parameters to binary data */
-    unhexify( key, key_string );
-    unhexify( block_a1, block_a1_string );
-    unhexify( block_a2, block_a2_string );
-    unhexify( block_a3, block_a3_string );
 
-    unhexify( block_b1, block_b1_string );
-    unhexify( block_b2, block_b2_string );
-    unhexify( block_b3, block_b3_string );
 
-    unhexify( expected_result_a, expected_result_a_string );
-    unhexify( expected_result_b, expected_result_b_string );
 
     mbedtls_cipher_init( &ctx );
 
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 73f63b976..7dd3d5c39 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -18,7 +18,7 @@ static int mbedtls_test_entropy_func( void *data, unsigned char *buf, size_t len
  */
 
 /* BEGIN_CASE */
-void ctr_drbg_special_behaviours( )
+void ctr_drbg_special_behaviours(  )
 {
     mbedtls_ctr_drbg_context ctx;
     unsigned char output[512];
@@ -51,26 +51,17 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string,
-                           char *add1_string, char *add2_string,
-                           char *result_str )
+void ctr_drbg_validate_pr( uint8_t * add_init, uint32_t add_init_len,
+                           uint8_t * entropy, uint32_t entropy_len,
+                           uint8_t * add1, uint32_t add1_len, uint8_t * add2,
+                           uint32_t add2_len, uint8_t * result_str,
+                           uint32_t result_str_len )
 {
-    unsigned char entropy[512];
-    unsigned char add_init[512];
-    unsigned char add1[512];
-    unsigned char add2[512];
     mbedtls_ctr_drbg_context ctx;
     unsigned char buf[512];
-    unsigned char output_str[512];
-    int add_init_len, add1_len, add2_len;
 
     mbedtls_ctr_drbg_init( &ctx );
-    memset( output_str, 0, 512 );
 
-    unhexify( entropy, entropy_string );
-    add_init_len = unhexify( add_init, add_init_string );
-    add1_len = unhexify( add1, add1_string );
-    add2_len = unhexify( add2, add2_string );
 
     test_offset_idx = 0;
     TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
@@ -78,8 +69,7 @@ void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string,
 
     TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
     TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
-    hexify( output_str, buf, 16 );
-    TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
+    TEST_ASSERT( hexcmp( buf, result_str, 16, result_str_len ) == 0 );
 
 exit:
     mbedtls_ctr_drbg_free( &ctx );
@@ -87,28 +77,18 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string,
-                             char *add1_string, char *add_reseed_string,
-                             char *add2_string, char *result_str )
+void ctr_drbg_validate_nopr( uint8_t * add_init, uint32_t add_init_len,
+                             uint8_t * entropy, uint32_t entropy_len,
+                             uint8_t * add1, uint32_t add1_len,
+                             uint8_t * add_reseed, uint32_t add_reseed_len,
+                             uint8_t * add2, uint32_t add2_len,
+                             uint8_t * result_str, uint32_t result_str_len )
 {
-    unsigned char entropy[512];
-    unsigned char add_init[512];
-    unsigned char add1[512];
-    unsigned char add_reseed[512];
-    unsigned char add2[512];
     mbedtls_ctr_drbg_context ctx;
     unsigned char buf[512];
-    unsigned char output_str[512];
-    int add_init_len, add1_len, add_reseed_len, add2_len;
 
     mbedtls_ctr_drbg_init( &ctx );
-    memset( output_str, 0, 512 );
 
-    unhexify( entropy, entropy_string );
-    add_init_len = unhexify( add_init, add_init_string );
-    add1_len = unhexify( add1, add1_string );
-    add_reseed_len = unhexify( add_reseed, add_reseed_string );
-    add2_len = unhexify( add2, add2_string );
 
     test_offset_idx = 0;
     TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
@@ -116,8 +96,7 @@ void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string,
     TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
     TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed, add_reseed_len ) == 0 );
     TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
-    hexify( output_str, buf, 16 );
-    TEST_ASSERT( strcmp( (char *) output_str, result_str ) == 0 );
+    TEST_ASSERT( hexcmp( buf, result_str, 16, result_str_len ) == 0 );
 
 exit:
     mbedtls_ctr_drbg_free( &ctx );
@@ -125,7 +104,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ctr_drbg_entropy_usage( )
+void ctr_drbg_entropy_usage(  )
 {
     unsigned char out[16];
     unsigned char add[16];
@@ -204,7 +183,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void ctr_drbg_seed_file( char *path, int ret )
+void ctr_drbg_seed_file( char * path, int ret )
 {
     mbedtls_ctr_drbg_context ctx;
 
@@ -220,7 +199,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ctr_drbg_selftest( )
+void ctr_drbg_selftest(  )
 {
     TEST_ASSERT( mbedtls_ctr_drbg_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index a32eba0c2..cebfe2c9d 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -48,8 +48,8 @@ void string_debug(void *data, int level, const char *file, int line, const char
  */
 
 /* BEGIN_CASE */
-void debug_print_msg_threshold( int threshold, int level, char *file, int line,
-                                char *result_str )
+void debug_print_msg_threshold( int threshold, int level, char * file,
+                                int line, char * result_str )
 {
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
@@ -77,8 +77,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_debug_print_ret( char *file, int line, char *text, int value,
-                      char *result_str )
+void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
+                              char * result_str )
 {
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
@@ -104,28 +104,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_debug_print_buf( char *file, int line, char *text,
-                      char *data_string, char *result_str )
+void mbedtls_debug_print_buf( char * file, int line, char * text,
+                              uint8_t * data, uint32_t data_len,
+                              char * result_str )
 {
-    unsigned char data[10000];
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
     struct buffer_data buffer;
-    size_t data_len;
 
     mbedtls_ssl_init( &ssl );
     mbedtls_ssl_config_init( &conf );
-    memset( &data, 0, sizeof( data ) );
     memset( buffer.buf, 0, 2000 );
     buffer.ptr = buffer.buf;
 
-    data_len = unhexify( data, data_string );
 
     TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
 
     mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
 
-    mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
 
     TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
 
@@ -136,8 +132,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_debug_print_crt( char *crt_file, char *file, int line,
-                      char *prefix, char *result_str )
+void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
+                              char * prefix, char * result_str )
 {
     mbedtls_x509_crt   crt;
     mbedtls_ssl_context ssl;
@@ -167,8 +163,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
-void mbedtls_debug_print_mpi( int radix, char *value, char *file, int line,
-                      char *prefix, char *result_str )
+void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
+                              char * prefix, char * result_str )
 {
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 2e73a7768..3d1bb9235 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -8,42 +8,28 @@
  */
 
 /* BEGIN_CASE */
-void des_check_weak( char *key_hex, int ret )
+void des_check_weak( uint8_t * key, uint32_t key_len, int ret )
 {
-    unsigned char key[MBEDTLS_DES_KEY_SIZE];
-
-    memset( key, 0, sizeof key );
-
-    unhexify( key, key_hex );
-
     TEST_ASSERT( mbedtls_des_key_check_weak( key ) == ret );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des_encrypt_ecb( char *hex_key_string, char *hex_src_string,
-                      char *hex_dst_string )
+void des_encrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
+                      uint8_t * src_str, uint32_t src_str_len,
+                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_des_setkey_enc( &ctx, key_str );
     TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str, output ) == 0 );
-    hexify( dst_str, output, 8 );
 
-    TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_des_free( &ctx );
@@ -51,29 +37,21 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des_decrypt_ecb( char *hex_key_string, char *hex_src_string,
-                      char *hex_dst_string )
+void des_decrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
+                      uint8_t * src_str, uint32_t src_str_len,
+                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_des_setkey_dec( &ctx, key_str );
     TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str, output ) == 0 );
-    hexify( dst_str, output, 8 );
 
-    TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_des_free( &ctx );
@@ -81,35 +59,25 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                      char *hex_src_string, char *hex_dst_string, int cbc_result )
+void des_encrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
+                      uint8_t * iv_str, uint32_t iv_str_len,
+                      uint8_t * src_str, uint32_t src_len,
+                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
+                      int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des_context ctx;
-    int src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     mbedtls_des_setkey_enc( &ctx, key_str );
     TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_len, iv_str, src_str, output ) == cbc_result );
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, src_len );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -118,35 +86,25 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                      char *hex_src_string, char *hex_dst_string, int cbc_result )
+void des_decrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
+                      uint8_t * iv_str, uint32_t iv_str_len,
+                      uint8_t * src_str, uint32_t src_len,
+                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
+                      int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des_context ctx;
-    int src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     mbedtls_des_setkey_dec( &ctx, key_str );
     TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_len, iv_str, src_str, output ) == cbc_result );
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, src_len );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -155,23 +113,16 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des3_encrypt_ecb( int key_count, char *hex_key_string,
-                       char *hex_src_string, char *hex_dst_string )
+void des3_encrypt_ecb( int key_count, uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * src_str, uint32_t src_str_len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des3_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des3_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     if( key_count == 2 )
         mbedtls_des3_set2key_enc( &ctx, key_str );
@@ -181,9 +132,8 @@ void des3_encrypt_ecb( int key_count, char *hex_key_string,
         TEST_ASSERT( 0 );
 
     TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str, output ) == 0 );
-    hexify( dst_str, output, 8 );
 
-    TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_des3_free( &ctx );
@@ -191,23 +141,16 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des3_decrypt_ecb( int key_count, char *hex_key_string,
-                       char *hex_src_string, char *hex_dst_string )
+void des3_decrypt_ecb( int key_count, uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * src_str, uint32_t src_str_len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des3_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des3_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     if( key_count == 2 )
         mbedtls_des3_set2key_dec( &ctx, key_str );
@@ -217,9 +160,8 @@ void des3_decrypt_ecb( int key_count, char *hex_key_string,
         TEST_ASSERT( 0 );
 
     TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str, output ) == 0 );
-    hexify( dst_str, output, 8 );
 
-    TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
 
 exit:
     mbedtls_des3_free( &ctx );
@@ -227,28 +169,18 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_encrypt_cbc( int key_count, char *hex_key_string,
-                       char *hex_iv_string, char *hex_src_string,
-                       char *hex_dst_string, int cbc_result )
+void des3_encrypt_cbc( int key_count, uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * iv_str, uint32_t iv_str_len,
+                       uint8_t * src_str, uint32_t src_len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
+                       int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des3_context ctx;
-    int src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des3_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     if( key_count == 2 )
         mbedtls_des3_set2key_enc( &ctx, key_str );
@@ -261,9 +193,8 @@ void des3_encrypt_cbc( int key_count, char *hex_key_string,
 
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, src_len );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -272,28 +203,18 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_decrypt_cbc( int key_count, char *hex_key_string,
-                       char *hex_iv_string, char *hex_src_string,
-                       char *hex_dst_string, int cbc_result )
+void des3_decrypt_cbc( int key_count, uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * iv_str, uint32_t iv_str_len,
+                       uint8_t * src_str, uint32_t src_len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
+                       int cbc_result )
 {
-    unsigned char key_str[100];
-    unsigned char iv_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_des3_context ctx;
-    int src_len;
 
-    memset(key_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
     mbedtls_des3_init( &ctx );
 
-    unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     if( key_count == 2 )
         mbedtls_des3_set2key_dec( &ctx, key_str );
@@ -306,9 +227,8 @@ void des3_decrypt_cbc( int key_count, char *hex_key_string,
 
     if( cbc_result == 0 )
     {
-        hexify( dst_str, output, src_len );
 
-        TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
     }
 
 exit:
@@ -317,7 +237,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des_key_parity_run()
+void des_key_parity_run(  )
 {
     int i, j, cnt;
     unsigned char key[MBEDTLS_DES_KEY_SIZE];
@@ -360,7 +280,7 @@ void des_key_parity_run()
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void des_selftest()
+void des_selftest(  )
 {
     TEST_ASSERT( mbedtls_des_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 4fd8fff23..9a4c99c9a 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -100,7 +100,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void dhm_file( char *filename, char *p, char *g, int len )
+void dhm_file( char * filename, char * p, char * g, int len )
 {
     mbedtls_dhm_context ctx;
     mbedtls_mpi P, G;
@@ -124,7 +124,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void dhm_selftest()
+void dhm_selftest(  )
 {
     TEST_ASSERT( mbedtls_dhm_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 4c6a97baf..0b88e653f 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -43,15 +43,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecdh_primitive_testvec( int id, char *dA_str, char *xA_str, char *yA_str,
-                             char *dB_str, char *xB_str, char *yB_str,
-                             char *z_str )
+void ecdh_primitive_testvec( int id, uint8_t * rnd_buf_A,
+                             uint32_t rnd_buf_A_len, char * xA_str,
+                             char * yA_str, uint8_t * rnd_buf_B,
+                             uint32_t rnd_buf_B_len, char * xB_str,
+                             char * yB_str, char * z_str )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point qA, qB;
     mbedtls_mpi dA, dB, zA, zB, check;
-    unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES];
-    unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES];
     rnd_buf_info rnd_info_A, rnd_info_B;
 
     mbedtls_ecp_group_init( &grp );
@@ -62,7 +62,7 @@ void ecdh_primitive_testvec( int id, char *dA_str, char *xA_str, char *yA_str,
     TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
 
     rnd_info_A.buf = rnd_buf_A;
-    rnd_info_A.length = unhexify( rnd_buf_A, dA_str );
+    rnd_info_A.length = rnd_buf_A_len;
 
     /* Fix rnd_buf_A by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
@@ -78,7 +78,7 @@ void ecdh_primitive_testvec( int id, char *dA_str, char *xA_str, char *yA_str,
     }
 
     rnd_info_B.buf = rnd_buf_B;
-    rnd_info_B.length = unhexify( rnd_buf_B, dB_str );
+    rnd_info_B.length = rnd_buf_B_len;
 
     /* Fix rnd_buf_B by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index b73095388..5398ab5be 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -40,32 +40,29 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
-                              char *k_str, char *hash_str, char *r_str,
-                              char *s_str, int result )
+void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
+                              char * yQ_str, uint8_t * rnd_buf,
+                              uint32_t rnd_buf_len, uint8_t * hash,
+                              uint32_t hlen, char * r_str, char * s_str,
+                              int result )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point Q;
     mbedtls_mpi d, r, s, r_check, s_check;
-    unsigned char hash[66], rnd_buf[66];
-    size_t hlen;
     rnd_buf_info rnd_info;
 
     mbedtls_ecp_group_init( &grp );
     mbedtls_ecp_point_init( &Q );
     mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
     mbedtls_mpi_init( &r_check ); mbedtls_mpi_init( &s_check );
-    memset( hash, 0, sizeof( hash ) );
-    memset( rnd_buf, 0, sizeof( rnd_buf ) );
 
     TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
     TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
-    hlen = unhexify(hash, hash_str);
     rnd_info.buf = rnd_buf;
-    rnd_info.length = unhexify( rnd_buf, k_str );
+    rnd_info.length = rnd_buf_len;
 
     /* Fix rnd_buf by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
@@ -99,8 +96,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_DETERMINISTIC */
-void ecdsa_det_test_vectors( int id, char *d_str, int md_alg,
-                             char *msg, char *r_str, char *s_str )
+void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg,
+                             char * r_str, char * s_str )
 {
     mbedtls_ecp_group grp;
     mbedtls_mpi d, r, s, r_check, s_check;
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 5c8856b16..e108a89a7 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -99,14 +99,14 @@ cleanup:
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ecjpake_selftest()
+void ecjpake_selftest(  )
 {
     TEST_ASSERT( mbedtls_ecjpake_self_test( 1 ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_one( int role, char *data, int ref_ret )
+void read_round_one( int role, char * data, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
 
@@ -133,7 +133,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_cli( char *data, int ref_ret )
+void read_round_two_cli( char * data, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
 
@@ -166,7 +166,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_srv( char *data, int ref_ret )
+void read_round_two_srv( char * data, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
 
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 99780c0de..dc6fac5cb 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -10,7 +10,7 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_curve_info( int id, int tls_id, int size, char *name )
+void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name )
 {
     const mbedtls_ecp_curve_info *by_id, *by_tls, *by_name;
 
@@ -29,7 +29,8 @@ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char *name )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_check_pub( int grp_id, char *x_hex, char *y_hex, char *z_hex, int ret )
+void ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex,
+                    int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
@@ -52,9 +53,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_test_vect( int id, char *dA_str, char *xA_str, char *yA_str,
-                    char *dB_str, char *xB_str, char *yB_str, char *xZ_str,
-                    char *yZ_str )
+void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str,
+                    char * dB_str, char * xB_str, char * yB_str,
+                    char * xZ_str, char * yZ_str )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point R;
@@ -107,8 +108,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_test_vec_x( int id, char *dA_hex, char *xA_hex,
-                     char *dB_hex, char *xB_hex, char *xS_hex )
+void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex,
+                     char * xB_hex, char * xS_hex )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point R;
@@ -158,7 +159,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_fast_mod( int id, char *N_str )
+void ecp_fast_mod( int id, char * N_str )
 {
     mbedtls_ecp_group grp;
     mbedtls_mpi N, R;
@@ -191,16 +192,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_write_binary( int id, char *x, char *y, char *z, int format,
-                       char *out, int blen, int ret )
+void ecp_write_binary( int id, char * x, char * y, char * z, int format,
+                       uint8_t * out, uint32_t out_len, int blen, int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
-    unsigned char buf[256], str[512];
+    unsigned char buf[256];
     size_t olen;
 
     memset( buf, 0, sizeof( buf ) );
-    memset( str, 0, sizeof( str ) );
 
     mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
 
@@ -215,8 +215,7 @@ void ecp_write_binary( int id, char *x, char *y, char *z, int format,
 
     if( ret == 0 )
     {
-        hexify( str, buf, olen );
-        TEST_ASSERT( strcasecmp( (char *) str, out ) == 0 );
+        TEST_ASSERT( hexcmp( buf, out, olen, out_len ) == 0 );
     }
 
 exit:
@@ -225,16 +224,13 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_read_binary( int id, char *input, char *x, char *y, char *z,
-                      int ret )
+void ecp_read_binary( int id, uint8_t * buf, uint32_t ilen, char * x,
+                      char * y, char * z, int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
     mbedtls_mpi X, Y, Z;
-    int ilen;
-    unsigned char buf[256];
 
-    memset( buf, 0, sizeof( buf ) );
 
     mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
@@ -245,9 +241,7 @@ void ecp_read_binary( int id, char *input, char *x, char *y, char *z,
     TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
 
-    ilen = unhexify( buf, input );
 
-    TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf, ilen ) == ret );
 
     if( ret == 0 )
     {
@@ -263,17 +257,14 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_tls_read_point( int id, char *input, char *x, char *y, char *z,
-                         int ret )
+void mbedtls_ecp_tls_read_point( int id, uint8_t * buf, uint32_t ilen,
+                                 char * x, char * y, char * z, int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
     mbedtls_mpi X, Y, Z;
-    size_t ilen;
-    unsigned char buf[256];
     const unsigned char *vbuf = buf;
 
-    memset( buf, 0, sizeof( buf ) );
 
     mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
@@ -284,9 +275,7 @@ void mbedtls_ecp_tls_read_point( int id, char *input, char *x, char *y, char *z,
     TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
 
-    ilen = unhexify( buf, input );
 
-    TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, ilen ) == ret );
 
     if( ret == 0 )
     {
@@ -355,17 +344,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_tls_read_group( char *record, int result, int bits )
+void mbedtls_ecp_tls_read_group( uint8_t * buf, uint32_t len, int result,
+                                 int bits )
 {
     mbedtls_ecp_group grp;
-    unsigned char buf[10];
     const unsigned char *vbuf = buf;
-    int len, ret;
+    int ret;
 
     mbedtls_ecp_group_init( &grp );
-    memset( buf, 0x00, sizeof( buf ) );
 
-    len = unhexify( buf, record );
 
     ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, len );
 
@@ -413,7 +400,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_check_privkey( int id, char *key_hex, int ret )
+void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_mpi d;
@@ -433,8 +420,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_check_pub_priv( int id_pub, char *Qx_pub, char *Qy_pub,
-                         int id, char *d, char *Qx, char *Qy, int ret )
+void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub,
+                                 int id, char * d, char * Qx, char * Qy,
+                                 int ret )
 {
     mbedtls_ecp_keypair pub, prv;
 
@@ -506,7 +494,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void ecp_selftest()
+void ecp_selftest(  )
 {
     TEST_ASSERT( mbedtls_ecp_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 9930c0386..c34c1854a 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -125,7 +125,7 @@ static int read_nv_seed( unsigned char *buf, size_t buf_len )
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void entropy_seed_file( char *path, int ret )
+void entropy_seed_file( char * path, int ret )
 {
     mbedtls_entropy_context ctx;
 
@@ -140,7 +140,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void entropy_too_many_sources( )
+void entropy_too_many_sources(  )
 {
     mbedtls_entropy_context ctx;
     size_t i;
@@ -194,7 +194,7 @@ void entropy_func_len( int len, int ret )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void entropy_source_fail( char *path )
+void entropy_source_fail( char * path )
 {
     mbedtls_entropy_context ctx;
     int fail = -1;
@@ -261,7 +261,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void nv_seed_file_create()
+void nv_seed_file_create(  )
 {
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
@@ -272,7 +272,7 @@ void nv_seed_file_create()
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO:MBEDTLS_PLATFORM_NV_SEED_ALT */
-void entropy_nv_seed_std_io()
+void entropy_nv_seed_std_io(  )
 {
     unsigned char io_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
@@ -302,7 +302,7 @@ void entropy_nv_seed_std_io()
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-void entropy_nv_seed( char *read_seed_str )
+void entropy_nv_seed( uint8_t * read_seed, uint32_t read_seed_len )
 {
     mbedtls_sha512_context accumulator;
     mbedtls_entropy_context ctx;
@@ -323,7 +323,6 @@ void entropy_nv_seed( char *read_seed_str )
     memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
     // Set the initial NV seed to read
-    unhexify( read_seed, read_seed_str );
     memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
     // Make sure we read/write NV seed from our buffers
diff --git a/tests/suites/test_suite_error.function b/tests/suites/test_suite_error.function
index c99b1fd15..68831ce51 100644
--- a/tests/suites/test_suite_error.function
+++ b/tests/suites/test_suite_error.function
@@ -8,7 +8,7 @@
  */
 
 /* BEGIN_CASE */
-void error_strerror( int code, char *result_str )
+void error_strerror( int code, char * result_str )
 {
     char buf[500];
 
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 3d0830e98..782a89687 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -51,49 +51,33 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void gcm_encrypt_and_tag( int cipher_id,
-                          char *hex_key_string, char *hex_src_string,
-                          char *hex_iv_string, char *hex_add_string,
-                          char *hex_dst_string, int tag_len_bits,
-                          char *hex_tag_string, int  init_result )
+void gcm_encrypt_and_tag( int cipher_id, uint8_t * key_str, uint32_t key_len,
+                          uint8_t * src_str, uint32_t pt_len,
+                          uint8_t * iv_str, uint32_t iv_len,
+                          uint8_t * add_str, uint32_t add_len,
+                          uint8_t * hex_dst_string,
+                          uint32_t hex_dst_string_len, int tag_len_bits,
+                          uint8_t * hex_tag_string,
+                          uint32_t hex_tag_string_len, int init_result )
 {
-    unsigned char key_str[128];
-    unsigned char src_str[128];
-    unsigned char dst_str[257];
-    unsigned char iv_str[128];
-    unsigned char add_str[128];
-    unsigned char tag_str[128];
     unsigned char output[128];
     unsigned char tag_output[16];
     mbedtls_gcm_context ctx;
-    unsigned int key_len;
-    size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
+    size_t tag_len = tag_len_bits / 8;
 
     mbedtls_gcm_init( &ctx );
 
-    memset(key_str, 0x00, 128);
-    memset(src_str, 0x00, 128);
-    memset(dst_str, 0x00, 257);
-    memset(iv_str, 0x00, 128);
-    memset(add_str, 0x00, 128);
-    memset(tag_str, 0x00, 128);
     memset(output, 0x00, 128);
     memset(tag_output, 0x00, 16);
 
-    key_len = unhexify( key_str, hex_key_string );
-    pt_len = unhexify( src_str, hex_src_string );
-    iv_len = unhexify( iv_str, hex_iv_string );
-    add_len = unhexify( add_str, hex_add_string );
 
     TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
     if( init_result == 0 )
     {
         TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, pt_len, iv_str, iv_len, add_str, add_len, src_str, output, tag_len, tag_output ) == 0 );
-        hexify( dst_str, output, pt_len );
-        hexify( tag_str, tag_output, tag_len );
 
-        TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
-        TEST_ASSERT( strcmp( (char *) tag_str, hex_tag_string ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string, pt_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( tag_output, hex_tag_string, tag_len, hex_tag_string_len ) == 0 );
     }
 
 exit:
@@ -102,39 +86,24 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void gcm_decrypt_and_verify( int cipher_id,
-                             char *hex_key_string, char *hex_src_string,
-                             char *hex_iv_string, char *hex_add_string,
-                             int tag_len_bits, char *hex_tag_string,
-                             char *pt_result, int init_result )
+void gcm_decrypt_and_verify( int cipher_id, uint8_t * key_str,
+                             uint32_t key_len, uint8_t * src_str,
+                             uint32_t pt_len, uint8_t * iv_str,
+                             uint32_t iv_len, uint8_t * add_str,
+                             uint32_t add_len, int tag_len_bits,
+                             uint8_t * tag_str, uint32_t tag_str_len,
+                             uint8_t * pt_result, uint32_t pt_result_len,
+                             int init_result )
 {
-    unsigned char key_str[128];
-    unsigned char src_str[128];
-    unsigned char dst_str[257];
-    unsigned char iv_str[128];
-    unsigned char add_str[128];
-    unsigned char tag_str[128];
     unsigned char output[128];
     mbedtls_gcm_context ctx;
-    unsigned int key_len;
-    size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
     int ret;
+    size_t tag_len = tag_len_bits / 8;
 
     mbedtls_gcm_init( &ctx );
 
-    memset(key_str, 0x00, 128);
-    memset(src_str, 0x00, 128);
-    memset(dst_str, 0x00, 257);
-    memset(iv_str, 0x00, 128);
-    memset(add_str, 0x00, 128);
-    memset(tag_str, 0x00, 128);
     memset(output, 0x00, 128);
 
-    key_len = unhexify( key_str, hex_key_string );
-    pt_len = unhexify( src_str, hex_src_string );
-    iv_len = unhexify( iv_str, hex_iv_string );
-    add_len = unhexify( add_str, hex_add_string );
-    unhexify( tag_str, hex_tag_string );
 
     TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
     if( init_result == 0 )
@@ -148,9 +117,8 @@ void gcm_decrypt_and_verify( int cipher_id,
         else
         {
             TEST_ASSERT( ret == 0 );
-            hexify( dst_str, output, pt_len );
 
-            TEST_ASSERT( strcmp( (char *) dst_str, pt_result ) == 0 );
+            TEST_ASSERT( hexcmp( output, pt_result, pt_len, pt_result_len ) == 0 );
         }
     }
 
@@ -160,7 +128,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void gcm_selftest()
+void gcm_selftest(  )
 {
     TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index 21b300e7c..cf1f3683a 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -110,7 +110,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void hmac_drbg_seed_file( int md_alg, char *path, int ret )
+void hmac_drbg_seed_file( int md_alg, char * path, int ret )
 {
     const mbedtls_md_info_t *md_info;
     mbedtls_hmac_drbg_context ctx;
@@ -161,32 +161,23 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_no_reseed( int md_alg,
-                          char *entropy_hex, char *custom_hex,
-                          char *add1_hex, char *add2_hex,
-                          char *output_hex )
+void hmac_drbg_no_reseed( int md_alg, uint8_t * entropy,
+                          uint32_t entropy_len, uint8_t * custom,
+                          uint32_t custom_len, uint8_t * add1,
+                          uint32_t add1_len, uint8_t * add2,
+                          uint32_t add2_len, uint8_t * output,
+                          uint32_t out_len )
 {
     unsigned char data[1024];
-    unsigned char entropy[512];
-    unsigned char custom[512];
-    unsigned char add1[512];
-    unsigned char add2[512];
-    unsigned char output[512];
     unsigned char my_output[512];
-    size_t custom_len, add1_len, add2_len, out_len;
     entropy_ctx p_entropy;
     const mbedtls_md_info_t *md_info;
     mbedtls_hmac_drbg_context ctx;
 
     mbedtls_hmac_drbg_init( &ctx );
-    memset( my_output, 0, sizeof my_output );
 
-    custom_len = unhexify( custom, custom_hex );
-    add1_len = unhexify( add1, add1_hex );
-    add2_len = unhexify( add2, add2_hex );
-    out_len = unhexify( output, output_hex );
-    p_entropy.len = unhexify( entropy, entropy_hex );
     p_entropy.p = entropy;
+    p_entropy.len = entropy_len;
 
     md_info = mbedtls_md_info_from_type( md_alg );
     TEST_ASSERT( md_info != NULL );
@@ -221,33 +212,21 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_nopr( int md_alg,
-                     char *entropy_hex, char *custom_hex,
-                     char *add1_hex, char *add2_hex, char *add3_hex,
-                     char *output_hex )
+void hmac_drbg_nopr( int md_alg, uint8_t * entropy, uint32_t entropy_len,
+                     uint8_t * custom, uint32_t custom_len, uint8_t * add1,
+                     uint32_t add1_len, uint8_t * add2, uint32_t add2_len,
+                     uint8_t * add3, uint32_t add3_len, uint8_t * output,
+                     uint32_t out_len )
 {
-    unsigned char entropy[512];
-    unsigned char custom[512];
-    unsigned char add1[512];
-    unsigned char add2[512];
-    unsigned char add3[512];
-    unsigned char output[512];
     unsigned char my_output[512];
-    size_t custom_len, add1_len, add2_len, add3_len, out_len;
     entropy_ctx p_entropy;
     const mbedtls_md_info_t *md_info;
     mbedtls_hmac_drbg_context ctx;
 
     mbedtls_hmac_drbg_init( &ctx );
-    memset( my_output, 0, sizeof my_output );
 
-    custom_len = unhexify( custom, custom_hex );
-    add1_len = unhexify( add1, add1_hex );
-    add2_len = unhexify( add2, add2_hex );
-    add3_len = unhexify( add3, add3_hex );
-    out_len = unhexify( output, output_hex );
-    p_entropy.len = unhexify( entropy, entropy_hex );
     p_entropy.p = entropy;
+    p_entropy.len = entropy_len;
 
     md_info = mbedtls_md_info_from_type( md_alg );
     TEST_ASSERT( md_info != NULL );
@@ -268,31 +247,20 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_pr( int md_alg,
-                   char *entropy_hex, char *custom_hex,
-                   char *add1_hex, char *add2_hex,
-                   char *output_hex )
+void hmac_drbg_pr( int md_alg, uint8_t * entropy, uint32_t entropy_len,
+                   uint8_t * custom, uint32_t custom_len, uint8_t * add1,
+                   uint32_t add1_len, uint8_t * add2, uint32_t add2_len,
+                   uint8_t * output, uint32_t out_len )
 {
-    unsigned char entropy[512];
-    unsigned char custom[512];
-    unsigned char add1[512];
-    unsigned char add2[512];
-    unsigned char output[512];
     unsigned char my_output[512];
-    size_t custom_len, add1_len, add2_len, out_len;
     entropy_ctx p_entropy;
     const mbedtls_md_info_t *md_info;
     mbedtls_hmac_drbg_context ctx;
 
     mbedtls_hmac_drbg_init( &ctx );
-    memset( my_output, 0, sizeof my_output );
 
-    custom_len = unhexify( custom, custom_hex );
-    add1_len = unhexify( add1, add1_hex );
-    add2_len = unhexify( add2, add2_hex );
-    out_len = unhexify( output, output_hex );
-    p_entropy.len = unhexify( entropy, entropy_hex );
     p_entropy.p = entropy;
+    p_entropy.len = entropy_len;
 
     md_info = mbedtls_md_info_from_type( md_alg );
     TEST_ASSERT( md_info != NULL );
@@ -313,7 +281,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void hmac_drbg_selftest( )
+void hmac_drbg_selftest(  )
 {
     TEST_ASSERT( mbedtls_hmac_drbg_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 6ac834e1e..a700b33e8 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -8,7 +8,7 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_md_process( )
+void mbedtls_md_process(  )
 {
     const int *md_type_ptr;
     const mbedtls_md_info_t *info;
@@ -40,7 +40,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_null_args( )
+void md_null_args(  )
 {
     mbedtls_md_context_t ctx;
     const mbedtls_md_info_t *info = mbedtls_md_info_from_type( *( mbedtls_md_list() ) );
@@ -103,7 +103,7 @@ void md_null_args( )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_info( int md_type, char *md_name, int md_size )
+void md_info( int md_type, char * md_name, int md_size )
 {
     const mbedtls_md_info_t *md_info;
     const int *md_type_ptr;
@@ -126,17 +126,16 @@ void md_info( int md_type, char *md_name, int md_size )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_text( char *text_md_name, char *text_src_string, char *hex_hash_string )
+void md_text( char * text_md_name, char * text_src_string,
+              uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
     char md_name[100];
     unsigned char src_str[1000];
-    unsigned char hash_str[1000];
     unsigned char output[100];
     const mbedtls_md_info_t *md_info = NULL;
 
     memset( md_name, 0x00, 100 );
     memset( src_str, 0x00, 1000 );
-    memset( hash_str, 0x00, 1000 );
     memset( output, 0x00, 100 );
 
     strncpy( (char *) src_str, text_src_string, sizeof( src_str ) - 1 );
@@ -145,47 +144,40 @@ void md_text( char *text_md_name, char *text_src_string, char *hex_hash_string )
     TEST_ASSERT( md_info != NULL );
 
     TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) );
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hex( char *text_md_name, char *hex_src_string, char *hex_hash_string )
+void md_hex( char * text_md_name, uint8_t * src_str, uint32_t src_len,
+             uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
     char md_name[100];
-    unsigned char src_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[100];
-    int src_len;
     const mbedtls_md_info_t *md_info = NULL;
 
     memset( md_name, 0x00, 100 );
-    memset( src_str, 0x00, 10000 );
-    memset( hash_str, 0x00, 10000 );
     memset( output, 0x00, 100 );
 
     strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
     md_info = mbedtls_md_info_from_string( md_name );
     TEST_ASSERT( md_info != NULL );
 
-    src_len = unhexify( src_str, hex_src_string );
     TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, src_len, output ) );
 
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string,
+                 mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_text_multi( char *text_md_name, char *text_src_string,
-                    char *hex_hash_string )
+void md_text_multi( char * text_md_name, char * text_src_string,
+                    uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
     char md_name[100];
     unsigned char src_str[1000];
-    unsigned char hash_str[1000];
     unsigned char output[100];
     int halfway, len;
 
@@ -197,7 +189,6 @@ void md_text_multi( char *text_md_name, char *text_src_string,
 
     memset( md_name, 0x00, 100 );
     memset( src_str, 0x00, 1000 );
-    memset( hash_str, 0x00, 1000 );
     memset( output, 0x00, 100 );
 
     strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
@@ -217,17 +208,15 @@ void md_text_multi( char *text_md_name, char *text_src_string,
 
     TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string,
+                 mbedtls_md_get_size( md_info ), hex_hash_string_len) == 0 );
 
     /* Test clone */
-    memset( hash_str, 0x00, 1000 );
     memset( output, 0x00, 100 );
 
     TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -236,23 +225,19 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hex_multi( char *text_md_name, char *hex_src_string,
-                   char *hex_hash_string )
+void md_hex_multi( char * text_md_name, uint8_t * src_str, uint32_t src_len,
+                   uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
     char md_name[100];
-    unsigned char src_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[100];
-    int src_len, halfway;
     const mbedtls_md_info_t *md_info = NULL;
     mbedtls_md_context_t ctx, ctx_copy;
+    int halfway;
 
     mbedtls_md_init( &ctx );
     mbedtls_md_init( &ctx_copy );
 
     memset( md_name, 0x00, 100 );
-    memset( src_str, 0x00, 10000 );
-    memset( hash_str, 0x00, 10000 );
     memset( output, 0x00, 100 );
 
     strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
@@ -261,7 +246,6 @@ void md_hex_multi( char *text_md_name, char *hex_src_string,
     TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) );
     TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) );
 
-    src_len = unhexify( src_str, hex_src_string );
     halfway = src_len / 2;
 
     TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) );
@@ -271,17 +255,14 @@ void md_hex_multi( char *text_md_name, char *hex_src_string,
 
     TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, src_len - halfway) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
 
     /* Test clone */
-    memset( hash_str, 0x00, 10000 );
     memset( output, 0x00, 100 );
 
     TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, src_len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -290,56 +271,42 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_md_hmac( char *text_md_name, int trunc_size, char *hex_key_string,
-              char *hex_src_string, char *hex_hash_string )
+void mbedtls_md_hmac( char * text_md_name, int trunc_size, uint8_t * key_str,
+                      uint32_t key_len, uint8_t * src_str, uint32_t src_len,
+                      uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
     char md_name[100];
-    unsigned char src_str[10000];
-    unsigned char key_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[100];
-    int key_len, src_len;
     const mbedtls_md_info_t *md_info = NULL;
 
     memset( md_name, 0x00, 100 );
-    memset( src_str, 0x00, 10000 );
-    memset( key_str, 0x00, 10000 );
-    memset( hash_str, 0x00, 10000 );
     memset( output, 0x00, 100 );
 
     strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
     md_info = mbedtls_md_info_from_string( md_name );
     TEST_ASSERT( md_info != NULL );
 
-    key_len = unhexify( key_str, hex_key_string );
-    src_len = unhexify( src_str, hex_src_string );
 
     TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str, key_len, src_str, src_len, output ) == 0 );
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
 
-    TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size * 2, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string,
-                    char *hex_src_string, char *hex_hash_string )
+void md_hmac_multi( char * text_md_name, int trunc_size, uint8_t * key_str,
+                    uint32_t key_len, uint8_t * src_str, uint32_t src_len,
+                    uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
     char md_name[100];
-    unsigned char src_str[10000];
-    unsigned char key_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[100];
-    int key_len, src_len, halfway;
     const mbedtls_md_info_t *md_info = NULL;
     mbedtls_md_context_t ctx;
+    int halfway;
 
     mbedtls_md_init( &ctx );
 
     memset( md_name, 0x00, 100 );
-    memset( src_str, 0x00, 10000 );
-    memset( key_str, 0x00, 10000 );
-    memset( hash_str, 0x00, 10000 );
     memset( output, 0x00, 100 );
 
     strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
@@ -347,8 +314,6 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string,
     TEST_ASSERT( md_info != NULL );
     TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) );
 
-    key_len = unhexify( key_str, hex_key_string );
-    src_len = unhexify( src_str, hex_src_string );
     halfway = src_len / 2;
 
     TEST_ASSERT ( 0 == mbedtls_md_hmac_starts( &ctx, key_str, key_len ) );
@@ -357,11 +322,9 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string,
     TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
 
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
-    TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size * 2, hex_hash_string_len ) == 0 );
 
     /* Test again, for reset() */
-    memset( hash_str, 0x00, 10000 );
     memset( output, 0x00, 100 );
 
     TEST_ASSERT ( 0 == mbedtls_md_hmac_reset( &ctx ) );
@@ -369,8 +332,7 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string,
     TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
 
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
-    TEST_ASSERT( strncmp( (char *) hash_str, hex_hash_string, trunc_size * 2 ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size * 2, hex_hash_string_len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -378,15 +340,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_md_file( char *text_md_name, char *filename, char *hex_hash_string )
+void mbedtls_md_file( char * text_md_name, char * filename,
+                      uint8_t * hex_hash_string, uint32_t hex_hash_string_len
+                      )
 {
     char md_name[100];
-    unsigned char hash_str[1000];
     unsigned char output[100];
     const mbedtls_md_info_t *md_info = NULL;
 
     memset( md_name, 0x00, 100 );
-    memset( hash_str, 0x00, 1000 );
     memset( output, 0x00, 100 );
 
     strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 );
@@ -394,8 +356,7 @@ void mbedtls_md_file( char *text_md_name, char *filename, char *hex_hash_string
     TEST_ASSERT( md_info != NULL );
 
     TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 );
-    hexify( hash_str, output, mbedtls_md_get_size( md_info ) );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 648a9cc35..7fe5e06f7 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -6,116 +6,108 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char *text_src_string, char *hex_hash_string )
+void md2_text( char * text_src_string, uint8_t * hex_hash_string,
+               uint32_t hex_hash_string_len )
 {
     int ret;
     unsigned char src_str[100];
-    unsigned char hash_str[33];
     unsigned char output[16];
 
     memset( src_str, 0x00, sizeof src_str );
-    memset( hash_str, 0x00, sizeof hash_str );
     memset( output, 0x00, sizeof output );
 
     strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
 
     ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 ) ;
-    hexify( hash_str, output, sizeof  output );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof  output, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char *text_src_string, char *hex_hash_string )
+void md4_text( char * text_src_string, uint8_t * hex_hash_string,
+               uint32_t hex_hash_string_len )
 {
     int ret;
     unsigned char src_str[100];
-    unsigned char hash_str[33];
     unsigned char output[16];
 
     memset( src_str, 0x00, sizeof src_str );
-    memset( hash_str, 0x00, sizeof hash_str );
     memset( output, 0x00, sizeof output );
 
     strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
 
     ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 );
-    hexify( hash_str, output, sizeof  output );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof  output, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
-void md5_text( char *text_src_string, char *hex_hash_string )
+void md5_text( char * text_src_string, uint8_t * hex_hash_string,
+               uint32_t hex_hash_string_len )
 {
     int ret;
     unsigned char src_str[100];
-    unsigned char hash_str[33];
     unsigned char output[16];
 
     memset( src_str, 0x00, sizeof src_str );
-    memset( hash_str, 0x00, sizeof hash_str );
     memset( output, 0x00, sizeof output );
 
     strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
 
     ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 );
-    hexify( hash_str, output, sizeof  output );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof  output, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */
-void ripemd160_text( char *text_src_string, char *hex_hash_string )
+void ripemd160_text( char * text_src_string, uint8_t * hex_hash_string,
+                     uint32_t hex_hash_string_len )
 {
     int ret;
     unsigned char src_str[100];
-    unsigned char hash_str[41];
     unsigned char output[20];
 
     memset(src_str, 0x00, sizeof src_str);
-    memset(hash_str, 0x00, sizeof hash_str);
     memset(output, 0x00, sizeof output);
 
     strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 );
 
     ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 );
-    hexify( hash_str, output, sizeof output );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof output, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD2_C:MBEDTLS_SELF_TEST */
-void md2_selftest()
+void md2_selftest(  )
 {
     TEST_ASSERT( mbedtls_md2_self_test( 1 ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD4_C:MBEDTLS_SELF_TEST */
-void md4_selftest()
+void md4_selftest(  )
 {
     TEST_ASSERT( mbedtls_md4_self_test( 1 ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD5_C:MBEDTLS_SELF_TEST */
-void md5_selftest()
+void md5_selftest(  )
 {
     TEST_ASSERT( mbedtls_md5_self_test( 1 ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_SELF_TEST */
-void ripemd160_selftest()
+void ripemd160_selftest(  )
 {
     TEST_ASSERT( mbedtls_ripemd160_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index 09684c1d4..bc034367a 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -23,7 +23,7 @@ static int check_pointer( void *p )
 /* END_SUITE_HELPERS */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mbedtls_memory_buffer_alloc_self_test( )
+void mbedtls_memory_buffer_alloc_self_test(  )
 {
     TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 1 ) == 0 );
 }
@@ -31,10 +31,9 @@ void mbedtls_memory_buffer_alloc_self_test( )
 
 /* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
 void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
-                                        int d_bytes,
-                                     int free_a, int free_b, int free_c,
-                                        int free_d,
-                                     int e_bytes, int f_bytes )
+                                     int d_bytes, int free_a, int free_b,
+                                     int free_c, int free_d, int e_bytes,
+                                     int f_bytes )
 {
     unsigned char buf[1024];
     unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL,
@@ -190,7 +189,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
-void memory_buffer_alloc_oom_test()
+void memory_buffer_alloc_oom_test(  )
 {
     unsigned char buf[1024];
     unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL;
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 6ae27af5b..da0d5e415 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -8,7 +8,7 @@
  */
 
 /* BEGIN_CASE */
-void mpi_null( )
+void mpi_null(  )
 {
     mbedtls_mpi X, Y, Z;
 
@@ -27,8 +27,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mpi_read_write_string( int radix_X, char *input_X, int radix_A,
-                            char *input_A, int output_size, int result_read,
+void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
+                            char * input_A, int output_size, int result_read,
                             int result_write )
 {
     mbedtls_mpi X;
@@ -53,17 +53,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_read_binary( char *input_X, int radix_A, char *input_A )
+void mbedtls_mpi_read_binary( uint8_t * buf, uint32_t input_len, int radix_A,
+                              char * input_A )
 {
     mbedtls_mpi X;
     unsigned char str[1000];
-    unsigned char buf[1000];
     size_t len;
-    size_t input_len;
 
     mbedtls_mpi_init( &X );
 
-    input_len = unhexify( buf, input_X );
 
     TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf, input_len ) == 0 );
     TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, (char *) str, sizeof( str ), &len ) == 0 );
@@ -75,16 +73,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_write_binary( int radix_X, char *input_X, char *input_A,
-                       int output_size, int result )
+void mbedtls_mpi_write_binary( int radix_X, char * input_X, uint8_t * input_A,
+                               uint32_t input_A_len, int output_size,
+                               int result )
 {
     mbedtls_mpi X;
-    unsigned char str[1000];
     unsigned char buf[1000];
     size_t buflen;
 
     memset( buf, 0x00, 1000 );
-    memset( str, 0x00, 1000 );
 
     mbedtls_mpi_init( &X );
 
@@ -97,9 +94,8 @@ void mbedtls_mpi_write_binary( int radix_X, char *input_X, char *input_A,
     TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result );
     if( result == 0)
     {
-        hexify( str, buf, buflen );
 
-        TEST_ASSERT( strcasecmp( (char *) str, input_A ) == 0 );
+        TEST_ASSERT( hexcmp( buf, input_A, buflen, input_A_len ) == 0 );
     }
 
 exit:
@@ -108,18 +104,16 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_read_file( int radix_X, char *input_file, char *input_A,
-                    int result )
+void mbedtls_mpi_read_file( int radix_X, char * input_file, uint8_t * input_A,
+                            uint32_t input_A_len, int result )
 {
     mbedtls_mpi X;
-    unsigned char str[1000];
     unsigned char buf[1000];
     size_t buflen;
     FILE *file;
     int ret;
 
     memset( buf, 0x00, 1000 );
-    memset( str, 0x00, 1000 );
 
     mbedtls_mpi_init( &X );
 
@@ -134,9 +128,8 @@ void mbedtls_mpi_read_file( int radix_X, char *input_file, char *input_A,
         buflen = mbedtls_mpi_size( &X );
         TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
 
-        hexify( str, buf, buflen );
 
-        TEST_ASSERT( strcasecmp( (char *) str, input_A ) == 0 );
+        TEST_ASSERT( hexcmp( buf, input_A, buflen, input_A_len ) == 0 );
     }
 
 exit:
@@ -145,8 +138,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_write_file( int radix_X, char *input_X, int output_radix,
-                     char *output_file )
+void mbedtls_mpi_write_file( int radix_X, char * input_X, int output_radix,
+                             char * output_file )
 {
     mbedtls_mpi X, Y;
     FILE *file_out, *file_in;
@@ -176,7 +169,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_get_bit( int radix_X, char *input_X, int pos, int val )
+void mbedtls_mpi_get_bit( int radix_X, char * input_X, int pos, int val )
 {
     mbedtls_mpi X;
     mbedtls_mpi_init( &X );
@@ -189,8 +182,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_set_bit( int radix_X, char *input_X, int pos, int val,
-                          int radix_Y, char *output_Y, int result )
+void mbedtls_mpi_set_bit( int radix_X, char * input_X, int pos, int val,
+                          int radix_Y, char * output_Y, int result )
 {
     mbedtls_mpi X, Y;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
@@ -210,7 +203,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_lsb( int radix_X, char *input_X, int nr_bits )
+void mbedtls_mpi_lsb( int radix_X, char * input_X, int nr_bits )
 {
     mbedtls_mpi X;
     mbedtls_mpi_init( &X );
@@ -224,7 +217,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_bitlen( int radix_X, char *input_X, int nr_bits )
+void mbedtls_mpi_bitlen( int radix_X, char * input_X, int nr_bits )
 {
     mbedtls_mpi X;
     mbedtls_mpi_init( &X );
@@ -238,8 +231,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_gcd( int radix_X, char *input_X, int radix_Y, char *input_Y,
-              int radix_A, char *input_A )
+void mbedtls_mpi_gcd( int radix_X, char * input_X, int radix_Y,
+                      char * input_Y, int radix_A, char * input_A )
 {
     mbedtls_mpi A, X, Y, Z;
     mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
@@ -270,8 +263,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_cmp_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int input_A )
+void mbedtls_mpi_cmp_mpi( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int input_A )
 {
     mbedtls_mpi X, Y;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
@@ -286,8 +279,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_cmp_abs( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int input_A )
+void mbedtls_mpi_cmp_abs( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int input_A )
 {
     mbedtls_mpi X, Y;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
@@ -354,8 +347,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_assign( int x_sign, char *x_str,
-                           int y_sign, char *y_str )
+void mbedtls_mpi_safe_cond_assign( int x_sign, char * x_str, int y_sign,
+                                   char * y_str )
 {
     mbedtls_mpi X, Y, XX;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &XX );
@@ -378,8 +371,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_swap( int x_sign, char *x_str,
-                         int y_sign, char *y_str )
+void mbedtls_mpi_safe_cond_swap( int x_sign, char * x_str, int y_sign,
+                                 char * y_str )
 {
     mbedtls_mpi X, Y, XX, YY;
 
@@ -409,7 +402,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_swap( int input_X,  int input_Y )
+void mbedtls_mpi_swap( int input_X, int input_Y )
 {
     mbedtls_mpi X, Y, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
@@ -429,8 +422,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_add_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A )
+void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A )
 {
     mbedtls_mpi X, Y, Z, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -447,7 +440,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_add_mpi_inplace( int radix_X, char *input_X, int radix_A, char *input_A )
+void mbedtls_mpi_add_mpi_inplace( int radix_X, char * input_X, int radix_A,
+                                  char * input_A )
 {
     mbedtls_mpi X, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
@@ -473,8 +467,8 @@ exit:
 
 
 /* BEGIN_CASE */
-void mbedtls_mpi_add_abs( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A )
+void mbedtls_mpi_add_abs( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A )
 {
     mbedtls_mpi X, Y, Z, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -491,8 +485,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mpi_add_abs_add_first( int radix_X, char *input_X, int radix_Y,
-                            char *input_Y, int radix_A, char *input_A )
+void mpi_add_abs_add_first( int radix_X, char * input_X, int radix_Y,
+                            char * input_Y, int radix_A, char * input_A )
 {
     mbedtls_mpi X, Y, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
@@ -509,8 +503,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mpi_add_abs_add_second( int radix_X, char *input_X, int radix_Y,
-                             char *input_Y, int radix_A, char *input_A )
+void mpi_add_abs_add_second( int radix_X, char * input_X, int radix_Y,
+                             char * input_Y, int radix_A, char * input_A )
 {
     mbedtls_mpi X, Y, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
@@ -527,8 +521,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_add_int( int radix_X, char *input_X, int input_Y, int radix_A,
-                  char *input_A )
+void mbedtls_mpi_add_int( int radix_X, char * input_X, int input_Y,
+                          int radix_A, char * input_A )
 {
     mbedtls_mpi X, Z, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -544,8 +538,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_sub_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A )
+void mbedtls_mpi_sub_mpi( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A )
 {
     mbedtls_mpi X, Y, Z, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -562,8 +556,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_sub_abs( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A, int sub_result )
+void mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A,
+                          int sub_result )
 {
     mbedtls_mpi X, Y, Z, A;
     int res;
@@ -584,8 +579,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_sub_int( int radix_X, char *input_X, int input_Y, int radix_A,
-                  char *input_A )
+void mbedtls_mpi_sub_int( int radix_X, char * input_X, int input_Y,
+                          int radix_A, char * input_A )
 {
     mbedtls_mpi X, Z, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -601,8 +596,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_mul_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A )
+void mbedtls_mpi_mul_mpi( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A )
 {
     mbedtls_mpi X, Y, Z, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -619,8 +614,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_mul_int( int radix_X, char *input_X, int input_Y, int radix_A,
-                  char *input_A, char *result_comparison )
+void mbedtls_mpi_mul_int( int radix_X, char * input_X, int input_Y,
+                          int radix_A, char * input_A,
+                          char * result_comparison )
 {
     mbedtls_mpi X, Z, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
@@ -641,9 +637,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_div_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A, int radix_B, char *input_B,
-                  int div_result )
+void mbedtls_mpi_div_mpi( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A,
+                          int radix_B, char * input_B, int div_result )
 {
     mbedtls_mpi X, Y, Q, R, A, B;
     int res;
@@ -669,8 +665,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_div_int( int radix_X, char *input_X, int input_Y, int radix_A,
-                  char *input_A, int radix_B, char *input_B, int div_result )
+void mbedtls_mpi_div_int( int radix_X, char * input_X, int input_Y,
+                          int radix_A, char * input_A, int radix_B,
+                          char * input_B, int div_result )
 {
     mbedtls_mpi X, Q, R, A, B;
     int res;
@@ -695,8 +692,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_mod_mpi( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A, int div_result )
+void mbedtls_mpi_mod_mpi( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A,
+                          int div_result )
 {
     mbedtls_mpi X, Y, A;
     int res;
@@ -718,8 +716,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_mod_int( int radix_X, char *input_X, int input_Y, int input_A,
-                  int div_result )
+void mbedtls_mpi_mod_int( int radix_X, char * input_X, int input_Y,
+                          int input_A, int div_result )
 {
     mbedtls_mpi X;
     int res;
@@ -740,9 +738,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_exp_mod( int radix_A, char *input_A, int radix_E, char *input_E,
-                  int radix_N, char *input_N, int radix_RR, char *input_RR,
-                  int radix_X, char *input_X, int div_result )
+void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E,
+                          char * input_E, int radix_N, char * input_N,
+                          int radix_RR, char * input_RR, int radix_X,
+                          char * input_X, int div_result )
 {
     mbedtls_mpi A, E, N, RR, Z, X;
     int res;
@@ -771,8 +770,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_inv_mod( int radix_X, char *input_X, int radix_Y, char *input_Y,
-                  int radix_A, char *input_A, int div_result )
+void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y,
+                          char * input_Y, int radix_A, char * input_A,
+                          int div_result )
 {
     mbedtls_mpi X, Y, Z, A;
     int res;
@@ -794,7 +794,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_is_prime( int radix_X, char *input_X, int div_result )
+void mbedtls_mpi_is_prime( int radix_X, char * input_X, int div_result )
 {
     mbedtls_mpi X;
     int res;
@@ -842,8 +842,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_shift_l( int radix_X, char *input_X, int shift_X, int radix_A,
-                  char *input_A)
+void mbedtls_mpi_shift_l( int radix_X, char * input_X, int shift_X,
+                          int radix_A, char * input_A )
 {
     mbedtls_mpi X, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
@@ -859,8 +859,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_shift_r( int radix_X, char *input_X, int shift_X, int radix_A,
-                  char *input_A )
+void mbedtls_mpi_shift_r( int radix_X, char * input_X, int shift_X,
+                          int radix_A, char * input_A )
 {
     mbedtls_mpi X, A;
     mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
@@ -876,7 +876,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void mpi_selftest()
+void mpi_selftest(  )
 {
     TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index c24595d47..222d581c0 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -6,16 +6,13 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *result_str )
+void mbedtls_pem_write_buffer( char * start, char * end, uint8_t * buf,
+                               uint32_t buf_len, char * result_str )
 {
-    unsigned char buf[5000];
     unsigned char *check_buf = NULL;
     int ret;
-    size_t buf_len, olen = 0, olen2 = 0;
+    size_t olen = 0, olen2 = 0;
 
-    memset( buf, 0, sizeof( buf ) );
-
-    buf_len = unhexify( buf, buf_str );
 
     ret = mbedtls_pem_write_buffer( start, end, buf, buf_len, NULL, 0, &olen );
     TEST_ASSERT( ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
@@ -23,7 +20,6 @@ void mbedtls_pem_write_buffer( char *start, char *end, char *buf_str, char *resu
     check_buf = (unsigned char *) mbedtls_calloc( 1, olen );
     TEST_ASSERT( check_buf != NULL );
 
-    memset( check_buf, 0, olen );
     ret = mbedtls_pem_write_buffer( start, end, buf, buf_len, check_buf, olen, &olen2 );
 
     TEST_ASSERT( olen2 <= olen );
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index c0c987d5c..4219c9d8d 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -70,7 +70,7 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
  */
 
 /* BEGIN_CASE */
-void pk_utils( int type, int size, int len, char *name )
+void pk_utils( int type, int size, int len, char * name )
 {
     mbedtls_pk_context pk;
 
@@ -91,7 +91,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
-void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret )
+void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
 {
     mbedtls_pk_context pub, prv, alt;
 
@@ -121,22 +121,19 @@ void mbedtls_pk_check_pair( char *pub_file, char *prv_file, int ret )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
-                       int mod, int radix_N, char *input_N, int radix_E,
-                       char *input_E, char *result_hex_str, int result )
+void pk_rsa_verify_test_vec( uint8_t * message_str, uint32_t msg_len,
+                             int digest, int mod, int radix_N, char * input_N,
+                             int radix_E, char * input_E,
+                             uint8_t * result_str, uint32_t result_str_len,
+                             int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
-    unsigned char result_str[1000];
     mbedtls_rsa_context *rsa;
     mbedtls_pk_context pk;
-    int msg_len;
 
     mbedtls_pk_init( &pk );
 
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
-    memset( result_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
     rsa = mbedtls_pk_rsa( pk );
@@ -145,8 +142,6 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
     TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
-    unhexify( result_str, result_hex_str );
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
@@ -160,27 +155,23 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest,
-                       int mod, int radix_N, char *input_N, int radix_E,
-                       char *input_E, char *result_hex_str,
-                       int pk_type, int mgf1_hash_id, int salt_len,
-                       int result )
+void pk_rsa_verify_ext_test_vec( uint8_t * message_str, uint32_t msg_len,
+                                 int digest, int mod, int radix_N,
+                                 char * input_N, int radix_E, char * input_E,
+                                 uint8_t * result_str,
+                                 uint32_t result_str_len, int pk_type,
+                                 int mgf1_hash_id, int salt_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
-    unsigned char result_str[1000];
     mbedtls_rsa_context *rsa;
     mbedtls_pk_context pk;
     mbedtls_pk_rsassa_pss_options pss_opts;
     void *options;
-    int msg_len;
     size_t hash_len;
 
     mbedtls_pk_init( &pk );
 
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
-    memset( result_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
     rsa = mbedtls_pk_rsa( pk );
@@ -189,8 +180,6 @@ void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest,
     TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
-    unhexify( result_str, result_hex_str );
 
     if( digest != MBEDTLS_MD_NONE )
     {
@@ -226,19 +215,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
-void pk_ec_test_vec( int type, int id, char *key_str,
-                     char *hash_str, char * sig_str, int ret )
+void pk_ec_test_vec( int type, int id, uint8_t * key, uint32_t key_len,
+                     uint8_t * hash, uint32_t hash_len, uint8_t * sig,
+                     uint32_t sig_len, int ret )
 {
     mbedtls_pk_context pk;
     mbedtls_ecp_keypair *eckey;
-    unsigned char hash[100], sig[500], key[500];
-    size_t hash_len, sig_len, key_len;
 
     mbedtls_pk_init( &pk );
 
-    memset( hash, 0, sizeof( hash ) );  hash_len = unhexify(hash, hash_str);
-    memset( sig, 0, sizeof( sig ) );    sig_len = unhexify(sig, sig_str);
-    memset( key, 0, sizeof( key ) );    key_len = unhexify(key, key_str);
 
     TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
 
@@ -284,26 +269,20 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_encrypt_test_vec( char *message_hex, int mod,
-                            int radix_N, char *input_N,
-                            int radix_E, char *input_E,
-                            char *result_hex, int ret )
+void pk_rsa_encrypt_test_vec( uint8_t * message, uint32_t msg_len, int mod,
+                              int radix_N, char * input_N, int radix_E,
+                              char * input_E, uint8_t * result,
+                              uint32_t res_len, int ret )
 {
-    unsigned char message[1000];
     unsigned char output[1000];
-    unsigned char result[1000];
-    size_t msg_len, olen, res_len;
     rnd_pseudo_info rnd_info;
     mbedtls_rsa_context *rsa;
     mbedtls_pk_context pk;
+    size_t olen;
 
     memset( &rnd_info,  0, sizeof( rnd_pseudo_info ) );
-    memset( message,    0, sizeof( message ) );
     memset( output,     0, sizeof( output ) );
-    memset( result,     0, sizeof( result ) );
 
-    msg_len = unhexify( message, message_hex );
-    res_len = unhexify( result, result_hex );
 
     mbedtls_pk_init( &pk );
     TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
@@ -325,32 +304,25 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod,
-                            int radix_P, char *input_P,
-                            int radix_Q, char *input_Q,
-                            int radix_N, char *input_N,
-                            int radix_E, char *input_E,
-                            char *clear_hex, int ret )
+void pk_rsa_decrypt_test_vec( uint8_t * cipher, uint32_t cipher_len, int mod,
+                              int radix_P, char * input_P, int radix_Q,
+                              char * input_Q, int radix_N, char * input_N,
+                              int radix_E, char * input_E, uint8_t * clear,
+                              uint32_t clear_len, int ret )
 {
-    unsigned char clear[1000];
     unsigned char output[1000];
-    unsigned char cipher[1000];
-    size_t clear_len, olen, cipher_len;
     rnd_pseudo_info rnd_info;
     mbedtls_mpi N, P, Q, E;
     mbedtls_rsa_context *rsa;
     mbedtls_pk_context pk;
+    size_t olen;
 
     mbedtls_pk_init( &pk );
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
 
     memset( &rnd_info,  0, sizeof( rnd_pseudo_info ) );
-    memset( clear,      0, sizeof( clear ) );
-    memset( cipher,     0, sizeof( cipher ) );
 
-    clear_len  = unhexify( clear,   clear_hex );
-    cipher_len = unhexify( cipher, cipher_hex );
 
     /* init pk-rsa context */
     TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
@@ -453,7 +425,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
-void pk_rsa_alt( )
+void pk_rsa_alt(  )
 {
     /*
      * An rsa_alt context can only do private operations (decrypt, sign).
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 7f8b1c82e..47539ca32 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -9,28 +9,24 @@
  */
 
 /* BEGIN_CASE */
-void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E,
-                               char *input_E, int hash,
-                               char *message_hex_string, char *seed,
-                               char *result_hex_str, int result )
+void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
+                              int radix_E, char * input_E, int hash,
+                              uint8_t * message_str, uint32_t msg_len,
+                              uint8_t * rnd_buf, uint32_t rnd_buf_len,
+                              uint8_t * result_hex_str,
+                              uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
-    unsigned char rnd_buf[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len;
     rnd_buf_info info;
     mbedtls_mpi N, E;
 
-    info.length = unhexify( rnd_buf, seed );
     info.buf = rnd_buf;
+    info.length = rnd_buf_len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -38,14 +34,12 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E,
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -55,15 +49,14 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
-                               int radix_Q, char *input_Q, int radix_N,
-                               char *input_N, int radix_E, char *input_E,
-                               int hash, char *result_hex_str, char *seed,
-                               char *message_hex_string, int result )
+void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
+                              int radix_Q, char * input_Q, int radix_N,
+                              char * input_N, int radix_E, char * input_E,
+                              int hash, uint8_t * result_hex_str, uint32_t result_hex_str_len,
+                              char * seed, uint8_t * message_str, uint32_t message_str_len,
+                              int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx;
     size_t output_len;
     rnd_pseudo_info rnd_info;
@@ -74,9 +67,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
 
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -89,14 +80,12 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    unhexify( message_str, message_hex_string );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len) == 0 );
     }
 
 exit:
@@ -107,33 +96,29 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
-                            char *input_Q, int radix_N, char *input_N,
-                            int radix_E, char *input_E, int digest, int hash,
-                            char *message_hex_string, char *salt,
-                            char *result_hex_str, int result )
+void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
+                            char * input_Q, int radix_N, char * input_N,
+                            int radix_E, char * input_E, int digest, int hash,
+                            uint8_t * message_str, uint32_t msg_len,
+                            uint8_t * rnd_buf, uint32_t rnd_buf_len,
+                            uint8_t * result_hex_str,
+                            uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
-    unsigned char rnd_buf[1000];
     mbedtls_rsa_context ctx;
     mbedtls_mpi N, P, Q, E;
-    size_t msg_len;
     rnd_buf_info info;
 
-    info.length = unhexify( rnd_buf, salt );
     info.buf = rnd_buf;
+    info.length = rnd_buf_len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
 
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -145,7 +130,6 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
@@ -153,9 +137,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
     TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len);
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -166,24 +149,21 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E,
-                              char *input_E, int digest, int hash,
-                              char *message_hex_string, char *salt,
-                              char *result_hex_str, int result )
+void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
+                              int radix_E, char * input_E, int digest,
+                              int hash, uint8_t * message_str,
+                              uint32_t msg_len, char * salt,
+                              uint8_t * result_str, uint32_t result_str_len,
+                              int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
-    unsigned char result_str[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len;
     mbedtls_mpi N, E;
     ((void) salt);
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
-    memset( result_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -191,8 +171,6 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E,
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
-    unhexify( result_str, result_hex_str );
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 50da2ff1b..5fdca8128 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -9,28 +9,24 @@
  */
 
 /* BEGIN_CASE */
-void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E,
-                               char *input_E, int hash,
-                               char *message_hex_string, char *seed,
-                               char *result_hex_str, int result )
+void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
+                               int radix_E, char * input_E, int hash,
+                               uint8_t * message_str, uint32_t msg_len,
+                               uint8_t * rnd_buf, uint32_t rnd_buf_len,
+                               uint8_t * result_hex_str,
+                               uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
-    unsigned char rnd_buf[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len;
     rnd_buf_info info;
     mbedtls_mpi N, E;
 
-    info.length = unhexify( rnd_buf, seed );
     info.buf = rnd_buf;
+    info.length = rnd_buf_len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -38,14 +34,12 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E,
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -55,15 +49,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P,
-                               int radix_Q, char *input_Q, int radix_N,
-                               char *input_N, int radix_E, char *input_E,
-                               int hash, char *result_hex_str, char *seed,
-                               char *message_hex_string, int result )
+void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
+                               int radix_Q, char * input_Q, int radix_N,
+                               char * input_N, int radix_E, char * input_E,
+                               int hash, uint8_t * result_hex_str,
+                               uint32_t result_hex_str_len, char * seed,
+                               uint8_t * message_str,
+                               uint32_t message_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx;
     size_t output_len;
     rnd_pseudo_info rnd_info;
@@ -75,9 +69,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P,
 
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
 
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -90,14 +82,12 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P,
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    unhexify( message_str, message_hex_string );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -108,33 +98,29 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q,
-                            char *input_Q, int radix_N, char *input_N,
-                            int radix_E, char *input_E, int digest, int hash,
-                            char *message_hex_string, char *salt,
-                            char *result_hex_str, int result )
+void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
+                            char * input_Q, int radix_N, char * input_N,
+                            int radix_E, char * input_E, int digest, int hash,
+                            uint8_t * message_str, uint32_t msg_len,
+                            uint8_t * rnd_buf, uint32_t rnd_buf_len,
+                            uint8_t * result_hex_str,
+                            uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
-    unsigned char rnd_buf[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len;
     rnd_buf_info info;
     mbedtls_mpi N, P, Q, E;
 
-    info.length = unhexify( rnd_buf, salt );
     info.buf = rnd_buf;
+    info.length = rnd_buf_len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
 
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -146,7 +132,6 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q,
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str,
@@ -156,9 +141,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q,
                                          digest, 0, hash_result, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len);
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -169,24 +153,21 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E,
-                              char *input_E, int digest, int hash,
-                              char *message_hex_string, char *salt,
-                              char *result_hex_str, int result )
+void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
+                              int radix_E, char * input_E, int digest,
+                              int hash, uint8_t * message_str,
+                              uint32_t msg_len, char * salt,
+                              uint8_t * result_str, uint32_t result_str_len,
+                              int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
-    unsigned char result_str[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len;
     mbedtls_mpi N, E;
     ((void) salt);
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
-    memset( result_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -195,8 +176,6 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E,
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
-    unhexify( result_str, result_hex_str );
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str,
@@ -212,28 +191,23 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void pkcs1_rsassa_pss_verify_ext( int mod,
-                                  int radix_N, char *input_N,
-                                  int radix_E, char *input_E,
+void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
+                                  int radix_E, char * input_E,
                                   int msg_digest_id, int ctx_hash,
                                   int mgf_hash, int salt_len,
-                                  char *message_hex_string,
-                                  char *result_hex_str,
-                                  int result_simple,
+                                  uint8_t * message_str, uint32_t msg_len,
+                                  uint8_t * result_str,
+                                  uint32_t result_str_len, int result_simple,
                                   int result_full )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
-    unsigned char result_str[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len, hash_len;
+    size_t hash_len;
     mbedtls_mpi N, E;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
-    memset( result_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -242,8 +216,6 @@ void pkcs1_rsassa_pss_verify_ext( int mod,
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
-    unhexify( result_str, result_hex_str );
 
     if( msg_digest_id != MBEDTLS_MD_NONE )
     {
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 98546cb73..29e87cbfe 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -8,38 +8,25 @@
  */
 
 /* BEGIN_CASE */
-void pbkdf2_hmac( int hash, char *hex_password_string,
-                  char *hex_salt_string, int it_cnt, int key_len,
-                  char *result_key_string )
+void pbkdf2_hmac( int hash, uint8_t * pw_str, uint32_t pw_len,
+                  uint8_t * salt_str, uint32_t salt_len, int it_cnt,
+                  int key_len, uint8_t * result_key_string,
+                  uint32_t result_key_string_len )
 {
-    unsigned char pw_str[100];
-    unsigned char salt_str[100];
-    unsigned char dst_str[200];
-
     mbedtls_md_context_t ctx;
     const mbedtls_md_info_t *info;
 
-    int pw_len, salt_len;
     unsigned char key[100];
 
     mbedtls_md_init( &ctx );
 
-    memset(pw_str, 0x00, sizeof(pw_str));
-    memset(salt_str, 0x00, sizeof(salt_str));
-    memset(dst_str, 0x00, sizeof(dst_str));
-
-    pw_len = unhexify( pw_str, hex_password_string );
-    salt_len = unhexify( salt_str, hex_salt_string );
-
-
     info = mbedtls_md_info_from_type( hash );
     TEST_ASSERT( info != NULL );
     TEST_ASSERT( mbedtls_md_setup( &ctx, info, 1 ) == 0 );
     TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
                                      it_cnt, key_len, key ) == 0 );
 
-    hexify( dst_str, key, key_len );
-    TEST_ASSERT( strcmp( (char *) dst_str, result_key_string ) == 0 );
+    TEST_ASSERT( hexcmp( key, result_key_string, key_len, result_key_string_len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -80,7 +67,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void pkcs5_selftest( )
+void pkcs5_selftest(  )
 {
     TEST_ASSERT( mbedtls_pkcs5_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 94d25e7eb..860730569 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -10,7 +10,7 @@
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
-void pk_parse_keyfile_rsa( char *key_file, char *password, int result )
+void pk_parse_keyfile_rsa( char * key_file, char * password, int result )
 {
     mbedtls_pk_context ctx;
     int res;
@@ -39,7 +39,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_FS_IO */
-void pk_parse_public_keyfile_rsa( char *key_file, int result )
+void pk_parse_public_keyfile_rsa( char * key_file, int result )
 {
     mbedtls_pk_context ctx;
     int res;
@@ -64,7 +64,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
-void pk_parse_public_keyfile_ec( char *key_file, int result )
+void pk_parse_public_keyfile_ec( char * key_file, int result )
 {
     mbedtls_pk_context ctx;
     int res;
@@ -89,7 +89,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_C */
-void pk_parse_keyfile_ec( char *key_file, char *password, int result )
+void pk_parse_keyfile_ec( char * key_file, char * password, int result )
 {
     mbedtls_pk_context ctx;
     int res;
@@ -113,21 +113,18 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
-void pk_parse_key( char *key_data, char *result_str, int result )
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
+void pk_parse_key( uint8_t * buf, uint32_t data_len, char * result_str,
+                   int result )
 {
     mbedtls_pk_context pk;
-    unsigned char buf[2000];
     unsigned char output[2000];
-    int data_len;
     ((void) result_str);
 
     mbedtls_pk_init( &pk );
 
-    memset( buf, 0, 2000 );
     memset( output, 0, 2000 );
 
-    data_len = unhexify( buf, key_data );
 
     TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf, data_len, NULL, 0 ) == ( result ) );
     if( ( result ) == 0 )
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 8b20640f3..3ad782d33 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -10,7 +10,7 @@
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_pubkey_check( char *key_file )
+void pk_write_pubkey_check( char * key_file )
 {
     mbedtls_pk_context key;
     unsigned char buf[5000];
@@ -42,7 +42,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_key_check( char *key_file )
+void pk_write_key_check( char * key_file )
 {
     mbedtls_pk_context key;
     unsigned char buf[5000];
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 4d58049df..e13735b3d 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -18,28 +18,26 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int digest,
-                     int mod, int radix_P, char *input_P, int radix_Q,
-                     char *input_Q, int radix_N, char *input_N, int radix_E,
-                     char *input_E, char *result_hex_str, int result )
+void mbedtls_rsa_pkcs1_sign( uint8_t * message_str, uint32_t msg_len,
+                             int padding_mode, int digest, int mod,
+                             int radix_P, char * input_P, int radix_Q,
+                             char * input_Q, int radix_N, char * input_N,
+                             int radix_E, char * input_E,
+                             uint8_t * result_hex_str,
+                             uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx;
     mbedtls_mpi N, P, Q, E;
-    int msg_len;
     rnd_pseudo_info rnd_info;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, padding_mode, 0 );
 
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -52,7 +50,6 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
@@ -63,9 +60,8 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
                                          hash_result, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -76,23 +72,20 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int digest,
-                       int mod, int radix_N, char *input_N, int radix_E,
-                       char *input_E, char *result_hex_str, int result )
+void mbedtls_rsa_pkcs1_verify( uint8_t * message_str, uint32_t msg_len,
+                               int padding_mode, int digest, int mod,
+                               int radix_N, char * input_N, int radix_E,
+                               char * input_E, uint8_t * result_str,
+                               uint32_t result_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char hash_result[1000];
-    unsigned char result_str[1000];
     mbedtls_rsa_context ctx;
-    int msg_len;
 
     mbedtls_mpi N, E;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
     memset( hash_result, 0x00, 1000 );
-    memset( result_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -100,8 +93,6 @@ void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int d
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
-    unhexify( result_str, result_hex_str );
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
@@ -116,29 +107,24 @@ exit:
 
 
 /* BEGIN_CASE */
-void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
-                         int padding_mode, int mod, int radix_P, char *input_P,
-                         int radix_Q, char *input_Q, int radix_N,
-                         char *input_N, int radix_E, char *input_E,
-                         char *result_hex_str )
+void rsa_pkcs1_sign_raw( uint8_t * message_str, uint32_t message_str_len,
+                         uint8_t * hash_result, uint32_t hash_len,
+                         int padding_mode, int mod, int radix_P,
+                         char * input_P, int radix_Q, char * input_Q,
+                         int radix_N, char * input_N, int radix_E,
+                         char * input_E, uint8_t * result_hex_str,
+                         uint32_t result_hex_str_len )
 {
-    unsigned char message_str[1000];
-    unsigned char hash_result[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx;
     mbedtls_mpi N, P, Q, E;
-    int hash_len;
     rnd_pseudo_info rnd_info;
 
     mbedtls_rsa_init( &ctx, padding_mode, 0 );
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
 
-    memset( message_str, 0x00, 1000 );
-    memset( hash_result, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -151,16 +137,13 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    unhexify( message_str, message_hex_string );
-    hash_len = unhexify( hash_result, hash_result_string );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
                                          MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
                                          hash_len, hash_result, output ) == 0 );
 
-    hexify( output_str, output, ctx.len );
 
-    TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+    TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
 
 #if defined(MBEDTLS_PKCS1_V15)
     /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
@@ -168,7 +151,6 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
     {
         int res;
         memset( output, 0x00, 1000 );
-        memset( output_str, 0x00, 1000 );
 
         res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
                     &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
@@ -183,8 +165,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
 
         if( res == 0 )
         {
-            hexify( output_str, output, ctx.len );
-            TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+            TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
         }
     }
 #endif /* MBEDTLS_PKCS1_V15 */
@@ -198,25 +179,20 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
+void rsa_pkcs1_verify_raw( uint8_t * message_str, uint32_t message_str_len,
+                           uint8_t * hash_result, uint32_t hash_len,
                            int padding_mode, int mod, int radix_N,
-                           char *input_N, int radix_E, char *input_E,
-                           char *result_hex_str, int correct )
+                           char * input_N, int radix_E, char * input_E,
+                           uint8_t * result_str, uint32_t result_str_len,
+                           int correct )
 {
-    unsigned char message_str[1000];
-    unsigned char hash_result[1000];
-    unsigned char result_str[1000];
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
-    size_t hash_len;
 
     mbedtls_mpi N, E;
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
 
     mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
-    memset( hash_result, 0x00, 1000 );
-    memset( result_str, 0x00, 1000 );
     memset( output, 0x00, sizeof( output ) );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
@@ -226,9 +202,6 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    unhexify( message_str, message_hex_string );
-    hash_len = unhexify( hash_result, hash_result_string );
-    unhexify( result_str, result_hex_str );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
                               MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
@@ -272,15 +245,14 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int mod,
-                        int radix_N, char *input_N, int radix_E, char *input_E,
-                        char *result_hex_str, int result )
+void mbedtls_rsa_pkcs1_encrypt( uint8_t * message_str, uint32_t msg_len,
+                                int padding_mode, int mod, int radix_N,
+                                char * input_N, int radix_E, char * input_E,
+                                uint8_t * result_hex_str,
+                                uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len;
     rnd_pseudo_info rnd_info;
 
     mbedtls_mpi N, E;
@@ -289,9 +261,7 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int
     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -300,16 +270,14 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
                                             MBEDTLS_RSA_PUBLIC, msg_len,
                                             message_str, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -319,24 +287,20 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
-                                int mod, int radix_N, char *input_N,
-                                int radix_E, char *input_E,
-                                char *result_hex_str, int result )
+void rsa_pkcs1_encrypt_bad_rng( uint8_t * message_str, uint32_t msg_len,
+                                int padding_mode, int mod, int radix_N,
+                                char * input_N, int radix_E, char * input_E,
+                                uint8_t * result_hex_str,
+                                uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx;
-    size_t msg_len;
 
     mbedtls_mpi N, E;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -345,16 +309,14 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    msg_len = unhexify( message_str, message_hex_string );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
                                             MBEDTLS_RSA_PUBLIC, msg_len,
                                             message_str, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -364,14 +326,15 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int mod,
-                        int radix_P, char *input_P, int radix_Q, char *input_Q,
-                        int radix_N, char *input_N, int radix_E, char *input_E,
-                        int max_output, char *result_hex_str, int result )
+void mbedtls_rsa_pkcs1_decrypt( uint8_t * message_str,
+                                uint32_t message_str_len, int padding_mode,
+                                int mod, int radix_P, char * input_P,
+                                int radix_Q, char * input_Q, int radix_N,
+                                char * input_N, int radix_E, char * input_E,
+                                int max_output, uint8_t * result_hex_str,
+                                uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx;
     size_t output_len;
     rnd_pseudo_info rnd_info;
@@ -382,9 +345,7 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int
 
     mbedtls_rsa_init( &ctx, padding_mode, 0 );
 
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
 
@@ -398,15 +359,13 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    unhexify( message_str, message_hex_string );
     output_len = 0;
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -417,12 +376,12 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
-                 int radix_E, char *input_E, char *result_hex_str, int result )
+void mbedtls_rsa_public( uint8_t * message_str, uint32_t message_str_len,
+                         int mod, int radix_N, char * input_N, int radix_E,
+                         char * input_E, uint8_t * result_hex_str,
+                         uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
 
     mbedtls_mpi N, E;
@@ -430,9 +389,7 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
     mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
-    memset( message_str, 0x00, 1000 );
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -441,14 +398,12 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i
     TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
-    unhexify( message_str, message_hex_string );
 
     TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
     }
 
     /* And now with the copy */
@@ -459,13 +414,11 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
 
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
     TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx2.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -476,13 +429,14 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *input_P,
-                  int radix_Q, char *input_Q, int radix_N, char *input_N,
-                  int radix_E, char *input_E, char *result_hex_str, int result )
+void mbedtls_rsa_private( uint8_t * message_str, uint32_t message_str_len,
+                          int mod, int radix_P, char * input_P, int radix_Q,
+                          char * input_Q, int radix_N, char * input_N,
+                          int radix_E, char * input_E,
+                          uint8_t * result_hex_str,
+                          uint32_t result_hex_str_len, int result )
 {
-    unsigned char message_str[1000];
     unsigned char output[1000];
-    unsigned char output_str[1000];
     mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
     mbedtls_mpi N, P, Q, E;
     rnd_pseudo_info rnd_info;
@@ -493,7 +447,6 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
     mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
 
-    memset( message_str, 0x00, 1000 );
     memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
 
     TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -506,20 +459,17 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
-    unhexify( message_str, message_hex_string );
 
     /* repeat three times to test updating of blinding values */
     for( i = 0; i < 3; i++ )
     {
         memset( output, 0x00, 1000 );
-        memset( output_str, 0x00, 1000 );
         TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
                                   message_str, output ) == result );
         if( result == 0 )
         {
-            hexify( output_str, output, ctx.len );
 
-            TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+            TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
         }
     }
 
@@ -531,14 +481,12 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
 
     memset( output, 0x00, 1000 );
-    memset( output_str, 0x00, 1000 );
     TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
                               message_str, output ) == result );
     if( result == 0 )
     {
-        hexify( output_str, output, ctx2.len );
 
-        TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -550,7 +498,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_check_privkey_null()
+void rsa_check_privkey_null(  )
 {
     mbedtls_rsa_context ctx;
     memset( &ctx, 0x00, sizeof( mbedtls_rsa_context ) );
@@ -560,8 +508,8 @@ void rsa_check_privkey_null()
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *input_E,
-                       int result )
+void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E,
+                               char * input_E, int result )
 {
     mbedtls_rsa_context ctx;
     mbedtls_mpi N, E;
@@ -588,12 +536,13 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q,
-                        char *input_Q, int radix_N, char *input_N,
-                        int radix_E, char *input_E, int radix_D, char *input_D,
-                        int radix_DP, char *input_DP, int radix_DQ,
-                        char *input_DQ, int radix_QP, char *input_QP,
-                        int result )
+void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P,
+                                int radix_Q, char * input_Q, int radix_N,
+                                char * input_N, int radix_E, char * input_E,
+                                int radix_D, char * input_D, int radix_DP,
+                                char * input_DP, int radix_DQ,
+                                char * input_DQ, int radix_QP,
+                                char * input_QP, int result )
 {
     mbedtls_rsa_context ctx;
 
@@ -647,13 +596,13 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
-                        int radix_Epub, char *input_Epub,
-                        int radix_P, char *input_P, int radix_Q,
-                        char *input_Q, int radix_N, char *input_N,
-                        int radix_E, char *input_E, int radix_D, char *input_D,
-                        int radix_DP, char *input_DP, int radix_DQ,
-                        char *input_DQ, int radix_QP, char *input_QP,
+void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub,
+                        int radix_Epub, char * input_Epub, int radix_P,
+                        char * input_P, int radix_Q, char * input_Q,
+                        int radix_N, char * input_N, int radix_E,
+                        char * input_E, int radix_D, char * input_D,
+                        int radix_DP, char * input_DP, int radix_DQ,
+                        char * input_DQ, int radix_QP, char * input_QP,
                         int result )
 {
     mbedtls_rsa_context pub, prv;
@@ -1465,7 +1414,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void rsa_selftest()
+void rsa_selftest(  )
 {
     TEST_ASSERT( mbedtls_rsa_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index d704b388b..02ac47378 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,126 +5,96 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void mbedtls_sha1( char *hex_src_string, char *hex_hash_string )
+void mbedtls_sha1( uint8_t * src_str, uint32_t src_len,
+                   uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
-    unsigned char src_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[41];
-    int src_len;
 
-    memset(src_str, 0x00, 10000);
-    memset(hash_str, 0x00, 10000);
     memset(output, 0x00, 41);
 
-    src_len = unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_sha1_ret( src_str, src_len, output ) == 0 );
-    hexify( hash_str, output, 20 );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, 20, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha224(char *hex_src_string, char *hex_hash_string )
+void sha224( uint8_t * src_str, uint32_t src_len, uint8_t * hex_hash_string,
+             uint32_t hex_hash_string_len )
 {
-    unsigned char src_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[57];
-    int src_len;
 
-    memset(src_str, 0x00, 10000);
-    memset(hash_str, 0x00, 10000);
     memset(output, 0x00, 57);
 
-    src_len = unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 1 ) == 0 );
-    hexify( hash_str, output, 28 );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, 28, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void mbedtls_sha256(char *hex_src_string, char *hex_hash_string )
+void mbedtls_sha256( uint8_t * src_str, uint32_t src_len,
+                     uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
-    unsigned char src_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[65];
-    int src_len;
 
-    memset(src_str, 0x00, 10000);
-    memset(hash_str, 0x00, 10000);
     memset(output, 0x00, 65);
 
-    src_len = unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 0 ) == 0 );
-    hexify( hash_str, output, 32 );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, 32, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha384(char *hex_src_string, char *hex_hash_string )
+void sha384( uint8_t * src_str, uint32_t src_len, uint8_t * hex_hash_string,
+             uint32_t hex_hash_string_len )
 {
-    unsigned char src_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[97];
-    int src_len;
 
-    memset(src_str, 0x00, 10000);
-    memset(hash_str, 0x00, 10000);
     memset(output, 0x00, 97);
 
-    src_len = unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 1 ) == 0 );
-    hexify( hash_str, output, 48 );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, 48, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void mbedtls_sha512(char *hex_src_string, char *hex_hash_string )
+void mbedtls_sha512( uint8_t * src_str, uint32_t src_len,
+                     uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
 {
-    unsigned char src_str[10000];
-    unsigned char hash_str[10000];
     unsigned char output[129];
-    int src_len;
 
-    memset(src_str, 0x00, 10000);
-    memset(hash_str, 0x00, 10000);
     memset(output, 0x00, 129);
 
-    src_len = unhexify( src_str, hex_src_string );
 
     TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 0 ) == 0 );
-    hexify( hash_str, output, 64 );
 
-    TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, 64, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_SELF_TEST */
-void sha1_selftest()
+void sha1_selftest(  )
 {
     TEST_ASSERT( mbedtls_sha1_self_test( 1 ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_SELF_TEST */
-void sha256_selftest()
+void sha256_selftest(  )
 {
     TEST_ASSERT( mbedtls_sha256_self_test( 1 ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_SELF_TEST */
-void sha512_selftest()
+void sha512_selftest(  )
 {
     TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 1610155fb..6e949c86b 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -53,6 +53,7 @@ static int timers_are_badly_broken = 0;
  * END_DEPENDENCIES
  */
 
+<<<<<<< HEAD
 /* BEGIN_CASE */
 void timing_timer_simple( )
 {
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index a4847f92c..10f9e1154 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -8,7 +8,7 @@
  */
 
 /* BEGIN_CASE */
-void check_compiletime_version( char *version_str )
+void check_compiletime_version( char * version_str )
 {
     char build_str[100];
     char build_str_full[100];
@@ -35,7 +35,7 @@ void check_compiletime_version( char *version_str )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void check_runtime_version( char *version_str )
+void check_runtime_version( char * version_str )
 {
     char build_str[100];
     char get_str[100];
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index d02068d5f..4d36027f1 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -162,7 +162,7 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void x509_cert_info( char *crt_file, char *result_str )
+void x509_cert_info( char * crt_file, char * result_str )
 {
     mbedtls_x509_crt   crt;
     char buf[2000];
@@ -185,7 +185,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_info( char *crl_file, char *result_str )
+void mbedtls_x509_crl_info( char * crl_file, char * result_str )
 {
     mbedtls_x509_crl   crl;
     char buf[2000];
@@ -208,7 +208,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
-void mbedtls_x509_crl_parse( char *crl_file, int result )
+void mbedtls_x509_crl_parse( char * crl_file, int result )
 {
     mbedtls_x509_crl   crl;
     char buf[2000];
@@ -224,7 +224,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_info( char *csr_file, char *result_str )
+void mbedtls_x509_csr_info( char * csr_file, char * result_str )
 {
     mbedtls_x509_csr   csr;
     char buf[2000];
@@ -247,7 +247,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509_verify_info( int flags, char *prefix, char *result_str )
+void x509_verify_info( int flags, char * prefix, char * result_str )
 {
     char buf[2000];
     int res;
@@ -355,7 +355,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_dn_gets( char *crt_file, char *entity, char *result_str )
+void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
 {
     mbedtls_x509_crt   crt;
     char buf[2000];
@@ -383,7 +383,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_past( char *crt_file, char *entity, int result )
+void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
 {
     mbedtls_x509_crt   crt;
 
@@ -404,7 +404,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_time_is_future( char *crt_file, char *entity, int result )
+void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
 {
     mbedtls_x509_crt   crt;
 
@@ -425,7 +425,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
-void x509parse_crt_file( char *crt_file, int result )
+void x509parse_crt_file( char * crt_file, int result )
 {
     mbedtls_x509_crt crt;
 
@@ -439,18 +439,16 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt( char *crt_data, char *result_str, int result )
+void x509parse_crt( uint8_t * buf, uint32_t data_len, char * result_str,
+                    int result )
 {
     mbedtls_x509_crt   crt;
-    unsigned char buf[2000];
     unsigned char output[2000];
-    int data_len, res;
+    int res;
 
     mbedtls_x509_crt_init( &crt );
-    memset( buf, 0, 2000 );
     memset( output, 0, 2000 );
 
-    data_len = unhexify( buf, crt_data );
 
     TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf, data_len ) == ( result ) );
     if( ( result ) == 0 )
@@ -469,18 +467,16 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
-void x509parse_crl( char *crl_data, char *result_str, int result )
+void x509parse_crl( uint8_t * buf, uint32_t data_len, char * result_str,
+                    int result )
 {
     mbedtls_x509_crl   crl;
-    unsigned char buf[2000];
     unsigned char output[2000];
-    int data_len, res;
+    int res;
 
     mbedtls_x509_crl_init( &crl );
-    memset( buf, 0, 2000 );
     memset( output, 0, 2000 );
 
-    data_len = unhexify( buf, crl_data );
 
     TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf, data_len ) == ( result ) );
     if( ( result ) == 0 )
@@ -499,7 +495,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_parse( char *csr_der_hex, char *ref_out, int ref_ret )
+void mbedtls_x509_csr_parse( char * csr_der_hex, char * ref_out, int ref_ret )
 {
     mbedtls_x509_csr csr;
     unsigned char *csr_der = NULL;
@@ -528,7 +524,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
-void mbedtls_x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
+void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
 {
     mbedtls_x509_crt chain, *cur;
     int i;
@@ -630,18 +626,16 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_desc( char *oid_str, char *ref_desc )
+void x509_oid_desc( uint8_t * buf, uint32_t buf_len, char * ref_desc )
 {
     mbedtls_x509_buf oid;
     const char *desc = NULL;
-    unsigned char buf[20];
     int ret;
 
-    memset( buf, 0, sizeof buf );
 
     oid.tag = MBEDTLS_ASN1_OID;
-    oid.len = unhexify( buf, oid_str );
     oid.p   = buf;
+    oid.len   = buf_len;
 
     ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
 
@@ -660,18 +654,17 @@ void x509_oid_desc( char *oid_str, char *ref_desc )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
+void x509_oid_numstr( uint8_t * oid_buf, uint32_t oid_buf_len, char * numstr,
+                      int blen, int ret )
 {
     mbedtls_x509_buf oid;
-    unsigned char oid_buf[20];
     char num_buf[100];
 
-    memset( oid_buf, 0x00, sizeof oid_buf );
     memset( num_buf, 0x2a, sizeof num_buf );
 
     oid.tag = MBEDTLS_ASN1_OID;
-    oid.len = unhexify( oid_buf, oid_str );
     oid.p   = oid_buf;
+    oid.len   = oid_buf_len;
 
     TEST_ASSERT( (size_t) blen <= sizeof num_buf );
 
@@ -686,7 +679,7 @@ void x509_oid_numstr( char *oid_str, char *numstr, int blen, int ret )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
-void x509_check_key_usage( char *crt_file, int usage, int ret )
+void x509_check_key_usage( char * crt_file, int usage, int ret )
 {
     mbedtls_x509_crt crt;
 
@@ -702,15 +695,13 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-void x509_check_extended_key_usage( char *crt_file, char *usage_hex, int ret )
+void x509_check_extended_key_usage( char * crt_file, uint8_t * oid,
+                                    uint32_t len, int ret )
 {
     mbedtls_x509_crt crt;
-    char oid[50];
-    size_t len;
 
     mbedtls_x509_crt_init( &crt );
 
-    len = unhexify( (unsigned char *) oid, usage_hex );
 
     TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
 
@@ -722,9 +713,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_get_time( int tag,  char *time_str, int ret,
-                    int year, int mon, int day,
-                    int hour, int min, int sec )
+void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
+                    int day, int hour, int min, int sec )
 {
     mbedtls_x509_time time;
     unsigned char buf[21];
@@ -753,7 +743,7 @@ void x509_get_time( int tag,  char *time_str, int ret,
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( char *hex_params, int params_tag,
+void x509_parse_rsassa_pss_params( char * hex_params, int params_tag,
                                    int ref_msg_md, int ref_mgf_md,
                                    int ref_salt_len, int ref_ret )
 {
@@ -783,7 +773,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
-void x509_selftest()
+void x509_selftest(  )
 {
     TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
 }
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 62f82e8a0..f9ba57623 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -35,8 +35,8 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
-void x509_csr_check( char *key_file, char *cert_req_check_file,
-                     int md_type, int key_usage, int cert_type )
+void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
+                     int key_usage, int cert_type )
 {
     mbedtls_pk_context key;
     mbedtls_x509write_csr req;
@@ -209,7 +209,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
-void mbedtls_x509_string_to_names( char *name, char *parsed_name, int result )
+void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
+                                   )
 {
     int ret;
     size_t len = 0;
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index cbc714a12..7da890acb 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -8,121 +8,83 @@
  */
 
 /* BEGIN_CASE */
-void xtea_encrypt_ecb( char *hex_key_string, char *hex_src_string,
-                       char *hex_dst_string )
+void xtea_encrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * src_str, uint32_t src_str_len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_xtea_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
 
-    unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_xtea_setup( &ctx, key_str );
     TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str, output ) == 0 );
-    hexify( dst_str, output, 8 );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void xtea_decrypt_ecb( char *hex_key_string, char *hex_src_string,
-                       char *hex_dst_string )
+void xtea_decrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * src_str, uint32_t src_str_len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
     unsigned char output[100];
     mbedtls_xtea_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
     memset(output, 0x00, 100);
 
-    unhexify( key_str, hex_key_string );
-    unhexify( src_str, hex_src_string );
 
     mbedtls_xtea_setup( &ctx, key_str );
     TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str, output ) == 0 );
-    hexify( dst_str, output, 8 );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                       char *hex_src_string, char *hex_dst_string )
+void xtea_encrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * iv_str, uint32_t iv_str_len,
+                       uint8_t * src_str, uint32_t len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
-    unsigned char iv_str[100];
     unsigned char output[100];
-    size_t len;
     mbedtls_xtea_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
     memset(output, 0x00, 100);
 
-    unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    len = unhexify( src_str, hex_src_string );
 
     mbedtls_xtea_setup( &ctx, key_str );
     TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, len, iv_str,
                                  src_str, output ) == 0 );
-    hexify( dst_str, output, len );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, len, hex_dst_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
-                       char *hex_src_string, char *hex_dst_string )
+void xtea_decrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
+                       uint8_t * iv_str, uint32_t iv_str_len,
+                       uint8_t * src_str, uint32_t len,
+                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
 {
-    unsigned char key_str[100];
-    unsigned char src_str[100];
-    unsigned char dst_str[100];
-    unsigned char iv_str[100];
     unsigned char output[100];
-    size_t len;
     mbedtls_xtea_context ctx;
 
-    memset(key_str, 0x00, 100);
-    memset(src_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
-    memset(iv_str, 0x00, 100);
     memset(output, 0x00, 100);
 
-    unhexify( key_str, hex_key_string );
-    unhexify( iv_str, hex_iv_string );
-    len = unhexify( src_str, hex_src_string );
 
     mbedtls_xtea_setup( &ctx, key_str );
     TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, len, iv_str,
                                  src_str, output ) == 0 );
-    hexify( dst_str, output, len );
 
-    TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string, len, hex_dst_string_len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
-void xtea_selftest()
+void xtea_selftest(  )
 {
     TEST_ASSERT( mbedtls_xtea_self_test( 1 ) == 0 );
 }

From 184447e7e4f1399d9411f94a14ab9b9ebff32a08 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Wed, 31 May 2017 20:29:36 +0100
Subject: [PATCH 267/578] Add proper handling of hex data

---
 tests/suites/desktop_test.function | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/tests/suites/desktop_test.function b/tests/suites/desktop_test.function
index 6e7fd075c..b2906a8dc 100644
--- a/tests/suites/desktop_test.function
+++ b/tests/suites/desktop_test.function
@@ -274,9 +274,22 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store
         }
         else if ( strcmp( type, "hex" ) == 0 )
         {
-            *int_params_store = unhexify( (unsigned char *) val, val );
-            *out++ = (char *)int_params_store++;
-            *out++ = val;
+            if ( verify_string( &val ) == 0 )
+            {
+                int j;
+                *int_params_store = unhexify( (unsigned char *) val, val );
+                printf ("\n");
+                for (j = 0; j < *int_params_store; j++)
+                    printf ("%02x ", (uint8_t)val[j]);
+                printf ("\n len %d\n", *int_params_store);
+                *out++ = val;
+                *out++ = (char *)(int_params_store++);
+            }
+            else
+            {
+                ret = ( DISPATCH_INVALID_TEST_DATA );
+                break;
+            }
         }
         else if ( strcmp( type, "exp" ) == 0 )
         {

From a57a420985e1f536de7dccbe4b4cc13a022b2df4 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Wed, 31 May 2017 20:32:32 +0100
Subject: [PATCH 268/578] Add hex parameter dispatch

---
 tests/scripts/gen_mbed_code.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/scripts/gen_mbed_code.py b/tests/scripts/gen_mbed_code.py
index 9fd9a0045..c63555de7 100644
--- a/tests/scripts/gen_mbed_code.py
+++ b/tests/scripts/gen_mbed_code.py
@@ -211,6 +211,7 @@ def parse_function_signature(line):
     name = m.group(1)
     line = line[len(m.group(0)):]
     arg_idx = 0
+    last_was_hex = False
     for arg in line[:line.find(')')].split(','):
         arg = arg.strip()
         if arg == '':
@@ -221,6 +222,13 @@ def parse_function_signature(line):
         elif re.search('char\s*\*\s*.*', arg.strip()):
             args.append('char*')
             args_dispatch.append('(char *) params[%d]' % arg_idx)
+        elif re.search('uint8_t\s*\*\s*.*', arg.strip()):
+            args.append('hex')
+            args_dispatch.append('(uint8_t *) params[%d]' % arg_idx)
+            last_was_hex = True
+        elif re.search('uint32_t\s+.*', arg.strip()) and last_was_hex:
+            last_was_hex = False
+            args_dispatch.append('*( (uint32_t *) params[%d] )' % arg_idx)
         else:
             raise ValueError("Test function arguments can only be 'int' or 'char *'\n%s" % line)
         arg_idx += 1

From 5e7f8df800a3b2d596e6f7aef2d416ef27ed3c82 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Wed, 31 May 2017 20:33:39 +0100
Subject: [PATCH 269/578] Print Greentea __testcase_name indicator for Greentea
 to mark the test

---
 tests/scripts/mbedtls_test.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 32521a8f9..19893ffb4 100644
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -218,6 +218,7 @@ class MbedTlsTest(BaseHostTest):
         """
         int_val = self.get_result(value)
         name, function, deps, args = self.tests[self.test_index]
+        self.log('{{__testcase_start;%s}}' % name)
         self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
                                                      int_val != 0))
         self.run_next_test()

From 46c9b1f196f16a868ac98e08530f4c4d31fe1b5d Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Wed, 31 May 2017 20:46:35 +0100
Subject: [PATCH 270/578] Fix test functions and data after moving
 hexify/unhexify out

- Separate string and hex parameter as unhexify is moved out of the function. It's input should only be hex.
- Fix test mbedtls_ccm_encrypt_and_tag that grows input message buffer with tag
- Add missing expected length parameter in ECP TLS tests
- Add deleted TEST_ASSERT and mbedtls calls that got removed in script based code generation
---
 tests/suites/test_suite_ccm.data              | 192 +++++-----
 tests/suites/test_suite_ccm.function          |  18 +-
 tests/suites/test_suite_cipher.ccm.data       | 240 ++++++-------
 .../suites/test_suite_cipher.chachapoly.data  |   4 +-
 tests/suites/test_suite_cipher.function       |   7 +-
 tests/suites/test_suite_debug.function        |   1 +
 tests/suites/test_suite_ecp.data              |  10 +-
 tests/suites/test_suite_ecp.function          |  11 +-
 tests/suites/test_suite_gcm.aes128_de.data    | 336 +++++++++---------
 tests/suites/test_suite_gcm.aes192_de.data    | 336 +++++++++---------
 tests/suites/test_suite_gcm.aes256_de.data    | 336 +++++++++---------
 tests/suites/test_suite_gcm.camellia.data     |  72 ++--
 tests/suites/test_suite_gcm.function          |   6 +-
 tests/suites/test_suite_md.function           |   6 +-
 tests/suites/test_suite_mpi.data              |   2 +-
 tests/suites/test_suite_pkcs1_v15.function    |   2 +-
 tests/suites/test_suite_pkcs1_v21.function    |   2 +-
 tests/suites/test_suite_rsa.function          |   4 +-
 18 files changed, 795 insertions(+), 790 deletions(-)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index cad40d59c..85bc3db41 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1036,387 +1036,387 @@ mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2e6e34070caf1b8820ed39edfa834
 
 CCM auth decrypt tag NIST DVPT AES-128 #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"02209f55":"5a8aa485c316e9":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"02209f55":"5a8aa485c316e9":"":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"9a04c241":"3796cf51b87266":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"9a04c241":"3796cf51b87266":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"75d582db43ce9b13ab4b6f7f14341330":"5a8aa485c316e9":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"75d582db43ce9b13ab4b6f7f14341330":"5a8aa485c316e9":"":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3a65e03af37b81d05acc7ec1bc39deb0":"3796cf51b87266":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3a65e03af37b81d05acc7ec1bc39deb0":"3796cf51b87266":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"90156f3f":"5a8aa485c316e9403aff859fbb":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"90156f3f":"5a8aa485c316e9403aff859fbb":"":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"88909016":"a16a2e741f1cd9717285b6d882":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"88909016":"a16a2e741f1cd9717285b6d882":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"fb04dc5a44c6bb000f2440f5154364b4":"5a8aa485c316e9403aff859fbb":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"fb04dc5a44c6bb000f2440f5154364b4":"5a8aa485c316e9403aff859fbb":"":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5447075bf42a59b91f08064738b015ab":"a16a2e741f1cd9717285b6d882":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5447075bf42a59b91f08064738b015ab":"a16a2e741f1cd9717285b6d882":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb703e1fa6b":"5a8aa485c316e9":"":4:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb703e1fa6b":"5a8aa485c316e9":"":4:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-128 #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f23e5d81c":"31f8fa25827d48":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f23e5d81c":"31f8fa25827d48":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f2d9a3fbc210595b7b8b1b41523111a8e":"5a8aa485c316e9":"":16:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f2d9a3fbc210595b7b8b1b41523111a8e":"5a8aa485c316e9":"":16:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-128 #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd2463af747cc88a001fa94e060290f209c4":"31f8fa25827d48":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd2463af747cc88a001fa94e060290f209c4":"31f8fa25827d48":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134a3e138b9":"5a8aa485c316e9403aff859fbb":"":4:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134a3e138b9":"5a8aa485c316e9403aff859fbb":"":4:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-128 #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654091a5ae9":"49004912fdd7269279b1f06a89":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654091a5ae9":"49004912fdd7269279b1f06a89":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb6a9a970b9beb2ac1bd4fd62168f8378a":"5a8aa485c316e9403aff859fbb":"":16:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb6a9a970b9beb2ac1bd4fd62168f8378a":"5a8aa485c316e9403aff859fbb":"":16:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-128 #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065a65666144994bad0c8195bcb4ade1337":"49004912fdd7269279b1f06a89":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065a65666144994bad0c8195bcb4ade1337":"49004912fdd7269279b1f06a89":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"782e4318":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"782e4318":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"a04f270a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"a04f270a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"41b476013f45e4a781f253a6f3b1e530":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"41b476013f45e4a781f253a6f3b1e530":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"f9f018fcd125822616083fffebc4c8e6":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"f9f018fcd125822616083fffebc4c8e6":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"9f69f24f":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"9f69f24f":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"e17afaa4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"e17afaa4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"1859ac36a40a6b28b34266253627797a":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"1859ac36a40a6b28b34266253627797a":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"edf8b46eb69ac0044116019dec183072":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"edf8b46eb69ac0044116019dec183072":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b338f125fa":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b338f125fa":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-128 #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c728a66b69":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c728a66b69":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b512cf3a20b7fd7c49e6e79bef475c2906f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b512cf3a20b7fd7c49e6e79bef475c2906f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-128 #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a3081d18ca149d6766bfaccec88f194eb5b":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a3081d18ca149d6766bfaccec88f194eb5b":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"934f893824e880f743d196b22d1f340a52608155087bd28ac25e5329":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"934f893824e880f743d196b22d1f340a52608155087bd28ac25e5329":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-128 #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a6559b3b3ee":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a6559b3b3ee":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-128 #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375c0a458bfcafa3b2609afe0f825cbf503":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375c0a458bfcafa3b2609afe0f825cbf503":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-128 #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c390042ba8bb5f6798dab01c5afad7306":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c390042ba8bb5f6798dab01c5afad7306":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"9d4b7f3b":"5a8aa485c316e9":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"9d4b7f3b":"5a8aa485c316e9":"":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"80745de9":"3796cf51b87266":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"80745de9":"3796cf51b87266":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"17223038fa99d53681ca1beabe78d1b4":"5a8aa485c316e9":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"17223038fa99d53681ca1beabe78d1b4":"5a8aa485c316e9":"":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"d0e1eeef4d2a264536bb1c2c1bde7c35":"3796cf51b87266":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"d0e1eeef4d2a264536bb1c2c1bde7c35":"3796cf51b87266":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"fe69ed84":"5a8aa485c316e9403aff859fbb":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"fe69ed84":"5a8aa485c316e9403aff859fbb":"":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"db7ffc82":"a16a2e741f1cd9717285b6d882":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"db7ffc82":"a16a2e741f1cd9717285b6d882":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"5a8aa485c316e9403aff859fbb":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"5a8aa485c316e9403aff859fbb":"":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"38757b3a61a4dc97ca3ab88bf1240695":"a16a2e741f1cd9717285b6d882":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"38757b3a61a4dc97ca3ab88bf1240695":"a16a2e741f1cd9717285b6d882":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138cddc93a54":"5a8aa485c316e9":"":4:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138cddc93a54":"5a8aa485c316e9":"":4:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-192 #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"32b649ab56162e55d4148a1292d6a225a988eb1308298273b6889036":"31f8fa25827d48":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"32b649ab56162e55d4148a1292d6a225a988eb1308298273b6889036":"31f8fa25827d48":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8c5a5ebecf7ac8607fe412189e83d9d20":"5a8aa485c316e9":"":16:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8c5a5ebecf7ac8607fe412189e83d9d20":"5a8aa485c316e9":"":16:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-192 #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6e699f15f14d34dcaf9ba8ed4b877c97d":"31f8fa25827d48":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6e699f15f14d34dcaf9ba8ed4b877c97d":"31f8fa25827d48":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a34fad277":"5a8aa485c316e9403aff859fbb":"":4:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a34fad277":"5a8aa485c316e9403aff859fbb":"":4:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-192 #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5a35df775":"49004912fdd7269279b1f06a89":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5a35df775":"49004912fdd7269279b1f06a89":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671ea7ade30a07d185692ab0ebdf4c78cf7a":"5a8aa485c316e9403aff859fbb":"":16:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671ea7ade30a07d185692ab0ebdf4c78cf7a":"5a8aa485c316e9403aff859fbb":"":16:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-192 #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312ef042c86363cc05afb98c66e16be8a445":"49004912fdd7269279b1f06a89":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312ef042c86363cc05afb98c66e16be8a445":"49004912fdd7269279b1f06a89":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"1d089a5f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"1d089a5f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"2f46022a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"2f46022a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5280a2137fee3deefcfe9b63a1199fb3":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5280a2137fee3deefcfe9b63a1199fb3":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"d40a7318c5f2d82f838c0beeefe0d598":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"d40a7318c5f2d82f838c0beeefe0d598":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5e0eaebd":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5e0eaebd":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"71b7fc33":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"71b7fc33":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"d07ccf9fdc3d33aa94cda3d230da707c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"d07ccf9fdc3d33aa94cda3d230da707c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"65fe32b649dc328c9f531584897e85b3":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"65fe32b649dc328c9f531584897e85b3":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"9f6ca4af9b159148c889a6584d1183ea26e2614874b0504575dea8d1":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"9f6ca4af9b159148c889a6584d1183ea26e2614874b0504575dea8d1":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-192 #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1ebd7965825":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1ebd7965825":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd14d1d980d6fe0fb44b421992662b97975":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd14d1d980d6fe0fb44b421992662b97975":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-192 #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa206603c51d36c826f01384100886198a7f6a3":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa206603c51d36c826f01384100886198a7f6a3":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854cccc25e9fce":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854cccc25e9fce":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-192 #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae98ecedb3e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae98ecedb3e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-192 #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f3178464a6f7fa2b76744e8e8d95691cecb8":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f3178464a6f7fa2b76744e8e8d95691cecb8":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-192 #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c06bd6dc2e6bcc3436cffb969ae900388":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c06bd6dc2e6bcc3436cffb969ae900388":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"469c90bb":"a544218dadd3c1":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"469c90bb":"a544218dadd3c1":"":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"46a908ed":"d3d5424e20fbec":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"46a908ed":"d3d5424e20fbec":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8207eb14d33855a52acceed17dbcbf6e":"a544218dadd3c1":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8207eb14d33855a52acceed17dbcbf6e":"a544218dadd3c1":"":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"60f8e127cb4d30db6df0622158cd931d":"d3d5424e20fbec":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"60f8e127cb4d30db6df0622158cd931d":"d3d5424e20fbec":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8a19a133":"a544218dadd3c10583db49cf39":"":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8a19a133":"a544218dadd3c10583db49cf39":"":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"2e317f1b":"3c0e2815d37d844f7ac240ba9d":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"2e317f1b":"3c0e2815d37d844f7ac240ba9d":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"97e1a8dd4259ccd2e431e057b0397fcf":"a544218dadd3c10583db49cf39":"":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"97e1a8dd4259ccd2e431e057b0397fcf":"a544218dadd3c10583db49cf39":"":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"5a9596c511ea6a8671adefc4f2157d8b":"3c0e2815d37d844f7ac240ba9d":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"5a9596c511ea6a8671adefc4f2157d8b":"3c0e2815d37d844f7ac240ba9d":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b722aa8d59":"a544218dadd3c1":"":4:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b722aa8d59":"a544218dadd3c1":"":4:"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
 
 CCM auth decrypt tag NIST DVPT AES-256 #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a20277d00a75":"bfcda8b5a2d0d2":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a20277d00a75":"bfcda8b5a2d0d2":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd374f3bb6db8377ebfc79674858c4f305":"a544218dadd3c1":"":16:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd374f3bb6db8377ebfc79674858c4f305":"a544218dadd3c1":"":16:"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
 
 CCM auth decrypt tag NIST DVPT AES-256 #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"afa1fa8e8a70e26b02161150556d604101fdf423f332c3363275f2a4907d51b734fe7238cebbd48f":"bfcda8b5a2d0d2":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"afa1fa8e8a70e26b02161150556d604101fdf423f332c3363275f2a4907d51b734fe7238cebbd48f":"bfcda8b5a2d0d2":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f4123d14fb3f":"a544218dadd3c10583db49cf39":"":4:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f4123d14fb3f":"a544218dadd3c10583db49cf39":"":4:"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
 
 CCM auth decrypt tag NIST DVPT AES-256 #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d8d0c0099":"894dcaa61008eb8fb052c60d41":"":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d8d0c0099":"894dcaa61008eb8fb052c60d41":"":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c423a578d179902f912f9ea1afbce1120b3":"a544218dadd3c10583db49cf39":"":16:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c423a578d179902f912f9ea1afbce1120b3":"a544218dadd3c10583db49cf39":"":16:"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
 
 CCM auth decrypt tag NIST DVPT AES-256 #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae769084607b83bd06e6442eac8dacf583cc":"894dcaa61008eb8fb052c60d41":"":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae769084607b83bd06e6442eac8dacf583cc":"894dcaa61008eb8fb052c60d41":"":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"92d00fbe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"92d00fbe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"9143e5c4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"9143e5c4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"93af11a08379eb37a16aa2837f09d69d":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"93af11a08379eb37a16aa2837f09d69d":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"d19b0c14ec686a7961ca7c386d125a65":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"d19b0c14ec686a7961ca7c386d125a65":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"866d4227":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"866d4227":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"94cb1127":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"94cb1127":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"867b0d87cf6e0f718200a97b4f6d5ad5":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"867b0d87cf6e0f718200a97b4f6d5ad5":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:"":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"677a040d46ee3f2b7838273bdad14f16":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"677a040d46ee3f2b7838273bdad14f16":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc56083ebc7720":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc56083ebc7720":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81c44db2c9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81c44db2c9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce1ac68bd42f5ec7fa7e068cc0ecd79c2a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce1ac68bd42f5ec7fa7e068cc0ecd79c2a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"d543acda712b898cbb27b8f598b2e4438ce587a836e2785147c3338a2400809e739b63ba8227d2f9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"d543acda712b898cbb27b8f598b2e4438ce587a836e2785147c3338a2400809e739b63ba8227d2f9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":16:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69ef891339":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69ef891339":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f63d488623":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":4:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f63d488623":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":4:"FAIL":""
 
 CCM auth decrypt tag NIST DVPT AES-256 #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781367f30f2eaad8c063ca50795acd90203":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781367f30f2eaad8c063ca50795acd90203":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc4b41096dfdbe9cc1ab610f8f3e038d16":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":16:"FAIL"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc4b41096dfdbe9cc1ab610f8f3e038d16":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":16:"FAIL":""
 
 CCM-Camellia encrypt and tag RFC 5528 #1
 depends_on:MBEDTLS_CAMELLIA_C
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index c845f44ff..5dbc837e4 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -125,9 +125,12 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, uint8_t * key,
 {
     mbedtls_ccm_context ctx;
     size_t tag_len;
+    uint8_t * msg_n_tag = (uint8_t *)malloc( result_len + 2 );
 
     mbedtls_ccm_init( &ctx );
 
+    memset( msg_n_tag, 0, result_len + 2 );
+    memcpy( msg_n_tag, msg, msg_len );
 
     tag_len = result_len - msg_len;
 
@@ -135,15 +138,16 @@ void mbedtls_ccm_encrypt_and_tag( int cipher_id, uint8_t * key,
 
     /* Test with input == output */
     TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
-                 msg, msg, msg + msg_len, tag_len ) == 0 );
+                 msg_n_tag, msg_n_tag, msg_n_tag + msg_len, tag_len ) == 0 );
 
-    TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+    TEST_ASSERT( memcmp( msg_n_tag, result, result_len ) == 0 );
 
     /* Check we didn't write past the end */
-    TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 );
+    TEST_ASSERT( msg_n_tag[result_len] == 0 && msg_n_tag[result_len + 1] == 0 );
 
 exit:
     mbedtls_ccm_free( &ctx );
+    free( msg_n_tag );
 }
 /* END_CASE */
 
@@ -152,7 +156,8 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, uint8_t * key, uint32_t key_len,
                                uint8_t * msg, uint32_t msg_len, uint8_t * iv,
                                uint32_t iv_len, uint8_t * add,
                                uint32_t add_len, int tag_len,
-                               uint8_t * result, uint32_t result_len )
+                               char * result, uint8_t * hex_msg,
+                               uint32_t hex_msg_len )
 {
     unsigned char tag[16];
     mbedtls_ccm_context ctx;
@@ -165,10 +170,9 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, uint8_t * key, uint32_t key_len,
     msg_len -= tag_len;
     memcpy( tag, msg + msg_len, tag_len );
 
-    if( strcmp( "FAIL", (char *)result ) == 0 )
+    if( strcmp( "FAIL", result ) == 0 )
     {
         ret = MBEDTLS_ERR_CCM_AUTH_FAILED;
-        result_len = -1;
     }
     else
     {
@@ -183,7 +187,7 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, uint8_t * key, uint32_t key_len,
 
     if( ret == 0 )
     {
-        TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+        TEST_ASSERT( memcmp( msg, hex_msg, hex_msg_len ) == 0 );
     }
     else
     {
diff --git a/tests/suites/test_suite_cipher.ccm.data b/tests/suites/test_suite_cipher.ccm.data
index dc4409192..264ce9925 100644
--- a/tests/suites/test_suite_cipher.ccm.data
+++ b/tests/suites/test_suite_cipher.ccm.data
@@ -1,480 +1,480 @@
 AES-128-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"5a8aa485c316e9":"":"":"02209f55":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"5a8aa485c316e9":"":"":"02209f55":"":""
 
 AES-128-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"3796cf51b87266":"":"":"9a04c241":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4ae701103c63deca5b5a3939d7d05992":"3796cf51b87266":"":"":"9a04c241":"FAIL":""
 
 AES-128-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9":"":"":"75d582db43ce9b13ab4b6f7f14341330":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9":"":"":"75d582db43ce9b13ab4b6f7f14341330":"":""
 
 AES-128-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3796cf51b87266":"":"":"3a65e03af37b81d05acc7ec1bc39deb0":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3796cf51b87266":"":"":"3a65e03af37b81d05acc7ec1bc39deb0":"FAIL":""
 
 AES-128-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9403aff859fbb":"":"":"90156f3f":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"5a8aa485c316e9403aff859fbb":"":"":"90156f3f":"":""
 
 AES-128-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"a16a2e741f1cd9717285b6d882":"":"":"88909016":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3":"a16a2e741f1cd9717285b6d882":"":"":"88909016":"FAIL":""
 
 AES-128-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9403aff859fbb":"":"":"fb04dc5a44c6bb000f2440f5154364b4":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9403aff859fbb":"":"":"fb04dc5a44c6bb000f2440f5154364b4":"":""
 
 AES-128-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"a16a2e741f1cd9717285b6d882":"":"":"5447075bf42a59b91f08064738b015ab":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"a16a2e741f1cd9717285b6d882":"":"":"5447075bf42a59b91f08064738b015ab":"FAIL":""
 
 AES-128-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb7":"03e1fa6b":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb7":"03e1fa6b":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 AES-128-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"31f8fa25827d48":"":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f":"23e5d81c":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"19ebfde2d5468ba0a3031bde629b11fd":"31f8fa25827d48":"":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f":"23e5d81c":"FAIL":""
 
 AES-128-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9":"":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f":"2d9a3fbc210595b7b8b1b41523111a8e":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9":"":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f":"2d9a3fbc210595b7b8b1b41523111a8e":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 AES-128-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"31f8fa25827d48":"":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd24":"63af747cc88a001fa94e060290f209c4":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"31f8fa25827d48":"":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd24":"63af747cc88a001fa94e060290f209c4":"FAIL":""
 
 AES-128-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":"a3e138b9":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":"a3e138b9":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 AES-128-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"49004912fdd7269279b1f06a89":"":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654":"091a5ae9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"197afb02ffbd8f699dacae87094d5243":"49004912fdd7269279b1f06a89":"":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654":"091a5ae9":"FAIL":""
 
 AES-128-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"6a9a970b9beb2ac1bd4fd62168f8378a":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"6a9a970b9beb2ac1bd4fd62168f8378a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 AES-128-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"49004912fdd7269279b1f06a89":"":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065":"a65666144994bad0c8195bcb4ade1337":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"49004912fdd7269279b1f06a89":"":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065":"a65666144994bad0c8195bcb4ade1337":"FAIL":""
 
 AES-128-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"782e4318":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"782e4318":"":""
 
 AES-128-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"a04f270a":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"90929a4b0ac65b350ad1591611fe4829":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"a04f270a":"FAIL":""
 
 AES-128-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"41b476013f45e4a781f253a6f3b1e530":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"41b476013f45e4a781f253a6f3b1e530":"":""
 
 AES-128-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"f9f018fcd125822616083fffebc4c8e6":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"f9f018fcd125822616083fffebc4c8e6":"FAIL":""
 
 AES-128-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"9f69f24f":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"9f69f24f":"":""
 
 AES-128-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"e17afaa4":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"e17afaa4":"FAIL":""
 
 AES-128-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"1859ac36a40a6b28b34266253627797a":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"1859ac36a40a6b28b34266253627797a":"":""
 
 AES-128-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"edf8b46eb69ac0044116019dec183072":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"edf8b46eb69ac0044116019dec183072":"FAIL":""
 
 AES-128-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b3":"38f125fa":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b3":"38f125fa":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 AES-128-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c7":"28a66b69":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"f9fdca4ac64fe7f014de0f43039c7571":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c7":"28a66b69":"FAIL":""
 
 AES-128-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b51":"2cf3a20b7fd7c49e6e79bef475c2906f":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b51":"2cf3a20b7fd7c49e6e79bef475c2906f":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 AES-128-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a30":"81d18ca149d6766bfaccec88f194eb5b":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a30":"81d18ca149d6766bfaccec88f194eb5b":"FAIL":""
 
 AES-128-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"934f893824e880f743d196b22d1f340a52608155087bd28a":"c25e5329":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"934f893824e880f743d196b22d1f340a52608155087bd28a":"c25e5329":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 AES-128-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a65":"59b3b3ee":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"a7aa635ea51b0bb20a092bd5573e728c":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a65":"59b3b3ee":"FAIL":""
 
 AES-128-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375":"c0a458bfcafa3b2609afe0f825cbf503":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375":"c0a458bfcafa3b2609afe0f825cbf503":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 AES-128-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c":"390042ba8bb5f6798dab01c5afad7306":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_CCM:"26511fb51fcfa75cb4b44da75a6e5a0e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c":"390042ba8bb5f6798dab01c5afad7306":"FAIL":""
 
 AES-192-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"5a8aa485c316e9":"":"":"9d4b7f3b":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"5a8aa485c316e9":"":"":"9d4b7f3b":"":""
 
 AES-192-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"3796cf51b87266":"":"":"80745de9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"3796cf51b87266":"":"":"80745de9":"FAIL":""
 
 AES-192-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9":"":"":"17223038fa99d53681ca1beabe78d1b4":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9":"":"":"17223038fa99d53681ca1beabe78d1b4":"":""
 
 AES-192-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"3796cf51b87266":"":"":"d0e1eeef4d2a264536bb1c2c1bde7c35":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"3796cf51b87266":"":"":"d0e1eeef4d2a264536bb1c2c1bde7c35":"FAIL":""
 
 AES-192-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9403aff859fbb":"":"":"fe69ed84":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"5a8aa485c316e9403aff859fbb":"":"":"fe69ed84":"":""
 
 AES-192-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"a16a2e741f1cd9717285b6d882":"":"":"db7ffc82":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"a16a2e741f1cd9717285b6d882":"":"":"db7ffc82":"FAIL":""
 
 AES-192-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9403aff859fbb":"":"":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9403aff859fbb":"":"":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"":""
 
 AES-192-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"a16a2e741f1cd9717285b6d882":"":"":"38757b3a61a4dc97ca3ab88bf1240695":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"a16a2e741f1cd9717285b6d882":"":"":"38757b3a61a4dc97ca3ab88bf1240695":"FAIL":""
 
 AES-192-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9":"":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"ddc93a54":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"5a8aa485c316e9":"":"411986d04d6463100bff03f7d0bde7ea2c3488784378138c":"ddc93a54":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 AES-192-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"31f8fa25827d48":"":"32b649ab56162e55d4148a1292d6a225a988eb1308298273":"b6889036":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"31f8fa25827d48":"":"32b649ab56162e55d4148a1292d6a225a988eb1308298273":"b6889036":"FAIL":""
 
 AES-192-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9":"":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8":"c5a5ebecf7ac8607fe412189e83d9d20":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9":"":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8":"c5a5ebecf7ac8607fe412189e83d9d20":"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 AES-192-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"31f8fa25827d48":"":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6":"e699f15f14d34dcaf9ba8ed4b877c97d":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"31f8fa25827d48":"":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6":"e699f15f14d34dcaf9ba8ed4b877c97d":"FAIL":""
 
 AES-192-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9403aff859fbb":"":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a":"34fad277":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"5a8aa485c316e9403aff859fbb":"":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a":"34fad277":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 AES-192-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"49004912fdd7269279b1f06a89":"":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5":"a35df775":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"49004912fdd7269279b1f06a89":"":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5":"a35df775":"FAIL":""
 
 AES-192-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a7ade30a07d185692ab0ebdf4c78cf7a":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9403aff859fbb":"":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671e":"a7ade30a07d185692ab0ebdf4c78cf7a":"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 AES-192-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"49004912fdd7269279b1f06a89":"":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312e":"f042c86363cc05afb98c66e16be8a445":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"49004912fdd7269279b1f06a89":"":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312e":"f042c86363cc05afb98c66e16be8a445":"FAIL":""
 
 AES-192-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"1d089a5f":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"1d089a5f":"":""
 
 AES-192-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"2f46022a":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"2f46022a":"FAIL":""
 
 AES-192-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"5280a2137fee3deefcfe9b63a1199fb3":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"":"5280a2137fee3deefcfe9b63a1199fb3":"":""
 
 AES-192-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"d40a7318c5f2d82f838c0beeefe0d598":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":"":"d40a7318c5f2d82f838c0beeefe0d598":"FAIL":""
 
 AES-192-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"5e0eaebd":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"5e0eaebd":"":""
 
 AES-192-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"71b7fc33":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"71b7fc33":"FAIL":""
 
 AES-192-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"d07ccf9fdc3d33aa94cda3d230da707c":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"":"d07ccf9fdc3d33aa94cda3d230da707c":"":""
 
 AES-192-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"65fe32b649dc328c9f531584897e85b3":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":"":"65fe32b649dc328c9f531584897e85b3":"FAIL":""
 
 AES-192-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"9f6ca4af9b159148c889a6584d1183ea26e2614874b05045":"75dea8d1":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"9f6ca4af9b159148c889a6584d1183ea26e2614874b05045":"75dea8d1":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 AES-192-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1eb":"d7965825":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1eb":"d7965825":"FAIL":""
 
 AES-192-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd1":"4d1d980d6fe0fb44b421992662b97975":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd1":"4d1d980d6fe0fb44b421992662b97975":"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 AES-192-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa20660":"3c51d36c826f01384100886198a7f6a3":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa20660":"3c51d36c826f01384100886198a7f6a3":"FAIL":""
 
 AES-192-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854ccc":"c25e9fce":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854ccc":"c25e9fce":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 AES-192-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae9":"8ecedb3e":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae9":"8ecedb3e":"FAIL":""
 
 AES-192-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f317":"8464a6f7fa2b76744e8e8d95691cecb8":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f317":"8464a6f7fa2b76744e8e8d95691cecb8":"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 AES-192-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c":"06bd6dc2e6bcc3436cffb969ae900388":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_CCM:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c":"06bd6dc2e6bcc3436cffb969ae900388":"FAIL":""
 
 AES-256-CCM test vector NIST #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"a544218dadd3c1":"":"":"469c90bb":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"a544218dadd3c1":"":"":"469c90bb":"":""
 
 AES-256-CCM test vector NIST #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"d3d5424e20fbec":"":"":"46a908ed":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"d3d5424e20fbec":"":"":"46a908ed":"FAIL":""
 
 AES-256-CCM test vector NIST #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c1":"":"":"8207eb14d33855a52acceed17dbcbf6e":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c1":"":"":"8207eb14d33855a52acceed17dbcbf6e":"":""
 
 AES-256-CCM test vector NIST #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"d3d5424e20fbec":"":"":"60f8e127cb4d30db6df0622158cd931d":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"d3d5424e20fbec":"":"":"60f8e127cb4d30db6df0622158cd931d":"FAIL":""
 
 AES-256-CCM test vector NIST #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c10583db49cf39":"":"":"8a19a133":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"a544218dadd3c10583db49cf39":"":"":"8a19a133":"":""
 
 AES-256-CCM test vector NIST #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"3c0e2815d37d844f7ac240ba9d":"":"":"2e317f1b":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"3c0e2815d37d844f7ac240ba9d":"":"":"2e317f1b":"FAIL":""
 
 AES-256-CCM test vector NIST #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c10583db49cf39":"":"":"97e1a8dd4259ccd2e431e057b0397fcf":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c10583db49cf39":"":"":"97e1a8dd4259ccd2e431e057b0397fcf":"":""
 
 AES-256-CCM test vector NIST #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"3c0e2815d37d844f7ac240ba9d":"":"":"5a9596c511ea6a8671adefc4f2157d8b":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"3c0e2815d37d844f7ac240ba9d":"":"":"5a9596c511ea6a8671adefc4f2157d8b":"FAIL":""
 
 AES-256-CCM test vector NIST #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c1":"":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b7":"22aa8d59":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"a544218dadd3c1":"":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b7":"22aa8d59":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
 
 AES-256-CCM test vector NIST #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"bfcda8b5a2d0d2":"":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a202":"77d00a75":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"bfcda8b5a2d0d2":"":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a202":"77d00a75":"FAIL":""
 
 AES-256-CCM test vector NIST #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c1":"":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd":"374f3bb6db8377ebfc79674858c4f305":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c1":"":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd":"374f3bb6db8377ebfc79674858c4f305":"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
 
 AES-256-CCM test vector NIST #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bfcda8b5a2d0d2":"":"afa1fa8e8a70e26b02161150556d604101fdf423f332c336":"3275f2a4907d51b734fe7238cebbd48f":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bfcda8b5a2d0d2":"":"afa1fa8e8a70e26b02161150556d604101fdf423f332c336":"3275f2a4907d51b734fe7238cebbd48f":"FAIL":""
 
 AES-256-CCM test vector NIST #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3d14fb3f":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"a544218dadd3c10583db49cf39":"":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f412":"3d14fb3f":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
 
 AES-256-CCM test vector NIST #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"894dcaa61008eb8fb052c60d41":"":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d":"8d0c0099":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"894dcaa61008eb8fb052c60d41":"":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d":"8d0c0099":"FAIL":""
 
 AES-256-CCM test vector NIST #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c10583db49cf39":"":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c42":"3a578d179902f912f9ea1afbce1120b3":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c10583db49cf39":"":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c42":"3a578d179902f912f9ea1afbce1120b3":"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
 
 AES-256-CCM test vector NIST #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"894dcaa61008eb8fb052c60d41":"":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae76":"9084607b83bd06e6442eac8dacf583cc":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"894dcaa61008eb8fb052c60d41":"":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae76":"9084607b83bd06e6442eac8dacf583cc":"FAIL":""
 
 AES-256-CCM test vector NIST #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"92d00fbe":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"92d00fbe":"":""
 
 AES-256-CCM test vector NIST #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"9143e5c4":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"9143e5c4":"FAIL":""
 
 AES-256-CCM test vector NIST #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"93af11a08379eb37a16aa2837f09d69d":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"":"93af11a08379eb37a16aa2837f09d69d":"":""
 
 AES-256-CCM test vector NIST #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"d19b0c14ec686a7961ca7c386d125a65":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":"":"d19b0c14ec686a7961ca7c386d125a65":"FAIL":""
 
 AES-256-CCM test vector NIST #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"866d4227":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"866d4227":"":""
 
 AES-256-CCM test vector NIST #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"94cb1127":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"94cb1127":"FAIL":""
 
 AES-256-CCM test vector NIST #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"867b0d87cf6e0f718200a97b4f6d5ad5":""
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"":"867b0d87cf6e0f718200a97b4f6d5ad5":"":""
 
 AES-256-CCM test vector NIST #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"677a040d46ee3f2b7838273bdad14f16":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":"":"677a040d46ee3f2b7838273bdad14f16":"FAIL":""
 
 AES-256-CCM test vector NIST #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc5608":"3ebc7720":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc5608":"3ebc7720":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
 
 AES-256-CCM test vector NIST #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81":"c44db2c9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81":"c44db2c9":"FAIL":""
 
 AES-256-CCM test vector NIST #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce":"1ac68bd42f5ec7fa7e068cc0ecd79c2a":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce":"1ac68bd42f5ec7fa7e068cc0ecd79c2a":"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
 
 AES-256-CCM test vector NIST #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"d543acda712b898cbb27b8f598b2e4438ce587a836e27851":"47c3338a2400809e739b63ba8227d2f9":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":"d543acda712b898cbb27b8f598b2e4438ce587a836e27851":"47c3338a2400809e739b63ba8227d2f9":"FAIL":""
 
 AES-256-CCM test vector NIST #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69":"ef891339":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69":"ef891339":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
 
 AES-256-CCM test vector NIST #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f6":"3d488623":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f6":"3d488623":"FAIL":""
 
 AES-256-CCM test vector NIST #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781":"367f30f2eaad8c063ca50795acd90203":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781":"367f30f2eaad8c063ca50795acd90203":"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
 
 AES-256-CCM test vector NIST #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc":"4b41096dfdbe9cc1ab610f8f3e038d16":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_CCM:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc":"4b41096dfdbe9cc1ab610f8f3e038d16":"FAIL":""
 
 Camellia-CCM test vector RFC 5528 #1
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"0001020304050607":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":"FCAECE746B3DB9AD":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000003020100A0A1A2A3A4A5":"0001020304050607":"BA737185E719310492F38A5F1251DA55FAFBC949848A0D":"FCAECE746B3DB9AD":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
 
 Camellia-CCM test vector RFC 5528 #2
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000004030201A0A1A2A3A4A5":"0001020304050607":"5D2564BF8EAFE1D99526EC016D1BF0424CFBD2CD62848F33":"60B2295DF24283E8":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000004030201A0A1A2A3A4A5":"0001020304050607":"5D2564BF8EAFE1D99526EC016D1BF0424CFBD2CD62848F33":"60B2295DF24283E8":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
 
 Camellia-CCM test vector RFC 5528 #3
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000005040302A0A1A2A3A4A5":"0001020304050607":"81F663D6C7787817F9203608B982AD15DC2BBD87D756F79204":"F551D6682F23AA46":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000005040302A0A1A2A3A4A5":"0001020304050607":"81F663D6C7787817F9203608B982AD15DC2BBD87D756F79204":"F551D6682F23AA46":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
 
 Camellia-CCM test vector RFC 5528 #4
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000006050403A0A1A2A3A4A5":"000102030405060708090A0B":"CAEF1E827211B08F7BD90F08C77288C070A4A0":"8B3A933A63E497A0":"0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000006050403A0A1A2A3A4A5":"000102030405060708090A0B":"CAEF1E827211B08F7BD90F08C77288C070A4A0":"8B3A933A63E497A0":"":"0C0D0E0F101112131415161718191A1B1C1D1E"
 
 Camellia-CCM test vector RFC 5528 #5
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000007060504A0A1A2A3A4A5":"000102030405060708090A0B":"2AD3BAD94FC52E92BE438E827C1023B96A8A7725":"8FA17BA7F331DB09":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000007060504A0A1A2A3A4A5":"000102030405060708090A0B":"2AD3BAD94FC52E92BE438E827C1023B96A8A7725":"8FA17BA7F331DB09":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
 
 Camellia-CCM test vector RFC 5528 #6
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000008070605A0A1A2A3A4A5":"000102030405060708090A0B":"FEA5480BA53FA8D3C34422AACE4DE67FFA3BB73BAB":"AB36A1EE4FE0FE28":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000008070605A0A1A2A3A4A5":"000102030405060708090A0B":"FEA5480BA53FA8D3C34422AACE4DE67FFA3BB73BAB":"AB36A1EE4FE0FE28":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
 
 Camellia-CCM test vector RFC 5528 #7
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000009080706A0A1A2A3A4A5":"0001020304050607":"54532026E54C119A8D36D9EC6E1ED97416C8708C4B5C2C":"ACAFA3BCCF7A4EBF9573":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"00000009080706A0A1A2A3A4A5":"0001020304050607":"54532026E54C119A8D36D9EC6E1ED97416C8708C4B5C2C":"ACAFA3BCCF7A4EBF9573":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E"
 
 Camellia-CCM test vector RFC 5528 #8
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000A090807A0A1A2A3A4A5":"0001020304050607":"8AD19B001A87D148F4D92BEF34525CCCE3A63C6512A6F575":"7388E4913EF14701F441":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000A090807A0A1A2A3A4A5":"0001020304050607":"8AD19B001A87D148F4D92BEF34525CCCE3A63C6512A6F575":"7388E4913EF14701F441":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"
 
 Camellia-CCM test vector RFC 5528 #9
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000B0A0908A0A1A2A3A4A5":"0001020304050607":"5DB08D62407E6E31D60F9CA2C60474219AC0BE50C0D4A57787":"94D6E230CD25C9FEBF87":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000B0A0908A0A1A2A3A4A5":"0001020304050607":"5DB08D62407E6E31D60F9CA2C60474219AC0BE50C0D4A57787":"94D6E230CD25C9FEBF87":"":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20"
 
 Camellia-CCM test vector RFC 5528 #10
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000C0B0A09A0A1A2A3A4A5":"000102030405060708090A0B":"DB118CCEC1B8761C877CD8963A67D6F3BBBC5C":"D09299EB11F312F23237":"0C0D0E0F101112131415161718191A1B1C1D1E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000C0B0A09A0A1A2A3A4A5":"000102030405060708090A0B":"DB118CCEC1B8761C877CD8963A67D6F3BBBC5C":"D09299EB11F312F23237":"":"0C0D0E0F101112131415161718191A1B1C1D1E"
 
 Camellia-CCM test vector RFC 5528 #11
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000D0C0B0AA0A1A2A3A4A5":"000102030405060708090A0B":"7CC83D8DC49103525B483DC5CA7EA9AB812B7056":"079DAFFADA16CCCF2C4E":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000D0C0B0AA0A1A2A3A4A5":"000102030405060708090A0B":"7CC83D8DC49103525B483DC5CA7EA9AB812B7056":"079DAFFADA16CCCF2C4E":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F"
 
 Camellia-CCM test vector RFC 5528 #12
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000E0D0C0BA0A1A2A3A4A5":"000102030405060708090A0B":"2CD35B8820D23E7AA351B0E92FC79367238B2CC748":"CBB94C2947793D64AF75":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"0000000E0D0C0BA0A1A2A3A4A5":"000102030405060708090A0B":"2CD35B8820D23E7AA351B0E92FC79367238B2CC748":"CBB94C2947793D64AF75":"":"0C0D0E0F101112131415161718191A1B1C1D1E1F20"
 
 Camellia-CCM test vector RFC 5528 #13
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00A970110E1927B160B6A31C1C":"6B7F464507FAE496":"A435D727348DDD22907F7EB8F5FDBB4D939DA6524DB4F6":"4558C02D25B127EE":"C6B5F3E6CA2311AEF7472B203E735EA561ADB17D56C5A3"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00A970110E1927B160B6A31C1C":"6B7F464507FAE496":"A435D727348DDD22907F7EB8F5FDBB4D939DA6524DB4F6":"4558C02D25B127EE":"":"C6B5F3E6CA2311AEF7472B203E735EA561ADB17D56C5A3"
 
 Camellia-CCM test vector RFC 5528 #14
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0083CD8CE0CB42B160B6A31C1C":"986605B43DF15DE7":"8AE052508FBECA932E346F05E0DC0DFBCF939EAFFA3E587C":"867D6E1C48703806":"01F6CE6764C574483BB02E6BBF1E0ABD26A22572B4D80EE7"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0083CD8CE0CB42B160B6A31C1C":"986605B43DF15DE7":"8AE052508FBECA932E346F05E0DC0DFBCF939EAFFA3E587C":"867D6E1C48703806":"":"01F6CE6764C574483BB02E6BBF1E0ABD26A22572B4D80EE7"
 
 Camellia-CCM test vector RFC 5528 #15
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"005F54950B18F2B160B6A31C1C":"48F2E7E1A7671A51":"08B67EE21C8BF26E473E408599E9C0836D6AF0BB18DF55466C":"A80878A790476DE5":"CDF1D8406FC2E9014953897005FBFB8BA57276F92404608E08"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"005F54950B18F2B160B6A31C1C":"48F2E7E1A7671A51":"08B67EE21C8BF26E473E408599E9C0836D6AF0BB18DF55466C":"A80878A790476DE5":"":"CDF1D8406FC2E9014953897005FBFB8BA57276F92404608E08"
 
 Camellia-CCM test vector RFC 5528 #16
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00EC600863319AB160B6A31C1C":"DE97DF3B8CBD6D8E5030DA4C":"63B78B4967B19EDBB733CD1114F64EB2260893":"68C354828D950CC5":"B005DCFA0B59181426A961685A993D8C43185B"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00EC600863319AB160B6A31C1C":"DE97DF3B8CBD6D8E5030DA4C":"63B78B4967B19EDBB733CD1114F64EB2260893":"68C354828D950CC5":"":"B005DCFA0B59181426A961685A993D8C43185B"
 
 Camellia-CCM test vector RFC 5528 #17
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0060CFF1A31EA1B160B6A31C1C":"A5EE93E457DF05466E782DCF":"0BC6BBE2A8B909F4629EE6DC148DA44410E18AF4":"3147383276F66A9F":"2E20211298105F129D5ED95B93F72D30B2FACCD7"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"0060CFF1A31EA1B160B6A31C1C":"A5EE93E457DF05466E782DCF":"0BC6BBE2A8B909F4629EE6DC148DA44410E18AF4":"3147383276F66A9F":"":"2E20211298105F129D5ED95B93F72D30B2FACCD7"
 
 Camellia-CCM test vector RFC 5528 #18
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"000F85CD995C97B160B6A31C1C":"24AA1BF9A5CD876182A25074":"222AD632FA31D6AF970C345F7E77CA3BD0DC25B340":"A1A3D31F8D4B44B7":"2645941E75632D3491AF0FC0C9876C3BE4AA7468C9"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"000F85CD995C97B160B6A31C1C":"24AA1BF9A5CD876182A25074":"222AD632FA31D6AF970C345F7E77CA3BD0DC25B340":"A1A3D31F8D4B44B7":"":"2645941E75632D3491AF0FC0C9876C3BE4AA7468C9"
 
 Camellia-CCM test vector RFC 5528 #19
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C29B2CAAC4CDB160B6A31C1C":"691946B9CA07BE87":"05B8E1B9C49CFD56CF130AA6251DC2ECC06CCC508FE697":"A0066D57C84BEC182768":"070135A6437C9DB120CD61D8F6C39C3EA125FD95A0D23D"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C29B2CAAC4CDB160B6A31C1C":"691946B9CA07BE87":"05B8E1B9C49CFD56CF130AA6251DC2ECC06CCC508FE697":"A0066D57C84BEC182768":"":"070135A6437C9DB120CD61D8F6C39C3EA125FD95A0D23D"
 
 Camellia-CCM test vector RFC 5528 #20
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"002C6B7595EE62B160B6A31C1C":"D0C54ECB84627DC4":"54CEB968DEE23611575EC003DFAA1CD48849BDF5AE2EDB6B":"7FA775B150ED4383C5A9":"C8C0880E6C636E20093DD6594217D2E18877DB264E71A5CC"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"002C6B7595EE62B160B6A31C1C":"D0C54ECB84627DC4":"54CEB968DEE23611575EC003DFAA1CD48849BDF5AE2EDB6B":"7FA775B150ED4383C5A9":"":"C8C0880E6C636E20093DD6594217D2E18877DB264E71A5CC"
 
 Camellia-CCM test vector RFC 5528 #21
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C53CD4C2AA24B160B6A31C1C":"E285E0E4808CDA3D":"B1404546BF667210CA28E309B39BD6CA7E9FC8285FE698D43C":"D20A02E0BDCAED2010D3":"F75DAA0710C4E64297794DC2B7D2A20757B1AA4E448002FFAB"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00C53CD4C2AA24B160B6A31C1C":"E285E0E4808CDA3D":"B1404546BF667210CA28E309B39BD6CA7E9FC8285FE698D43C":"D20A02E0BDCAED2010D3":"":"F75DAA0710C4E64297794DC2B7D2A20757B1AA4E448002FFAB"
 
 Camellia-CCM test vector RFC 5528 #22
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00BEE9267FBADCB160B6A31C1C":"6CAEF9941141570D7C813405":"94C8959C11569A297831A721005857AB61B87A":"2DEA0936B6EB5F625F5D":"C238822FAC5F98FF929405B0AD127A4E41854E"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00BEE9267FBADCB160B6A31C1C":"6CAEF9941141570D7C813405":"94C8959C11569A297831A721005857AB61B87A":"2DEA0936B6EB5F625F5D":"":"C238822FAC5F98FF929405B0AD127A4E41854E"
 
 Camellia-CCM test vector RFC 5528 #23
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00DFA8B1245007B160B6A31C1C":"36A52CF16B19A2037AB7011E":"5869E3AAD2447C74E0FC05F9A4EA74577F4DE8CA":"8924764296AD04119CE7":"4DBF3E774AD245E5D5891F9D1C32A0AE022C85D7"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"00DFA8B1245007B160B6A31C1C":"36A52CF16B19A2037AB7011E":"5869E3AAD2447C74E0FC05F9A4EA74577F4DE8CA":"8924764296AD04119CE7":"":"4DBF3E774AD245E5D5891F9D1C32A0AE022C85D7"
 
 Camellia-CCM test vector RFC 5528 #24
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CCM_C
-auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966":"945F1FCEA7E11BEE6A2F":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D"
+auth_crypt_tv:MBEDTLS_CIPHER_CAMELLIA_128_CCM:"D75C2778078CA93D971F96FDE720F4CD":"003B8FD8D3A937B160B6A31C1C":"A4D499F78419728C19178B0C":"4B198156393B0F7796086AAFB454F8C3F034CCA966":"945F1FCEA7E11BEE6A2F":"":"9DC9EDAE2FF5DF8636E8C6DE0EED55F7867E33337D"
 
diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index ed2455fd5..9d74d5663 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -112,11 +112,11 @@ enc_dec_buf_multipart:MBEDTLS_CIPHER_CHACHA20_POLY1305:256:16:16:-1:16:16:16:16
 
 ChaCha20+Poly1305 RFC 7539 Test Vector #1
 depends_on:MBEDTLS_CHACHAPOLY_C
-auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d"
+auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"eead9d67890cbb22392336fea1851f38":"":"496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d"
 
 ChaCha20+Poly1305 RFC 7539 Test Vector #1 Unauthentic (1st bit flipped)
 depends_on:MBEDTLS_CHACHAPOLY_C
-auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"6ead9d67890cbb22392336fea1851f38":"FAIL"
+auth_crypt_tv:MBEDTLS_CIPHER_CHACHA20_POLY1305:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000102030405060708":"f33388860000000000004e91":"64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b":"6ead9d67890cbb22392336fea1851f38":"FAIL":""
 
 Chacha20+Poly1305 RFC 7539 Test Vector #1 (streaming)
 depends_on:MBEDTLS_CHACHAPOLY_C
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index e2463a8fc..435c9a384 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -534,8 +534,8 @@ exit:
 void auth_crypt_tv( int cipher_id, uint8_t * key, uint32_t key_len,
                     uint8_t * iv, uint32_t iv_len, uint8_t * ad,
                     uint32_t ad_len, uint8_t * cipher, uint32_t cipher_len,
-                    uint8_t * tag, uint32_t tag_len, uint8_t * clear,
-                    uint32_t clear_len )
+                    uint8_t * tag, uint32_t tag_len, char * result,
+                    uint8_t * clear, uint32_t clear_len )
 {
     int ret;
     unsigned char output[267]; /* above + 2 (overwrite check) */
@@ -546,6 +546,7 @@ void auth_crypt_tv( int cipher_id, uint8_t * key, uint32_t key_len,
     mbedtls_cipher_init( &ctx );
 
     memset( output, 0xFF, sizeof( output ) );
+    memset( my_tag, 0xFF, sizeof( my_tag ) );
 
 
     /* Prepare context */
@@ -563,7 +564,7 @@ void auth_crypt_tv( int cipher_id, uint8_t * key, uint32_t key_len,
     TEST_ASSERT( output[outlen + 1] == 0xFF );
 
     /* make sure the message is rejected if it should be */
-    if( strcmp( clear, "FAIL" ) == 0 )
+    if( strcmp( result, "FAIL" ) == 0 )
     {
         TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
         goto exit;
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index cebfe2c9d..8c51bf20a 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -122,6 +122,7 @@ void mbedtls_debug_print_buf( char * file, int line, char * text,
 
     mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
 
+    mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
 
     TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
 
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 8e9d9fa49..e16809031 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -135,21 +135,21 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
 ecp_tls_write_read_point:MBEDTLS_ECP_DP_SECP521R1
 
 ECP tls read group #1 (record too short)
-mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0
+mbedtls_ecp_tls_read_group:"0313":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
 
 ECP tls read group #2 (bad curve_type)
-mbedtls_ecp_tls_read_group:"010013":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0
+mbedtls_ecp_tls_read_group:"010013":MBEDTLS_ERR_ECP_BAD_INPUT_DATA:0:0
 
 ECP tls read group #3 (unknown curve)
-mbedtls_ecp_tls_read_group:"030010":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:0
+mbedtls_ecp_tls_read_group:"030010":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:0:0
 
 ECP tls read group #4 (OK, buffer just fits)
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-mbedtls_ecp_tls_read_group:"030017":0:256
+mbedtls_ecp_tls_read_group:"030017":0:256:3
 
 ECP tls read group #5 (OK, buffer continues)
 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-mbedtls_ecp_tls_read_group:"0300180000":0:384
+mbedtls_ecp_tls_read_group:"0300180000":0:384:3
 
 ECP tls write-read group #1
 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index dc6fac5cb..8c8dac04a 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -241,7 +241,7 @@ void ecp_read_binary( int id, uint8_t * buf, uint32_t ilen, char * x,
     TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
 
-
+    TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf, ilen ) == ret );
 
     if( ret == 0 )
     {
@@ -275,14 +275,14 @@ void mbedtls_ecp_tls_read_point( int id, uint8_t * buf, uint32_t ilen,
     TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
 
-
+    TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, ilen ) == ret );
 
     if( ret == 0 )
     {
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
-        TEST_ASSERT( *vbuf == 0x00 );
+        TEST_ASSERT( vbuf - buf == ilen );
     }
 
 exit:
@@ -345,7 +345,7 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_ecp_tls_read_group( uint8_t * buf, uint32_t len, int result,
-                                 int bits )
+                                 int bits, int record_len )
 {
     mbedtls_ecp_group grp;
     const unsigned char *vbuf = buf;
@@ -353,14 +353,13 @@ void mbedtls_ecp_tls_read_group( uint8_t * buf, uint32_t len, int result,
 
     mbedtls_ecp_group_init( &grp );
 
-
     ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, len );
 
     TEST_ASSERT( ret == result );
     if( ret == 0)
     {
         TEST_ASSERT( mbedtls_mpi_bitlen( &grp.P ) == (size_t) bits );
-        TEST_ASSERT( *vbuf == 0x00 );
+        TEST_ASSERT( vbuf - buf ==  record_len);
     }
 
 exit:
diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data
index 2a2e32f0d..a42fe859d 100644
--- a/tests/suites/test_suite_gcm.aes128_de.data
+++ b/tests/suites/test_suite_gcm.aes128_de.data
@@ -1,674 +1,674 @@
 AES-GCM NIST Validation (AES-128,128,0,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d785dafea3e966731ef6fc6202262584":"":"d91a46205ee94058b3b8403997592dd2":"":128:"3b92a17c1b9c3578a68cffea5a5b6245":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d785dafea3e966731ef6fc6202262584":"":"d91a46205ee94058b3b8403997592dd2":"":128:"3b92a17c1b9c3578a68cffea5a5b6245":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aec963833b9098de1ababc853ab74d96":"":"4e0ffd93beffd732c6f7d6ad606a2d24":"":128:"e9fcedc176dfe587dc61b2011010cdf1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aec963833b9098de1ababc853ab74d96":"":"4e0ffd93beffd732c6f7d6ad606a2d24":"":128:"e9fcedc176dfe587dc61b2011010cdf1":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4fb9e3393681da9cec5ec96f87c5c31":"":"845e910bc055d895879f62101d08b4c7":"":128:"99fb783c497416e4b6e2a5de7c782057":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4fb9e3393681da9cec5ec96f87c5c31":"":"845e910bc055d895879f62101d08b4c7":"":128:"99fb783c497416e4b6e2a5de7c782057":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a930f2e09beceacd9919cb76f2ac8d3":"":"340d9af44f6370eff534c653033a785a":"":120:"0c1e5e9c8fe5edfd11f114f3503d63":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a930f2e09beceacd9919cb76f2ac8d3":"":"340d9af44f6370eff534c653033a785a":"":120:"0c1e5e9c8fe5edfd11f114f3503d63":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe71177e02073b1c407b5724e2263a5e":"":"83c23d20d2a9d4b8f92da96587c96b18":"":120:"43b2ca795420f35f6cb39f5dfa47a2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe71177e02073b1c407b5724e2263a5e":"":"83c23d20d2a9d4b8f92da96587c96b18":"":120:"43b2ca795420f35f6cb39f5dfa47a2":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b02392fd7f228888c281e59d1eaa15fb":"":"2726344ba8912c737e195424e1e6679e":"":120:"a10b601ca8053536a2af2cc255d2b6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b02392fd7f228888c281e59d1eaa15fb":"":"2726344ba8912c737e195424e1e6679e":"":120:"a10b601ca8053536a2af2cc255d2b6":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"21895cbafc16b7b8bf5867e88e0853d4":"":"f987ce1005d9bbd31d2452fb80957753":"":112:"952a7e265830d58a6778d68b9450":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"21895cbafc16b7b8bf5867e88e0853d4":"":"f987ce1005d9bbd31d2452fb80957753":"":112:"952a7e265830d58a6778d68b9450":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb9742bf47f68caf64963d7c10a97b0":"":"34a85669de64e1cd44731905fddbcbc5":"":112:"e9b6be928aa77b2de28b480ae74c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb9742bf47f68caf64963d7c10a97b0":"":"34a85669de64e1cd44731905fddbcbc5":"":112:"e9b6be928aa77b2de28b480ae74c":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"":"1c53a9fdd23919b036d99560619a9939":"":112:"6611b50d6fbca83047f9f5fe1768":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e9708e4b37e2e1b5feaf4f5ab54e2a6":"":"1c53a9fdd23919b036d99560619a9939":"":112:"6611b50d6fbca83047f9f5fe1768":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"82fede79db25f00be96eb050a22cea87":"":"e9c50b517ab26c89b83c1f0cac50162c":"":104:"d0c0ce9db60b77b0e31d05e048":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"82fede79db25f00be96eb050a22cea87":"":"e9c50b517ab26c89b83c1f0cac50162c":"":104:"d0c0ce9db60b77b0e31d05e048":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1d98566fca5201abb12914311a8bd532":"":"590aef4b46a9023405d075edab7e6849":"":104:"a1cfd1a27b341f49eda2ca8305":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1d98566fca5201abb12914311a8bd532":"":"590aef4b46a9023405d075edab7e6849":"":104:"a1cfd1a27b341f49eda2ca8305":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3038771820c2e1319f02a74b8a7a0c08":"":"e556d9f07fb69d7e9a644261c80fac92":"":104:"4d2f005d662b6a8787f231c5e1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3038771820c2e1319f02a74b8a7a0c08":"":"e556d9f07fb69d7e9a644261c80fac92":"":104:"4d2f005d662b6a8787f231c5e1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0fb7eef50de598d7d8b508d019a30d5a":"":"a2a2617040116c2c7e4236d2d8278213":"":96:"68413c58df7bb5f067197ca0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0fb7eef50de598d7d8b508d019a30d5a":"":"a2a2617040116c2c7e4236d2d8278213":"":96:"68413c58df7bb5f067197ca0":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cc58b609204215c8ab4908286e56e5c":"":"fb83ea637279332677b5f68081173e99":"":96:"a2a9160d82739a55d8cd419f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cc58b609204215c8ab4908286e56e5c":"":"fb83ea637279332677b5f68081173e99":"":96:"a2a9160d82739a55d8cd419f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81a5fd184742a478432963f6477e8f92":"":"da297cbb53b11d7c379e0566299b4d5a":"":96:"200bee49466fdda2f21f0062":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81a5fd184742a478432963f6477e8f92":"":"da297cbb53b11d7c379e0566299b4d5a":"":96:"200bee49466fdda2f21f0062":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f604ac66d626959e595cbb7b4128e096":"":"269d2a49d533c6bb38008711f38e0b39":"":64:"468200fa4683e8be":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f604ac66d626959e595cbb7b4128e096":"":"269d2a49d533c6bb38008711f38e0b39":"":64:"468200fa4683e8be":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2e308ba7903e925f768c1d00ff3eb623":"":"335acd2aa48a47a37cfe21e491f1b141":"":64:"4872bfd5e2ff55f6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2e308ba7903e925f768c1d00ff3eb623":"":"335acd2aa48a47a37cfe21e491f1b141":"":64:"4872bfd5e2ff55f6":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1304e2a5a3520454a5109df61a67da7a":"":"dbe8b452acf4fa1444c3668e9ee72d26":"":64:"83a0d3440200ca95":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1304e2a5a3520454a5109df61a67da7a":"":"dbe8b452acf4fa1444c3668e9ee72d26":"":64:"83a0d3440200ca95":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"":"ddf0b695aef5df2b594fcaae72b7e41c":"":32:"2819aedf":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ecf1ec2c9a8f2e9cc799f9b9fddb3232":"":"ddf0b695aef5df2b594fcaae72b7e41c":"":32:"2819aedf":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9ab5c8ca905b5fe50461f4a68941144b":"":"96dd3927a96e16123f2e9d6b367d303f":"":32:"6e0c53ef":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9ab5c8ca905b5fe50461f4a68941144b":"":"96dd3927a96e16123f2e9d6b367d303f":"":32:"6e0c53ef":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fc7af605721a9cfe61c1ee6a4b3e22":"":"6b757d4055823d1035d01077666037d6":"":32:"e8c09ddd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fc7af605721a9cfe61c1ee6a4b3e22":"":"6b757d4055823d1035d01077666037d6":"":32:"e8c09ddd":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03c0b4a6e508a8490db0d086a82c9db7":"":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":128:"756292d8b4653887edef51679b161812":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03c0b4a6e508a8490db0d086a82c9db7":"":"ac52f6c1a05030321fa39f87e89fdb5e":"33316ca79d10a79f4fd038593e8eef09625089dc4e0ffe4bc1f2871554fa6666ab3e7fe7885edef694b410456f3ec0e513bb25f1b48d95e4820c5972c1aabb25c84c08566002dadc36df334c1ce86847964a122016d389ac873bca8c335a7a99bcef91e1b985ae5d488a2d7f78b4bf14e0c2dc715e814f4e24276057cf668172":128:"756292d8b4653887edef51679b161812":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b228d3d15219ea9ad5651fce02c8374d":"":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":128:"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b228d3d15219ea9ad5651fce02c8374d":"":"5c7eafaead029c3fe3cf3835fe758d0e":"8c35dd805c08686b9b4d460f81b4dcb8c46c6d57842dc3e72ba90952e2bebf17fe7184445b02f801800a944486d662a127d01d3b7f42679052cdc73ce533129af8d13957415c5495142157d6ce8a68aa977e56f562fed98e468e42522767656ce50369471060381bb752dd5e77c79677a4cadffa39e518e30a789e793b07ea21":128:"a4dde1ab93c84937c3bbc3ad5237818d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"776afcbabedd5577fe660a60f920b536":"":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":128:"a5347d41d93b587240651bcd5230264f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"776afcbabedd5577fe660a60f920b536":"":"5bbb7f1b14084e520408dd87b97705e9":"44631fc9d4a07416b0dfb4e2b42071e3e2be45502c9ddf72b3e61810eeda31a7d685ebb2ee43a2c06af374569f439ee1668c550067de2dece9ec46ee72b260858d6033f814e85275c5ae669b60803a8c516de32804fa34d3a213ccfaf6689046e25eeb30b9e1608e689f4d31cc664b83a468a51165f5625f12f098a6bf7ddab2":128:"a5347d41d93b587240651bcd5230264f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":120:"2a67ad1471a520fe09a304f0975f31":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20abeafa25fc4ea7d0592cb3e9b4d5fe":"":"3aba79a58c5aa664856b41d552c7a8d3":"98cfecaae9eb9a7c3b17e6bc5f80d8a4bf7a9f4fa5e01b74cae15ee6af14633205aafe3b28fb7b7918e12322ea27352056a603746d728a61361134a561619400ff2bf679045bac2e0fbc2c1d41f8faba4b27c7827bceda4e9bf505df4185515dd3a5e26f7639c8ad5a38bc5906a44be062f02cc53862678ae36fa3de3c02c982":120:"2a67ad1471a520fe09a304f0975f31":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bc73fba942ff105823b5dccf6befb1c":"":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":120:"ebdd7c8e87fe733138a433543542d1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bc73fba942ff105823b5dccf6befb1c":"":"902c3e3b69b1ef8395d7281ff74cce38":"4adec0b4ac00325a860044d9f9519daa4f7c163229a75819b0fd7d8e23319f030e61dfa8eadabff42ea27bc36bdb6cad249e801ca631b656836448b7172c11126bad2781e6a1aa4f62c4eda53409408b008c057e0b81215cc13ddabbb8f1915f4bbab854f8b00763a530ad5055d265778cd3080d0bd35b76a329bdd5b5a2d268":120:"ebdd7c8e87fe733138a433543542d1":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"356a4c245868243d61756cabe86da887":"":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":120:"ed26080dcb670590613d97d7c47cf4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"356a4c245868243d61756cabe86da887":"":"b442f2ec6d45a17144c258fd59fe5b3b":"12cccc3c60474b0a1579c5006c2134850724fa6c9da3a7022d4f65fd238b052bdf34ea34aa7dbadad64996065acee588ab6bd29726d07ed24ffae2d33aadf3e66ebb87f57e689fd85128be1c9e3d8362fad1f8096ee391f75b576fb213d394cef6f091fc5488d9aa152be69475b9167abd6dd4fd93bbbc7b8ca316c952eb19c6":120:"ed26080dcb670590613d97d7c47cf4":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfa7e93aff73600fc552324253066e2c":"":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":112:"6ba5e4dace9a54b50b901d9b73ad":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfa7e93aff73600fc552324253066e2c":"":"c20001e93f1cd05253c277a9445d61e4":"a64d1e20058a1f7e698622a02f7ff8dc11886717ede17bbdc3c4645a66a71d8b04346fb389a251ffb0a7f445a25faf642bb7e4697d2cacf925e78c4be98457996afb25b0516b50f179441d1923312364947f8f1e0f5715b43bd537727bf943d7b4679b0b0b28b94e56e7bbf554d9cf79fcee4387f32bb6f91efdd23620035be6":112:"6ba5e4dace9a54b50b901d9b73ad":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2ecea80b48d2ecd194a7699aa7d8ccfc":"":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":112:"246a9d37553088b6411ebb62aa16":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2ecea80b48d2ecd194a7699aa7d8ccfc":"":"8b4db08bafc23b65ae50a2d20661d270":"efc2ca1a3b41b90f8ddf74291d68f072a6e025d0c91c3ce2b133525943c73ebadc71f150be20afeb097442fa51be31a641df65d90ebd81dcbaf32711ed31f5e0271421377ffe14ddafea3ca60a600588d484856a98de73f56a766ae60bae384a4ae01a1a06821cf0c7a6b4ee4c8f413748457b3777283d3310218fb55c107293":112:"246a9d37553088b6411ebb62aa16":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d38fee3fd3d6d08224c3c83529a25d08":"":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":112:"803a08700ec86fdeb88f7a388921":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d38fee3fd3d6d08224c3c83529a25d08":"":"a942ccb11cf9468186fabfc18c899801":"1c92a4ce0a1dae27e720d6f9b1e460276538de437f3812ab1177cf0273b05908f296f33ba0f4c790abe2ce958b1d92b930a0d81243e6ad09ef86ee8e3270243095096537cb1054fcfcf537d828b65af9b6cf7c50f5b8470f7908f314d0859107eed772ee1732c78e8a2e35b2493f3e8c1e601b08aeab8d9729e0294dca168c62":112:"803a08700ec86fdeb88f7a388921":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1899b0cbae41d705c6eed3226afb5bc0":"":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":104:"c5d58870fee9ce157f5ec1fa8f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1899b0cbae41d705c6eed3226afb5bc0":"":"82d0910aa53e300a487d880d018d0dea":"6bf5583cc1007d74f3529db63b8d4e085400ccf3725eab8e19cb145f3910c61465a21486740a26f74691866a9f632af9fae81f5f0bffedf0c28a6ce0fd520bb4db04a3cd1a7d29d8801e05e4b9c9374fd89bcb539489c2f7f1f801c253a1cc737408669bcd133b62da357f7399a52179125aa59fae6707d340846886d730a835":104:"c5d58870fee9ce157f5ec1fa8f":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b95323d86d02754f4c2874b42ec6eb0":"":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":104:"c4724ff1d2c57295eb733e9cad":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b95323d86d02754f4c2874b42ec6eb0":"":"4f76084acbdef9999c71dcc794238d7c":"ebc75788377c0b264818a6f97c19cf92c29f1c7cdeb6b5f0a92d238fa4614bc35d0cfe4ec9d045cd628ff6262c460679ac15b0c6366d9289bbd217e5012279e0af0fb2cfcbdf51fe16935968cbb727f725fe5bcd4428905849746c8493600ce8b2cfc1b61b04c8b752b915fed611d6b54ef73ec4e3950d6db1807b1ce7ed1dcc":104:"c4724ff1d2c57295eb733e9cad":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30da555559eb11cf7e0eff9d99e9607d":"":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":104:"3c82272130e17c4a0a007a908e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30da555559eb11cf7e0eff9d99e9607d":"":"7799275bf12335f281ec94a870f90a0b":"e735d556e15aec78d9736016c8c99db753ed14d4e4adaaa1dd7eaad702ea5dc337433f8c2b45afdf2f385fdf6c55574425571e079ca759b6235f877ed11618ff212bafd865a22b80b76b3b5cf1acfd24d92fd41607bbb7382f26cd703757088d497b16b32de80e1256c734a9b83356b6fced207177de75458481eaef59a431d7":104:"3c82272130e17c4a0a007a908e":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ed2ac74af896c5190c271cfa6af02fd2":"":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":96:"db8af7a0d548fc54d9457c73":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ed2ac74af896c5190c271cfa6af02fd2":"":"e0226e2d8da47badad1fb78b9a797f27":"8f11353ae476ff923013e6e736ffc9d23101a1c471ccc07ad372a8430d6559c376075efce2e318cdf4c9443dbf132e7e6da5524045028c97e904633b44c4d189a4b64237ac7692dd03c0e751ce9f04d0fdbd8a96074cd7dfa2fd441a52328b4ac3974b4902db45663f7b6f24947dba618f8b9769e927faf84c9f49ad8239b9fb":96:"db8af7a0d548fc54d9457c73":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0225b73fe5fbbe52f838d873173959d8":"":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":96:"e2c2ce4022c49a95c9ac9026":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0225b73fe5fbbe52f838d873173959d8":"":"02a048764f48d9aed1147ee922395bbf":"9b46a57b06e156c877e94c089814493ead879397dab3dfcab2db349ef387efcd0cc339a7e79131a2c580188fc7429044a465b8329d74cd8f47272a4ed32582b1c5c7e3d32341ae902ea4923dc33df8062bc24bb51a11d2ecc82f464f615041387f9c82bd2135d4e240fe56fa8a68e6a9a417e6702430a434b14d70cf02db3181":96:"e2c2ce4022c49a95c9ac9026":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"89ca3771a0ef3287568b4ac036120198":"":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":96:"06b2bf62591dc7ec1b814705":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"89ca3771a0ef3287568b4ac036120198":"":"7e83d2ffa8af8c554cfd71a0db56ef5b":"1bd7a9d6262882bd12c62bd50942965b3cdcadf5e0fab2dc4d0daf0ee4b16e92c6e2464c0caa423cdce88e4d843490609716ec5e44c41672c656ac0e444d3622557ea8420c94deae3ad190ddaf859f6f8c23e4e2e32a46d28df23de4f99bd6c34f69e06eddfdfa5f263dbe8baf9d4296b2c543e4c4847271e7590374edf46234":96:"06b2bf62591dc7ec1b814705":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a41a297bd96e224942998fe2192934a1":"":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":64:"49a4917eef61f78e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a41a297bd96e224942998fe2192934a1":"":"6827f2c5a0b7ecd6bbc696abb0adf556":"f32041abd8543415cbac423d945dda5378a16a7e94d9ab5dbd2d32eb1c5048cc7c8e4df3ca84ec725f18c34cfdeaa7595392aabfd66d9e2f37c1165369cd806cd9d2110def6f5fad4345e5a6e2326c9300199438fcc078cd9fcf4d76872cac77fc9a0a8ac7e4d63995078a9addecf798460ff5910861b76c71bccfb6b629d722":64:"49a4917eef61f78e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9372c058f42e0a1d019bdb528313919":"":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":64:"b82cd11cd3575c8d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9372c058f42e0a1d019bdb528313919":"":"8d03f423230c8f00a5b6b712d426a2af":"cfef4e70fcc1821eeccf7c7b5eb3c0c3b5f72dc762426e0bd26242f8aa68c5b716ab97eded5e5720caccc1965da603d556d8214d5828f2cf276d95bf552d47313876796221f62ccb818a6d801088755d58cfb751bfed0d5a19718d4e0f94b850e0279b3a69295d1837cba958a6cc56e7594080b9e5b954a199fdc9e54ddc8583":64:"b82cd11cd3575c8d":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6302b7338f8fa84195ad9abbacd89b4e":"":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":64:"5222d092e9e8bd6c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6302b7338f8fa84195ad9abbacd89b4e":"":"e1bed5c53547cbc85f3411fbb43bb08b":"bcd329c076e8da2797d50dcdcf271cecf3ce12f3c136ed746edc722f907be6133276ee099038fdc5d73eec812739c7489d4bcc275f95451b44890416e3ffe5a1b6fa3986b84eee3adad774c6feaecb1f785053eeda2cfc18953b8547866d98918dbe0a6abc168ac7d77467a367f11c284924d9d186ef64ef0fd54eacd75156d2":64:"5222d092e9e8bd6c":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78b5c28d62e4b2097873a1180bd5a3a5":"":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":32:"eae48137":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78b5c28d62e4b2097873a1180bd5a3a5":"":"c93902c2819ee494f0fc4b259ee65dd8":"e6b1192674a02083a6cf36d4ba93ba40a5331fadf63fd1eb2efa2ee9c0d8818472aaaf2b4705746011753f30f447c8f58dd34d29606daf57eadc172529837058cb78a378b19da8d63c321f550dfa256b5fd9f30e93d8f377443bfcd125f86a079a1765d2010be73d060f24eebae8d05e644688b2149bc39e18bd527bc066f2ba":32:"eae48137":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d84130578070e036c9e3df5b5509473":"":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":32:"79987692":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d84130578070e036c9e3df5b5509473":"":"3b9b4950523a19c6866fd2b0cde541fd":"a764931e1b21a140c54a8619aacdb4358834987fb6e263cec525f888f9e9764c165aaa7db74f2c42273f912daeae6d72b232a872ac2c652d7cd3af3a5753f58331c11b6c866475697876dbc4c6ca0e52a00ba015ee3c3b7fb444c6e50a4b4b9bbe135fc0632d32a3f79f333d8f487771ed12522e664b9cf90e66da267f47a74d":32:"79987692":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08428605ab4742a3e8a55354d4764620":"":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":32:"3eb3e3a2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08428605ab4742a3e8a55354d4764620":"":"128f5f4a817e4af04113847a223adeb0":"464b484ed79d93a48e0f804e04df69d7ca10ad04ba7188d69e6549ab50503baaec67e0acba5537d1163c868fd3e350e9d0ae9123046bc76815c201a947aa4a7e4ed239ce889d4ff9c8d043877de06df5fc27cf67442b729b02e9c30287c0821ef9fa15d4cccbc53a95fa9ec3ed432ca960ebbf5a169ccada95a5bf4c7c968830":32:"3eb3e3a2":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b":"":128:"a81d13973baa22a751833d7d3f94b3b1":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd358bc3f992f26e81e3a2f3aa2d517":"87cc4fd75788c9d5cc83bae5d764dd249d178ab23224049795d4288b5ed9ea3f317068a39a7574b300c8544226e87b08e008fbe241d094545c211d56ac44437d41491a438272738968c8d371aa7787b5f606c8549a9d868d8a71380e9657d3c0337979feb01de5991fc1470dfc59eb02511efbbff3fcb479a862ba3844a25aaa":"d8c750bb443ee1a169dfe97cfe4d855b":"":128:"a81d13973baa22a751833d7d3f94b3b1":"":"77949b29f085bb3abb71a5386003811233056d3296eb093370f7777dadd306d93d59dcb9754d3857cf2758091ba661f845ef0582f6ae0e134328106f0d5d16b541cd74fdc756dc7b53f4f8a194daeea9369ebb1630c01ccb307b848e9527da20a39898d748fd59206f0b79d0ed946a8958033a45bd9ae673518b32606748eb65":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"43b5f18227e5c74288dbeff03801acd6":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"08ee12246cf7edb81da3d610f3ebd167":"":128:"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"43b5f18227e5c74288dbeff03801acd6":"f58d630f10cfca61d4644d4f6505bab629e8e8faf1673e64417f9b79e622966a7011cfb3ff74db5cebf09ad3f41643d4437d213204a6c8397e7d59b8a5b1970aed2b6bb5ea1933c72c351f6ba96c0b0b98188f6e373f5db6c5ebece911ec7a1848abd3ae335515c774e0027dab7d1c07d047d3b8825ff94222dbaf6f9ab597ee":"08ee12246cf7edb81da3d610f3ebd167":"":128:"82d83b2f7da218d1d1441a5b37bcb065":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a433c612d7e1bdff881e4d63ba8b141":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8b670cf31f470f79a6c0b79e73863ca1":"":128:"8526fd25daf890e79946a205b698f287":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a433c612d7e1bdff881e4d63ba8b141":"ce10758332f423228b5e4ae31efda7677586934a1d8f05d9b7a0dc4e2010ec3eaacb71a527a5fff8e787d75ebd24ad163394c891b33477ed9e2a2d853c364cb1c5d0bc317fcaf4010817dbe5f1fd1037c701b291b3a66b164bc818bf5c00a4c210a1671faa574d74c7f3543f6c09aaf117e12e2eb3dae55edb1cc5b4086b617d":"8b670cf31f470f79a6c0b79e73863ca1":"":128:"8526fd25daf890e79946a205b698f287":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e9d75c781d63b29f1816859f7a0e0a0":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"748a3b486b62a164cedcf1bab9325add":"":120:"131e0e4ce46d768674a7bcacdcef9c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e9d75c781d63b29f1816859f7a0e0a0":"a9f1883f58e4ef78377992101ab86da0dafcefa827904dd94dff6f6704b1e45517165a34c5555a55b04c6992fb6d0840a71bd262fe59815e5c7b80fe803b47d5ba44982a3f72cb42f591d8b62df38c9f56a5868af8f68242e3a15f97be8ef2399dbace1273f509623b6f9e4d27a97436aebf2d044e75f1c62694db77ceac05de":"748a3b486b62a164cedcf1bab9325add":"":120:"131e0e4ce46d768674a7bcacdcef9c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe6b8553002c69396d9976bb48d30779":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"595b17d0d76b83780235f5e0c92bd21f":"":120:"8879de07815a88877b0623de9be411":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe6b8553002c69396d9976bb48d30779":"786f4801b16de7a4931ab143b269c7acc68f1ed9b17a95e8929ccec7d53413059fd4267bedbf079d9d69e90314c1345bc9cb9132f1af69323157ddf7533ced42b4b7bd39004f14d326f5b03bc19084d231d93bcab328312d99b426c1e86e8e049d380bb492e2e32ad690af4cf86838d89a0dfdcbc30e8c9e9039e423a234e113":"595b17d0d76b83780235f5e0c92bd21f":"":120:"8879de07815a88877b0623de9be411":"":"b15dc7cd44adcb0783f30f592e5e03ccd47851725af9fe45bfc5b01ae35779b9a8b3f26fec468b188ec3cad40785c608d6bfd867b0ccf07a836ec20d2d9b8451636df153a32b637e7dcdbd606603d9e53f6e4c4cc8396286ce64b0ea638c10e5a567c0bc8e808080b71be51381e051336e60bf1663f6d2d7640a575e0752553b":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14898c56009b459172fef9c17993b54f":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"0862f8f87289988711a877d3231d44eb":"":120:"36938974301ae733760f83439437c4":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14898c56009b459172fef9c17993b54f":"e7ba6ef722273238b975d551f95d3e77e9b75b24c547b86eafb457d409803bdf6e1443839d8604ee497020e1a3dbd687a819b17fdde0fcf240ce2129792792a58bfcd825773001ee959bf9ec8d228e27ce1cd93d7fb86769a3793361b6f82bf7daf284afc1ece657a1ee6346ea9294880755b9b623563ad2657ba2286488a2ef":"0862f8f87289988711a877d3231d44eb":"":120:"36938974301ae733760f83439437c4":"":"3fd56897a62743e0ab4a465bcc9777d5fd21ad2c9a59d7e4e1a60feccdc722b9820ec65cb47e1d1160d12ff2ea93abe11bc101b82514ead7d542007fee7b4e2dd6822849cd3e82d761ff7cf5ce4f40ad9fec54050a632a401451b426812cf03c2b16a8667a88bb3f7497e3308a91de6fd646d6a3562c92c24272411229a90802":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5253d4b071793b081ebc122cc2a5f8":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"49e82d86804e196421ec19ddc8541066":"":112:"e8b8ae34f842277fe92729e891e3":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5253d4b071793b081ebc122cc2a5f8":"b57a0bd7714ae95e77fa9452e11a7ed4a2bec60f81ad6ddb956d4b1cb5dfc277dcb4034d501801b26733b5e08c710c3cfdccc1b208dc7a92cd7ebe166320582bcaff64cc943c36fbe7008f004e5db70c40de05fa68b0c9d4c16c8f976130f20702b99674cd2f4c93aeaeb3abca4b1114dbc3a4b33e1226ad801aa0e21f7cc49b":"49e82d86804e196421ec19ddc8541066":"":112:"e8b8ae34f842277fe92729e891e3":"":"c4a31c7ec820469f895d57579f987733337ec6547d78d17c44a18fab91f0322cfe05f23f9afaf019cf9531dec2d420f3591d334f40d78643fd957b91ab588a7e392447bd702652017ede7fb0d61d444a3b3cc4136e1d4df13d9532eb71bcf3ff0ae65e847e1c572a2f90632362bc424da2249b36a84be2c2bb216ae7708f745c":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3502d6f0d172246e16503cdf5793296":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"6ce994689ff72f9df62f386a187c1a13":"":112:"21cdf44ff4993eb54b55d58e5a8f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3502d6f0d172246e16503cdf5793296":"09268b8046f1558794e35cdc4945b94227a176dd8cb77f92f883542b1c4be698c379541fd1d557c2a07c7206afdd49506d6a1559123de1783c7a60006df06d87f9119fb105e9b278eb93f81fd316b6fdc38ef702a2b9feaa878a0d1ea999db4c593438f32e0f849f3adabf277a161afb5c1c3460039156eec78944d5666c2563":"6ce994689ff72f9df62f386a187c1a13":"":112:"21cdf44ff4993eb54b55d58e5a8f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5fb33dd73db309b9dfd3aee605cd94bf":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"3f6486f9e9e645292e0e425bac232268":"":112:"7ee5e0e2082b18d09abf141f902e":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5fb33dd73db309b9dfd3aee605cd94bf":"f4e011f8c99038c46854b427475f23488077ebf051c4b705a1adfdd493a0a10af7a7e9453965b94f52f61ae62ce9243a82a2dbf9c5a285db3fe34ed34ed08b5926f34c48171195f7062d02a6e6e795322a0475017371cb8f645cdcac94afc66dc43e7583bdf1c25790f4235076a53de6c64f3bc5004e5a9ce4783fbf639fad97":"3f6486f9e9e645292e0e425bac232268":"":112:"7ee5e0e2082b18d09abf141f902e":"":"0503cb531f1c967dae24f16dd651d544988a732020134896a0f109222e8639bf29ff69877c6ef4ac3df1b260842f909384e3d4409b99a47112681c4b17430041ca447a903a6c1b138f0efbb3b850d8290fceac9723a32edbf8e2d6e8143b1cbc7bf2d28d1b6c7f341a69918758cc82bbab5d898fa0f572d4ceaa11234cb511ec":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a958fe3b520081b638d9e4c7d5da7ac7":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"c396109e96afde6f685d3c38aa3c2fae":"":104:"06ca91004be43cf46ed4599e23":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a958fe3b520081b638d9e4c7d5da7ac7":"dfa9487378c7d8af9c8dbd9e533cd81503d9e4e7dab43133bad11fd3050a53a833df9cc3208af1a86110567d311d5fc54b0d627de433c381b10e113898203ac5225140f951cdb64c6494592b6453f9b6f952ec5ece732fb46c09a324f26b27cdad63588006bb5c6c00b9aa10d5d3b2f9eaab69beeddd6f93966654f964260018":"c396109e96afde6f685d3c38aa3c2fae":"":104:"06ca91004be43cf46ed4599e23":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec319fb143eac8215b51541daec268f2":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"8a4684f42a1775b03806574f401cff78":"":104:"e91acb1bfda191630b560debc9":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec319fb143eac8215b51541daec268f2":"d298d988e74927736237eb8ab09d7a86b854fa2fd1f7f3be83b417ac10aa9291f4af5b3fbaf75a296ac32369ad57ded3984b84711953e477de3035ba430a30ffb84c941936e6c8d2cae8d80159876f87dd682747f2dccc36d7c32ab227032b8ac70b313fa4202ea236e3ec4d9e4d8b48cf3b90b378edc5b1dbeec929549344f8":"8a4684f42a1775b03806574f401cff78":"":104:"e91acb1bfda191630b560debc9":"":"27ce4a622959930f4059f247d29d1438257093cc973bf1bae4e0515da88b9a7e21ec59c7e4d062035cdf88b91254d856b11c8c1944865fa12922227ded3eecccaa36341ecf5405c708e9ea173f1e6cdf090499d3bb079910771080814607a1efe62ec6835dc0333d19dd39dd9ea9f31cd3632128536149a122050bb9365b521d":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14a3e69f351ac39b4297749a90c1365c":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"eb1c6c04437aa5a32bcc208bb3c01724":"":104:"e418815960559aefee8e0c3831":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"14a3e69f351ac39b4297749a90c1365c":"051224f7b208549dcfda5f9d56ce5f0a072ef1f23f3810c693516c92622be6ed4d7a9e0f9450980ba490b2e9e3468ea7eef10bc9ebd673d91f32b748c1bf2c50cc4ebb59fc409c6d780bba00700d563ce1dc9927a6c860095a42ed053f3d640debfbfa7a4e6d5de234af19755000d95e7f414f1f78285ee165410c020038286b":"eb1c6c04437aa5a32bcc208bb3c01724":"":104:"e418815960559aefee8e0c3831":"":"797310a6ed9ce47cdc25f7f88f5dbbf6f8f4837701704d7afced250585922744598d6f95ba2eecf86e030cc5ee71b328fc1c4f2d4df945d1b91a2803d6ae8eba6881be5fe0f298dd0c0279e12720ede60b9e857ccca5abe9b4d7ee7f25108beebbfe33f05c0d9903bf613c2e7ed6a87b71b5e386d81b3ae53efd01055bbcccc2":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c34827771fc3918d1cee09ba9401b832":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"2379bbd39a1c22bc93b9b9cc45f3840b":"":96:"26e1f6cf0d9e0f36dfd669eb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c34827771fc3918d1cee09ba9401b832":"ce79701b661066e53191c9acdaf677ad41622314898d7216e3f113e2e6e215d26d8bd139827f06ab3ea5c4105694e87db1dd6cec10e1f86a8744d4c541f08e40319e22ab42fc1a6c89edfd486b6f142c6bbbf84a73912e0b2e55b79db306ccabf839855afdd889e52ae981520c89e7dc29bb2adb1906cca8c93fcb21290a095b":"2379bbd39a1c22bc93b9b9cc45f3840b":"":96:"26e1f6cf0d9e0f36dfd669eb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b1f9bd2006ec550b7b9913d383200b5d":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"ca28fa6b64bb3b32ef7d211f1c8be759":"":96:"c87aac7ad0e85dbb103c0733":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b1f9bd2006ec550b7b9913d383200b5d":"6d9fc8f586d50d6e0128172ae147844e80136905d3a297497a9566ca7c7445029028f14c9950acee92a5c12a9150f5e024e01c7505dd83937542b0b1288de9c292ae8ad918a09b2edf8493540b74c73d2794f2eb6eed18eba520ddea9567462c83330f33d7892fcde0b10c73a4e26ab1bef037cec7e0190b95188e9a752fee6f":"ca28fa6b64bb3b32ef7d211f1c8be759":"":96:"c87aac7ad0e85dbb103c0733":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b2cef1a92aa0af2b00fb2a99855d5bc":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"08d87b7acee87d884667f6b1e32e34d0":"":96:"3bd7685318010b0c5fe3308b":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8b2cef1a92aa0af2b00fb2a99855d5bc":"fd09525ef3c65ab5823e1b6c36b4a9449a3975c5d3a9e7e33c61fb32edcbb8e8c915b6202e3fbce87d73cc3b66d83d9ea7e1e353cc7468f08626932cf0235563e2a28953ee5a0afadb1c3cb513b1f1fc9a8a6cf326174b877448672f7731dd6430a51619da1a169ab302da5af5b38802f8bbf5890b5d9b45deda799679501dc4":"08d87b7acee87d884667f6b1e32e34d0":"":96:"3bd7685318010b0c5fe3308b":"":"583e64631c218549923e8ad33b728d07f23b0f19d2aff1ad7e20d564c591db0e117caa8f21e3f3345e3d84f0ccbb27274cddf9274410fc342cb2a5d4aea4e925d0dd5350389ee0dea23a842ff3f5c1198374a96f41e055f999cfbc2f47ceaa883da8eb6ff729f583eff1f91bd3f3254d4e81e60d9993b3455e67f405708e4422":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"175c306f8644b0c4b894ae3d0971505e":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"9860268ca2e10974f3726a0e5b9b310f":"":64:"f809105e5fc5b13c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"175c306f8644b0c4b894ae3d0971505e":"fbe7ced7048f83e3a075661c4924eb77da1b4d6019d504afb942d728b31fd3b17557bd101c08453540a5e28d3505aeb8801a448afac2d9f68d20c0a31c7ef22bd95438851789eef1bebe8d96ac29607025b7e1366fecd3690ba90c315528dc435d9a786d36a16808d4b3e2c7c5175a1279792f1daccf51b2f91ac839465bb89a":"9860268ca2e10974f3726a0e5b9b310f":"":64:"f809105e5fc5b13c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08c0edcfe342a676ccdc04bdf854b4b0":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"4a7b70753930fe659f8cc38e5833f0c7":"":64:"9ab1e2f3c4606376":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08c0edcfe342a676ccdc04bdf854b4b0":"1fc8ef8480c32d908b4bcbfa7074a38e915c20ed7a1c608422087e89442d7c5af6fe9c9a716c55793248062d8e6c6e8e904e2804da3a43701e4c78ecdb67e0b25308afc6d9b463356439cd095cff1bdf0fd91ab301c79fd257046cba79a5d5cd99f2502ad968420e4d499110106072dc687f434db0955c756a174a9024373c48":"4a7b70753930fe659f8cc38e5833f0c7":"":64:"9ab1e2f3c4606376":"":"983458c3f198bc685d98cea2b23cf71f0eb126e90937cab3492a46d9dc85d76bbb8035c6e209c34b2a7187df007faabe9f3064dc63f1cb15bf5a10655e39b94732e0c6583d56327e9701344e048887a81b256181cdfa9ec42ebc990875e4852240ddcb3cbc4ea4e6307075fd314f7190f3553267bd68b19e954e310ec3f8dbab":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"241067a0301edf0f825d793e03383ea1":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"a30994261f48a66bb6c1fc3d69659228":"":64:"36c3b4a732ba75ae":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"241067a0301edf0f825d793e03383ea1":"6984bb9830843529fad7f5e7760db89c778d62c764fcd2136ffb35d7d869f62f61d7fef64f65b7136398c1b5a792844528a18a13fba40b186ae08d1153b538007fc460684e2add8a9ed8dd82acbb8d357240daaa0c4deb979e54715545db03fe22e6d3906e89bdc81d535dae53075a58f65099434bfeed943dbc6024a92aa06a":"a30994261f48a66bb6c1fc3d69659228":"":64:"36c3b4a732ba75ae":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03cccb5357bd2848332d1696f2ff90cb":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"e0754022dfb1f813ccaf321558790806":"":32:"c75f0246":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"03cccb5357bd2848332d1696f2ff90cb":"5e2f18cbc1e773df9f28be08abb3d0b64d545c870c5778ac8bb396bef857d2ac1342ae1afb3bf5d64e667bf837458415d48396204fe560e3b635eb10e560e437f2d0396952998fd36e116cd047c1d7f6fc9901094454d24165c557a8816e0d0a8e0ce41e040ba6f26ca567c74fc47d9738b8cd8dae5dfc831c65bc1ba9603a07":"e0754022dfb1f813ccaf321558790806":"":32:"c75f0246":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e5e53c84a05d5a5348bac7b2611cf62":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"47e40543b7d16bc9122c40b106d31d43":"":32:"81eec75d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4e5e53c84a05d5a5348bac7b2611cf62":"489c00c05dec06f282924c680f621ab99ac87f7d33ebbb4ca0eee187ec177d30d2b4afb4ee9f0dc019cf1a4da16d84b7f5f5c7fce72a32461db115b5a5a433024fd5ed3d47161836bb057a0189ed768f95e45fa967d0cc512fc91b555808c4033c945e8f2f7d36428dcb61f697e791b74e5c79b2bcb9cb81bec70d8119cd8d76":"47e40543b7d16bc9122c40b106d31d43":"":32:"81eec75d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c94008bf377f90b7a1c0d2ea38f730c":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"abfe92931a8411a39986b74560a38211":"":32:"47d42e78":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c94008bf377f90b7a1c0d2ea38f730c":"7b3d619d115de9970b2df4e1f25194940b3f3da04c653231e8e6946de9dc08ae5ba37e2a93c232e1f9445f31c01333045f22bd832e3b5f9833f37070fafb0ef1c44cc5637058ab64d9e07bb81b32852d4cf749a3ddbfdb494f8de8bb4e31f46033f8a16bc22e2595d023845505ea5db74dd69ab4ca940078b09efb4ff19bdb66":"abfe92931a8411a39986b74560a38211":"":32:"47d42e78":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"69eedf3777e594c30e94e9c5e2bce467":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":128:"5de3068e1e20eed469265000077b1db9":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"69eedf3777e594c30e94e9c5e2bce467":"5114e9983c96fecec3f7304ca42f52aa16cb7c6aadfb62ad537c93a3188835ca0703dad34c73cf96435b668b68a7a1d056931959316e8d3ab956bf64c4e07479c7767f9d488b0c0c351333ccf400b7e0be19a0fd173e3f2a1ae313f27e516952260fd2da9ab9daca478ebb93cd07d0b7503b32364d8e308d904d966c58f226bb":"a3330638a809ba358d6c098e4342b81e":"df4e3f2b47cf0e8590228fcf9913fb8a5eb9751bba318fd2d57be68c7e788e04fabf303699b99f26313d1c4956105cd2817aad21b91c28f3b9251e9c0b354490fa5abfcea0065aa3cc9b96772eb8af06a1a9054bf12d3ae698dfb01a13f989f8b8a4bb61686cf3adf58f05873a24d403a62a092290c2481e4159588fea6b9a09":128:"5de3068e1e20eed469265000077b1db9":"":"208e6321238bf5c6e2ef55a4b8f531cbbfb0d77374fe32df6dd663486cf79beeed39bb6910c3c78dd0cc30707a0a12b226b2d06024db25dcd8a4e620f009cafa5242121e864c7f3f4360aaf1e9d4e548d99615156f156008418c1c41ff2bbc007cecf8f209c73203e6df89b32871de637b3d6af2e277d146ae03f3404d387b77":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45cc35311eedf0ba093bf901931a7036":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":128:"266a895fc21da5176b44b446d7d1921d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45cc35311eedf0ba093bf901931a7036":"5dc8d7525eaad035c19714ae1b1e538cb66a4089027245351e0ad9297410fb3a0c1155407c10a8bb95a9ca624a9c9925dac003ee78926c6e90ff4ccdba10e8a78bda1c4478162a0e302de5ff05fb0f94c89c3c7429fb94828bdcd97d21333c2ee72963ee6f056ce272b8bab007e653a42b01d1d2041ba627f169c8c0d32e6dae":"fed5084de3c348f5a0adf4c2fd4e848a":"6e210914e4aed188d576f5ad7fc7e4cf7dd8d82f34ea3bcbdb7267cfd9045f806978dbff3460c4e8ff8c4edb6ad2edba405a8d915729d89aab2116b36a70b54f5920a97f5a571977e0329eda6c696749be940eabfc6d8b0bbd6fbdb87657b3a7695da9f5d3a7384257f20e0becd8512d3705cc246ee6ca1e610921cf92603d79":128:"266a895fc21da5176b44b446d7d1921d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9edb5231ca4a136b4df4ae22b8588f9f":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":128:"5ed3ea75c8172fa0e8755fef7b4c90f1":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9edb5231ca4a136b4df4ae22b8588f9f":"493df801c57f8bb591955712d92d3fc34518f0599fec8533b2b4473364e1df4f560c12444cf50eeb584676b7e955c742189de6b50b8e012dfa6642f3679fb02bc6d8e08d1db88c8ae955a7946263e06494e17f8df246b672942661e5563302252208f2e00a0d77068a020e26082c291a75a06f63c41e2830292a418b2b5fd9dd":"c342e9bdabe7be922b2695f5894e032c":"a45c7f8032ac5144deef8d5380f033aea2786b0592720a867f4831eaccc6b85d3fd568aedc6e472e017455b0b5b30cf7a08ea43ca587f35e1646ecd9b4dc774d11e350c82c65692be1e9541cbd72a283bdcf93dc7115545f373747b4f8d5915ed0c42fbeefd3e9bd86003d65efc2361fde5b874ddabcf8265e6b884615102eff":128:"5ed3ea75c8172fa0e8755fef7b4c90f1":"":"56696e501fac1e8d5b83ef911ed11337d5d51ff5342a82993dd5340bb9632e6606eef68ec5fe8cec6b34ebbc596c279e6cbc9221c4cde933f6d93ae014e3c4ca49593f35eaa638606d059519bac3a3373519e6184e7227d2aa62170c36479fe239cb698bfca863925a4c9fb1338685a55a6dfd3bd9c52d8ae12be8551fce6e1a":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5fdcb8f5225090e63fae9b68f92c7cb":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":120:"827e66b5b70dce56215cfb86c9a642":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5fdcb8f5225090e63fae9b68f92c7cb":"d39b9cba95e3a3aab9bc1d03ff475c04faeb5b7f0510777f39e5a05756606eb7ddd154aac035d9ddaf3535629821dd8f014dedd52cd184f52fc706e3c89a3a271398c9125d9a624dafb297a56022ca2ea331ea7359ab5e65f8e14814788e64e0a886a9b1a0144bf268fdcf9d94c3d10a0452f40111da9df108252e9039eacea3":"581c818282a0905df5ffff652e5604e9":"f1ae6cd7b07f261105f555cf812a1d5bf8dd9aac07666318acffa11abb77d0238156663acbf7543825b45c6e9cddb481a40995ecd78bb5f4cba5df7c7efb00fc19c7f45e94d37697aca8ef368b99165393b6107f900194c797cd3289cb097eb5915f2abfd6aa52dd1effffdde448e30075a1c053246db54b0ec16eadca1c0071":120:"827e66b5b70dce56215cfb86c9a642":"":"cec11a12e47fd443f878e8e9fe23c65f29dd2d53cec59b799bcb0928de8e2f92fe85c27cec5c842ef30967b919accafe0c0d731b57f0bb5685d90a3061cb473e50e8aeca1346d1f47f7db06941f83f21ba5976d97c28cab547d8c1f38387a04b8a0b212da55b75fbaf9562eeeabd78eadcbab66457f0cd4e0d28133a64cb063f":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036198cd3a3ab9319684d0f811cf2992":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":120:"6cf68a374bea08a977ec8a04b92e8b":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036198cd3a3ab9319684d0f811cf2992":"6b95b9e82a695fb7b466ce3adb536f525d8314f95eada39efb49baf121093ce7d5439f0d8223e03530b85accd388a70650ca9f7e63eb32afecb7b1916ed9b762128cc641caf3e08e027c3d88481d653b6b15172e977dfb9b3f88465911aee162501cbf8501ce2b66ee151bbfdc23225f638f18750c239d62471663e5ee2a5856":"47dffc6b3b80ffef4b943bde87b9cf3c":"ec4de476cd337f564a3facb544d0ff31cd89af4c3d9a28543e45156189f8eff8f804494dda83a1fb2c30ce858884a01ec63db59268452b1eea0f0d48280bb7340eaacc84509469dd94d303774d053d7ab4fb5f6c26581efeb19165f8cb09d58ec314d09ab8356731e87fd081f661e7b2d1a7c3aa4af5448a12b742e7b210b0b0":120:"6cf68a374bea08a977ec8a04b92e8b":"":"5c2f7c408167be3d266ff634e1993fe291aef7efae245fa0b6b5bde886a810c866ae6a078286684d1b66116e636e285f03646e09f3c4ed7b184e7c171ba84f3bfd9500c6f35964a404892b4cdcdd3f697fc5b01934a86019810987a9fea7efca016049873f1072f62df3c17f57ea1d88ccd8757f7e3c5d96e8a18d5366a39ea9":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c9fbbff8f25f951ba874dfc5ff38584e":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":120:"ff0b2c384e03b50e7e829c7a9f95aa":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c9fbbff8f25f951ba874dfc5ff38584e":"ca401071396da00376add467490abc6e6a7d8a85852026979f7013a09cf689113c8d833560cd6c5b8fdaa8fdd818e773ac13954839a0a2c91efeaf4e0e14de43308419a8b86fa2ae600a88a6bd39dfaabc16a3c7c1b77a5c2aab7f7caceb2f8595324125efbb7c96ba16c47d0bd10568b24bf445d72d683268466e68e46df500":"1c1fc752673be6d4ff4cc749fc11e0fe":"abfde0b60acfe265b62ed68ebebc1f5f725f155c4b8a8aeec8d704701c51ff7817060c1b0ce6b80d6efc9836c9ea2bc022ec67db4cd34e945e3a1b153fd2e0f7ac84bb4b07e04cbb529ee24014b16067f9f082b940c9d5e54024d3e5e910310457478560721587da7b5343d89eec5a8fce389c01185db15e7faa9a3fa32e8ab9":120:"ff0b2c384e03b50e7e829c7a9f95aa":"":"239637fac6e180e71b2c9fa63ce8805f453d81499623ec2deba9b033350250662897867bffaf0c314244baf9e1fe3e1bb7c626d616bfbf3e0ac09a32aaf718b432337c9dc57c2d6fc4a0a09bdc05b9184d1b90c7193b7869f91e2caa8b3b35c10c6621ffae4c609bdf4e4e3f06e930541c381451ef58f4f30a559d2b79b0e6b6":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a314ec178da96311e42334a616fb38b":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":112:"1e774647b1ca406e0ed7141a8e1e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a314ec178da96311e42334a616fb38b":"518b3f5384ab54f80497d55be7a5d6902bc7718386212c2ec7537db331514b3838f104bf9054e03039a4cfb73f41e5d0a9648e569ed738cea8d33917430dff6afa8f07a75e324b9262fa196a4439dcd66b0535ee5bea0d292600227c2a79ed03be0671740e5cb7b306d855612bd3abcbf02cf7e7cecbb6cdbb33d57b4e3234a2":"d7ea27c819e3eb2666611bb1c7fc068d":"db8dcc31a5681f13d56abd51bd2dcb0d2b171628186e215a68bf16167b4acd00c3441973c3fa62fa2698ee5c6749fc20e542364d63c40756d8bcff780269e5201bafdced3cdc97931d8203873431882c84522c151b775285d0a3c5d7667254c74724ff0ea9d417aa6c62835865dfded34edd331c0c235a089427672c5a9211c9":112:"1e774647b1ca406e0ed7141a8e1e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e818372a63b7e2c23b524e29ba752bdb":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":112:"3744262bc76f283964c1c15dc069":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e818372a63b7e2c23b524e29ba752bdb":"c1bf1b702a95ceaa6b48a1cdd888ae51f58a9fc3232bd6c784529a83301c6d0cdda6e605ad9a2563f54a8d59f624ae7c589e48b85041a010dcb6fb8739d43e79a456fc0e8574af086df78680460c3cdc4e00dc3b9d4e76b0de26e9aec546705249fa7e7466c01001c2667eaf2813be1f0f116916f34843a06b201d653aa1b27e":"36e617e787cb25e154f73af1da68cb06":"71801d69796c2ce36b043c157aec9fd2e06fd1ec596126d10c26b6d44e3dc36c4fa30a030d65c382b6ddfd958e71fe9c16732e595137a3d6764c15480fc3358e9a113ba492b31274663f5842df5d1cc6bad70e83b34675a4411e2e70755aede0ff5035601be130562e27a20283d6f144ff1bdb5276dec05fad80d51b28d50688":112:"3744262bc76f283964c1c15dc069":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a04f16882ff45816739d1b6697ce8b7":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":112:"fbb37084396394fecd9581741f3c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a04f16882ff45816739d1b6697ce8b7":"6a4f3dbb3371f64258fd1f831349e745a4e19a33aad794b1de3788729618beed619586092120e9e5dc3ac6e0d52f991f7be61afbfaa4399ac716ad79a2734827254b1627791dc92a128a6f43426b8085dee94242e83176a3d762658f18ecc1e37e3e1531648c9caed212ea2cf3b3843cb92cb07730f30fe2dca3925470fadd06":"66f504d9a9128ad7fb7f1430d37c4784":"f641c53c83c4fb1ff8044bfa97cdf63fe75d8159d65b3e5ad585b89c083a53cf4a2f7a58eaeaf45fa71f2c07bc5725a6b03307d7f32884a133a4c803700bf1e12564b98b71f63b434ddf13ad2c467dda25ffa6effcafa72452b20c34cfae71e47096f8745b487e9f1945f5bec83f7ec2709a13b504d92315b1b727a78902be84":112:"fbb37084396394fecd9581741f3c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38cf029a4b20607030586cd2d82146e6":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":104:"7b021de5cda915ba58f90ceef4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38cf029a4b20607030586cd2d82146e6":"f4c9f4476561c9ebdac71b282ae6e2f9f03547da98e66d4d857720db2fcc9ed1f363858db34c9dcaca0109d7c81db24150493115f2bb6985efa8686e3d2ab719d33b230aa4c5c70696bf42f225fb3c6704711c054a882d89b320884a78cb59cd2100496edf4010487597fb9135d8ca79693a43843e9626fd6c64a8722b3a27dc":"6330084319e2bf32cd5240f4826944bc":"80746cfb0127c592f8164d751b0e14a5b379056a884cece7ee4e9b80538d7ff6be56a3b19c135786722aaf315123b47672b0251e87ea45f0fd3601cf93f9efa6cbd9ad537f54d57f1e187f821faac24096ecec19d137c9f4cf145c278af4cd8de01c7758784fda06f1cc62d92ae1977786f3d0645714ab4ab6f48c8794b12f73":104:"7b021de5cda915ba58f90ceef4":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cf4d81fc5997c744a572bed71f4ae609":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":104:"0a86142a0af81c8df64ba689f4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cf4d81fc5997c744a572bed71f4ae609":"f3d65d70326e641fbe7fd945fe9cf66c74f17d0d1020ae8ac488f39b7285c99d8632bc2201960f3d77daccfecc04428abe0853aa8d82b90a93127c72b2d2af53f7f1bd0afb99d50f0b3b24e934ec98eddb278b2c65866442cebf10208c7ce1b7ecf764858480b2a269b106fa6d2428d5ad17612e53e62ccc7ad1184663aeb9a7":"bc4e20c56931c967ce8e3b8f5f1c392f":"b6b8294abf7da5703f864721f7904d3821f5568bf4b269e44edef4f1c95ddc172d83a06c0ad9f7f1fd2e292c17a876392bc5bb705d370b2f16ff721bef7648f423346fd3a4d762676e6fcf2d690553a47224af29afed0f452d263be90eb8150a13d720f1db6f1abc1c2ec18cfbf93b8ed3c5aa7cfc1dcb514d69f90409687a4d":104:"0a86142a0af81c8df64ba689f4":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d88ad40b42ead744f1b7a36685658be1":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":104:"7643b3534eb5cb38331ed2e572":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d88ad40b42ead744f1b7a36685658be1":"e99d2566fe6bcb2a04d167605db7c0f1e5567ff2d8d3292c15bbccc5d1e872bcb15a30b3bb8b1eb45e02fba15946e6bca310583a6740845a0f74f4ebfd5c59ced46875823e369e0447cc3e5d03dae530adf3c9846362c94e7f9d17207bf92d4d59981d8fd904eb8b96a0a23eb0f8d7e7a87e8e8892a2451524da6841ce575c27":"52c3158f5bd65a0a7ce1c5b57b9b295e":"dde2663335c40e5550ae192b843fa9fb4ef357b5c09d9f39dafda3296a4d14031817ee4dc1a201d677597d81e37050cd3dc86c25adbd551e947a080b6c47ec7be8a927ef7920bd1bb81f2c59801a2b9d745d33344cbe4838bcf2eb8dce53ab82c75c9bbab8e406597f6908aaa81fbbdef25aa69116c8f7a8cdc9958435aa32ac":104:"7643b3534eb5cb38331ed2e572":"":"6f87f6be2f4e7421aa26fe321045d1e23066a02158634bef35890581c92367d0bc232940de30974c70a66c60137a9f3924d12db1e5bc1b0e7131ea3620a25eb805b7d670263b82c8bbfcd6839305025390fc17d42d82daebe1b24f73ff9aa4617e3866785dded88f8b55ef89b2798ea2641a592a46428d9020f9bf853c194576":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3ce86a212a30e724b4c624057db4e79":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":96:"3230fe94b6ccd63e605f87d0":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3ce86a212a30e724b4c624057db4e79":"3582ef7a9565c9a8e4496750ee5ca3e3a80df6238f7b7608e3394ec56d1360777921da039ede34abcedd01081babd496ba4de74a7de501181d6bb2022a6cc7f79d89a4c6a97676fb0f2b42f70e2d0bc1eaac364c3646df4f611c1d6b09737451b81b5a4da73c05fb58391c74e44498b80b26f1c29562d23c39b5d3f086b280cb":"9e03f0dd4cb2b3d830a6925e4400ed89":"92c48a39d93ea3308f55f6650d33fdf17a902076d582a94a82ac99496de9f62312292b844bbca5a683ef0f0710bbc1c7f89cbcca8f9c0299f154590d32059bd99fca5d78c450ede0d11d55075947caf2151218ce7a06c1e81985a7781a3444054170b457fd7ba816026310112abb47c8eddfd3ab7f679a0f60efc6c6dd3b759e":96:"3230fe94b6ccd63e605f87d0":"":"052347a4273cddba65b2a0b961477f07edee440a9117ab204359d2dd45ad2a6dad3b60ead891e7da6d79f3017ac90f95725a0089f04d25ce537bf53b7ea8e1ea58692d34c221db141e2a9fd7211adcee03ef8b5bf3c5d36311d20bb3d81f70f7e7272d0e2b6d12293b1a2c31b70f140a8f08d98c6231a3c429c3d0a10b2e1c1c":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0155360b84420b5bf4fb410ea02f31e":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":96:"ac5addcc10cae6c1345520f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0155360b84420b5bf4fb410ea02f31e":"ecdb51522fc440f7471ea6a31f7c1ef1ec2153e5bcf6303297dbf8ddb3830b45ed9866157375ce4bdeb5e32fcbc6607984fccd7e6552628736608ab13072856d432ceccd3e90d1bb52ca9ada9cee90eb89ac10e887a1978fd0fb3d7bb20caaf35539e150be8044b725b8427c4c4a910f79980865d36344a8784bcc3d58460acb":"46f0386be7363887e7e357376305eab5":"611bc290f91798ad84f0a5ecb5a7cb8fa35e9ab6a5a51c9869a68a076e96f92c9c117595f92cbac5d33343fa2accd2541473907cbc54792c5e215ae857424c921b04ca4b81376bbedbfcc0e565c118f2aced08f247698eed5e2d202c48245161cabeac9fa195219f9799fa253e339561e13012167f1d02b4012b7791b7c863ba":96:"ac5addcc10cae6c1345520f1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"694f621f594d96b16c32254ff06f3f9c":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":96:"0bdef4d771a1740381e7db97":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"694f621f594d96b16c32254ff06f3f9c":"e61476b8b7f101ca6005f25af2b9bee795d62720bbbf59357057ca7cd473e00f0d465255fce8d6164657603323549fb4e3d33fa51054b1a70cc7e492916dea85453e9107fe781bfeb4a622c5b2306a8dddef99386dc50745003aa7220cd7f32fb0a060fa7682576769a48f9169c7d11fe0a8a61b95f5d6dfcf216f7d0c652a84":"542db4e107485a3cd24c7ad337a4f1b5":"27b7bfa5eb34ba376e515e58ab8b6556c396820d0074a1fe3b984945dcf5251ca450456ccb4bb66ec739b03fdc5f72d24553e843255adc012d1f1c95aa3cdac5d12926465354217203052cbd4869a8b5be2e01d0fe66b5a6a8da0a2ce351557e2991ce77baa812b9c67b8e1c5a1fc348710e1a73a0fd49acfd538b7db6bef8b3":96:"0bdef4d771a1740381e7db97":"":"8b27a338fd2153d304f04655e09bd9bdf4468890ecce1e3b51de2c9a25a8d9336a9acd753ce270b1fe8d50196feac68145e0fd59c9cb3aa7c1e8af03494bc4279c6e287c849f3c775ada584ae173100946ae6921ef7c96bbc6f216093548702cf1867bb1bf1f4c9e90a34230a2b2aeb584622dd615023a43a406e64428bd9170":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78826a5215a1d5e1b39cad5a06861f8f":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":64:"a724bbb295a02883":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78826a5215a1d5e1b39cad5a06861f8f":"0fe2c798d7015d3e2f8725648d95729c45d357dc0c89fc63b9df5a68d3e65419540f663e9190793a29c58c495d5c6a731782acf119e2df8a96fb180ad772c301d098dbc5e3560ac45b6631a01cef7eed6db51f223775d601d2e11b9baa55e2f0651344777e5a03f6738a2013626a891b5f134f07b16598b8cbe3aeaefa1c2a26":"feb9d740fd1e221e328b5ef5ed19eff5":"ca9411b368d8295210d7a04da05a351d287f2f67d978ef1bb936de9f8065473f6fa11495da2eab13a1002231c86411d5409bbc718e2042ee99e013b1df1ef786e9fc1f2d43293c854128184efb9317c4ef82a002eac8b28fcd91d8a714a3aa25fc3c0ae4af9f4bcf5ad19a30cd8ec4b1785df70aa92074da419abe433dd4c435":64:"a724bbb295a02883":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d450f5253251121606e56687952bf2f1":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":64:"6446398aff73ed23":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d450f5253251121606e56687952bf2f1":"479b4f421bd8ac7f615c4a507da187cb5d4b1f1e2c6113d1f9678c1ba92dc5e17c5b525d7f3208733223eb82af0820b8476e9b08ca714ce044417b24d2238720cb8ffdc69db558cbaff52e3651b400e16c9d5ac8ed8949a19c35516f80394a04bd1cfdced7b204f779d792086e00b2ebca2f55a1140e85f5ee9ac7cfc5a31747":"fe7ff90b020fc77d7fcd90bc583850ac":"a3bca9ff25a60006eb18f993dcdc99681e414e27605264dfd25652195d7fe1489550afd07fc7346b88d93b59eb6642913646e93bf50ee1db5dd30106cf181124d8ad01c72ed99038c9798620abdf5c78c419b08c97f982b34d9e9105d9aa4538afcd37f62e2412f14f7a248fcd60abaf2b66cd4554767f99030f1a495d56a5ae":64:"6446398aff73ed23":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90a59f6b0abf932311f0b65623c17740":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":64:"dc77c1d7e0902d48":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90a59f6b0abf932311f0b65623c17740":"be5a948a771a8df12adaf74d702f064a75f6483c03203365fbde7d184844fe6dee0b84cf344be05b1d163817ba1516fcb87b9167ed81f884ada73b0058e2b38cba515bbbe462f4c21f8de1d41bca2cf4340aa659f9f07886c2bb620d9c3295318c07fa3c17fe8242409359c08bcb337e5cf268880839b6a20f4ee4b3f04e7024":"20778bea82a6717038e7064f48a31981":"4022d04f1454a72d2efe57533bd32757595220b20f3a37d166cec0412fb1eb2588f939ecd906c805f4827338669888e9f730905001eb1b136b95e306edf70d9ba1e5cd0aa13a25a1f28ab55cff36f9cd7036c735e3b285d26002ad2ed1074b566e252ea3ec8a9ce10882375dc3f1d9676e301dcb179eaae991120b796cc35648":64:"dc77c1d7e0902d48":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be4ef629f0b38194c74f7b66418922d":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":32:"3d8fc6fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be4ef629f0b38194c74f7b66418922d":"b67ea20a320f4ec0e4185c62a4ad79a3c97a8189a5e4d1deff9d3edff0f9a9323532853c1a2a2c1e62e4d1afebfcdf1d8461921ea601750380e63b912d8b7389198f976851d88a19f1aa32c97143668ad00838d98da1c4f2be0e6e2dc964d170d7f7ad2e2997982e5ca110e744b6e10c24ca18eadff6b129b1f290c8a7e0a593":"fb77a4b9b246271abfc656433f87628c":"e5d5227725a19a3050fbf2a97a6e854bc1218b94a4a3403b721ace3447daff68fff5553a26edd41219e68fb61fb9e964d0a3c29796251ae4eb942187cdc55d13a09dfb487e93d9e2072d7271456a77c6ccb81154443eea176314d6e3a08619b52cd880f1c28ae5214ac0090a3855dbd74f87389fe8afebd464330fb683dff81a":32:"3d8fc6fb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c50e37244931e8debc12b3d561c83ba2":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":32:"7d4393f0":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c50e37244931e8debc12b3d561c83ba2":"b9abf0796f2d2f774735546cf809030f65ed0c7f6bd469ef2fe0ef32aa0225b57fbce07c36017bbc1806a81ff1a429278160a07643f864485b4e0e35d57553dc1a131e32aa10f1f91d663b10f0a418f472ed7b4bca54fd7ffdbb22c4d7764d94a7ffd04730614459431eb64335b9b65363de292c04275d40a7b968c0f5c486e9":"6c0b1fd7ab424a6883c36457d1b5521f":"516dc25f6452ae169ce293c5cee440de47353ca5ba770dca0f04175950e87a2d4c3f84fbc6eeacaac436853492929680066f959e74de4b736ab924d8367b90aaa6e9492561ad4b5aa78b6737d562e960edc3b983e2e01a186e9f22896f48d8dfcfb6a42cfe2c6006c687a27772820a1e8875bdf09e8104248ce4db883376bc04":32:"7d4393f0":"":"962509e494f10269b70ebad02b0cd799d1d41191a734863ef502aff3d3ba48dc2acf9da9a3fc3f40be4d210dc5e128bc00499aec57aa0a4669863165428687b88d46fad41e36af8ea6605586eaa5c0736d0d53b9d523e0cb5a0b285048e060a73cbf4b587d2cd787debdb2b4c8cda731a61a15b19fe8b561fbdd3a7373853ae1":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8531ddb03977383405baf2ee9ca7d64b":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":32:"2fc9de46":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8531ddb03977383405baf2ee9ca7d64b":"d90c9e26509bdba9b1dea8d2b94f2b1881d22c2bd756ad23cd61944710a1c1f2807170ed47a6870ae654e44757fcb3822ef28b37946cafc07284f8a0c22ae3552954f0d87b8d8c825bd546935b494cacb4262d9e2a88f254f200ad31367d8b3715afbabea5f34214ffedb14d7c84806022aba2dc8f88a314ffbb24017d1a9b9f":"baf623867d6a25fd85d1f08e599c0566":"18f92cdd37dcd7f99b06838f3f68748aba367baabaebd0da9ee787d70e752fa07dea553a43b643b8d8f460175c0746675205e20a7a98acfcac864d7c4cf5ab4c41c031738c76882acda003c5af47b1c4df8894a827a317935d970d4afaee17715c9cfd1883e8c345f19d1f89e229b8edba6b4f53b86d8da1c0f159afb83b6b33":32:"2fc9de46":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"862dd5b362cfa556ca37e73cff7f4a0e":"":"81530a243655a60d22d9ab40d2520447":"":128:"3b9b2af54e610ed0b3dda96961dd8783":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"862dd5b362cfa556ca37e73cff7f4a0e":"":"81530a243655a60d22d9ab40d2520447":"":128:"3b9b2af54e610ed0b3dda96961dd8783":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3452b7bc100c334292e08343f139b9d0":"":"8f92739a30fe4ba24079f5d42753d6ac":"":128:"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3452b7bc100c334292e08343f139b9d0":"":"8f92739a30fe4ba24079f5d42753d6ac":"":128:"0eeca69f8b95e1a902cc3ab1aaa8e2af":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"31a0cbaf21b943f8badc939e94eac7eb":"":"d5bb2c4eaec47088230972ae34fcda9c":"":128:"580e728512c8e44fbb3fe2c498e05323":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"31a0cbaf21b943f8badc939e94eac7eb":"":"d5bb2c4eaec47088230972ae34fcda9c":"":128:"580e728512c8e44fbb3fe2c498e05323":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e8fca537746e7cbff97f1dcd40a3392":"":"43e9f2bf186b2af8cc022e7c7412d641":"":120:"4465a3f9d9751789bcef5c7c58cbc5":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e8fca537746e7cbff97f1dcd40a3392":"":"43e9f2bf186b2af8cc022e7c7412d641":"":120:"4465a3f9d9751789bcef5c7c58cbc5":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"35b5854ca83792ad691dbda1a66790fb":"":"cff61cf9b32ea30cf7e3692aa6e74bed":"":120:"726793199df533dd9055b0ac7c939d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"35b5854ca83792ad691dbda1a66790fb":"":"cff61cf9b32ea30cf7e3692aa6e74bed":"":120:"726793199df533dd9055b0ac7c939d":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"07259267c1c6a015437a5d8cfa92f9e6":"":"18b9cf2ad7ace6ec1c8366b72878cf20":"":120:"4340f6263f0ba2d82c2eb79cb0cc7e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"07259267c1c6a015437a5d8cfa92f9e6":"":"18b9cf2ad7ace6ec1c8366b72878cf20":"":120:"4340f6263f0ba2d82c2eb79cb0cc7e":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa1df8955aa3ef191900b06e7c1b7d46":"":"6928c138c98a4350c318fbdccd3f44ba":"":112:"7c89d9e77515d271b6ed54c9c4e3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa1df8955aa3ef191900b06e7c1b7d46":"":"6928c138c98a4350c318fbdccd3f44ba":"":112:"7c89d9e77515d271b6ed54c9c4e3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c04200ce41ce77d772babb206315ec7d":"":"a885d58f0f38f9ff26d906fa1bfb12f4":"":112:"9ee0d025421f2bf18caf563953fb":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c04200ce41ce77d772babb206315ec7d":"":"a885d58f0f38f9ff26d906fa1bfb12f4":"":112:"9ee0d025421f2bf18caf563953fb":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"650df049461be341c3099bd1613dcead":"":"8a4ff6327b49d297248ce2d5bd38afa8":"":112:"13f067ef0d7b448d56e70d282fed":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"650df049461be341c3099bd1613dcead":"":"8a4ff6327b49d297248ce2d5bd38afa8":"":112:"13f067ef0d7b448d56e70d282fed":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee61b5bf5060fcc637dc833926898508":"":"b2dcf21f9ffa4a883044d29f087f9b85":"":104:"9ab1d66666d4dea3cbb5982238":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee61b5bf5060fcc637dc833926898508":"":"b2dcf21f9ffa4a883044d29f087f9b85":"":104:"9ab1d66666d4dea3cbb5982238":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"01cc56ca7e64db7fbef66236a5c49493":"":"8ea5b63004189792cc040ef18b37e550":"":104:"d685aeb54aa129a21bed17766e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"01cc56ca7e64db7fbef66236a5c49493":"":"8ea5b63004189792cc040ef18b37e550":"":104:"d685aeb54aa129a21bed17766e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"134dd72ac8e28ab46720c2f42284a303":"":"c6368e4c0ba0ec90fa7488af9997a4c7":"":104:"4ad9cdf19ff7d7fd7e273efced":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"134dd72ac8e28ab46720c2f42284a303":"":"c6368e4c0ba0ec90fa7488af9997a4c7":"":104:"4ad9cdf19ff7d7fd7e273efced":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"180c04b2bde6901edcda66085f73ecd9":"":"9193b206beade4cb036f01a9db187cb8":"":96:"530f5e9ed0879ccef3a7b360":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"180c04b2bde6901edcda66085f73ecd9":"":"9193b206beade4cb036f01a9db187cb8":"":96:"530f5e9ed0879ccef3a7b360":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaac85742a55ffa07e98106d6d6b1004":"":"630cd8ab849253c4da95ac80324ecc28":"":96:"37911820c810e3700c3a9321":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaac85742a55ffa07e98106d6d6b1004":"":"630cd8ab849253c4da95ac80324ecc28":"":96:"37911820c810e3700c3a9321":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"":"86e6100669929e329a1d258cd3552dc9":"":96:"958d6141f7fb2b2dc7d851a6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ab663c4f8f2fdc7d5eabf6ef26169b4e":"":"86e6100669929e329a1d258cd3552dc9":"":96:"958d6141f7fb2b2dc7d851a6":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd756d49fd25380c4026ea03cafc2da":"":"6a6f7e39b0d730ea1670e13d16c12c28":"":64:"872ef05a28da5ea1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dd756d49fd25380c4026ea03cafc2da":"":"6a6f7e39b0d730ea1670e13d16c12c28":"":64:"872ef05a28da5ea1":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bd8a834b288bdc7578b6c6ab36f5d068":"":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":64:"c5c094e83755f2b6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bd8a834b288bdc7578b6c6ab36f5d068":"":"aa77de0af5fa4dd1ed2ada5cb94813a0":"":64:"c5c094e83755f2b6":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"020d280dbd06939bbb5e6edc6f6d39c6":"":"09aea6f0e57598452719d6f63b6fe5a0":"":64:"05d6c56ba601e85b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"020d280dbd06939bbb5e6edc6f6d39c6":"":"09aea6f0e57598452719d6f63b6fe5a0":"":64:"05d6c56ba601e85b":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e47f41a27a2722df293c1431badc0f90":"":"227c036fca03171a890806b9fa0c250d":"":32:"86c22189":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e47f41a27a2722df293c1431badc0f90":"":"227c036fca03171a890806b9fa0c250d":"":32:"86c22189":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9d3e112114b94e26e93d3855d4be26bd":"":"99b98525160c4bb2029da5553ff82b59":"":32:"33bee715":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9d3e112114b94e26e93d3855d4be26bd":"":"99b98525160c4bb2029da5553ff82b59":"":32:"33bee715":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b4b7688588125349fbb66004a30d5d4":"":"b4ae363edb529d8b927c051cf21a2d9d":"":32:"6a920617":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b4b7688588125349fbb66004a30d5d4":"":"b4ae363edb529d8b927c051cf21a2d9d":"":32:"6a920617":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":128:"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c4b6c5b8e21c32f36b0ae4ef3b75d5cd":"":"3d1036bf0000e6f1b77a799f2ef32dec":"1cf2b6cbe86a87b4b5bb3cc50024aeb27c48143658d47b41f2f20b87ed67bd6fc3b85a3a803f66d3576608f5d6ce6cad11e02fe12de5390722dccb8242e1dd140051bef51aa9716c860d45d45bca6effbb1a4797e6e7406a04db5d823766c0f011ebc28e9a8cd4446ec8a75ea8bdc1b2fdbb5cc364fa9877886e30404593df34":128:"a49725014c214ef7cc2d28b9b2b53da7":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":128:"c53d01e53ee4a6ea106ea4a66538265e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63c3f81500746eaf383fe3975d84f849":"":"0799d4152fd73c1604b4610cf7171fe1":"cb8248e5f904cc9ccccf6f273fe621eee1b4d7ed98480f9e806a48b84e2d6a733772ecf8fb7fe91805715cddab2b462b89f6e6c7cf873f65031f13c357d5f57b00b7c391c39e78ad1ed94be236ca0ae316bce11bc33c5d701fdfc58abbe918b9c42f7b3d6e89d46f9784b388a6e6daf47730b9fa665d755a17e89932fa669c44":128:"c53d01e53ee4a6ea106ea4a66538265e":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c88b191ce6e8e4a3941f7960b7eae5":"":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":128:"92604d37407aff33f8b677326cbb94fc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c88b191ce6e8e4a3941f7960b7eae5":"":"e2a899961c332c815685c553351fa519":"308bf10570af48d632911f3641dea60d78046211c01a63bb8e4e5cbddfff8841d2f2b11e18ccb2170805ef4cacf7804d64e0feef40731a1704907f33b77788c18ccf35b224ec3046a67664ac9a3481d2385b6ddeec6da4f32423f94ea9663a5c51cc388cef33744a8159b4fb654dfdb5092718bf926c824be31197f07f276b5f":128:"92604d37407aff33f8b677326cbb94fc":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c818dfa0885a09f65ef78712f5ce6609":"":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":120:"20e9a3a98d71d460743e1efaab13c6":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c818dfa0885a09f65ef78712f5ce6609":"":"ca279284723530fdd68ae880e0ce775c":"2a562abdbb483ca5f355f9cc1c5e607bdd624a078a76b717ce0f8f35d0d4c54b629f372f15d20c848d01420c6af5a7040d42063704a17b46259dcc53723caf2d4bf556143ff9117c752fa4f22c9c155c99b7bf5949d089cdafd562165b9cbf53ff51cec21f49128c8a599718bbcdb4a5d705d20509c44c8945e2a133164b9942":120:"20e9a3a98d71d460743e1efaab13c6":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2354c6b6afaa883e7ce91faca4981f8b":"":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":120:"3588c9aa769897dfa328549fbbd10a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2354c6b6afaa883e7ce91faca4981f8b":"":"604f2730c756c8c39a0527093bc2feb5":"959b4b0b9ce2e9120b327d2d090117553999ee10bdd384a546fc6de0957ef4b447daf07b3d07ef7dbc811f36b0fc09a175d26e4d1263cb5e21eda5ecab85d763807bb20b3cb6ac3f31d548dff00aae058d434ebcf6f7e3a37f11324134f453dd0ea7f51094863486426ff1706129a5a93c53d8c5ccb56cafa5881981fe233cb0":120:"3588c9aa769897dfa328549fbbd10a":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0af48e6aebbb6ff5b7c92bd140b085f":"":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":120:"e6222f068a1e18f09ba6c771eabd86":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0af48e6aebbb6ff5b7c92bd140b085f":"":"d210d6502a5221ac1274a9c7f5a81725":"d725311ca10eb4b4aa24e6dd19c5e72dc34fc1ff53feb25d924a9b7d8d72205790ca4b1275bd93ad60c27a5587a45659bca07c111e9748fb683a03465153ffd735b7d134b479674ab8596f0596496fe2090f623fd1e4dd730c5283d8b172db8a25df42d9b34f388ed32676a56b8ba03347e47379702654508ccd0a21ff03516e":120:"e6222f068a1e18f09ba6c771eabd86":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a05fe482fe164b2eca7f6c3e377b39d8":"":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":112:"3900bde9fa9ae2cbeee54d04f224":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a05fe482fe164b2eca7f6c3e377b39d8":"":"145327bcc10335fccb93afbf4b17e6e7":"ea6f2e93b5e1bf127d40440b8d6397405246b1b48eebe16964f18928f6b4b8ee2c36322d7126905c1a5b816996e340404b586edc2d77afac11a6c1266511f9eff1a320b035442d4078f8e42ca63cf26d12a971a7adf4645d1bd9a8e4d0a20722f7c2d529beaecc4033f7738075e1cdc6d8a929da5582540678935b82e7b7ba68":112:"3900bde9fa9ae2cbeee54d04f224":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dacbadf819eb16a63f6f091d13ed04d4":"":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":112:"8988fca83c8cfb1f8feefac46f04":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dacbadf819eb16a63f6f091d13ed04d4":"":"b9ebce724b0dcb0989ac2d8e7ff8aaec":"7dc6e2189d8a96f3507e352e05e8fd1b4bab988c2f1c706115887119f63b78084f015d85f6b460901a02880103e4d36e8f6527dfd74e4a3acd3f578c0cc726b528875f701ff8b66e5c11b4689c346a098e123bebfa253362cb86829be73c2b85a6881fa976aa730fabb76775027feec7fd920a6c8965a4a509ea812d7c413a95":112:"8988fca83c8cfb1f8feefac46f04":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"969244c7444f3f3bf193b28f8e8e96dc":"":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":112:"a291c7527385f037f62e60fd8a96":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"969244c7444f3f3bf193b28f8e8e96dc":"":"49b2845a1a1c87fa66eb8f78c05ac029":"1414a07e86d8b61d1eff43e1ff4ab42c1c95e159058b74c731e3007d21a5eb78bc17b7e920363a3974aeb8608813dc9a4655199b6703ed337450702d8ab16a89776831b2c7c811fec3acc23598a0aa01680a7bf42a4e258145beb08c9f0eacf2bb5f56d26bea3ad11e1a956a630b80f3d22bf35592b4704f7c464b08b06dd7f8":112:"a291c7527385f037f62e60fd8a96":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"525abe490c8434802b69439c590a5290":"":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":104:"038c7e95f790e6ca5ce73f9551":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"525abe490c8434802b69439c590a5290":"":"141f79f0501316e66451c41c7af0f0cd":"be440db66d3f81be467605a7b2805ec1df5e71e1b1b04bd7a4d05e912f5aa1912ba08de72df18613b32b7edf78963c48c80c25178b3b19262b85bb829f5377e0b368b500d6d3b442f54172d4ca4500eb5b4d478b602e5dc11d090539455087ce1e5b9ea74355fc06e9b60cbf25a9804d3f8c623fff130abc48bc2d8d116b8366":104:"038c7e95f790e6ca5ce73f9551":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51644e025659de983f5c8156516b812e":"":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":104:"77e3deba2c7f9386f85bc4a801":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51644e025659de983f5c8156516b812e":"":"614837c743d0974e9cca497f13038c02":"60c5d062ade2c5c2dec68b734dd3e58ec474a586d1c4797fdfa2337800510134cb27a10d501927632af3c1febc275010c0d2e5abee630cd2bc792963fa82a42286ab047b934a261927311b40f5f953bfd661427921147cac7613d95ee86e16326ef67c1ed097e8fb87a78753d785de34e03a182232786079cb6be00182e41c9e":104:"77e3deba2c7f9386f85bc4a801":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08566ca7310302dfb84d76ea0525ba20":"":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":104:"873f037fc05252a44dc76f8155":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"08566ca7310302dfb84d76ea0525ba20":"":"5f20ec9c35c08aa7f1c0e8a20fdbd2b3":"5d84e32768b8d1e7e3c426b3118d48e35491bf1bb454b359c8429220216efd8826be94fe1919409a128ccd8125a594f1691c9421fc3dbbb3f757bf2355bb0d074ceec165eb70e26eb53fa2cb5d84dfae06babb557805ef7b8c61c1bc76137571bcc5e84bf5987dc49013831d78bd497ccc49cde7dca2cb75e7ab967da8c6ce81":104:"873f037fc05252a44dc76f8155":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfb54db96383fa911bf5b4fa1218ef9a":"":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":96:"dada7fc7fed58db462854ef6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dfb54db96383fa911bf5b4fa1218ef9a":"":"7e849e24983f63f1194b396bbd2d55e0":"d3fb689c5818810dd104693f3306a10b27178444af26798a194f7c2ab31ff3a172904b951942b1a26c8ae5b5b1ee2d86dc78bb72a335fde350766d7d9aef6f549871dd46b04b2cc319fcdd47be437d431ad18cab82d51ca9fa57f4108a8de622a92f87d28c0349fab27757fd773413f559a8c00d30e258c1f6cd96f9759bd957":96:"dada7fc7fed58db462854ef6":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"389cf888474e9403e5f4d0e22ffec439":"":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":96:"92726d90ad26130e65f2beb4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"389cf888474e9403e5f4d0e22ffec439":"":"ef57794cf6fac9f9cea3e8499b53b1d6":"7ea7f7f4763ad208eb6199285b6b2819756c4e3caf2d0ac6f5076ae6785fecdcc4b138a51860ff8b87aaac3a18c2df778a4818308d458dba28f5017513e1454f60be20dae68736ea6d48b1f9deadb517df63140acbd329fbfbc9b82f3ca1862c9e998f0faff1d3ae60b005bf66829f5cf0c5fa03efbdd92d39351e3954be0257":96:"92726d90ad26130e65f2beb4":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e55abb2ca36c822bf2a030ac703cb8b4":"":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":96:"65025250343ed8c09b3fceed":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e55abb2ca36c822bf2a030ac703cb8b4":"":"d86f7177e8ec90f9e9edf10175d5012d":"777a9d93091de56324c10712243f5541722e0b27e1f303fef6faa387a8666161ab354dbea6c43c82a24e8623bfec39aab13164add6be0dfd55d23204c0975b4ba6fbda51363befde482a9ccc1eb9f151e6ad59c77a1e24dd268389e4686f198a936dd603044a3fb653d63cff80597f5a2913c8a2ec1b7d9dce5728dd56c78c2c":96:"65025250343ed8c09b3fceed":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"586114f3b1dc087e1b2739b28c592dfe":"":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":64:"467a815610faeb82":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"586114f3b1dc087e1b2739b28c592dfe":"":"ae5a38ddd455505284434a4bcfe81ef2":"531ff8c285e532d961f49bd210a5523cd9b19a697a3a3fb26db940a496f253862405b1e825daeda7eb0445c98022b8342c8f8ea20301618483f8ab04b6ebccd7e7fc57878fb544a5bf78fa896f50ac30126ff8afca8a86388666b64c643d16812729bfd7e5c03ba52f7e6ea4c6a685404f7bcbd956964417fa0ea9a6d7290c41":64:"467a815610faeb82":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbfe806bddb7f06b3826b097550c68f5":"":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":64:"0697ac372a9acafd":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbfe806bddb7f06b3826b097550c68f5":"":"04c1b6c9fd2ab76fc2adfe15d3421bbb":"cfa86d02599652cb4ffff027b9c6ef2336dc9fe946f64fa5ce83f624e144563d4738381bc5371c3cb55cf41ceda07e62cb635ff37246bfa428785229c6e869d5df69d7949a8577889a29e3d05b788ddd43608d9c14e3f1b51ce2085b9a976fe843e3396a74922babe6797d5f01c37ead623b5b582505bcd29edf8a6ea36b0fc7":64:"0697ac372a9acafd":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"96ce3a095a91effdd91d616f1f02ddcd":"":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":64:"55a0f61032e048f3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"96ce3a095a91effdd91d616f1f02ddcd":"":"579d6633ec6687afa24ef874899b58e0":"3ff3c0038148ed391b6a10aad623a82fe9209c5ba74482f11506d597b5fc7af977235d8ee9e28cf2160346ddd0e33a5bd1fb67b87dad7167fdd4b2b4000d8460ef7b3e1b59b9d61d06cfbe7945379ed6b650de86f396a38cc70d47b8a349f067d00144c903c276b323be6a929a7d7dd8ae7d254d640cdc1176f98e01a1d8c82f":64:"55a0f61032e048f3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24ece168c2971cf2b404ea206dc9e29d":"":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":32:"d2b15a23":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24ece168c2971cf2b404ea206dc9e29d":"":"e9db62a42491664a6c46cbb0b2bafc92":"3579f6c0cb3d2a5d0c4548855c7c052d36b6a8dfc60f4ca1b4bbe28ed87306119e71982dd84c4205ceba918d675472753df1b5192d3693dbf6a061c6056e312135ffc5ff426895a7e30f7f675d2cb21de06eea5e3761b94deef7537b985d324864c9ff6ab6e230a1006720f98c958912b604a6d03e3979887c07be3ceaafc78f":32:"d2b15a23":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d3c3cf993f6740a019e61ce13c29955c":"":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":32:"f2d3a6ff":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d3c3cf993f6740a019e61ce13c29955c":"":"af900ac348082ff32d2e0ab886079516":"2ddd0e8c99661f0757f04aa79a1ffa24ad48fbe5da68b9e71f7a0cf1b4f2ca9b757695900b7549d48847ae49950dc9b270b1569d29dcbef412216737bd83509c17ae41c34ccda318939cb37a0a380762993a7568c0b07794e78746173dd5c0d921cd50de4b548c1589e142c3dadbad42161aaeda2310f3c6d5c722d9ac69e96d":32:"f2d3a6ff":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,0,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f1e5bd45ee8bb207ebbd730510ff218":"":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":32:"0d6c15da":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f1e5bd45ee8bb207ebbd730510ff218":"":"8846424a194f5de858556e6be5b65d7f":"e968947fc0e49136e730b97f6b16e393d5e4fdf3e4803a23af79211ef59f29167c60ead72fd489da32d2ffa43b2bca2074f9d1b4f5396ca65004b0806cb7c6dfa751fb6afbee3e443f3c9b0e3df6722e0d1320441400c5ca508afb657c2b7f1669b0de21761dccab9a40fc513768bd1f552692626ce35078a2e0e12f5d930647":32:"0d6c15da":"":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3997050377cfbb802cc438d973661688":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"c95c84c263bdfd5f1de66e7e616cf3fb":"":128:"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3997050377cfbb802cc438d973661688":"b02f0dd373e42c65e8e1db2dd76a432e0b2bf6e630c8aaf0d48af51b3709b175de9a19b3245ae75818274c771c06fae225c4f8b002236712336e805ab006449eb29cc5e29abd82b06c32d4c36ee99acb9a6d7d9eae6ec6ec263c002a22c4a898c74f6abd6d92112367ca7ffe82787c5b39e7012ba22825d3612af3d41e8008a8":"c95c84c263bdfd5f1de66e7e616cf3fb":"":128:"b35b3cf6ed59ccb69dbc9b47a3f284ae":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"cee448b48d3506ff3ecc227a87987846":"":128:"361fc2896d7ee986ecef7cbe665bc60c":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c58583f6479d9bc9f1bffddefee66e59":"564a9f700cbc1f895e4f4fa6426f73b4956896a15e6127e7560d74e3fd0b980d2ee45b7a6a3884fa613d91d13921e3f90967d7132bdafcd146dd8ff7147ed1964c2bdb3e12f4133d3dbbc3bf030ff37b1d2147c493ce885068d9ba5bebae24903aaac004aa0ab73fe789e4150e75ddc2bde2700db02e6398d53e88ac652964ac":"cee448b48d3506ff3ecc227a87987846":"":128:"361fc2896d7ee986ecef7cbe665bc60c":"":"9cce7db3fc087d8cb384f6b1a81f03b3fafa2e3281e9f0fcf08a8283929f32439bb0d302516f0ab65b79181fc223a42345bad6e46ff8bcb55add90207f74481227f71a6230a3e13739ef2d015f5003638234b01e58537b7cfab5a8edac19721f41d46948987d1bb1b1d9485a672647bb3b5cb246a1d753a0d107bff036ac7d95":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc2bde877e881aea512068105694968":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"05f0c34ab2e8e8026b0a23719344b71f":"":128:"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc2bde877e881aea512068105694968":"1a6369a45e8ef2846c42d54f92d0d140a94f9633432782dcbf094f1444a1d006acd07ef6076cd0faee226f9ff14adc1fb23e3c63ed818c9a743efbe16624981663e5a64f03f411dcd326e0c259bcadca3b3dd7660ed985c1b77f13a3b232a5934f8b54e46f8368c6e6eb75f933196fa973e7413e4b1442b9dee5e265b44255ed":"05f0c34ab2e8e8026b0a23719344b71f":"":128:"46bab9fc2dbe87b8f6ca0ed4d73e5368":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e14f45ba5d1eb52e0412240da5d7b5f9":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":120:"beede05e4928c808bc660f3de95634":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e14f45ba5d1eb52e0412240da5d7b5f9":"9a85fda19ce923f093a0c25b0c52f5d9534828af7c7687d22307004ae2d10c4592242c0f2704070307ab55b137780d1e2013a19396ab43ff6a295b63fdcf323456d149758f9a2bb37f1418d62ea6368b24d5067b9c63d2968e06d6586c7e3275faffa005f7c7bfef51303e4c2b2ed4564acd17d50efac9f5e3e7f16ce589c39b":"d7f8ef12f66f8b7c60aea02ef6ff688f":"":120:"beede05e4928c808bc660f3de95634":"":"4ad5b9ace0c0c7c07df2900faf37a902899471e7aa4a0a1ad5387f8f56d73f78f619be79a4e253f95b15d52895a05bae9ecffa916d35efacd8baf1c704d2aa4a38c234efc4dcfb191ec0fa0b522328fa5b5dff55e8c443fee660ebe3d8ad85de157a889aefc823720030a4cd6ba94a6309dd61806f0abb27772432018bc61701":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a64579f3601b0022d357b601cd876ab":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"515efc6d036f95db7df56b1bbec0aff2":"":120:"13ea92ba35fced366d1e47c97ca5c9":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a64579f3601b0022d357b601cd876ab":"88be1f4bc8c81b8a9d7abc073cb2751e209ab6b912c15dc094002f95a57a660b9f08b1b34f5947223205b579e704d70a9ecb54520ce3491e52965be643f729516f5cb018beeedc68a7d66c0d40a3f392ec7729c566ce1e9f964c4c0bd61b291ccb96e3d1fac18a401a302f3775697c71edb8ff5a8275a815eba9dd3b912e3759":"515efc6d036f95db7df56b1bbec0aff2":"":120:"13ea92ba35fced366d1e47c97ca5c9":"":"7fc8565760c168d640f24896c69758355b17310dbc359f38b73fc7b57fe3f4b6ecad3f298be931c96a639df3c5744f7e932b32d222f5534efb8eb5d5b98d218dce3efef5c8c7ce65738bf63412d0a8ed209071218a6fa2f7be79b38d0b2f5b571ec73f1a91721bd409b1722b313683e97d53df19ded95fd471124fa5f294a4bb":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bda4acfd10ab635f357935bb0ab7020":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"48b77c587616ffaa449533a91230b449":"":120:"8325e4394c91719691145e68e56439":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bda4acfd10ab635f357935bb0ab7020":"c9ac8d4ef7d83848fdc03664957c28b9b76710797d5db1c21e713e85eb0898892223e52be1644fc7362c95026ebb9c9ca74d7d3739eff10cab1eda00c36628dae0b98d119a14635800e37cd340faa6fbba9c3d41d52722cc3969612b1a8c5ca9a68773f5ee654506cb88ea65fb1eddf5ab6312d0170dc03324e483342448b854":"48b77c587616ffaa449533a91230b449":"":120:"8325e4394c91719691145e68e56439":"":"1287ad3719508a9be70c19e3b134a2eaa4415d736c55922e9abcfd7f621ea07ffb9b78d8a9668c74bbd548b5e6519ea12609d2d6197c8bd3da9c13c46628f218e7ff81884ff7eb34664ab00f86e09cd623bec248d8898ef054fce8f718a0e0978e8b5d037709c524114ec37809ac3fd1604e223e08f594e7aa12097f7dc1850b":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d21cf24bc5bd176b4b0fd4c8477bb70d":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"208cb9dced20b18edddb91596e902124":"":112:"7edfb9daf8ca2babcc02537463e9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d21cf24bc5bd176b4b0fd4c8477bb70d":"2e7108fd25c88b799263791940594ec80b26ccd53455c837b2e6cf4e27fcf9707af3f0fe311355e1b03ac3b5ee0af09fb6fb9f0311f8545d40a658119e6a87ba8ba72cc5fdb1386bc455c8fec51a7c0fec957bed4d6441180741197962d51b17c393b57553e53602f2a343a0871ea2dc4b1506663b2768ce271b89c4ed99eec6":"208cb9dced20b18edddb91596e902124":"":112:"7edfb9daf8ca2babcc02537463e9":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d02e2b02170986944487cba8448f998":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"6336077bb83eff1c9ea715de99b372cd":"":112:"0466bb2957281f64b59eafed3509":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d02e2b02170986944487cba8448f998":"bc1d7553f4a28754cf59ed6f7a901901f04ce62a449db2b45ad60329d0341bb9ba421c783c28a9200b41da8ab6328d826293134a7d0c9a5775dd2735e7767efda4ad183566e0847d6d978abd1a8ab13b16b8323acef05ced3b571631e1e24ad44d65e6ffa64e03c9970e94bacb9f721aba06cda6a08806a3be63dddd8029301d":"6336077bb83eff1c9ea715de99b372cd":"":112:"0466bb2957281f64b59eafed3509":"":"5f395958f2f7acafb1bca6d3a6ec48b717f2ceeac1b77e1b0edc09a09e4a299d2ec722cc7daf34c8f4121a93c80b2adb20a2fc95afd09320f91085c93c8b082dd703814c9777501d23bf9b328f07f04652592dc5a3f4321626a695b8db8e65c8617c809eb2978d8c9a882ffa82a4bb707c1a8f9a965bdacce5c041bafc94a1c6":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd1ad1de0521d41645d13c97a18f4a20":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"413873a0b063ad039da5513896233286":"":112:"d4dbe9cae116553b0cbe1984d176":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd1ad1de0521d41645d13c97a18f4a20":"588c2617517329f3e1e7ba6206a183dc9232e6a4fa8c8b89532d46235af1e542acaa7eae4d034f139b00449076ba2ef9a692cae422998878dabdac60993dce9880d280bec1419803ba937366e5285c4a7f31a5f232f8d3ef73efe7267b3ef82a02f97d320ebc9db6219fbdf1c7f611e8e5164e9ecf25b32f9c07dfa12aa705af":"413873a0b063ad039da5513896233286":"":112:"d4dbe9cae116553b0cbe1984d176":"":"bd519b7e6921e6026784cd7b836c89bc1fa98e4013b41d2bf091ef0d602e44a70df89816c068d37f0c6377af46c8bfa73ec0d5bc0b61966f23e55a15a83cea49f37cc02213b4996f9353ee2b73a798b626e524b9c15937ecf98a4eded83fb62e6deea1de31e0a7f1d210f6d964bc3e69b269da834720fd33487874489b8932a8":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cb120e9cd718b5119b4a58af0644eff":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"5a7087989bfe2f6eddcb56fde4d72529":"":104:"95d8bd12af8a5ab677309df0fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cb120e9cd718b5119b4a58af0644eff":"4c8e8fb8c87ff6b994ae71bfbf0fa4529f03bad86edf9d27cf899ea93a32972640697e00546136c1dbc7e63662200951b6479c58ae26b1bd8c3b4f507c0d945d615183196868ec4f4865d1d00bb919a00184e9663f6cb9a7a0ddfc73ee2901f7a56ef2074d554f48cef254be558fca35651be405f91c39e0367762b4715d05fa":"5a7087989bfe2f6eddcb56fde4d72529":"":104:"95d8bd12af8a5ab677309df0fb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"315b206778c28ed0bfdd6e66088a5c39":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":104:"930750c53effc7b84aa10b2276":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"315b206778c28ed0bfdd6e66088a5c39":"6186f57a85b65f54efbf9974a193012b1396fc0ca887227e1865f1c915ac2af9bbd55969f7de57ce9fb87604cf11c7bc822b542f745be8a101877a810ed72bf4544d0acb91f0f9d3c30b6a18c48b82557433d0db930e03bcecc6fb53530bfd99ee89f9e154aa1a3e2a2c2a7a9e08c9aed1deab7fae8ea5a31158b50bca2f5e79":"7ec6f47ec56dda5b52bbdaa6ad2eb6da":"":104:"930750c53effc7b84aa10b2276":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e886de1c907c97e7db8ec80a79df90f8":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"612cacbf33266353d0a29a24532f3c0c":"":104:"76634e58d8f3a48f15875ac1d6":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e886de1c907c97e7db8ec80a79df90f8":"c64cc9596d7c738746ab800f688eec190a4c802c55b2528931d74d294496892b81f53d3073d48f9bef1d58ce3be26547474cdda2868abeab71aff566fff613b4e5bfed1be1d2fff35d8ffa33302d3da1c82e421aa3a23848f31e26d90c0cb2ac2ae136ada73404ed3e0e1d3e7cb355a11cd2a4f9393b4d5eac988104fe1cf959":"612cacbf33266353d0a29a24532f3c0c":"":104:"76634e58d8f3a48f15875ac1d6":"":"7001d7395efb432e2804cc65c0ba5d4719ce84177ce46292c4fd62a5596bd2bab1d5c44217ac43235bd94489c43d01618a11f047d2e247062c3b88d6e59adaa1f46514fb33b7843483920bee60a41f3cb312322c305d25251b4704fb66da58637c95a9d539731434f60ef44fe3cd6d37e2c8e7089880a563938dcc98b43f08fd":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b936e09a6477f3bd52030a29df5001d":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"f93105be83fa5e315d73acfdcf578de7":"":96:"91b55bb5e3f3f1abcf335db5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b936e09a6477f3bd52030a29df5001d":"65cf11d1afad19b34f282f98f140315992392f5d4eed4265085b29e1e5553f4783fec681ba2d368486ba6a54c00e71c82c08ca3d097904f021ce4b0acba2d2a7005e28e5f8750ea3d18a4f78363c37583e85104234498942c639a0564b0d80055c21cb7735dd44348298291ab602f345b1d74d624750c0177fbd5cca6f99223b":"f93105be83fa5e315d73acfdcf578de7":"":96:"91b55bb5e3f3f1abcf335db5":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc9e2095de7b1b48481b56bf6a3604cd":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"9e5268db19a1b51c0496a160ca76f8f7":"":96:"0fa9588536fca71bb44260f7":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc9e2095de7b1b48481b56bf6a3604cd":"ed61ff94a3f84c72147faefa615e2df00324fb01790cf9764c72c1b8ba47f17866a1fd64ee5c2f53865d1bc24ec93165a6774466a59603199ee476c1f2da7d932c8943d126aa172d532d8475a484d42bb45fcf92766feafd7f3e2e3d42d22f6f84a90e7e688232f799d80cd2cc152ddd21ecfb137701ecafcb2b65abe2e4e6f4":"9e5268db19a1b51c0496a160ca76f8f7":"":96:"0fa9588536fca71bb44260f7":"":"ef562e301fcf923ff1a1acd3aff9b1c963058228655fe8a66cab01396547dbd2aa1f79a22eefc62944b86d1a31ebe2d17130175b8c003d6755b0eb8b79895b0f7f8046c5ae888a067ba17bc8e11a8f6e5023a9cd42f6461966c28e505b371c0f72a2606bff430a58016e99713d25ce11f10391fb4a922e27989422c6a64f9107":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3f93901fd7cc88db3ba76a158d658c7b":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"7e98de461e6d96c0ce6c8d8b3854cf49":"":96:"86c9a70e4bab304ae46e6542":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3f93901fd7cc88db3ba76a158d658c7b":"16402fded879fcbfe9405902aa63ca2a520889e0045f687455469b7bb867829a01208b8dc5dcc852d8ee478993c30e6d9ec6408773b367821310a0ae171d38d71e06981ff6e845acffbc794142b87c748e12484c0636419d79be3d798cde59e9dae0a4a4a4346596427e6b235ad52e6a1b02d6f4df0c7de35fc390cae36aef14":"7e98de461e6d96c0ce6c8d8b3854cf49":"":96:"86c9a70e4bab304ae46e6542":"":"1b4c09569b42c469b3ab6b39312c214502ec09f5fe2fed1d1933d13cdc6a7b77a5d135123fa69d9207d6844b0357b26b7a2f53b33a5cd218dacda87b78b09cf259e48e74076812c432e2d0833fb269721f9347c96e158500f9b2283342a35c8de0a022edce711118d72d8fbaa354bfb0ffee465844ef2d37e24ec2cea8556648":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"42289f3d3cd5838e250ef54b128e60d1":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"e557389a216ad724aafdab0180e1892e":"":64:"6f78bc809f31393e":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"42289f3d3cd5838e250ef54b128e60d1":"3edae1d554b67d2036f5fdbdb2945cc112f100adc1b47009c2e23f6a2eaee78d1f39ce8a98f715853cc29fc793fb6981ec3036834188dea7d668185ccc8642071b15de1332f6a59c8a9b4399733eb4b3d8f224af57ba6b4a8e64494bb6630b9d28e7ec3349064350febcef6a3ad1d6cca1b1da74f3d2921c2b28a2dd399c3416":"e557389a216ad724aafdab0180e1892e":"":64:"6f78bc809f31393e":"":"25c476659cc7b343a69088baf868a811ba37daca85c4093105bf98235a90aeca015ab034da008af0982f9b2e80df804c186a9b2e97f74cffd70ebb7771d874fcaf12f6d01c44a8b0ec2898cf4493cf09a16a88a65cd77909bbf0430c9603869bd5f20d56cb51d8a3f0a032fc30d925c96599d296b1ec41c2912bda426adea4fb":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d772eabb7f19475665ca2a7e693bcfc":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"0747cbb486a013453fde1ca6abb11dbe":"":64:"8e761ffaea68f967":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d772eabb7f19475665ca2a7e693bcfc":"e9fc4d86f5b857fa6057b73f967351e06f87288c40a95b9e378c84f1a4c0f4b80ed0a0b44ff90a8973be4199c0c4006fc4f5ea19d5f1fe8b9c8c01f4675ab85afab0592bb3daba36bb4fc7ed9eea867e9d8cc50c19fb62a5a57956e9efacebac5e9f849649d35a329bd68de97bb6e5ff7bef477a86765c2c9ec15e24cbba5c6e":"0747cbb486a013453fde1ca6abb11dbe":"":64:"8e761ffaea68f967":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fb7fd753ee6eaaf283a42a121dab4e43":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"8164929fb54485377ecccc9b9621af5e":"":64:"40a2fa7f4370afb2":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fb7fd753ee6eaaf283a42a121dab4e43":"fd5cecb2c0287cb8229e97d9cc4b9885f428710528884ce663ed1728cd44cb2df93e56ef17ace0678d1e341366c652f4ba7ee45797d39be4a05c1151e5cde499e13e5d45549b5d95a174d03616d06ef96e9d7b2b6bb0d79a726b253dd64223a5f09611671b234ccf9b383952f8888814b2c167e774cfbf54e9c6b99a753f4fa9":"8164929fb54485377ecccc9b9621af5e":"":64:"40a2fa7f4370afb2":"":"6208d068be60f7b04b80fc611062e6caaef9a5cf59f850d174b7446c78c039ea9aefe4885e19c2b33911d32ce1fe3c48ddffa4b03e450fd35da03f40c4e7c5bb3b1c3f3049dbfad3ac81ca1b79cafbaa172f4900e3829d38edea3b64000f93924a801259bc4b2523445c64bc23bfee190b952468507fa4baf6dc2bec66fcf0d8":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30d757fd73a0fd5fa49159ad0653296d":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"b35b8df0aebd0608517f2830e0e70cd0":"":32:"954c0e99":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30d757fd73a0fd5fa49159ad0653296d":"17d485b258f80d8924e35291118cfdcffd86c47851b65f0b06a7c1f5202de82f3f460fc61b1aa38fdba7c8ded375c92cf005afe63e59d362c0960044af39241b81ca24e85c5faa43903229355b7313fee21b992ef3931d9d2407b32b3cf72dd7acbc7948395eb513cb2fd428b215ba2bd1e29c62f45d0ce231884f62480c6d8f":"b35b8df0aebd0608517f2830e0e70cd0":"":32:"954c0e99":"":"022618d2598f79104e918a09c937a82b3db59243b5e13de731fcb912e4366105797ce47f6dce7f08073f2f41e5c15fd6b1ec4b5861469a4880c3b0bd769b78c696ff29c28c9349d5a46a6e5ad9211bd4b708a8c0b6928ebbb0dac1c0a5f5ce6b05de6a50073128566a23f09cc1b826aa5803f9f750aa4debf59f24ae9f98c9b5":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9d3cfd5900de5d5e2109e7721cfeef6":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":32:"2b81e8ce":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9d3cfd5900de5d5e2109e7721cfeef6":"e4243cc37cc32dfcedf9bb76890e706af6ab1e06b290b8ccfe2a55e5dabe68cb390f7636dc9676b431d4dc8ad3f6d989e510194294ab7ab0556789046743cf374d8b6462f5f95a17f3f44337d6c69ee47b0e1ad7e5ce6f9b224c54099a104e70d2d06af869b921ea47febe08f90c591ed49c1f12003afceabd2c7bba458a0111":"b4b9dfb013de6f7c44779e5a9daaf5e5":"":32:"2b81e8ce":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"68dc138f19354d73eaa1cf0e79231d74":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"e7147749560f491420a2d893c075bb76":"":32:"70a83f6f":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"68dc138f19354d73eaa1cf0e79231d74":"ce345567a76bc30d8b4fd2239788221cfa75e1a310aeeeb8c355f8eea57d80967f3047fbd4e6173fac5caeb22151fa607065953c4c35e0537b9e3788cc80de9eedf2a340698bde99a6a1bdc81265319da3e52f7a53883b7f21749237fcfd3cd4f149bb2be7a4ddd9ef0544cfe0789040d1dc951b6447304942f03ab0beae8866":"e7147749560f491420a2d893c075bb76":"":32:"70a83f6f":"":"64b021612c78b3e192e8349d48b77d02927e7fd70c7160d37cb8ef472f6bcd9df9d93431627c1c80875e208724ae05f94fdd2e005e9707b78a1bf3bbca7beec4b03ddd4d9de6235ffd6d84a8b9a1842e104c1e22df4566f6c4d3d4e3d96a56b9b8a5cdce9da70aa236109b289266036f285564060b204dfd7ac915eea0dd0b1e":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7362c86344e0aefb0cf0d04768f9c05d":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":128:"9594da428fd8c1b13ecb23afa2c1af2e":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7362c86344e0aefb0cf0d04768f9c05d":"8baffc7836004deb87c0111d47c182512bf861874021ddfcd559acf2c4a51cf5bc4bfdee2d039b9c005b6af95a2607643dcf4d9cd9d62412f709334556db22fc91d7b40438505d6806ccb2f2c21ae731bc1f1c825d28a71ab27095a39985e96ccd07cfb2e75243ccafd474494a2338c324ef533ca5f17d2ac1b1883140342ced":"7e8d12c2f0dcf4f792247134234ac94b":"86d2b5debc3b10495da353d6821f6cad380776d805bd8660b08dcdb1acd87026e4f344b547a4db47b5f44cded314bec4ce9a417ce40a2acd5a21460c42dfcd27483abf3f38dd8cc5fa523b6768a26513df5896435baa97781cff1966e2e3d6ec6d0a9cdc013de5a50e4d46831667055bad04f784024a82f9cd087ae4cd37dd64":128:"9594da428fd8c1b13ecb23afa2c1af2e":"":"e2c424f42aedd56f0e17a39d43ad19c8e2731efc7a25f077aef51d55280b10e667e338bd981b82a975ef62bf53bc52496b6995d33c90c7ae14767c126826e3f32bd23f444ddcfd7a0dd323b0ae2c22defad04ce63892b45c176bd0b86f5fa057a3dc371359744cb80bbfb4a195755136a0ea90b4044a45bc1b069f3cb3695c04":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"58748bb204ccb7bdafdbf739b6c19a3e":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":128:"efba4589d4a03555766bbc3b421dd60f":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"58748bb204ccb7bdafdbf739b6c19a3e":"b72902c9ebb72a86be539b19a52fd9af00aa4de081d90c0d8ad580ebb5900177a036f40a1e9b43e3a07d715466526d6d7544e5a5551805b62463f956cd519fc99182c2d54bd62fc7ffc6e5ebf1503859b706da11a1b6c707a67a70789dbfc10ef726bd360f9f2347326e068e757c8443ddc9308a171e682359ae1bfe87194ab5":"93ac298c73c88e127a4d9dd81bf24e3d":"8f168fc4d1da13bdbefae3f9d6ac1d8cb19fcec1f43f727951af0a466d8826649a46c3cb50c045ea83849fce0eedbc042a1a435e6d9d59017997a2d5459b940078b8a7f3b6b0ff279ff8c560248296a17240ff1b0643d1f436b6e3f2079363fc49fb45f410debbdde083b92057916368cb807d603cb82e2c0dc01658bff7f1ab":128:"efba4589d4a03555766bbc3b421dd60f":"":"d5c97a659f016904ff76286f810e8e92da6f8db2c63d8a42e617760780637e32105503440cdf04d1fe67813312f1479fda8d746c8b0b080591eba83850382f600e9d8680516c6579669f0b3d0a30323510f9de1c92512790b8347751994d022156cae64da0808a649d163a0e99e869fdf224b7c1a6a8fbc613d5917eca8ee08c":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6cc13cbd62428bb8658dd3954fe9181f":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":128:"76b990a1e010e5f088f6ae90bec40b32":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6cc13cbd62428bb8658dd3954fe9181f":"2c9ec982d1cfb644ddbc53c0759b10493206d5186affc6882fbb2ba3aa430f9bae1209db2d78dcc125f3c909a54dd84fdff96c71e678216a58390ef4308bdd90f94f7109c4edefa76a74fda64b201b7a435bbabc27298f3eaa4c2d1393bd584f811fff52638f6ad2f6d86a8c3c9c030d9d4264c8c079592a36178d25991cff09":"86740da7ce4efbed70af55e1d6c10fdf":"be561ac15e3cfda624b422af97c26719c140bb50e4a993d636efe9c7f1963fb9047a0762169b571a698ff310bc417e34d4039b7562a95af710ccc1b197964a376c986fd2ed8ac4b0c7b4e843c37a41366f2f483c821a1823f317416c7e4f32eed9b9dc2ae1a2f3ed32c4b3187358a2329aa42191b7c2fe87b6e27ff20303cb29":128:"76b990a1e010e5f088f6ae90bec40b32":"":"0b9a5f5d2e6852b75b9cf26c1b310b2200e56dafcf3c941478862cdf9737ac8e2cb9b38d41bd4a1872ea1b4cfd51a1a0b9b743aca439eefa10de8459a0a7a221c5429b3dee393f17031ca6c399df8e05657c3db55be9c9dd29e690042a4ed8db732efce7c58d6b20a2a0f7c79e42e5ada43b87ab00f481c20cac1b35514dcdc9":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"286d3f5080cfe88538571188fbeb2dd5":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":120:"d90d34094d740214dd3de685010ce3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"286d3f5080cfe88538571188fbeb2dd5":"55135928997711360622eda1820c815aa22115204b1e9bb567e231ac6ea2594b4d652627b6816bdc6c40a4411fd6b12fab9a1f169d81c476dbf77151bff13f98ca0d1dc0a68ea681652be089fadbc66c604284eebfc8ce4cf10f4ca6bda0e0f6634023db6e3f0f1de626c3249a28a642ecc9ec5ff401e941fa8a3c691566c0ae":"da6140bd4dc6456ddab19069e86efb35":"5d350a04562a605e9082ebd8faec6c27e561425849e7f0f05f5049859c2c1bd2c4682ebf9773fab6177d2601fd5a086cefc3adef5a2f8f6b5dc9e649e98dd0a3d1a2524419f01305bd0fcfff52d84a20d1b14dea2138dcc54eea2bf263c6fe27c3e7255f1f359d0d00fb1b350d7a04965af30027632520197e85eb41de6bb286":120:"d90d34094d740214dd3de685010ce3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"726ae113a096769b657f973ea6d2d5dd":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":120:"d095bfb8990d4fd64752ee24f3de1e":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"726ae113a096769b657f973ea6d2d5dd":"90636012ba8c51d16f8f6df3d3bcabc3f09aeffbe2a762f62e677913188045b861b2e7d9a7bd93dcee46e9e4832e497a6f79db52b4e45c8dab20fa568ff9c4ace55be3216f514a3284768a25d86b1c7da5377622f3e90ed4c7bd4571715af4d0a2ab5181d0475f699202e4406bb9cfdbd4fa7f22d0dd744d36b3223134658496":"2f9900226c97585d200dd20a279c154a":"761663c3fcbf1db12bc25546b2425b8229b3153e75f79fa63958819caee3febff74603d99264b5a82ef5980439bef89301ae3206a1d01a3bbd7a6c99d27d1e934cc725daeb483f826c2c9d788fd1f67a627864cf8b5f94df777bb59ef90cb6781a2000e6f0baa4f1ea4754b47bb7cbd2699f83634e4d8ab16b325b2c49f13499":120:"d095bfb8990d4fd64752ee24f3de1e":"":"9f7759c6d24fd9aa0df02a7c0cc5f17e61622c63195f85dfafa5d820d3ad218c7288ec017821100f1fade10f9bb447a4a01e3698b045548c7619a08f2304e2818a9bf55e70b40f8b994b7dcf0cb243848cf3f6fdfec3ebbb147d01df84a3ec62cd8fa5d78ad9f2f28cd288a35eb49a5172339e9872e8e7e3350b0d69f59acd07":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73a9eeda721c6f292e6b399e2647f8a6":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":120:"e08161262234d0d5be22f09e5646bf":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73a9eeda721c6f292e6b399e2647f8a6":"215fc7e52abe4c751ca2f7f9a5cbde9ab8b44b8d4054bb62dcea6df5b936145ca6ec83a2b78b070638fd6e5ea3bad5d0caf1b8f755f391c3e0962a92337e3eba575585eb83680075fc818860388c587746af78d5fc75ccd0a63f1612abb1ba0f04a2228ca27fbddba4878f9b2683683f516b6d6fe4f6622e603bd3c5ad45e332":"c1e80eb723960049cc4448b66433f1cf":"fb2a0b1f817404e74aee0a6ec8f2cd86f0c9114ed367b2690c44ad80f9d3377d7fd5066beaf1daa739d27ed3fba98379188016b1fe901204a174f9ffca370c181aece5e5d40939a0d460913b40b895e78a3b80ddf3d613c05e4e27bfd161ea2ef42271a2679f2cdca5b728ffb2319781c946a4f3ecacf486b754b30bb04ea60b":120:"e08161262234d0d5be22f09e5646bf":"":"b5e286183f16dd9403bec6786bd4836cc6add47947ef111fb1d5503c18c333c8fe60959502f58390d0e0f69fbe5fee13c72aed65fe6e32f6ea45877fe44f8a556aa5157b112e572197c1c350b7943c6cf2e9146018599524d27599f09c86027f2c5927e4a20c63833870e8369baa36ecc07cdb3ced520b5ae46869ff357ca089":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90dbda7397d8fc46215a1218a6ffd0d8":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":112:"776d871944159c51b2f5ec1980a6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90dbda7397d8fc46215a1218a6ffd0d8":"4f82a1eca6c9184240f50f7e0cfec07ec772cad5276d93043c462d8364addd9a652eed385ccc6b0faa6ca679ab3a4c3d0be6a759425fd38316ee6a1b1b0c52c1bb3b57a9bd7c8a3be95c82f37800c2e3b42dde031851937398811f8f8dc2a15bfd2d6be99a572d56f536e62bc5b041d3944da666081cd755ec347f464214bf33":"7be477d14df5dc15877ae537b62e1a56":"7358ddf1310a58871a2f76705f1cf64223c015c4d1574104d2e38783bb866205042f05c86e76c47a2516ce284911f1d2cbee079982dd77167e328b8324eec47c9244cc5668cf908c679bb586d4dd32c6c99ed99a6b571cf18b00689463e7a88cea6ea32d288301a10a9139ed6092ffe298e25b8cfb6b4be8217f16076dcd0a90":112:"776d871944159c51b2f5ec1980a6":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c85174d428fc1c7c89ca5d1b8aaba25":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":112:"1e7dec83830183d56f443a16471d":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c85174d428fc1c7c89ca5d1b8aaba25":"3735cbfb8000260021d1938d2a18e7737f378ecddb11a46ce387bf04e20bbfcc902457637fd152ab87017185601f32a7f906057123b6c2da31a1069c93e3cacc59a359aebd3e31b302e1a1f7d5d8f1b2917a8fe79181fa633b925ce03a1198dac48f4c959076b55bc6b3d50188af2c6aa33d83698aa8db22649f39825ba54775":"b3c9dfa4c55388a128fbf62aa5927361":"3f552d45b61cf05ae2aa92668e89f3338a15ec7c5b7113b6571cfcd9e4c4a962043ccd9323f828dd645e8a91b007ce2112b7f978ad22ee9821698a4f2559d987ae4421452ad2e8d180953297156426d4540aff2104d8637b56b034a3a1823cf962bffbc465fe6148097975a8821ca7487e6e6c7ff4ee4de899fe67345676bb1c":112:"1e7dec83830183d56f443a16471d":"":"3d98cabca4afb7c1f6b8eeed521f4666ae252ac12d17ebf4a710b9a22d839b69458387ba4bbec2f6400e0cff80fbe4682c24efcd3b8c594d9b515ca7842c9d5988c42b59b6526c29a99256451e2927f5b956ef262f97c733dfa8bff73644473b9a8562bdfca748f4733ddce94a60024dfbfcde62fb3cbd7c3d955012d5338b91":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d89f06eb07744d43d44734faf9751d07":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":112:"fcad48076eb03ebe85c6d64f6357":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d89f06eb07744d43d44734faf9751d07":"36cc3b2f563305208a03378f7dc036119f7de3fee77cefac06515853d36609a622382ed026c59783fbc0d9910767874c516e10c7bf3e3d104f73b3463c8d93a63418c76cb0d05e62e9c8642cb4f32caced2620912cb6c79e5110a27d5fba1ef3b4d0578077858526c5e4254365f2b2ab47a45df4af08980b3b7a9b66dff5b38c":"185f8d033713ee629e93561cf8d5acb8":"743bcb671d0aa1c547b5448d64d7c6b290777625ba28f25ca0fbf1fc66495a2fde0648a8db51039b0e7340d993aef8afb48269e660cb599837d1e46f72727762d887ee84c073d6136d1b0bc7d4c78f5673a4a6b73375937e8d54a47304845f38ca6b4f51cf14136a0826016535dc5ed003e38c3ac362b9d58ba8b555a05a1412":112:"fcad48076eb03ebe85c6d64f6357":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6150f14dc53f391e815acfabed9f9e20":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":104:"922a7b48ad5bf61e6d70751cfe":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6150f14dc53f391e815acfabed9f9e20":"fd8f337017e1b60d6618e6e4ad37c1f230cdeb78891579c2c63d4e6a4f7d2cb7252e99de333c73db45958808c08e91359c885a7385ab6f9ed98a27927a5b83c3a456ce2e01869712675e527155ba1e339ac14a3ccd7a4b87360902f2b8381308fe5a4eac5c90d0b84da4bf5b907de6ff3139cffd23b49a78750006100183032a":"7e92dd558bd2662c3a539dfe21a352cf":"9b4624e9118e6aa5dc65b69856638f77fd3f9f562046f50ba92a64e988258637932af7979f000505b84a71ff5dd7b60bad62586b1a8837a61c15a1a1ba7f06668272c28169915d7f06297b6c2a96c8c44203a422bfd25500c82e11274ffe07706365bfd3da34af4c4dd8ad7b620de7284a5af729bea9c4ed2631bdcba2ebdb7d":104:"922a7b48ad5bf61e6d70751cfe":"":"f272a3ee9b981f97785cc6fad350e516d72d402dae0d8a531c064ec64598b2a5760f9b279c10aa1ff71bec07300ab0373187138e7a103fc4130105afa6b6346f3d368b40d6f542375de97878ad4d976d64c5c4968a17be2b1757a17c03100231c34721250cd37cc596678764083ade89ae3b1a2151ff9151edcd7ba0eb8a4649":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e8216072ed6fcde0fe0f636b27ed718":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":104:"531a65cc5dfeca671cc64078d1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e8216072ed6fcde0fe0f636b27ed718":"3b50f2a8dca9f70178503d861d9e37f5edfafc80ee023bfed390a477372986e4794175ec22ac038c3461aba50c9b2379cab48512946efdfe2cb9c12a858b373a5309324f410e6a05e88ba892759dbee6e486dc9665f66cb5950ea7e71317fa94abbebd67a3948746a998173fbbb4f14f9effbdf66d3b6e346053496a4b1934ce":"23a122cf363c3117b8c663388c760ee4":"28ce0b4a44fa83323e060f3ff6436b8829d4f842090296bdc952b6d4a6b1b1a66be06168c63c4643e6ac186f7ffd8d144f603b2d4bc0d65be48121676f9fa1f359029c512bebfd75075ff357bc55f20fc76d9f2477c9930f16408f9f09c5ae86efa2529d2f1449ceeb635b83ca13662860ef9ac04a3d8ab4605eccd2d9ae5a71":104:"531a65cc5dfeca671cc64078d1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1af434b73a1210b08595ffa686079832":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":104:"2ae7350dd3d1909a73f8d64255":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1af434b73a1210b08595ffa686079832":"13f6c1c2d4edcf1438a7b4e85bcd1c84a989831a64d205e7854fce8817ddfceab67d10506ccf6ed9ce50080ef809e28e46cba7b0c96be6a811f59cd09cb3b7b3fe5073ee6763f40aee61e3e65356093f97deef5a8721d995e71db27a51f60a50e34ac3348852c445188cfc64337455f317f87535d465c6f96006f4079396eba3":"ae318f3cb881d1680f6afbf6713a9a2f":"3763c9241be0d9d9a9e46e64b12e107d16cca267ff87844c2325af910cc9a485c7015d95bbe62398864d079fb2b577ba0cfad923c24fa30691ad7d767d651eed4a33d0be8f06fed43f58b2e0bb04959f10b9e8e73bd80d3a6a8c8ce637bfbdb9d02c2b0a3dd8317c4997822031a35d34b3b61819b425c10c64e839b29874ddfb":104:"2ae7350dd3d1909a73f8d64255":"":"3cd2a770300ce4c85740666640936a0fe48888788702fc37e7a8296adb40b862ec799f257a16821adaa7315bd31e8dec60e4a8faeb8ba2ee606340f0219a6440e9c1d3168425e58fac02e8a88865f30649913d988353ab81f42a5ad43f960055f0877acda20f493208c2c40754fbf4ccee040975aa358ea3fe62cbd028c1611a":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04036d2f5273c6ff5b8364aa595359c9":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":96:"71f818f1a2b789fabbda8ec1":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04036d2f5273c6ff5b8364aa595359c9":"acf79b6099490af938fb5fd8913255b3daa22786b03356cdf3e0ffaf570f9f866047b8e15c9953f893d97e7098265297396868ebc383be8547e8ec9d974b6a65b5dc5147cdadef2e2ad96696e84e44f364c2ba18c8aabe21f99489957b2b5484bf3fb4fecaf5ddaa1d373e910059c978918a3d01b955de2adb475914bf2c2067":"edc433c381140dff929d9df9f62f4cb6":"404acfeeea342aeea8c8b7449af9e20ddf5b85dc7770d2144a4dd05959613d04d0cfece5a21cbb1a9175ddc9443ffacd2085332eb4c337a12a7bb294c95960e7c0bde4b8ab30a91e50267bbd0b8d2a4ed381409ea2e4c84f9a2070a793ce3c90ea8a4b140651b452674f85d5b76d0055df115608bf3a3c60996108023ebabe65":96:"71f818f1a2b789fabbda8ec1":"":"4729cb642304de928b9dca32bb3d7b7836dd3973bbccf3f013c8ff4b59eca56f5d34d1b8f030a7b581b2f8fdc1e22b76a4cbc10095559876736d318d6c96c5c64cbd9fbd1d8eb4df38a2d56640d67d490d03acc1cd32d3f377eb1907bbd600f21d740b578080ba9c6ddc7dc6c50cdcee41fec51499cb944713c0961fc64f5a70":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59fe44c6e28d025b2ad05e6e867051ab":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":96:"296c4cdaeb94beb2847dc53d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59fe44c6e28d025b2ad05e6e867051ab":"20e66bae1215de9a87a0b878d39015d17e0d4542a1aaba2000cefbd5f892c26a410f55f0d7dc2f6b66690f2997032985e5516e068bfc6ec8a3669f566e280b0cefded519023b735ee3bcbfc5b6ce8203b727933a750f9bd515ec448c1f3a030aa0f40e607727a3239ebbe655d46b38a3d867e481ccf0fadbf0d59b665d2ed6b5":"eb0c30320029433f66d29b3fd5c6563b":"49b7418b87374b462d25309b1c06e3132a3c8f4a4fcf29fed58e0902509426be712639db21c076df7b83dcfcc2c2c8fcc88576f4622a4366eb42f84ebf760e3eb22b14f8b5ff83f06a6f04a924eaab05b912e126e80da22461abf7f1925fd72ebdf2aea335a044726e7c2ebbb2b8aeebab4f7de5e186b50f275b700794d895d8":96:"296c4cdaeb94beb2847dc53d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c314264cee0e6db30ebe9b2f6d4991b2":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":96:"fda18d2f795d900f057fe872":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c314264cee0e6db30ebe9b2f6d4991b2":"d436ff9abfb044a332c4e009b591719a67b12a5366da0a66edf19605c34daa37588e15dd3da0d1a097215e469439de79cca74e04cd4904e5b4a6cb4e0ea54e6ba4e624ed6bd48be32d1ef68ffea1639a14e91a5914c2346ea526df95cbd4ad1b8ee842da210b35b6315c3075ecc267d51643c4b39202d0ad793cbb0045ebdc19":"4cd4431bb6dea8eb18ae74e4c35a6698":"0eeafbfd04f9a0ea18e5bdc688c7df27183f346187e9574b61222006f2b3e12e8d9d9bf1f0f15949ee1a7ee8e5c80ee903b8ba2860e15ccb999929f280200b159c2adca481748d0632a7b40601c45055f8cb5126148e6cbab2c76f543537ab54eb276188343cea3c4ab0d7b65b8754e55cfe3f6a5c41b6ea3c08b81fcecc968a":96:"fda18d2f795d900f057fe872":"":"cb9e0fb0ac13ca730b79e34745584b362d0716c344e4de90d8352b21117471ba12c97f193150b33774baee5e4a0f11b10428eaf0106c958e16aa46c5f6f3d99eed93d1b9ba3957bed05a8b9cc8c5511cf813a66dc7d773cb735b0523d8d6b0b80639b031ddc375f714c6dd50055320cd7ed44a471c8d5645c938a9005d0b5050":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"26072018bd0bda524b5beb66a622c63e":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":64:"edffe55c60235556":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"26072018bd0bda524b5beb66a622c63e":"91c524b359dae3bc49117eebfa610672af1e7754054607317d4c417e7b1a68453f72d355468f825aeb7fde044b20049aed196ec6646cce1eeeccf06cb394286272b573220cdb846613ebc4683442dccc7a19ec86ef1ec971c115726584ae1f4008f94e47d1290d8b6b7a932cfe07165fd2b94e8f96d15f73bf72939c73f4bd11":"c783d6d3b8392160e3b68038b43cf1f4":"8ae7c809a9dc40a6732a7384e3c64abb359c1b09dcb752e5a6b584873e3890230c6fc572b9ad24d849766f849c73f060fc48f664c1af9e6707e223691b77e170966ed164e0cc25ede3fbc3541c480f75b71e7be88fe730d8b361ea2733c6f37e6a59621de6004e020894b51dfb525973d641efe8d5fd9077a0bbc9dc7933a5de":64:"edffe55c60235556":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"201751d3da98bd39ff4e5990a56cfea7":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":64:"66c247e5ad4e1d6a":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"201751d3da98bd39ff4e5990a56cfea7":"2965af0bde3565a00e61cebbfe0b51b5b5ee98dbbfff7b1b5bf61da5ba537e6f4cf5fa07d2b20e518232c4961e6bc3ae247b797429da5d7eee2fc675b07066ac2e670261c6e9a91d920c7076101d86d5ef422b58e74bdc1e0b1d58298d3ee0f510ee3a3f63a3bbc24a55be556e465c20525dd100e33815c2a128ac89574884c1":"6172468634bf4e5dda96f67d433062d7":"ae2d770f40706e1eaa36e087b0093ec11ed58afbde4695794745e7523be0a1e4e54daade393f68ba770956d1cfb267b083431851d713249ffe4b61227f1784769ce8c9127f54271526d54181513aca69dc013b2dfb4a5277f4798b1ff674bca79b3dec4a7a27fcf2905ae0ce03f727c315662cd906e57aa557d1023cce2acd84":64:"66c247e5ad4e1d6a":"":"efd064d4b4ef4c37b48ddf2fa6f5facc5e9cc4c3255b23a1e3765fabb5a339fa0eda754a5381b72989fc1323ff9a6bbaecd904eb4835e5a511b922927574673061ed8de23299ea1456054e7ebb62869878c34fb95e48c8385b5ebceecb962654cf1586b3f54e7887ce31850363e9a22be9e6fbc22e694db81aa055490495dbf2":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bc0dcb5261a641a08e6cb00d23e4deb":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":64:"f5289e1204ace3b2":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bc0dcb5261a641a08e6cb00d23e4deb":"d533ad89a1a578db330c01b4e04d08238b020e36aebe87cf2b0bf0b01f1ce4197be8b0596e475a95946918152e8b334ba89f60486c31f0bd8773ca4ff1319fe92197088b131e728d64405441c4fb5466641f0b8682e6cb371f8a8936140b16677f6def8b3dd9cbf47a73f553f1dca4320ad76f387e92f910f9434543f0df0626":"16fa19f69fceed9e97173207158755a5":"92ddd3b98f08fc8538f6106f6434a1efa0a7441cc7f6fd0841103c2e4dd181ea0c9a4811b3cb1bad1986a44d8addabc02dd6980daf7d60405b38dadc836bb1d0620ceab84e0134aca7c30f9f9490436b27acfd7052f9d7f0379b8e7116571017add46b9976f4b41431d47bae6f5f34dc42410793bc26c84bfe84fb53ae138c85":64:"f5289e1204ace3b2":"":"be0c30deeffbe51706247928132002b24d29272eee6b9d618483868e67280236632fa1ae06f3ef793f67bd01b1b01f70a827367c1cd28f778910457c7cbd977dfefff1f84a522247e19b2fd01fa22ce67cef9503d45c80a5084741f04108f2462b7cdd06a8f1f044fea2b05e920bcc061fbc6910175d732f45102a63c76ae48c":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"239c15492d6deec979e79236baca4635":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":32:"fc08cbbe":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"239c15492d6deec979e79236baca4635":"d64886ce5f5b4adb7fe8f95904bc1461749c931655b02819ffdd0ae31bad4175125aa68962f8e36ec834a7d53a191a74c937e81ec93ad9ce0d3b286d3c11ff1733c0b7780130768c120b1833933561cf07399ca49b912370ae34f0e49b9c8cb9920eddc6816ab2ae261c6d7f70058a9b83a494026f249e58c4c613eefafe6974":"916b8b5417578fa83d2e9e9b8e2e7f6b":"b39eb732bc296c555cc9f00cf4caaf37d012329f344a6b74a873baf0d8dde9631f5e57b45b957d6aec0f7978e573dd78b43d459b77756037cd64d10d49966eb3a2a08d0f4d5e4f5dcb8713f4e4756acdf9925c5fc6120c477f6dffc59b0b47a3d5efd32b8c9052b321bb9b5129e5c6a095d8de563601b34608456f58d7221f2d":32:"fc08cbbe":"":"95c169721ea007c3f292e4ec7562a426d9baa7d374fd82e1e48d1eaca93d891d5ffa9acf5e3bd82e713ac627141e26a8b654920baffab948401cc3c390d6eea9d7b78c4fcb080b0aa9222e4d51bf201ccfd9328995831435e065d92ad37ee41c7c4366cc1efe15c07fc0470608866aeea96997772ecf926934c5d02efe05f250":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db68a96e216b0dd9945f14b878487e03":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":32:"9251d3e3":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db68a96e216b0dd9945f14b878487e03":"5634196a32d4cbfa7a2f874a1e0f86287d2942090e0cc6a82bd5caf40136a27ddf524a17713ce4af04ca6cb640a7205cce4ac9cb2d0ab380d533e1e968089ea5740c0fcbfa51f2424008e0b89dc7b3396b224cfaed53b3ac0604879983d3e6e6d36053de4866f52976890f72b8f4b9505e4ebdd04c0497048c3ce19336133ea4":"8a1a72e7bb740ec37ea4619c3007f8ae":"1b4f37190a59a4fff41d348798d1829031204fd7ac2a1be7b5ea385567e95e2ace25bf9e324488dd3ab8ce7f29d4c9a4f4b1a8a97f774871ee825e2c17700128d3c55908d3b684a1f550fdb8b38149ff759c21debdd54e49d64d3e8aac803dfd81600464ed484749bb993f89d4224b3d7d55c756b454466ff9fd609019ed5e83":32:"9251d3e3":"":"0c6bb3ee5de5cbb4b39d85d509bcacb3dda63fa50897936531339882962e8dc54c285c8944768d12096d4a3c2b42ffa92603cee2da9b435ec52908fca6d38ed74f898fe0ffa761f96038ff7dfeccc65bb841c3457b8de1e97d9bee82e2911602ee2dc555b33a227424dea86d610d37c447776295b412b412903ad2cede5170b6":0
 
 AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":"":0
 
 AES-GCM Bad IV (AES-128,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data
index 9e7bad00f..34f74ac06 100644
--- a/tests/suites/test_suite_gcm.aes192_de.data
+++ b/tests/suites/test_suite_gcm.aes192_de.data
@@ -1,674 +1,674 @@
 AES-GCM NIST Validation (AES-192,128,0,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"":"4f801c772395c4519ec830980c8ca5a4":"":128:"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"806766a4d2b6507cc4113bc0e46eebe120eacd948c24dc7f":"":"4f801c772395c4519ec830980c8ca5a4":"":128:"8fa16452b132bebc6aa521e92cb3b0ea":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"":"335ca01a07081fea4e605eb5f23a778e":"":128:"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0c2abdcd2e4ae4137509761a38e6ca436b99c21b141f28f5":"":"335ca01a07081fea4e605eb5f23a778e":"":128:"d7f475dfcb92a75bc8521c12bb2e8b86":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"":"d9172c3344d37ff93d2dcb2170ea5d01":"":128:"017fef05260a496654896d4703db3888":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"eef490a0c2ecb32472e1654184340cc7433c34da981c062d":"":"d9172c3344d37ff93d2dcb2170ea5d01":"":128:"017fef05260a496654896d4703db3888":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"":"f47e915163fa3df7f6c15b9d69f53907":"":120:"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe0c3490f1f0dba23cf5c64e6e1740d06f85e0afec6772f3":"":"f47e915163fa3df7f6c15b9d69f53907":"":120:"14e1a057a2e7ffbd2208e9c25dbba1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"":"a35b397b34a14a8e24d05a37be4d1822":"":120:"e045ecba220d22c80826b77a21b013":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4356b3b1f308df3573509945afe5268984f9d953f01096de":"":"a35b397b34a14a8e24d05a37be4d1822":"":120:"e045ecba220d22c80826b77a21b013":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"":"169a449ccb3eb29805b15304d603b132":"":120:"3a807251f3d6242849a69972b14f6d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2898937cc575c8bb7444413884deafe8eaf326be8849e42":"":"169a449ccb3eb29805b15304d603b132":"":120:"3a807251f3d6242849a69972b14f6d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"":"538641f7d1cc5c68715971cee607da73":"":112:"07d68fffe417adc3397706d73b95":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75683c7df0442e10b5368fcd6bb481f0bff8d95aae90487e":"":"538641f7d1cc5c68715971cee607da73":"":112:"07d68fffe417adc3397706d73b95":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"":"0d8eb78032d83c676820b2ef5ccc2cc8":"":112:"7da181563b26c7aefeb29e71cc69":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0724ee1f317997ce77bb659446fcb5a557490f40597341c7":"":"0d8eb78032d83c676820b2ef5ccc2cc8":"":112:"7da181563b26c7aefeb29e71cc69":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"":"646a91d83ae72b9b9e9fce64135cbf73":"":112:"169e717e2bae42e3eb61d0a1a29b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be2f0f4ae4ab851b258ec5602628df261b6a69e309ff9043":"":"646a91d83ae72b9b9e9fce64135cbf73":"":112:"169e717e2bae42e3eb61d0a1a29b":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"":"55e10d5e9b438b02505d30f211b16fea":"":104:"95c0a4ea9e80f91a4acce500f7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"583c328daecd18c2ac5c83a0c263de194a4c73aa4700fe76":"":"55e10d5e9b438b02505d30f211b16fea":"":104:"95c0a4ea9e80f91a4acce500f7":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"":"e25ef162a4295d7d24de75a673172346":"":104:"89ea4d1f34edb716b322ea7f6f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b40857e7e6f26050f1e9a6cbe05e15a0ba07c2055634ad47":"":"e25ef162a4295d7d24de75a673172346":"":104:"89ea4d1f34edb716b322ea7f6f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"":"08ea464baac54469b0498419d83820e6":"":104:"ab064a8d380fe2cda38e61f9e1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"627008956e31fea497fb120b438a2a043c23b1b38dc6bc10":"":"08ea464baac54469b0498419d83820e6":"":104:"ab064a8d380fe2cda38e61f9e1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"":"766996fb67ace9e6a22d7f802455d4ef":"":96:"9a641be173dc3557ea015372":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c386d67d7c2bfd46b8571d8685b35741e87a3ed4a46c9db":"":"766996fb67ace9e6a22d7f802455d4ef":"":96:"9a641be173dc3557ea015372":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"":"75cdb8b83017f3dc5ac8733016ab47c7":"":96:"81e3a5580234d8e0b2204bc3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"711bc5aa6b94fa3287fad0167ac1a9ef5e8e01c16a79e95a":"":"75cdb8b83017f3dc5ac8733016ab47c7":"":96:"81e3a5580234d8e0b2204bc3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"":"cfbefe265583ab3a2285e8080141ba48":"":96:"355a43bcebbe7f72b6cd27ea":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c74620828402e0bdf3f7a5353668505dc1550a31debce59a":"":"cfbefe265583ab3a2285e8080141ba48":"":96:"355a43bcebbe7f72b6cd27ea":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":64:"34b8e037084b3f2d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1eb53aa548b41bfdc85c657ebdebdae0c7e525a6432bc012":"":"37ffc64d4b2d9c82dd17d1ad3076d82b":"":64:"34b8e037084b3f2d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"":"118d0283294d4084127cce4b0cd5b5fa":"":64:"507a361d8ac59882":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"50d077575f6db91024a8e564db83324539e9b7add7bb98e4":"":"118d0283294d4084127cce4b0cd5b5fa":"":64:"507a361d8ac59882":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"":"b78d518b6c41a9e031a00b10fb178327":"":64:"f401d546c8b739ff":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d9ddca0807305025d61919ed7893d7d5c5a3c9f012f4842f":"":"b78d518b6c41a9e031a00b10fb178327":"":64:"f401d546c8b739ff":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"":"14eb280288740d464e3b8f296c642daa":"":32:"39e64d7a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ed8d8afde4dc3872cbc274d7c47b719205518496dd7951d":"":"14eb280288740d464e3b8f296c642daa":"":32:"39e64d7a":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"":"f54bf4aac8fb631c8b6ff5e96465fae6":"":32:"1ec1c1a1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"80aace5ab74f261bc09ac6f66898f69e7f348f805d52404d":"":"f54bf4aac8fb631c8b6ff5e96465fae6":"":32:"1ec1c1a1":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"":"75532d15e582e6c477b411e727d4171e":"":32:"76a0e017":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23b76efd0dbc8d501885ab7d43a7dacde91edd9cde1e1048":"":"75532d15e582e6c477b411e727d4171e":"":32:"76a0e017":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":128:"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94c50453dd3ef7f7ea763ae13fa34debb9c1198abbf32326":"":"1afe962bc46e36099165552ddb329ac6":"b2920dd9b0325a87e8edda8db560bfe287e44df79cf61edba3b2c95e34629638ecb86584f05a303603065e63323523f6ccc5b605679d1722cde5561f89d268d5f8db8e6bdffda4839c4a04982e8314da78e89f8f8ad9c0fee86332906bf78d2f20afcaabdc282008c6d09df2bfe9be2c9027bb49268b8be8936be39fa8b1ae03":128:"51e1f19a7dea5cfe9b9ca9d09096c3e7":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":128:"04b80f25ae9d07f5fd8220263ac3f2f7":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c6a98102af3d875bcdebe594661d3a6b376970c02b11d019":"":"bea8cd85a28a2c05bf7406b8eef1efcc":"f2f80e2c042092cc7240b598ab30fad055bce85408aa0f8cefaf8a7204f0e2acb87c78f46a5867b1f1c19461cbf5ed5d2ca21c96a63fb1f42f10f394952e63520795c56df77d6a04cb5ad006ee865a47dc2349a814a630b3d4c4e0fd149f51e8fa846656ea569fd29a1ebafc061446eb80ec182f833f1f6d9083545abf52fa4c":128:"04b80f25ae9d07f5fd8220263ac3f2f7":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":128:"d22407fd3ae1921d1b380461d2e60210":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec3cc45a22fdc7cc79ed658d9e9dbc138dcc7d6e795cba1a":"":"b10d9c70205e142704f9d1f74caee0f6":"714994017c169c574aaff2f8bad15f8fa6a385117f5405f74846eca873ca4a8f4876adf704f2fcaff2dfa75c17afefd08a4707292debc6d9fafda6244ca509bc52b0c6b70f09b14c0d7c667583c091d4064e241ba1f82dd43dc3ea4b8922be65faf5583f6b21ff5b22d3632eb4a426675648250e4b3e37c688d6129b954ef6a8":128:"d22407fd3ae1921d1b380461d2e60210":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":120:"fcbb932ddb0128df78a71971c52838":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a32ebc7a2338038ced36d2b85cbc6c45cca9845a7c5aa99":"":"9afe0882e418c9af205eeb90e131d212":"61ff8a8bc22803f17e8e9f01aff865bc7d3083ff413ce392a989e46ebed5114894de906f7d36439024d8f2e69cc815ac043fff2f75169f6c9aa9761ff32d10a1353213ac756cb84bd3613f8261ef390e1d00c3a8fb82764b0cda4e0049219e87d2e92c38f78ffac242391f838a248f608bb2b56b31bbb453d1098e99d079ea1b":120:"fcbb932ddb0128df78a71971c52838":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":120:"18fd1feec5e3bbf0985312dd6100d1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bf22885e7f13bcc63bb0a2ca90c20e5c86001f05edf85d8":"":"99dec21f4781284722b5074ea567c171":"9f4176dacf26e27aa0e669cd4d44bca41f83468c70b54c745a601408a214bf876941ae2ae4d26929113f5de2e7d15a7bb656541292137bf2129fdc31f06f070e3cfaf0a7b30d93d8d3c76a981d75cd0ffa0bcacb34597d5be1a055c35eefeddc07ee098603e48ad88eb7a2ec19c1aefc5c7be9a237797397aa27590d5261f67a":120:"18fd1feec5e3bbf0985312dd6100d1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":120:"fd78b9956e4e4522605db410f97e84":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cfd75a9d3788d965895553ab5fb7a8ff0aa383b7594850a6":"":"a6df69e5f77f4d99d5318c45c87451b2":"041aeb2fa0f7df027cd7709a992e041179d499f5dbccd389035bf7e514a38b5f8368379d2d7b5015d4fa6fadfd7c75abd2d855f5ea4220315fad2c2d435d910253bf76f252a21c57fe74f7247dac32f4276d793d30d48dd61d0e14a4b7f07a56c94d3799d04324dfb2b27a22a5077e280422d4f014f253d138e74c9ac3428a7b":120:"fd78b9956e4e4522605db410f97e84":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":112:"b11f5c0e8cb6fea1a170c9342437":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0b21ae138485591c6bef7b3d5a0aa0e9762c30a50e4bba2":"":"56dc980e1cba1bc2e3b4a0733d7897ca":"a38458e5cc71f22f6f5880dc018c5777c0e6c8a1301e7d0300c02c976423c2b65f522db4a90401035346d855c892cbf27092c81b969e99cb2b6198e450a95c547bb0145652c9720aaf72a975e4cb5124b483a42f84b5cd022367802c5f167a7dfc885c1f983bb4525a88c8257df3067b6d36d2dbf6323df80c3eaeffc2d176a5":112:"b11f5c0e8cb6fea1a170c9342437":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":112:"6cdf60e62c91a6a944fa80da1854":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8775665aba345b1c3e626128b5afa3d0da8f4d36b8cf1ca6":"":"cd17f761670e1f104f8ea4fb0cec7166":"2ee08a51ceaca1dbbb3ee09b72f57427fd34bd95da5b4c0933cbb0fc2f7270cffd3476aa05deeb892a7e6a8a3407e61f8631d1a00e47d46efb918393ee5099df7d65c12ab8c9640bfcb3a6cce00c3243d0b3f316f0822cfeae05ee67b419393cc81846b60c42aeb5c53f0ede1280dc36aa8ef59addd10668dd61557ce760c544":112:"6cdf60e62c91a6a944fa80da1854":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc9922299b47725952f06272168b728218d2443028d81597":"":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":112:"dd515e5a8b41ecc441443a749b31":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc9922299b47725952f06272168b728218d2443028d81597":"":"9b2f1a40717afcdbb6a95d6e335c9e4d":"bcfca8420bc7b9df0290d8c1bcf4e3e66d3a4be1c947af82dd541336e44e2c4fa7c6b456980b174948de30b694232b03f8eb990f849b5f57762886b449671e4f0b5e7a173f12910393bdf5c162163584c774ad3bba39794767a4cc45f4a582d307503960454631cdf551e528a863f2e014b1fca4955a78bd545dec831e4d71c7":112:"dd515e5a8b41ecc441443a749b31":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":104:"f33e8f42b58f45a0456f83a13e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a27d718f21c5cbdc52a745b931bc77bd1afa8b1231f8815":"":"59661051912fba45023aef4e6f9380a5":"2b7ce5cea81300ed23501493310f1316581ef8a50e37eaadd4bb5f527add6deb09e7dcc67652e44ac889b48726d8c0ae80e2b3a89dd34232eb1da32f7f4fcd5bf8e920d286db8604f23ab06eab3e6f99beb55fe3725107e9d67a491cdada1580717bbf64c28799c9ab67922da9194747f32fd84197070a86838d1c9ebae379b7":104:"f33e8f42b58f45a0456f83a13e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":104:"380128ad7f35be87a17c9590fa":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b83e933cf54ac58f8c7e5ed18e4ed2213059158ed9cb2c30":"":"8710af55dd79da45a4b24f6e972bc60a":"b7a428bc68696cee06f2f8b43f63b47914e29f04a4a40c0eec6193a9a24bbe012d68bea5573382dd579beeb0565b0e0334cce6724997138b198fce8325f07069d6890ac4c052e127aa6e70a6248e6536d1d3c6ac60d8cd14d9a45200f6540305f882df5fca2cac48278f94fe502b5abe2992fa2719b0ce98b7ef1b5582e0151c":104:"380128ad7f35be87a17c9590fa":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":104:"e9e5beea7d39c9250347a2a33d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d2f85f92092385f15da43a086cff64c7448b4ee5a83ed72e":"":"9026dfd09e4553cd51c4c13ce70830de":"3c8de64c14df73c1b470a9d8aa693af96e487d548d03a92ce59c0baec8576129945c722586a66f03deb5029cbda029fb22d355952c3dadfdede20b63f4221f27c8e5d710e2b335c2d9a9b7ca899597a03c41ee6508e40a6d74814441ac3acb64a20f48a61e8a18f4bbcbd3e7e59bb3cd2be405afd6ac80d47ce6496c4b9b294c":104:"e9e5beea7d39c9250347a2a33d":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":96:"24483a57c20826a709b7d10a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"de7df44ce007c99f7baad6a6955195f14e60999ed9818707":"":"4d209e414965fe99636c1c6493bba3a3":"da3bc6bdd414a1e07e00981cf9199371192a1fb2eaae20f7091e5fe5368e26d61b981f7f1d29f1a9085ad2789d101155a980de98d961c093941502268adb70537ad9783e6c7d5157c939f59b8ad474c3d7fc1fcc91165cdf8dd9d6ec70d6400086d564b68ebead0d03ebd3aa66ded555692b8de0baf43bc0ddef42e3a9eb34ab":96:"24483a57c20826a709b7d10a":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":96:"23012503febbf26dc2d872dc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1dfa5ff20046c775b5e768c2bd9775066ae766345b7befc3":"":"2d49409b869b8b9fc5b67767979ca8cd":"e35d34478b228bc903ea2423697e603cc077967d7cfb062e95bc11d89fbe0a1f1d4569f89b2a7047300c1f5131d91564ec9bce014d18ba605a1c1e4e15e3e5c18413b8b59cbb25ab8f088885225de1235c16c7d9a8d06a23cb0b38fd1d5c6c19617fe08fd6bf01c965ed593149a1c6295435e98463e4f03a511d1a7e82c11f01":96:"23012503febbf26dc2d872dc":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":96:"e8e80bf6e5c4a55e7964f455":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2df3ee3a6484c48fdd0d37bab443228c7d873c984529dfb4":"":"dc6aeb41415c115d66443fbd7acdfc8f":"eafc6007fafb461d3b151bdff459e56dd09b7b48b93ea730c85e5424f762b4a9080de44497a7c56dd7855628ffc61c7b4faeb7d6f413d464fe5ec6401f3028427ae3e62db3ff39cd0f5333a664d3505ff42caa8899b96a92ec01934d4b59556feb9055e8dfb81f55e60135345bfce3e4199bfcdb3ce42523e7d24be2a04cdb67":96:"e8e80bf6e5c4a55e7964f455":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":64:"74264163131d16ac":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce0787f65e6c24a1c444c35dcd38195197530aa20f1f6f3b":"":"55300431b1eaac0375681d7821e1eb7a":"84a699a34a1e597061ef95e8ec3c21b592e9236ddb98c68d7e05f1e709937b48ec34a4b88d99708d133a2cc33f5cf6819d5e7b82888e49faa5d54147d36c9e486630aa68fef88d55537119db1d57df0402f56e219f7ece7b4bb5f996dbe1c664a75174c880a00b0f2a56e35d17b69c550921961505afabf4bfd66cf04dc596d1":64:"74264163131d16ac":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":64:"8f4877806daff10e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a15541b5857a668dc9899b2e198d2416e83bac13282ca46":"":"89bf8ab0cea6f59616eeb9b314d7c333":"4d2843f34f9ea13a1ac521479457005178bcf8b2ebeaeb09097ea4471da9f6cc60a532bcda1c18cab822af541de3b87de606999e994ace3951f58a02de0d6620c9ae04549326da449a3e90364a17b90b6b17debc0f454bb0e7e98aef56a1caccf8c91614d1616db30fc8223dbcd8e77bf55d8253efe034fd66f7191e0303c52f":64:"8f4877806daff10e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":64:"4eff7227b42f9a7d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b61cdfd19c136ee2acbe09b7993a4683a713427518f8e559":"":"4066118061c904ed1e866d4f31d11234":"153c075ecdd184fd8a0fca25cae8f720201361ef84f3c638b148ca32c51d091a0e394236d0b51c1d2ee601914120c56dfea1289af470dbc9ef462ec5f974e455e6a83e215a2c8e27c0c5b5b45b662b7f58635a29866e8f76ab41ee628c12a24ab4d5f7954665c3e4a3a346739f20393fc5700ec79d2e3c2722c3fb3c77305337":64:"4eff7227b42f9a7d":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":32:"ff355f10":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce175a7df7e429fcc233540e6b8524323e91f40f592ba144":"":"c34484b4857b93e309df8e1a0e1ec9a3":"ce8d8775f047b543a6cc0d9ef9bc0db5ac5d610dc3ff6e12e0ad7cd3a399ebb762331e3c1101a189b3433a7ff4cd880a0639d2581b71e398dd982f55a11bf0f4e6ee95bacd897e8ec34649e1c256ee6ccecb33e36c76927cc5124bc2962713ad44cbd435ae3c1143796d3037fa1d659e5dad7ebf3c8cbdb5b619113d7ce8c483":32:"ff355f10":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":32:"cb4d8c1d":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5f659ed236ba60494e9bf1ee2cb40edcf3f25a2bac2e5bc5":"":"ad49f12f202320255406c2f40e55b034":"6da62892f436dfe9790e72d26f4858ca156d1d655c9cc4336fcf282b0f3f0b201e47f799c3019109af89ef5fd48a4811980930e82cd95f86b1995d977c847bbb06ecdcc98b1aae100b23c9c2f0dcf317a1fb36f14e90e396e6c0c594bcc0dc5f3ebf86ce7ecd4b06d1c43202734d53f55751a6e6bbda982104102af240def4eb":32:"cb4d8c1d":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":32:"4a28ec97":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a73f318b1e298ba4ac0ab2aed74f73543b1017cccbd1b240":"":"abe33b7e8d88bd30deb96d1e90c4e951":"6de616b000047b14b6759015183dd753c61499c0e665d06a89e4fb0cd0dd3064ff8651582e901ef5d0cdf3344c29c70c3aabc2aaf83cb3f284c6fe4104906d389b027e7d9ca60d010f06ef8cd9e55db2483d06552ddbe3fc43b24c55085cd998eae3edec36673445bf626e933c15b6af08ea21cbace4720b0b68fe1a374877d5":32:"4a28ec97":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"eb16ed8de81efde2915a901f557fba95":"":128:"804056dca9f102c4a13a930c81d77eca":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"73d5be74615bc5b627eedfb95746fb5f17cbf25b500a597f":"fc40993eb8559e6b127315c03103ce31b70fc0e07a766d9eecf2e4e8d973faa4afd3053c9ebef0282c9e3d2289d21b6c339748273fa1edf6d6ef5c8f1e1e9301b250297092d9ac4f4843125ea7299d5370f7f49c258eac2a58cc9df14c162604ba0801728994dc82cb625981130c3ca8cdb3391658d4e034691e62ece0a6e407":"eb16ed8de81efde2915a901f557fba95":"":128:"804056dca9f102c4a13a930c81d77eca":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":128:"951c1c89b6d95661630d739dd9120a73":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a249135c9f2f5a8b1af66442a4d4e101771a918ef8acee05":"c62b39b937edbdc9b644321d5d284e62eaa4154010c7a3208c1ef4706fba90223da04b2f686a28b975eff17386598ba77e212855692f384782c1f3c00be011e466e145f6f8b65c458e41409e01a019b290773992e19334ffaca544e28fc9044a5e86bcd2fa5ad2e76f2be3f014d8c387456a8fcfded3ae4d1194d0e3e53a2031":"80b6e48fe4a3b08d40c1636b25dfd2c4":"":128:"951c1c89b6d95661630d739dd9120a73":"":"b865f8dd64a6f51a500bcfc8cadbc9e9f5d54d2d27d815ecfe3d5731e1b230c587b46958c6187e41b52ff187a14d26aa41c5f9909a3b77859429232e5bd6c6dc22cf5590402476d033a32682e8ab8dc7ed0b089c5ab20ab9a8c5d6a3be9ea7aa56c9d3ab08de4a4a019abb447db448062f16a533d416951a8ff6f13ed5608f77":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"70835abab9f945c84ef4e97cdcf2a694":"":128:"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa832a4b37dcb3c0879a771bb8ae734f0d88b9be497797a8":"0f1105f9ec24121232b60b6ef3c3e8ca9eec1a3d7625004b857d1d77f292b6ec065d92f5bb97e0dc2fdfdf823a5db275109a9472690caea04730e4bd732c33548718e9f7658bbf3e30b8d07790cd540c5754486ed8e4d6920cefaeb1c182c4d67ebed0d205ba0bd9441a599d55e45094b380f3478bcfca9646a0d7aa18d08e52":"70835abab9f945c84ef4e97cdcf2a694":"":128:"a459be0b349f6e8392c2a86edd8a9da5":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"7f770140df5b8678bc9c4b962b8c9034":"":120:"9823e3242b3f890c6a456f1837e039":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dda216287910d1f5c0a312f63c243612388bc510cb76c5ba":"d6617d583344d4fe472099d2a688297857215a3e31b47d1bf355ccfe9cf2398a3eba362c670c88f8c7162903275dfd4761d095900bd97eba72200d4045d72bd239bda156829c36b38b1ff5e4230125e5695f623e129829721e889da235bb7d4b9da07cce8c3ceb96964fd2f9dd1ff0997e1a3e253a688ceb1bfec76a7c567266":"7f770140df5b8678bc9c4b962b8c9034":"":120:"9823e3242b3f890c6a456f1837e039":"":"b4910277224025f58a5d0f37385b03fcd488dfef7580eb5c270c10bd7a6f6d9c7ddc2d1368d68d4e04f90e3df029ed028432a09f710be1610b2a75bd05f31bae83920573929573affd0eb03c63e0cec7a027deab792f43ee6307fd3c5078d43d5b1407ac023824d41c9437d66eeec172488f28d700aa4b54931aad7cd458456f":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"151fd3ba32f5bde72adce6291bcf63ea":"":120:"f0626cc07f2ed1a7570386a4110fc1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5afa1e61d4594b1c2fa637f64f18dd557e4df3255b47f24":"5c772cdf19571cd51d71fc166d33a0b892fbca4eae36ab0ac94e6164d51acb2d4e60d4f3a19c3757a93960e7fd90b9a6cdf98bdf259b370ed6c7ef8cb96dba7e3a875e6e7fe6abc76aabad30c8743b3e47c8de5d604c748eeb16806c2e75180a96af7741904eca61769d39e943eb4c4c25f2afd68e9472043de2bb03e9edae20":"151fd3ba32f5bde72adce6291bcf63ea":"":120:"f0626cc07f2ed1a7570386a4110fc1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"743699d3759781e82a3d21c7cd7991c8":"":120:"1da347f9b6341049e63140395ad445":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"febd4ff0fedd9f16bccb62380d59cd41b8eff1834347d8fa":"dc971c8f65ece2ea4130afd4db38fc657c085ea19c76fef50f5bd0f8dd364cc22471c2fa36be8cde78529f58a78888e9de10961760a01af005e42fc5b03e6f64962e6b18eaedea979d33d1b06e2038b1aad8993e5b20cae6cc93f3f7cf2ad658fbba633d74f21a2003dded5f5dda3b46ed7424845c11bab439fbb987f0be09f8":"743699d3759781e82a3d21c7cd7991c8":"":120:"1da347f9b6341049e63140395ad445":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"85b241d516b94759c9ef975f557bccea":"":112:"bbf289df539f78c3a912b141da3a":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d280d079110c1c826cc77f490d807dd8d508eb579a160c49":"a286d19610a990d64f3accd329fc005d468465a98cfa2f3606c6d0fbeb9732879bad3ca8094322a334a43155baed02d8e13a2fbf259d80066c6f418a1a74b23e0f6238f505b2b3dc906ffcb4910ce6c878b595bb4e5f8f3e2ede912b38dbafdf4659a93b056a1a67cb0ec1dbf00d93223f3b20b3f64a157105c5445b61628abf":"85b241d516b94759c9ef975f557bccea":"":112:"bbf289df539f78c3a912b141da3a":"":"b9286ab91645c20de040a805020fed53c612d493a8ce9c71649ae16bd50eab6fb7f3a9180e1651d5413aa542608d7ecbf9fc7378c0bef4d439bc35434b6cf803976b8783aecc83a91e95cea72c2a26a883b710252e0c2a6baa115739a0692c85f6d34ff06234fbdc79b8c4a8ea0a7056fb48c18f73aaf5084868abb0dfaa287d":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"9769f71c76b5b6c60462a845d2c123ad":"":112:"394b6c631a69be3ed8c90770f3d4":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e80f87fa2156c62df7be2ad16c4890de5ee5868a684fcf9":"c829073efd5c5150d2b7e2cdaeff979830d1aa983c747724ade6472c647a6e8e5033046e0359ea62fc26b4c95bccb3ac416fdf54e95815c35bf86d3fdd7856abbb618fe8fcd35a9295114926a0c9df92317d44ba1885a0c67c10b9ba24b8b2f3a464308c5578932247bf9c79d939aa3576376d2d6b4f14a378ab775531fe8abf":"9769f71c76b5b6c60462a845d2c123ad":"":112:"394b6c631a69be3ed8c90770f3d4":"":"f886bd92ca9d73a52e626b0c63a3daa138faaacf7809086d04f5c0c899362aa22e25d8659653b59c3103668461d9785bb425c6c1026ad9c924271cec9f27a9b341f708ca86f1d82a77aae88b25da9061b78b97276f3216720352629bd1a27ebf890da6f42d8c63d68342a93c382442d49dd4b62219504785cee89dffdc36f868":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"4b12c6701534098e23e1b4659f684d6f":"":112:"729b31c65d8699c93d741caac8e3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d8a7b99e53f5e5b197364d4516cace4b928de50e571315e3":"d0db0ac5e14bf03729125f3137d4854b4d8ce2d264f8646da17402bdad7034c0d84d7a80f107eb202aeadbfdf063904ae9793c6ae91ee8bcc0fc0674d8111f6aea6607633f92e4be3cfbb64418101db8b0a9225c83e60ffcf7a7f71f77149a13f8c5227cd92855241e11ee363062a893a76ac282fb47b523b306cd8235cd81c2":"4b12c6701534098e23e1b4659f684d6f":"":112:"729b31c65d8699c93d741caac8e3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":104:"fe1e427bcb15ce026413a0da87":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c874b427b7181b0c90b887147c36f242827149324fd5c945":"bdd90190d587a564af022f06c8bd1a68735b6f18f04113fdcec24c6027aaf0271b183336fb713d247a173d9e095dae6e9badb0ab069712302875406f14320151fd43b90a3d6f35cc856636b1a6f98afc797cb5259567e2e9b7ce62d7b3370b5ee852722faf740edf815b3af460cdd7de90ca6ab6cd173844216c064b16ea3696":"4b8dda046a5b7c46abeeca2f2f9bcaf8":"":104:"fe1e427bcb15ce026413a0da87":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"927ce8a596ed28c85d9cb8e688a829e6":"":104:"3a98f471112a8a646460e8efd0":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"56543cd6e2ebb1e3dc136a826bfc37eddb12f7a26430a1b4":"d541dd3acec2da042e6ea26fb90ff9a3861191926423b6dc99c5110b3bf150b362017159d0b85ffea397106a0d8299ec22791cb06103cd44036eed0d6d9f953724fb003068b3c3d97da129c28d97f09e6300cbea06ba66f410ca61c3311ce334c55f077c37acb3b7129c481748f79c958bc3bbeb2d3ff445ad361ed4bbc79f0a":"927ce8a596ed28c85d9cb8e688a829e6":"":104:"3a98f471112a8a646460e8efd0":"":"a602d61e7a35cbe0e463119bb66fd4bb6c75d1fe0b211b9d6a0a6e9e84b0794282318f0d33ec053f2cfba1623e865681affeaf29f3da3113995e87d51a5ab4872bb05b5be8ef2b14dfc3df5a48cbc9b10853a708ee4886a7390e8e4d286740a0dd41c025c8d72eda3f73f3cec5c33d5e50b643afd7691213cccccc2c41b9bd7a":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"508c55f1726896f5b9f0a7024fe2fad0":"":104:"3b8026268caf599ee677ecfd70":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"caaf81cd380f3af7885ef0d6196a1688c9372c5850dc5b0b":"6f269929b92c6281e00672eaec183f187b2ddecc11c9045319521d245b595ab154dd50f045a660c4d53ae07d1b7a7fd6b21da10976eb5ffcddda08c1e9075a3b4d785faa003b4dd243f379e0654740b466704d9173bc43292ae0e279a903a955ce33b299bf2842b3461f7c9a2bd311f3e87254b5413d372ec543d6efa237b95a":"508c55f1726896f5b9f0a7024fe2fad0":"":104:"3b8026268caf599ee677ecfd70":"":"c4a96fb08d7c2eebd17046172b98569bc2441929fc0d6876aa1f389b80c05e2ede74dc6f8c3896a2ccf518e1b375ee75e4967f7cca21fa81ee176f8fb8753381ce03b2df873897131adc62a0cbebf718c8e0bb8eeed3104535f17a9c706d178d95a1b232e9dac31f2d1bdb3a1b098f3056f0e3d18be36bd746675779c0f80a10":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"b2a7c0d52fc60bacc3d1a94f33087095":"":96:"0a7a36ec128d0deb60869893":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2fc9d9ac8469cfc718add2b03a4d8c8dcc2eeca08e5ff7bc":"bc84d8a962a9cfd179d242788473d980d177abd0af9edccb14c6dc41535439a1768978158eeed99466574ea820dbedea68c819ffd9f9915ca8392c2e03049d7198baeca1d3491fe2345e64c1012aff03985b86c831ad516d4f5eb538109fff25383c7b0fa6b940ae19b0987d8c3e4a37ccbbd2034633c1eb0df1e9ddf3a8239e":"b2a7c0d52fc60bacc3d1a94f33087095":"":96:"0a7a36ec128d0deb60869893":"":"fc3cd6486dfe944f7cb035787573a554f4fe010c15bd08d6b09f73066f6f272ff84474f3845337b6e429c947d419c511c2945ffb181492c5465940cef85077e8a6a272a07e310a2f3808f11be03d96162913c613d9c3f25c3893c2bd2a58a619a9757fd16cc20c1308f2140557330379f07dbfd8979b26b075977805f1885acc":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"1bd17f04d1dc2e447b41665952ad9031":"":96:"01b0a815dc6da3e32851e1fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81ff729efa4a9aa2eccc37c5f846235b53d3b93c79c709c8":"3992ad29eeb97d17bd5c0f04d8589903ee23ccb2b1adc2992a48a2eb62c2644c0df53b4afe4ace60dc5ec249c0c083473ebac3323539a575c14fa74c8381d1ac90cb501240f96d1779b287f7d8ba8775281d453aae37c803185f2711d21f5c00eb45cad37587ed196d1633f1eb0b33abef337447d03ec09c0e3f7fd32e8c69f0":"1bd17f04d1dc2e447b41665952ad9031":"":96:"01b0a815dc6da3e32851e1fb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"5ea9198b860679759357befdbb106b62":"":96:"d58752f66b2cb9bb2bc388eb":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"068500e8d4f8d4af9035cdaa8e005a648352e8f28bdafc8a":"98e32428d9d21c4b60e690a2ce1cf70bee90df31302d1819b7d27fd577dd990f7ffe6ba5ef117caac718cc1880b4ca98f72db281c9609e189307302dc2866f20be3a545a565521368a6881e2642cba63b3cf4c8b5e5a8eabeb3e8b004618b8f77667c111e5402c5d7c66afd297c575ce5092e898d5831031d225cee668c186a1":"5ea9198b860679759357befdbb106b62":"":96:"d58752f66b2cb9bb2bc388eb":"":"2ef3a17fcdb154f60d5e80263b7301a8526d2de451ea49adb441aa2541986b868dab24027178f48759dbe874ae7aa7b27fb19461c6678a0ba84bbcd8567ba2412a55179e15e7c1a1392730ac392b59c51d48f8366d45b933880095800e1f36ff1ac00753f6363b0e854f494552f1f2efe028d969e6b1a8080149dd853aa6751e":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7474d9b07739001b25baf6867254994e06e54c578508232f":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"3ade6c92fe2dc575c136e3fbbba5c484":"":64:"67c25240b8e39b63":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7474d9b07739001b25baf6867254994e06e54c578508232f":"1cbab2b6e4274caa80987072914f667b887198f7aaf4574608b91b5274f5afc3eb05a457554ff5d346d460f92c068bc626fd301d0bb15cb3726504b3d88ecd46a15077728ddc2b698a2e8c5ea5885fc534ac227b8f103d193f1977badf4f853a0931398da01f8019a9b1ff271b3a783ff0fae6f54db425af6e3a345ba7512cbf":"3ade6c92fe2dc575c136e3fbbba5c484":"":64:"67c25240b8e39b63":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"41b37c04ab8a80f5a8d9d82a3a444772":"":64:"4ee54d280829e6ef":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d50d4c7d442d8a92d0489a96e897d50dda6fbe47ca7713ee":"b36b4caf1d47b0d10652824bd57b603ec1c16f4720ce7d43edde8af1b9737f61b68b882566e04da50136f27d9af4c4c57fff4c8465c8a85f0aeadc17e02709cc9ba818d9a272709e5fb65dd5612a5c5d700da399b3668a00041a51c23de616ea3f72093d85ecbfd9dd0b5d02b541fb605dcffe81e9f45a5c0c191cc0b92ac56d":"41b37c04ab8a80f5a8d9d82a3a444772":"":64:"4ee54d280829e6ef":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"9af53cf6891a749ab286f5c34238088a":"":64:"6f6f344dd43b0d20":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"38f3ec3ec775dac76ae484d5b6ca61c695c7beafba4606ca":"49726b8cefc842a02f2d7bef099871f38257cc8ea096c9ac50baced6d940acb4e8baf932bec379a973a2c3a3bc49f60f7e9eef45eafdd15bda1dd1557f068e81226af503934eb96564d14c03f0f351974c8a54fb104fb07417fe79272e4b0c0072b9f89b770326562e4e1b14cad784a2cd1b4ae1dc43623ec451a1cae55f6f84":"9af53cf6891a749ab286f5c34238088a":"":64:"6f6f344dd43b0d20":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"623df5a0922d1e8c883debb2e0e5e0b1":"":32:"14f690d7":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6db4ef061513ef6690d57aef50d8011e0dd7eb4432d82374":"b7f9206995bc97311855ee832e2b40c41ab2d1a40d9263683c95b14dcc51c74d2de7b6198f9d4766c659e7619fe2693a5b188fac464ccbd5e632c5fd248cedba4028a92de12ed91415077e94cfe7a60f117052dea8916dfe0a51d92c1c03927e93012dbacd29bbbc50ce537a8173348ca904ac86df55940e9394c2895a9fe563":"623df5a0922d1e8c883debb2e0e5e0b1":"":32:"14f690d7":"":"a6414daa9be693e7ebb32480a783c54292e57feef4abbb3636bebbc3074bfc608ad55896fe9bd5ab875e52a43f715b98f52c07fc9fa6194ea0cd8ed78404f251639069c5a313ccfc6b94fb1657153ff48f16f6e22b3c4a0b7f88e188c90176447fe27fa7ddc2bac3d2b7edecad5f7605093ac4280b38ae6a4c040d2d4d491b42":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"9265abe966cb83838d7fd9302938f49d":"":32:"6f6c38bc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8901bec4d3c64071d8c30c720c093221e05efed71da280bf":"7c447e700db7367260dffa42050e612eff062eb0c8a6b4fe34858800bcb8ec2f622cb5213767b5771433783e9b0fa617c9ffb7fde09845dafc16dfc0df61215c0ca1191eabf43293db6603d5285859de7ef3329f5e71201586fb0188f0840ed5b877043ca06039768c77ff8687c5cfc2fd013a0b8da48344c568fce6b39e2b19":"9265abe966cb83838d7fd9302938f49d":"":32:"6f6c38bc":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"9b3781165e7ff113ecd1d83d1df2366d":"":32:"62f32d4e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c57eb763f886154d3846cc333fc8ae8b3c7c9c3705f9872":"9fe7d210221773ba4a163850bab290ba9b7bf5e825760ac940c290a1b40cd6dd5b9fb6385ae1a79d35ee7b355b34275857d5b847bef4ac7a58f6f0e9de68687807009f5dc26244935d7bcafc7aed18316ce6c375192d2a7bf0bee8a632fe4f412440292e39339b94b28281622842f88048be4640486f2b21a119658c294ce32e":"9b3781165e7ff113ecd1d83d1df2366d":"":32:"62f32d4e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":128:"2ddda790aae2ca427f5fb032c29673e6":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"307d31a594e54f673bea2f977835670aca4f3d45c9c376cc":"d7385a7bd0cb76e1e242fa547c474370bcc7cc7cf3e3fa37b00fe08a56383ca31d023d8c493f6d42e482b0f32e4f244dd100ea08eee6535e5bb8d27f76dbb7eead6ba8e031ccd0eaeb649edee92aeaf0f027d59efd4e39b1f34b15ceb8b592ee0f171b1773b308c0e747790b0e6ace90fc661caa5f942bdc197067f28fbe87d1":"0bdaa353c4904d32432926f27534c73c":"aa39f04559ccc2cae3d563dda831fb238b2582cb2c2bb28cff20cc20200724c8771b9805ef7464b8fc06c7b8060c6920fd2779fbc807c2292c8c1f88f8088755609a1732ff8c0b06606452b970c79997b985889404fd907c4668a0bcc11ba617175f4525523494a244da60b238468c863055f04db20ea489adf545d56c0a71d8":128:"2ddda790aae2ca427f5fb032c29673e6":"":"0b92262759897f4bd5624a891187eba6040d79322a2a5a60fb75c6c6a5badd117abe40c6d963931bbc72dca1a1bf1f5388030fe323b3b24bd408334b95908177fb59af57c5cc6b31825bc7097eec7fec19f9cdb41c0264fd22f71893bcf881c1510feb8057e64880f1ea2df8dc60bb300fd06b0a582f7be534e522caadc4a2c7":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":128:"bb9ba3a9ac7d63e67bd78d71dc3133b3":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"23c201968def551817f20e49b09dbb5aae0033305bef68a0":"77bc8af42d1b64ee39012df5fc33c554af32bfef6d9182804dcfe370dfc4b9d059bdbc55f6ba4eacb8e3a491d96a65360d790864ba60acf1a605f6b28a6591513ea3cfd768ff47aee242a8e9bdfac399b452231bfd59d81c9b91f8dc589ad751d8f9fdad01dd00631f0cb51cb0248332f24194b577e5571ceb5c037a6d0bcfe8":"bd2952d215aed5e915d863e7f7696b3e":"23f35fac583897519b94998084ad6d77666e13595109e874625bc6ccc6d0c7816a62d64b02e670fa664e3bb52c276b1bafbeb44e5f9cc3ae028daf1d787344482f31fce5d2800020732b381a8b11c6837f428204b7ed2f4c4810067f2d4da99987b66e6525fc6b9217a8f6933f1681b7cfa857e102f616a7c84adc2f676e3a8f":128:"bb9ba3a9ac7d63e67bd78d71dc3133b3":"":"17d93c921009c6b0b3ecf243d08b701422983f2dcaec9c8d7604a2d5565ed96ce5cddcb183cd5882f8d61d3202c9015d207fed16a4c1195ba712428c727601135315fc504e80c253c3a2e4a5593fc6c4a206edce1fd7104e8a888385bbb396d3cdf1eb2b2aa4d0c9e45451e99550d9cfa05aafe6e7b5319c73c33fd6f98db3c5":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":128:"29a2d607b2d2d9c96d093000b401a94f":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6baec0669add30acb8f678ce477a2b171f89d1f41935c491":"5712b84c4c97d75f84edd50561bc1d3f1ba451cc3b358b2403b5e528290954348cf7a235b4dc11a72ddbc503191204e98a9744d85419508c8ca76438c13305f716f1e239a6d9f6423c27217a0057aa75f6d7e2fb356e7194f271459ab5482589ea311b33e3d3845952ff4067dd2b9bcc2e8f83630b0a219e904040abd643d839":"b1472f92f552ca0d62496b8fa622c569":"5ae64edf11b4dbc7294d3d01bc9faf310dc08a92b28e664e0a7525f938d32ef033033f1de8931f39a58df0eabc8784423f0a6355efcff008cae62c1d8e5b7baefd360a5a2aa1b7068522faf8e437e6419be305ada05715bf21d73bd227531fea4bc31a6ce1662aec49f1961ee28e33ae00eb20013fd84b51cfe0d5adbdaff592":128:"29a2d607b2d2d9c96d093000b401a94f":"":"beb687f062ae7f5159d07609dd58d7b81c478d180bc0b4c07ae799626ff1da2be2e0d78b2a2a1f563257f161491a5ac500cd719da6379e30d0f6d0a7a33203381e058f487fc60989923afbee76e703c03abc73bb01bd262ff6f0ac931f771e9b4f2980e7d8c0a9e939fa6e1094796894f2c78f453e4abe64cb285016435ef0e8":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":120:"0943abb85adee47741540900cc833f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b882a2df81fdb9275fb05d120f32417e8ffedd07457e938":"0aae7213da279b34d6dcf2a691b2d0333112ea22de0c3c68d47cf9f9f4ed8ad4e03d4a60ec18c3a04ac9c2abb73e1023051029b5e8705bb69c4c50afc84deb0379db5077be1f663652f8bd8958271af2c1ac4a87e08cb526bab8a030652f2a29af8055d0f31e35475caee27f84c156ef8642e5bfef89192f5bde3c54279ffe06":"5c064d3418b89388fb21c61d8c74d2c5":"5bfa7113d34e00f34713cf07c386d055e889bb42d7f6c8631ffce5668e98cb19bed8820b90ecb2b35df7134f975700347e5514287cfef7ffa2b0ff48b1de0769b03dca6610995d67cb80052cb2e5914eb4ed43ef5861f4b9364314fde6ad2b82fbba7fd849dfa6e46ecc12edc8cabfff28d9bd23c2bcc8ab3661c9ba4d5fee06":120:"0943abb85adee47741540900cc833f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":120:"a93bd682b57e1d1bf4af97e93b8927":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51d94d21482c00bb5bc7e7e03aa017ba58f5a23494b72c2a":"3a9c69c1ed2340bfde1495658dbf4f54731a19b3922a1d535df8d0b2582f5e803b5891e8ad1aa256c923956dcda2430d0c0696bce63295fb61183e040566e459338f908d23ae51f64020c1ef3d192428f23312b285fc4111d50d1add58f4a49008a22c90d3365230e9158cd56f9d84f079bdd673555d4dc76c74b02fa9920e7d":"fb21cd763e6f25540f8ad455deaccdf0":"019d1db5569eeff83306f65d653b01064854c1be8446cd2516336667c6557e7844fc349adea64a12dc19ac7e8e40b0520a48fac64571a93d669045607085ac9fa78fed99bbf644908d7763fe5f7f503947a9fe8661b7c6aef8da101acca0aed758ca1580eeb2f26ae3bf2de06ce8827a91a694179991a993cdf814efbcc61ca5":120:"a93bd682b57e1d1bf4af97e93b8927":"":"7093f44703f2cbb3d12d9872b07a8cd44deb62dae48bc573b11a1ee1c9f3105223423fac3181c312a8a61757a432d92719f486c21e311b840aa63cf530710c873df27fecda0956075923f1ecc39bffb862706f48bde2de15612930fc8630d2036e9e4cfc1c69779171bd23d9e1d5de50a9e0a0de4bd82ed3efc45299980bb4cc":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":120:"7d9f97c97c3424c79966f5b45af090":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6756470937f5d9af76f2abe6df2d0bc15ff8e39b5154071":"afae92bd56c426c095d76633701aa9bea5ce05490482c6c64ac24468c3e1af6e6030a6bb6649745b011c6729bde985b9242e22105322fbb8853dcabbd00165d0b07d7b499e0238b6513bf6351eb40635a798f7e6e2d31125dda45ffe8964596fdbff55df22d4e9025bd4f39e7c9b90e74b3ee58d6901f113900ee47a4df5afd7":"4500193711a5d817a9f48deafda39772":"92fa22dba0eee6b1de1ddd24713b1be44c7105df90e6e7a54dcbf19025e560eb4986ee080cf613898a1a69d5ab460a3b8aa2723a95ac4a4af48224b011b55fb7582ae18f6746591eab2bd33d82a8dbbae3f7877e28afef9857a623530b31d8198b2df43f903d6e48ddae0848741f9eaae7b5504c67ad13791818f3c55c9b3d1e":120:"7d9f97c97c3424c79966f5b45af090":"":"62258d60f0138c0405df4b2ec1e308b374603a9eace45932fdc2999e9e2261de8b1099473d1fc741c46c334023aa5d9359f7ef966240aaf7e310d874b5956fd180fb1124cbeb91cf86020c78a1a0335f5f029bd34677dd2d5076482f3b3e85808f54998f4bac8b8fa968febceec3458fb882fc0530271f144fb3e2ab8c1a6289":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":112:"a5100c5e9a16aedf0e1bd8604335":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30db73d46b518669c45b81bc67b93bed3d0864f7e9e8e789":"750bc1d2f91d786bb1e621192a376f552538ba8c07d50d9e10b9345f31b3e5f9d8ad7c719c03d8548a3b184b741cd06c49d7fb6fe80258d60c01c2987c337c823211cee7c1cf82077266889bc7767475e0eeabb2ef6b5a1de2089aaef77565d40a1c2c470a880c911e77a186eacca173b25970574f05c0bdcd5428b39b52af7f":"5069e2d2f82b36de8c2eb171f301135d":"ef781dce556b84188adee2b6e1d64dac2751dd8592abc6c72af7b998dfae40cbe692a4cae0b4aa2c95910e270600550fca1e83640c64efb1eb0e0a90a6fc475ae1db863a64ce9cc272f00abac8a63d48dd9f1c0a5f4586224befed05be4afae5bd92249833d565cc6b65fd8955cb8a7d7bd9f4b6a229e3881212871a52c15d1c":112:"a5100c5e9a16aedf0e1bd8604335":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":112:"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"209f0478f1a62cb54c551181cbd4d24b796e95f3a06b6cb9":"66db7cc97b4a8266c0a2228e8028e38d8986e79fcbcc3caff3050fdd2de87b7ff7a6895b988b0bdb7fcc4d6e2d538dcfaad43ce2f98b6d32500f5a6e6183d84cb19157a699cdde1266d6d75a251ee1a2eb97bfe6405d50be2b17a58ba6eafaee0a023a28d568fd1c914f06041a49c79b9df9efe63d56883cbbbeaba809273d2e":"7be1768f6ffb31599eb6def7d1daa41c":"9cb49357536ebe087e1475a5387907a9e51ad1550697f13c6cc04384ec8a67dea13376bdd5e26b815c84a78f921b506b9e2086de50f849185f05ba7c3041e49e42c0673df856da109a78b8e0ce918c25836f7e781e6b16168e4e5976d27ebc83f20b7bf4beadecb9b4f17a7a0d3a3db27fc65288a754b5031a2f5a1394801e6e":112:"4d2ac05bfd4b59b15a6f70ea7cd0":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":112:"4da85b8ec861dd8be54787bb83f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1bfa30b315e7b908263330140fa2d66ed57104784a43cc70":"8eeee9865e23fa51dbbf197fa41776b7edbdb9381a22c935299cd959a46190788ae82f4e645b0362df89bfc00241964784bc7ef70f6f97e81687d52e552a33af20ae34a3005e0a7b85d094368d707c3c4cd3ef31c0daf3ccaa1676609ed199327f4139d0c120977e6babceed28896d2cb3129630f3ee135572dc39433057e26a":"b7081a3010b524218390ba6dd460a1ec":"8c1f42b5931d69ae351fcde7d2b4136d4898a4fa8ba62d55cef721dadf19beaabf9d1900bdf2e58ee568b808684eecbf7aa3c890f65c54b967b94484be082193b2d8393007389abaa9debbb49d727a2ac16b4dab2c8f276840e9c65a47974d9b04f2e63adf38b6aad763f0d7cdb2c3d58691adde6e51e0a85093a4c4944f5bf2":112:"4da85b8ec861dd8be54787bb83f1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":104:"8781b045a509c4239b9f44624e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc47156a693e59a1dea0618c41441fe669fc65dcfb7d0726":"3e4f0a586bad532a08c8863ebba01fd25014baa907e6032ee43d4a7dfc7c3171916dcdf9faee0531f27527872ae4e127b6b9aaee93f5e74d0ab23f3874aa0e291564bc97f17085dd7d5eb9a85d9f44574e5952929eda08863b64c85dd395c91b01fe5bef66e3fa8f9ee5bf62c25d80dc84fbe002ecfd218430b26f3549f734a1":"ea1935ed014883cc427983d7962d9992":"0d85b8513becfe8c91d0f6ffb65ec31f2cf406c51c0da88893c43d1327fd8ad1f4bab2d7b5e27438d643397034a72f8666bf641b6781bc90f764db387eae6720b5723d510194570ccd773e1b3bebfc333cc099d078583e8dac60d174d332925a24a45110c8d2abe8924ea677ac74db66ea789e2838efc96c78bceaa6236c0a67":104:"8781b045a509c4239b9f44624e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":104:"2ad4520ddc3b907414d934cc1d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5fcd780a03ba80341081ef96b440c0e4348afde4d60c1d5":"6316f3beb32f6f3bf8f2ff6a2c160b432bafd3036d3eefa1e4ec204f24892e37dc4d75c7ce9a24b5c49fb4df901f35ef9d5955f7dc289c56cb74753f4d6b2982267d5269d12237e21202a65061849c65e90e6702dda03a35ace3a3a098d16b4bfbb85b7232404baee37776a9b51af6b3059a5f170f4ebe4ecf11061ca3c1f1f3":"ad20cce056e74ec5d0a76d6280998f15":"28f8fcf23b9c1ba40c19ffc1092632e35f234c1e8b82bcd5309d37bf849a2ce401413d1f242cf255ed597f9a93a1d6e50676997f95aa612e580d88234a86ddc404292746f0b2f5cf15abebcea6659f998ec6a1cb5a9914fee5aa1aa5d04b3c20914e45095e4141ce9c173653dd91c3ebe4ed4a9a28f3915d7b2edba34c2a58d8":104:"2ad4520ddc3b907414d934cc1d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4382507dddccf1385fc831da8924147563416d0656e168ec":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":104:"4221818d4be45306e205813789":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4382507dddccf1385fc831da8924147563416d0656e168ec":"e5c5430b960aa35dc8540215c2772d66811270859e33dd4477904759e7e5eb2986a52a4ccc9f592e614147b5ea2ead6636a15c6426336b2995d9a31ab36d76578c3540bc6693842a4bc0491c7963ee9cda2317951cf93244bd30bcdfec69a4767004636fe7d1be7300c35e80627bab9236a075a803e9e1080b9159060c643a78":"a37687c9cd4bdc1ead4e6b8f78bee7f5":"fa9ae30509cbb6fe104c21480ae7b8ec9f12f1afb17320d77b77cdf32ce8c5a3f7f927e501118c7ccd6975b79225059cef530a4fcb0a9719f5e2d3bebe7bb6ec0855e495a31e5075eb50aa6c1227e48b03e3fdf780084ac4912eb3a5674cca9dd6ac037366b230ae631a8580d2d117942dee5d5ddbbb2233afeca53289cc4f68":104:"4221818d4be45306e205813789":"":"b5b36719bc4d13a5fbf37188ea814cdf3c97a430784330540325c899570e15482300bc82c5b8163074e0544c5132e3ce93bba68bd7a8d2db81d1431b424b697c1158c4d70625666d5ff99145ca34856815c905b5a0fd95806df56b9cd5b384bda3e394b409048eb1037144cc071539c02397e931da28a43cc354d584643afd4f":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":96:"4af02b81b26104d1d31e295a":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7a66db3450dac9a1e63d2639f34c5c6a3fbfb3c8e8230199":"6463a7eb2496379bc8a5635541525926a6f9fa718e338221952118ae4cf03a85f2074b4ebaf108b9c725809be1e6309c3a444b66f12286f6ea9d80c3413706b234b26372e8f00783819314a994c9e3ecf6abdd255cbfe01b3865e1390a35dcd2853a3d99ed992e82ec67ba245f088cb090adade74bdbc8a1bad0f06cbea766a6":"21f8341529b210ade7f2c6055e13007a":"1699bc8c198ab03e22d9bc4f3682aad335c6e35f3f616bb69769a9d5a202511797e770ae0d8d8528ef7b2bb25b4294d47427b43f0580fa71d93fdef667f4f4196f84e41c0b1978796d0de74a94420fb8571bff39137fa231c572b31be9ae72338288bef5f8c992121dc918538551f346e279a9047df14ec9fc0fd399cd3bd8d8":96:"4af02b81b26104d1d31e295a":"":"53fe6a34d280f2c96d1ae2b2e8baf6abd67cedf7d214312f75dd4a1bec28a641dda3e71aa398726b2b0b1f515e1f4259ee97acaf17f122db9ec7814c2de6a88d36c3ac106396ad03d337c2cd2d2b9b4b7170e23a5848ca7ea129838f967dfdfe83b45ff2a9be699bfb2346115465d59f074f09e24d8fcbd9ece0018c92776c43":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":96:"b124eea927e2a62a875494a1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f5c818f24d201f9fb23fcca211b0545eee5c5c9b440810d":"9a7566817a06f792e96a6a2ba8e0a01f8837e2de06796e68b0782cc54ed0b04fc5e24a1ad37d5ffb035548b882d88150e89915b89f57cde2bf3c43ab9dae356927daef6bd61cc9edd5e1b7a4abea2f71313677f1b2fdf3d8d4a7e9814ea820fbc3e5c83947db961839a985a57ced7f5e4a1efffcfd17a2c806d4cdc1e79162da":"3a163067bdd90fce0406d1c198a88771":"a5e94e233d04fe0c4b6c4684b386902fe05096702237dfbe76f73befa69b6f30394cf9fe3358997942df65842748fb4f075a3dc06e147bd8d67fc4371113a4d75c70219257c650a6f38a136659e20a1cf3a119397835c304e0fb2a33aa3c3019175c86463043d5edc6992874f61e81cd0d26af8b62cf8c8626901d4f16d84236":96:"b124eea927e2a62a875494a1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":96:"f536a3b8c333b1aa520d6440":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a301f7edf83da63bcf37216a3a33d7613331c3210281dd7":"e09cc8543db7804870004706a26e94b457c125bd648b581a196f962f2ae8fa55d9bc66530ba5020e22d282080b4720dc9a2096a11c0fcc3d9a67cd1cf95cd7cd2417ba308c761e64be24347a14c9423447094a5c72a0043c288b35e753ba0aa748f208381249fb1c8d195a472192404b6c8172663ee4b4d4ecfa426e1fb003f2":"d73a546b0fa307633ac89506fa86138b":"f57fe548cf4a551a216ffb24a1dcf1b79c95f9abf06443fd58af042d287c2165db373c82a94172db517840f22e45e966e3ead91ce1ddad132bcb844e406e84b76a0b5b0ee23064b66a229f32a2d3b9c71103f020c4ba57fc0f0608b7114914cf2ada0c5a9bc4afbfa9ce5da320f34beb2211d569a142f53bfd262f6d149c4350":96:"f536a3b8c333b1aa520d6440":"":"124a327a8c22b7652886dac2c84b8997ca8a6f61c9ba9c094b5aea41eaa050a6df6cbf280259e5466071bcfa53b4ebc76c3cc4afc8c0385189a5382933aa57c89aab78dca84331e0fe8f0aab3a7857d3e13f08dcd90ec5f0684f82088ef8eb7fd67e75de43b67afc3a0beb458f5ebd61b2c779e6c539d795c667bb7dcc2b762e":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":64:"69e06c72ead69501":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd40e8226fd13cb95ba50b7cdf0f07f7ab7037cf8705ca50":"75aa7df5c3c443d48ee998064b6fd112c20d2d90c98e00d025ef08d1ad3595385be99de47fa627549b827c48bc79eb1dcaf2f1be95a45f7e55755b952aee5ae0748e68bee1b014a628f3f7dc88e0ebac1d1d00e268355f5101838ce125c57003aebc02a1c9d6ae2cd6e2592f52c0be38cef21a680ae35c909cab99dce9837aef":"3406e70cbe16b047fedaa537eb892279":"390b18d22d5ecc0b5a524ae9afac6fd948ac72d1360775a88b385aa862cce8a27f3e4b420e539bec6e8958f8c1b5416c313fa0a16f921149a2bfeae29ad2348949b29a73970e5be925ec0c35218b82a020cf21bb68c6931f86b29e01b85500a73f3ee7eb78da60078f42550da83b2e301d151d69b273a050f89e57dfc4787cbf":64:"69e06c72ead69501":"":"6e8d661cd320b1b39f8494836fcf738b0ab82873d3903c9ee34d74f618aea36099926b54c1589225ec9a9d48ca53657f10d9289c31f199c37c48fb9cbe1cda1e790aaeedf73871f66a3761625cca3c4f642bc4f254868f6b903e80ceeeb015569ace23376567d3712ad16d1289dc504f15d9b2751b23e7722b9e6d8e0827859f":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":64:"dc4c97fe8cc53350":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a85ab87563b809b01725764d64ba4cc6a143e2e0362f0c52":"ef43629721b50bd3656b7ae31b6e4b4ba1cf2c72ed0460ee7d9fb416631ddc597e5f9aebbcf4442b95cc46e28476a464dd87caf9c1c1d6c99d3e3e059dc23f8d2fe155ff5e59c50d640bc052c62adee3aa1295b38732e3458f379e98a8dbdfed04c22a5761792e87fa67ecbcbf3b90eb1bcd1d3f49e60132452f28afece83e90":"9f991ff16a3e3eb164a4f819c9f1821a":"df289511f78d8fa2505afc4c71ab1d7c31a8d15d1e5fcbb29d70f0e56f89c4d7b30f1b3b4745b5d2cc7af34fb4c95461372bf516ec192b400dc8fdb0ca9fe1f30f5320d0fadf20155cfcddcf09233c6f591c1c89917e38a003f56b94a1e2429d1f2b6297db790d7dce84d9fa13d2d86a0e4d100e154050b07178bee4cdf18126":64:"dc4c97fe8cc53350":"":"ff0e531c7344f0425d62d5fbedf4bc8d3d5cc80647e67b852c1a58ad1516d376d954cb8dda739f6a4df3cf1507e59696610bcb6b34340d6313028e00d7197845d392e73331aaf168b474a67364d8f9dab740509fabf92af75045f0afabc1b5829264d138820952bbc484d1100d058a4de32b4ece82746b2b4a85fb2993d4add8":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":64:"44f760787f7bc3c0":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f4f1e03abb927ffd0b081b9dce83a56a6dd419a6313ac34f":"0e70421499bc4bcb3851afa34cdf5be374722815abdd9bcee5f332dbe890bdc1c0210ab10667e5bb924bf3c1120e25a0c074da620076f143940989e222086d1b34a1200d09aea1f810ef6de7d8520c65eef9539fde5a6422606c588fce6264e5f91f934ede6397c4b307d2d7e07a518fce577a427fa92923cbba637ae495afad":"d1e29bb51a3c4e871d15bb0cd86257e2":"ae2911cdaaad1194c5d7868b6d8f30287105df132eb0cecca14b6e23ec7ac39cc01da1c567a0219cca7b902cc2e825e30f9524a473eb6e1d4d1beff5ab4f29103b2c7522a33dd33182fa955c4f09a75196b1072a6f0340fc55a802d29c7067f05219c21857ebff89ada11f648c1f28dfbfdaab56028f05509de17e2381457ebc":64:"44f760787f7bc3c0":"":"2199fa5051461b67581429ab19de2ccb50b8b02e12c0e1d81a8a14929f84e09d9715b7d198e77e632de4af1c08c5041276204a7ed76646385e288e96e1a4b0b0f2b1a9df7f0892beaea3cb58d9632720158f6daa4cbbfc0ebdc56ff6a5175768ff2abd24cb7669bc3fe40f8aba7869d2dd7dac86b6ebc4e4ce261edbec88db17":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":32:"c5098340":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"33efe20433c6a1ad261a1fed494961749e5bf9d35809b59d":"cfbeb61be50def25f513346498f75984bfe797a8ad56be34f2461e2d673f6ce14e7479a59777267b75dadc6b9522599ebe5d7b079495a58ca187ec47796f6ee8c322278ad7451b038c938928adcff6105a8ea3780aedc45b6a3323d3ae6fbce5da4fb59ca5ec0a16a70494c3c4859672348532505e44f915e0b9b8a296ef5225":"dc94673b0c49c6d3b4611e278212c748":"919f7397a6d03836423b7cac53177fcfbe457d4aa4348646f646aae1bc5a15568cdb8c96fabef278ace248aca531110a4f4f9e8ab0c32525ad816ae3facf03175232dc84addcd6065f9cc1f513966b63fd27e91a09f1921b95d6bd8f08f1dbce073bcf827847f774514b478b9d7fb5426847dd4dee6f39b5768c1fb729b32d03":32:"c5098340":"":"c5e47d8c60b04df1974b68a14095d9bc8429a413d21960b15bae4fd7356bf7872e0da0a1a385ca2982d3aa3182e63ea4bb8ca01410cd4e71ddad34aa1f12c1387902b3d56634f89c619a2e6756648ab3bf90e9bc945afc9140eb935b633bae96bb067e9ee421697bcf80b14b1b88dbf13e010b472a7ca5411db36848b9c7a37f":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":32:"dc413c4c":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ed5dadefa0f6d14fedd1a3cdbab109f6660896a952ac5ab":"aef617f69724e020309ec39d9587520efda68a8e303686c3a41ef700cba05b7c6e43e95aadb1a566f61650c87845835e789eb2366941e3bfef6d9846af0e0dbc43249117ad6f299bbc40669ac383cdf79289ada6ccd8ccfe329a0dc6a38eea1a99550457102d10f641cda50c21f533b1f981663f74a0a7c657c04d9fc6696ff4":"553a14f1e1619f9d7bd07cd823961f25":"eb8ea81d3e328a1113942cd5efd0f2b5e7f088791c8fc05690a34584101c4d493628ee7d0099a2865ac194b9124c3fb924de0c4428d0a1c26ea3ad9a0bc89187a16673e3b6f7e370dfb2dc26e8a56a9cf91f9c2088c020a766efe0d0c91689743a603f2cd1e300a6a84828b3b515a4b9a06e6bb20457bf124cd6ce4ac8b83d51":32:"dc413c4c":"":"bc1f34991a48aabb0fea513f790f0d223e9feac4c99fa1e8427f01ab8b4b2827cfaf239342de36051a846af0306a3f82e7aed98dd0416fb078bc7f3b617b00ceb2cea4ddafc22dd022efa8303e9804510e0e888065d8427345156d823f796f74130c06db9f9934435552b4fefd051953e20ecba3a4514ac121d7d2097d597439":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":32:"e6d6df7a":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6d97e8bff3923a778504fb917dbc1428a1328587047697d9":"dc1a81efd51e967767f5bdd7e2e425732c1d28451f2bf5bdf3f5a6492279330594d360dd8a193e5dbde1be49bf143a35c38bcd059f762ada65c5119e097f0976891347f4d829b087bd72daa3494b344cbd3370c4459ca243bd57aeda4cb86cdd0bf274f07830cdbf5e5be4eb9b742ddffef8aa35626d2b9ea0a29d3c3d058b28":"0c28dc4cd53725091c2fb68a476c2e40":"f3932f5e82d75a1e3eba1591c17769e1a45819ccf057c31e76fa810b93678766d25905e859775c244e96bcafbc75c4a2d95e7d02868ccb2f65e49276f0b645ac8cf6e3758402304a3c25ce2de0a49f401b1acadaff8b57589b45cc79130ddc8387f41cc383e33ef38eec019152051c756198d6f782ccf56297b9fe944269a65a":32:"e6d6df7a":"":"39327836e9d8cfb59397adcf045a85644c52c3563290795811f26350c8bce8f55ca779cbcd15479efd8144b8a39ef611153955c70bf3a7da9d4d944c2407a0d735784fcb68de1083eebf6940ebc9cf92f9f139c01404b503ff64e61126a94e881351473507884357040fd32714b872c254349071069644e2bd642905521b944e":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"":"f1a23ce6e2bc9088a62c887abecd30ae":"":128:"d4d5c22f993c8c610145fcbe4e021687":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c78e29971e90a01bb65973f81260b9344fa835751f5f142":"":"f1a23ce6e2bc9088a62c887abecd30ae":"":128:"d4d5c22f993c8c610145fcbe4e021687":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"":"ef221a1c66fda17906190b7c99ab60b8":"":128:"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8c582d5b6a40ef0e4048ec20f0263572d7cc82704e380851":"":"ef221a1c66fda17906190b7c99ab60b8":"":128:"6327dcb46ffb3d0fd8fbf3d2848a8f01":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"":"7c29b3196d44df78fa514a1967fcd3a6":"":128:"fc123944bbea6c5075a5f987aed9cf99":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3a58abadd29e946e23ca9eb09af059913d5394971bda6a4f":"":"7c29b3196d44df78fa514a1967fcd3a6":"":128:"fc123944bbea6c5075a5f987aed9cf99":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"":"783f9a3c36b6d0c9fd57c15105316535":"":120:"23e21a803cac5237777014686564f2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"04bdde4c35c385783715d8a883640851b860ce0e8436ec19":"":"783f9a3c36b6d0c9fd57c15105316535":"":120:"23e21a803cac5237777014686564f2":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"":"2acc2073089a34d4651eee39a262e8ae":"":120:"7ac742c859a02a543b50464c66dcf5":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4ba5fba0c22fbe10c2d1690c5d99938522de9c5186721bac":"":"2acc2073089a34d4651eee39a262e8ae":"":120:"7ac742c859a02a543b50464c66dcf5":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"":"c937615675738f4b3227c799833d1e61":"":120:"88300bd65b12dcb341f1f6d8a15584":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f12890b0a8819faa5a8e0e487f7f064af42fa6d5519d009f":"":"c937615675738f4b3227c799833d1e61":"":120:"88300bd65b12dcb341f1f6d8a15584":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"":"1f939226feab012dabfc2193637d15b1":"":112:"eed5fcb7607c038b354746d91c5b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"51878f3630298a81297f4a21514fea637faa3815d4f26fae":"":"1f939226feab012dabfc2193637d15b1":"":112:"eed5fcb7607c038b354746d91c5b":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"":"e2076e1050070d468659885ea77e88d0":"":112:"b4586bdbd4b6b899648f2333eee0":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ae596e74840a600556a06f97b13b89e38f67c152f1a1b930":"":"e2076e1050070d468659885ea77e88d0":"":112:"b4586bdbd4b6b899648f2333eee0":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"":"2d07bb8616fc0bbb71755a1bd256e7fb":"":112:"6b60d645220cfde42d88296ac193":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fd33b7a0efae34339ca987b5eb8075385fd1276e63cc8530":"":"2d07bb8616fc0bbb71755a1bd256e7fb":"":112:"6b60d645220cfde42d88296ac193":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"":"6c31194df99d08881fa5b1dd33b45a92":"":104:"69431593c376c9f8052bf10747":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5685b12a6617d554c36b62af5b8ff2239cb3ffb1d2c40e14":"":"6c31194df99d08881fa5b1dd33b45a92":"":104:"69431593c376c9f8052bf10747":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"":"73599275f8237f14c4a52b283c07275d":"":104:"6f7249d25c9f273434c4720275":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"036ae037410dae9f0741608516d03b855c9c1851df8c54a4":"":"73599275f8237f14c4a52b283c07275d":"":104:"6f7249d25c9f273434c4720275":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"":"d0871bfc3693245be478e6a257c79efb":"":104:"5a99d59631d0e12f58b7b95ccd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ac144f39ebd6124bad85c9c7fb4f75bff389ece2e8085d83":"":"d0871bfc3693245be478e6a257c79efb":"":104:"5a99d59631d0e12f58b7b95ccd":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"":"c72bb300b624c27cded863eba56e7587":"":96:"ea2528e7439be2ed0a0d6b2a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a8a541ff11a1b8548e832d9e015edeccc94b87dadc156065":"":"c72bb300b624c27cded863eba56e7587":"":96:"ea2528e7439be2ed0a0d6b2a":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"":"28899601fa95f532b030f11bbeb87011":"":96:"35625638589bb7f6ccdb0222":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30dd8f400335e9c688e13cc0b1007bd21736a6d395d152e2":"":"28899601fa95f532b030f11bbeb87011":"":96:"35625638589bb7f6ccdb0222":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"":"375d4134e8649367f4db9bdb07aa8594":"":96:"70610bf329683e15ecf8c79f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb8f672b04d706d7d4125d6830fff5d2ec069569bea050ce":"":"375d4134e8649367f4db9bdb07aa8594":"":96:"70610bf329683e15ecf8c79f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"":"9f502fb5ac90ff5f5616dd1fa837387d":"":64:"a4b5138122e1209d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bf71e5b1cd6eb363ecd89a4958675a1166c10749e1ff1f44":"":"9f502fb5ac90ff5f5616dd1fa837387d":"":64:"a4b5138122e1209d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"":"2ee96384dd29f8a4c4a6102549a026ab":"":64:"3b33a10189338c3b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5b9d1dfb2303b66848e363793bdca0e5ada8599cb2c09e24":"":"2ee96384dd29f8a4c4a6102549a026ab":"":64:"3b33a10189338c3b":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"":"8d97f354564d8185b57f7727626850a0":"":64:"813d2f98a760130c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a35ae271f70ebacb28173b37b921f5abcad1712a1cf5d5db":"":"8d97f354564d8185b57f7727626850a0":"":64:"813d2f98a760130c":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"":"daf13501a47ee73c0197d8b774eec399":"":32:"a6d108c0":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bdd0cb826d5d28c2ab9777d5a0c1558e7c8227c53ed4c4f":"":"daf13501a47ee73c0197d8b774eec399":"":32:"a6d108c0":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":32:"a47cdadd":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"81b4d5ee4e1cbee1d8966fb3946409e6e64319a4b83231f5":"":"bc2f9320d6b62eea29ebc9cf7fc9f04a":"":32:"a47cdadd":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"":"817199254a912880405c9729d75ed391":"":32:"d81d9b41":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5813627d26d568dfe5a0f8184cf561fe455eb98b98841fe0":"":"817199254a912880405c9729d75ed391":"":32:"d81d9b41":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":128:"dd153cfd7aa946280660c445f586fa28":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94f160e2325da2330fbe4e15910d33c2014f01ace58e5b24":"":"80a1b99750980bf2be84a17032fc2721":"066fdd980cf043a732403ee5f65c82ca81e3fc858ad3cfa343014a8426fd3806770f127e2041efb42e31506ce83390ac5d76de2fe1806df24ce6e4bb894972a107ef99e51e4acfb0e325ab053f9824514b5941ab1ec598fbb57a5d18ed34d72992a19215d914e34ad1a22326e493d1ff2da7bc271c96ad3ab66d0c32bd711293":128:"dd153cfd7aa946280660c445f586fa28":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":128:"c59231ddaae98e0e8db6b3fe8f4d3427":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4785846f7c0524e78f3eb137fd433e1808af64549af69183":"":"5334476a5fa3fa50dcc4b12f8ac00b51":"e70f82d1e3361ac5a5c9a087e47984d5533ba296f9b7e4a192a4ab28a833cdbbd5cece3415cf6fbb2f8055560b5c31c98d83d139954e1c03a464739f1eb5ad982c4371cf20b8984bbd97d5f40b336f5e96df3d272b95f7547be15c3bc05b3caac7d08c5eb5de8bdd246e74f6caa6bff76ea0417730ce72b911867f88fdcf73a0":128:"c59231ddaae98e0e8db6b3fe8f4d3427":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":128:"2c84bf7a8947ab93b10ae408243b4993":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"49b085fe1a8e1ae769ed09fc585d29eb24d589689992e6c5":"":"899878b0684fb865d30190821817b88c":"f789eafe3d02826b619ca4fbca7bb1919e5c6f7c33824a2f7f815dc50e329979705f7ef61e9adf7899d34f1b8840384ff62ef6d29eea38c45d12be9249aca69a02222cd744d81958c6816304ff0d81d6714a2023b3dd9d940db5c50afd89c52774d28d6afde2b6c68425b6acbe34682531a2e57e2b9a7729b3e8d96a729b15cc":128:"2c84bf7a8947ab93b10ae408243b4993":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":120:"e8aac14b53cdbc2028d330fc8d92a7":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"75847588760ecb6ca548747b743914c89fea367a5ccb81b6":"":"7d8a9fd254e2061c01e39eb574951924":"b03c57dfd49152401a225357f1d6e533f3a423e5cfce07b8ae7ca9daf68645e5bd67b3ca2421eac447530b27c6dc6bd9c7f1b22441b8cc8c4ac26cec2c9c0d665a35b66d779a3772d714f802d6b6272984808d0740344b6abdb63e626ef4e1ab0469da521c7908b2c95a0fd07437c0e9d4d2451ae189ad61ff19f4efb405127c":120:"e8aac14b53cdbc2028d330fc8d92a7":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":120:"dc034564d4be7de243ff059b5f9160":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e3a18a96d2e45d2f60780dc39cee7160e28cb810bf09858c":"":"26a4d659665ded39b7a1583de756d0ad":"83f8d9c58169b4c68032321197077ff5c8ee4ebb732b040748e1b55dcf53375ae86fb9646a672b5c5bc805a92c475cbb6d0ed689a58abdf2230250a7d3fbd8cfab07835fa85e738a7f74bc3e93616d844b1ec61b79f23dfea62e1815f295d43f61d7b5956103b31ca88afb0b3d37eb42cf77232dbf2258065232971c397dcbcb":120:"dc034564d4be7de243ff059b5f9160":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":120:"942b52277e9dc0a30d737d00f5e597":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7be3909170ea7a2ff76f9f28241d8cc48ddeafa8517c6f8c":"":"8dee7e29350c60c5bcfec89da6617d2e":"f6e9e7a7f9716760eb43060d5c80236a0f118b0f750ebd5df01fd2dba95c556ecd2e54a3f337767321abf569c8137a8e48c5b44037ba62951e9f9f709e6e4540a36d769f3945d01a20a2ed1891c415a16d95cab7ddf9bcebf18842c830067509a2a5d49a9684324c433d53824d2f8fd326b149af17f40e5bf5e49185738fba60":120:"942b52277e9dc0a30d737d00f5e597":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":112:"87737873b82586bb29b406946cae":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1fe413bafc4753e1511b580c830449bee56e0e5b9acb852c":"":"e30829f64f3eda13bfb2ac572aceb3de":"6c772d08b4d7507e35804572fa697c646c77301954cc5c160941e49e230697ed8c23338b9f30c3ead69b1c1a2329ff025dcd3c0d0a9cc83fee4979448aa71ddb9d569bedc8c497a2a4ac3b60d087d7872f0a110bf90493ae7da03b0953734223156cd2d6c562e4a978a6dd5cdb229dd58dd4d0f50ac015f2f5e89dac4aa29a19":112:"87737873b82586bb29b406946cae":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":112:"06f95ca69c222a8985887925b15e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4bc4378d423931f9b320bb57df584c641406c1daa7448ad":"":"eca70e10c0358838a3f4a45c4b016ccd":"68d1c045c1604e3c3dd4f7c7543240aca8dbc5266dc18c5a8071e8b09e3700b7cf819044b2722d8db92021f42a0afb295d7b16ecf4e4704a50a527a2e72d7f53617c358e3b7be3d7fecda612ce6842fcfaa68f2d1b8a59d8b8391779f2fab99f820862c94029f444abe62367c5de0a4becc359660e4a5366f7d482bdc362b866":112:"06f95ca69c222a8985887925b15e":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":112:"c68842cafc50070799f7c8acd62a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cd4414ffd24e830e2dc49727efa592e430a6a75391cf111":"":"a08e32ad7d63f975de314ad2c0fa13fc":"20a271f1f4c6bea8f1584ab39a7179ec448650e2ff67a7338d1bc9fab7f73b2ce5222cd07ded947d135d9d0670dc368f0a4b50ece85cbf641877f9fe0ac6a7e6afb32fdb1b3cd35360bb80cfffc34cfb94dbcbee9ca5be98a0ca846394a135860fba57c6f0125dcb9fb8b61be681ada31a997638ee172525c03dd13171534a91":112:"c68842cafc50070799f7c8acd62a":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":104:"ec9a79a88a164e1a6253d8312e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9e0ef9ed5e6f00a721a9893e1f0d9079c5aa667a4cdd2a52":"":"5f015fd556e87ff0d0df586fb452306d":"b82986135e49e03f6f8f3ce4048ded2e63ee0c31ddc84929e022ee8561159179b3bb4403ebdafdf6beae51ac5bf4abed4dbc251433417ece3228b260eca5134e5390cba49a0b6fcbbbabb085378374e4e671d9ba265298e9864bfce256884247c36f9bddceb79b6a3e700cb3dd40088ba7bb6ab6aa11b6be261a7e5348f4a7d1":104:"ec9a79a88a164e1a6253d8312e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":104:"9779b7c3ece6c23d5813e243ec":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bc8f15d98e089d60d4db00808700053f78b33c31652c3e4":"":"5cc0ff9bb7d5b9b2aa06f6ecf669d5bb":"24ac95a6ed2f78853f9ab20f53de47e7f662f72aea454141e2131aace7ed2daeb395bbccdbf004e23ce04ad85909f30151b6526c1ce7934726f99997bbab27055b379e5e43b80ad546e2d1655d1adad4cbe51282643bb4df086deb1b48c1bd3ac3b53c4a406be2687174028ecf7e7976e5c7a11c9a3827813ade32baef9f15ec":104:"9779b7c3ece6c23d5813e243ec":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":104:"ca82448429106009094c21d70b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"19afc43a4481f796d77561f80b5b2e1514c96c5d1d86e64c":"":"d4c06595fefd4a81bbbd4b40c2e1989d":"98fcca51352998d0126b5539e3fb9a238ac31c05954fc206d381909aee70983b6ab99d3f3efe8530a1c3cfe3b62756321b1d0771a5940055eba1e71fa64f29291aa5e5b0af0fcc8e6f5a02688d9e93417225eded791a35217822ffb346d3fa2809b65abe729448316be30cf661137d3c0e49846cb0df598d90eda545afb64a5e":104:"ca82448429106009094c21d70b":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":96:"9d1603799e2485a03e7b05a0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b4fc31dcfef6203fdb296cc928c13b7df56bfe6f32583057":"":"6308a78dc8f3c90442dc52196649c38e":"2567d80c253b080c0158102558551445d8ce4d5ddee2014a2be5cbad62e1717a0fd4d2059447c3151192951eb11a4a7b19a952f6ba261c87f10f4c9032028de3cc5a2a573a4e993a690fc8954daa3ec92743e7343e75b646c4fa9cbc3fceb4f5d59bb439c23754c4d9666fbc16c90c0cac91679b6ad1bfe5dcf6bd1a8a67c6b5":96:"9d1603799e2485a03e7b05a0":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":96:"05ee6ce13711535864674a5b":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c2d9412486c381440213e1588b6bb58b0da53300b9d3089":"":"727ed8846daab874d5a9918b47d016f4":"656430f0c1423018b5e2efbb1e32a5385c1a9a1779c4dbd585dea91edc39ea8752ebfc2d8064251a8a5ae71e1845f24a7e42c6371c2ecb31e2229d5f4923bffc21d4804575a84836f3cf90ec6047bb360b558a41a975ece111b5284dfa2441705a6df54fc66ca6cc1af9163ecc46902fac337d5f67f563fde8e8e7e64b8588b7":96:"05ee6ce13711535864674a5b":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":96:"0c9c17388d0610f99d0a093f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"abf7a97569427225a4bd5143c716a22e62f84c145bb51511":"":"e255088cdfe8ae5c9fea86d74d2f1b7d":"b850993300f54d078f83ceb9aef7345bbf758f92365b6625c210f61dad4f2a2319f51d883a383a706392d3dfca1706eba585a6fac8bd4294c0bb2cb3f6b454d5c97819e8e5c926754840261b07ec4ef1f87cf281d75c187839689944230306e1903047915e086043990745864819ad713d34a244aa4e9d755fdb137105d7eed8":96:"0c9c17388d0610f99d0a093f":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":64:"1c3bd1e0d4918e36":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"45a6df655e88bc880acff41520aafd0cc8aa8aeb8952fd06":"":"1125e1de94970c9e7be70e58e7626ef4":"fe9838a445b8edef19b3e9f33c8c0c265b3a12c97b8ec57ceb94f65ae5227177de38f1e338dccb2b24e5bd0f0eb8127f83eba0f1ddfa55198789df0cdd1d977fcb985ad9c7d51b96e749d2cf3cc7a1ec4dfcbc641a1a022d55def328e081af890a7e699f2dbafdf506389e045aa1219239d5868ba675a3925602b6fb6f6e6d37":64:"1c3bd1e0d4918e36":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":64:"dab612351f75e2cb":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"279f4f2ab4b70778fdb9ca7800cd20e323601d7aa2c75366":"":"0f7b402560735cf03d5da58de5b6c685":"7dd9a8c848bbcf5127161c8a419a436a0dad559f7c1613cdf41594e177016acb1ccf44be852185c42e7120902a42efe83855995ab52cf5c190d499fcfd698c671fd72949dc3ea7ddb874e586a3aa455a021cec7b5f8608462ca66f926aba76e60a5846d4eb204155cd3c1328da51ba35c3007b8bb394f34e3a8b81ddd2ea1115":64:"dab612351f75e2cb":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":64:"f1d743b7e1b73af5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6716ab937755684af7403e6fba5452c1b11568a9047bb50f":"":"2fd5a446dd564619ef75b6e00905ffe0":"20d261d3192996c21da69e979c26f5f937e6ea4cb7b05c6ef556ce4d86ca0fe85ec2425d274c43b5212fe9d27bb48b04e887461a9f45f524059b87eaea2e287a8d4537f338b0212012a9d4b6610e8c97dd554e0b3c3133e05c14d0ddab3524c93fd527e223b1996b4cff0a4a7438f1d54890bf573cd803941b69e5fc6212c5d2":64:"f1d743b7e1b73af5":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":32:"4dc74971":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dc94b5bbd6315ad8d2b67f0c683d10cf456f822a3ebb024":"":"6f3eedeb57dcf12bfb3cd80849893c90":"ee1ff367f4b23c156e3dccff84ae4bf2b8ecec1fb5ffd25ccaa93b6c6834389bd79655bd4bac75238eb0f65d3603ecc57c8774798309e85b6677e78ed2077b712cf28795d0dc8fee994f97373a82338ef67c62378136a79a990ecbcd6367445e805efa98f9168826e57cb8dd7e7b1d5c89ad98358646fa56dd2a71c40e0275a1":32:"4dc74971":"":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":32:"fb845ab7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bbe223e253bf272599e28af6861013ecd0c88710947ed41":"":"4fbf09ffaffb600f0de38fb12315cab5":"5388146f6479f7b3b280f45655a95b847ee27c734fb2fd91f6c009b1ab1810c772c7435d3221069f9490d251b76e740147906ac1db1c209c175b21aa10881c44fb307d4d2900aa3b1d56fb0edb9f2a58505653a17fee350e12755b9656bc65c78c1593d5cb7178e29f82209caf53e60fddf725f6957cc9718bf410c4a0229ed4":32:"fb845ab7":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,0,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":32:"c840d994":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"461877813acfe6e9979eab729b52e3d192b3236758bb6563":"":"6985cf77b75a47a3978dd6412d59200b":"385551854a89ab37063ba0ed911501b3d632153c5c2992e154c0a334bc36620476f11495437b842409e0954f7352cbf288d158bdbbaf72621ea2ce75b708bc276f796c5aa7fd0071e522c5f175a9e7787deef79f6362101aa3607b4588f2e1df7127f617c6073593a1c792b959e201e4a7a43ea8b1c3af026376439ef629266c":32:"c840d994":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"cff291d2364fc06a3a89e867b0e67e56":"":128:"81f1eb568d0af29680518df7378ba3e8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09770f9114120a2c1c3cc416fe0eb8699e07141158a5bdff":"875e2e5b5c02e0a33e71b678aa29c15ce18ec259cf4b41874893ed3112daa56ff2a7475681b8b3d9028ef184d30658e881c908f3588f69899962074db4ddfc0597f8debb66c8388a1bccf0ffe2cf9f078dc1c93f8191f920754442ad4a325985c62de1a57a25de4e9ed5c2fd0f2c8af33f3b140bac12bf60fdb33e0ec557955b":"cff291d2364fc06a3a89e867b0e67e56":"":128:"81f1eb568d0af29680518df7378ba3e8":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"1c8f41424acaf009996ceaa815b24ad4":"":128:"9f3c0349c5a4a740a82d6d63bf00fb17":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4fbf1c785c087ad06b43d4163cf9b9396deffd3712856379":"96a690e5319c94d94923988025307e543f16fd970aec24524cf9808dc62b093359287251503f4231bf52cd1a16a80bfa82d8f585d96855dc1932f4919a92da2618d6448fc18a234f9acb386ab4ab4a9e38ea341e7c54faceff38c162d74e7fabbca13aadb71e9c8ae6072e7bef4073cf08aa7faaa6d639f98d15bad4ed183ced":"1c8f41424acaf009996ceaa815b24ad4":"":128:"9f3c0349c5a4a740a82d6d63bf00fb17":"":"6100b091e52366fb422251d9b68974b6c666a62a8bb77a1ffd7c7d1ae586a6ee763b84dc11aace02a25af91d194b70b3265ec46872fded54275b7ddb26ee1f20c857328f46a694fb1dce68bcaecbd587ece5b505d658d57d50333e30b639eea1f6537b37c175f62497c6c84e3cfddae214285d2d68d90dd5cd8ce2273d25c8ca":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"a950ab0dd84115e3829ab0ad3bbb1193":"":128:"25cfde73e7a29115828dfe1617f8b53e":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e0ce4fb4fe4bb2fdf97b23084ff5671b9b899624184acef":"df89974b1534f0ba262bbea5efe39d8b72820cc8a720cc99520fedbf667515c3f6d8c3e25c72c48c1cff042171df58421741aacb2a49f23167257be7d7004d56b14901b2075eaca85946e9fbf1bbf4ae98227efc62bf255a25dd0402d37c67ba553531c699dd89ff797e7a5b5b9a9aa51e73ca2dacfda0f814152aa8ed8c79f9":"a950ab0dd84115e3829ab0ad3bbb1193":"":128:"25cfde73e7a29115828dfe1617f8b53e":"":"847b54e176ccc83081cb966efc4b4a3bf7809ce0b4885009f620f61fafcaa78feee91a835ae6c1a942571811108b1e81b4c4ddac46aaff599c14988c9a1fb9f387ab7f1357b581568b7b34e167ac2c8c2b2b8a4df3fd7ad8947a363c1c0cb782ec54b1901e928821cf319669dd77eb37b15c67f13ad787ff74312812731ca3e6":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"3a2acf69bba19f5d1d1947af2cfda781":"":120:"f826d212f7c1212fb8a8bf23996826":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6be3c66b20e5e66ababbfba1b38e5a716eafce23a1767b69":"de1cd978354a499415176f260021abe0a8c5bc34d166f53d20e02e413e1377ce4ef5d7f58337c62251a3b4ddea0dea23c40e5de037fd5dd8a558eb53bffa4e8ce94899afa8284afab503c1a485999a154d23777f9d8a031b7ad5c6d23d6abbe3b775c77876ad50f6bed14ac0b2b88fb19c438e4b7eb03f7d4d3fcca90dd01260":"3a2acf69bba19f5d1d1947af2cfda781":"":120:"f826d212f7c1212fb8a8bf23996826":"":"fd1f7b56e5664cf4c91e58f7c50f6c5e98e42ca2e4adcc00348cee6f662b382ad4022da54a47d8faeb9b76a24dfc4f493c27fc0bc421a4648fad7b14b0df95d8752013feb033b1fd971daa2c9a5df898bece6a3b8fa078dd130071df20a68cd0f394be25dcbb3e85bdfa0df4797fa6f01f5f0da7a6e86320207ddb5b3be53ae0":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"3cd95429c6de1d327b9eb3c45424a87c":"":120:"13521236f190f78e75c0897c5fb237":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d16abb9f5b38d7f5abba9dc36995ce6ce928ed822a07b7c4":"e72f29b1fc1dbfc2d93a0f3b79ea4b9806ce9b2c4d490ac5c0c3c793df9dc7df5471e834b84d18afa5a7516f9a6a813a9b65ae2f083a854730547e28a1f60fe97d8dba1d2d433e11847b9bffd8873ec634e64365530c905dd6f274e45c9795ac127a6f356f63cc6c116c5dd8c628e7e17e1fadc58f8452bf21f53c4133198118":"3cd95429c6de1d327b9eb3c45424a87c":"":120:"13521236f190f78e75c0897c5fb237":"":"cd8bb97c28df092b6783ef653fd26f2bdc27c442bab0a4c7bee2789f389dcd1b280c0231672721bfbbc939a0449557678ec61ba0afb2e5817e6f7d94387f84ecafbfa1216d65e7f5025f47b0d2905cff7c99adf8306a3d9850c5908be05f87cb1d36a4837dba428aac97d7fbc18e3778f8d81a319259504c87fc94bd0766ed93":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"bd505fcba464e6e2c58fdf29f5695fb9":"":120:"8510fff71bb879f56ea2fe43f6ff50":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0bc344b1a4078807e5f53a6e7e1e36fa83108473ae2fb4c2":"8bd73f94c71e3765bc7d17fdc90a9ba6aff9648b46300e4048985fbbd7c60c39c3766f7c524780bfc2296dc11e1132134921760a373104edc376eab6e91e9a60a5c4a5972935df12eadae074722bdc0147c3caf6a62fd449ef37d76b65f6d210283c94ac524cf13186e444d80a70b01e4373cc0462546f1caee6b49e738a742c":"bd505fcba464e6e2c58fdf29f5695fb9":"":120:"8510fff71bb879f56ea2fe43f6ff50":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"776248381941e16908f52d19207881f5":"":112:"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8097398fc21f93eea6a95aa93a3231096817b65520bc549":"80b0abbaebbd537a0810ed75cd172d29d50f5982e4d01f8664ddb2dfda8f57fa0ed87e64a779a1d7f5e568b6acfdc739572a7176752307b430fb1fa1c3c2c346477cebe7d01b16745ca6c8929a7f446c03ad9a9e8a5a935de78ca6c701e8c1c5e6d2550c42949cf5342fb5ef4c6ab9bb02ace8388b16edf72a1237e5d1d0e820":"776248381941e16908f52d19207881f5":"":112:"7fc4388b2f8eab0f0c2d6a08527e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"603977845d82faccb401817ecce6e2fe":"":112:"c955a3bc316841be07e406d289c8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"76d4bb5694faaf344db83bc6d6c47d56bb6ab52700826f2d":"9e31fda6a171f0d4a5f2af2c4f827b1312d9dda5d78fa329b8f1b6373b9b29be358601e5bb0d0c615aef4b9e441c811219f1f2ff2d0ab23e0cd829a88b5b615ee72e5e3ea604fa26cc6438ec4c30e90f7348e9116adf8e8efb7498320d2da16679fa546b1aa9afc7720b074c4e48e06862d41428c9e71a4772c2e195a6f36978":"603977845d82faccb401817ecce6e2fe":"":112:"c955a3bc316841be07e406d289c8":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"4cd56de54e5140a587be7dfd02d3a39e":"":112:"1a29527a41330259f918d99d7509":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a3e5020695587984074d78d9c98b8e1a5719e5f88372740e":"c0bfe3b2dc4dad17ec5a7662d86847fb67e582cc0baf469bc9baa7a075d48a8b97521a1072c2798bfbdae5ca3752eda1cb96fe5cf24af989eb77a2948aae3d8b70d83d93f84c49347f788480f34051621c358c03cf8159a70fc72cb8bc02876234ffe76b181da8b22b8796c87b0904da1af46de519c20d8d1b1dc7cc24e39ba5":"4cd56de54e5140a587be7dfd02d3a39e":"":112:"1a29527a41330259f918d99d7509":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"afe986ead799727063958e2ce13ca846f76c51605439f839":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"f85a95ed10b69623162ab68d1098de94":"":104:"3cf1cdb4a4fdc48da78a8b4e81":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"afe986ead799727063958e2ce13ca846f76c51605439f839":"7c1b354a5bb214bd95147e32d81e658705089c38035d0ea423eb1a5c82f97443c6903d2cf1ba7a007eec7c8ff98b8f82b073d9636a79bd47c7f2f639a8eb4e92076f9ed615766f43ac3a4f1687301ed7d507766605e0e332880ae740ab72e861a2cb6dce1df1ff8be1873d25845ee7c665e712c5bbe029a1788634bce122836c":"f85a95ed10b69623162ab68d1098de94":"":104:"3cf1cdb4a4fdc48da78a8b4e81":"":"a7f252ad7983e7083260598051bffd83f40f4d4a8b580cc2388d720a0979dde71549ddcb86b0a62c4964fca591d0982f3a203f2f8884ff4991f17e20f759ea7125ba2bb4d993722f23938994eb2709c850f33ed9889e5a3966f9d7b76add46aedf230e8f417425f9db79ccd46b5660361de7c5d87f71a9d82c491c0c3daaf56c":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"537a4ee307af3072e745570aaaadce34":"":104:"df01cffbd3978850e07328e6b8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2cfaa215841826a977ae6adfdd993346210c49dd04d5d493":"e8eb3b6edd0ca4201b49a6a83036445aba1a1db040f3e74511363bce769760a9914e05a067f555ca15a57c6e02e66fbe4e04dd8c8db8d6d14ebc01cc7d84a20ff0aacb69bb3679d6b7d9d2e07deda7c2d4fe4c584fe1166e78d21dc56b9cdad93709c03b9145b887f87b4f605f24f989d5e0534fc71a58e8a8619ee99f69e5f5":"537a4ee307af3072e745570aaaadce34":"":104:"df01cffbd3978850e07328e6b8":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"5124b410c43d875eca6ce298c45994a7":"":104:"56ad9c1653f11a41fd649cccd8":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"128ddc83d2170c403a517615056dceec0d19d6fd7632e738":"cfe9f7797ee37bfc4f564419bf2268c964479efa7435970874154432930f3b2736438da4dc9c76200009651340e23044bc9d200a32acfd4df2e1b98b0bae3e9ff9d6e8181d926d2d03f89768edc35b963d341931ac57d2739b270ce254f042b64ceac4b75223b233602c9a4bdc925967b051440c28805d816abe76fc9d593f5a":"5124b410c43d875eca6ce298c45994a7":"":104:"56ad9c1653f11a41fd649cccd8":"":"cf91f087fd7faf362caacf4a68cff51ec57b3075563e4ad0955df20b366e92bd75c3762cf4a6f0eb859872667a5c55aa5d94f5ac9479b1b9c9345b50f82379d551506a2ab02b0441b14b28b78a12b38500d703a8c19888fe612d4710eec7cd18c16d6a4b55d3c69760e2bed99efc8b551dbe2ac9b9b64715f87180b8e14d1795":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"ff10234524433b871202c2cca6acb194":"":96:"984943355a7aef15c4fb8033":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"98581c28983c4da321ce0c419cc0d476d539e77da513c894":"bdef5b65b5111b29e781a6b71a0160179c52b5bccb1ac5c0377b26cf3f61432f3ccd67633a836357c24b5099db0510a7f8110f59e8227cacd11f17ea1798b5d4d68902ca6c6eccd319fef14545edd135078b38d43b61c9af269fc72f7a209ba7897e4c6dbd21bb71d7e93d2d2426ffa1557cae28e74059d3baf06ba419a47b39":"ff10234524433b871202c2cca6acb194":"":96:"984943355a7aef15c4fb8033":"":"808e28bfd441cb8890416a757d252c986daa8d607ac9cadd2f4fd29eddbcf3b859ba298e14a4ccefe2c2752b123f87b98d6708fde48faca4bc7dd818a7ea76cfa4357932e59cb6be0e9283bdfb49454b86b9fd04aa8cdef503c65d13fcff42e9cd8f142f8c06cf7daa6d8ef8b9c9d69c39e8afd980048fecf731fd674b2a814b":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"49da91e926091a448d57d521cc90f3c0":"":96:"99198f55f9fa763651bba58e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"167b8b6df8014c8f3de912b77f5a0c113580aa42d785298f":"4f787de12ba907a589edf74c8e7a6cdaaabebddd465a86e170e1efc289240298b516fddc43c7fd9bb1c51720a4455db4dd630b59aebaa82bd578eb3cb19f8b23ee6897c1fefaef820430efa6eb7d6ff04de4d8b079605fb520b0d33e96c28f0cd71983c4ce76c0ea62fd7209d21ec7b416881d545824a73d1f9f8d3323fdb90c":"49da91e926091a448d57d521cc90f3c0":"":96:"99198f55f9fa763651bba58e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"b5efb9feae3de41b5ce9aa75583b8d21":"":96:"9604d031fa43dcd0853e641c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"71f5f8505fba62f08fa0557dd5407fc83a852c6007ccecc8":"3e19ec02365e450e946123a3362f9859352eb52902a6bcb8a782285dfac9d2b282f56302b60d6e9f53fddd16bbf04976cf4eb84ef3b6583e9dc2f805276a7b7340dec7abde4916fb94b0ed9c9af6d4917b27e44d25f3952d0444cd32a4a574e165a23fa8c93229ceb48345171a4f20d610b5be7d9e40dcf7209128f029fed6bf":"b5efb9feae3de41b5ce9aa75583b8d21":"":96:"9604d031fa43dcd0853e641c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"aef257dd44d14d0bc75f9311ef24e85a":"":64:"d951becb0d55f9fb":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4cdb38f8185a4186fc983e58a776a6454b92ecf0bffefe98":"1ca72c50a093076e9a9dfa09888b9c89eb36a942072fc536a81713f05a2669b39fdb2871b82ca47dcaf18393ca81dcb499aafcc4ed57ea79f8d4f9bd63540610215b2c65481b294638cec41264a7fdca4230df5fe1e7e3d8d26dcd0c435fec8e9bf778f9e6f13482157a9722761601e08425f6160d3bb626ae39ee1117b0353c":"aef257dd44d14d0bc75f9311ef24e85a":"":64:"d951becb0d55f9fb":"":"2eaa7e922dbd8963e2078aae216636276f3f7cb5d7f35fa759e91bddb6e247a93c388241ba1d0d37040c0b9e447c67d35b4991c1acce97914f3bc22ee50171bc5922299983ee70af79303265bc1ae1e7334202460618b4a8891d1a7eaaac5cac1e4dce024ce662d14849993f89e771fb873644b552120fd346250df39aaaa403":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c15c9c0b0b70c7321df044bfde2b15fb":"":64:"c5c9851a6bf686d0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ee8d3aced3aa3cb2166aa66c4a252c12dc0978830d0bc75b":"ee69b2421d43a9f383d99f9802ba4d6cf1c537b42041c86cce681049bb475e5098d4181f1902b0a49c202bf34ef70ea7b787fa685ab8f824fcc27282146d8158925bfef47ccba89aa81c0565eacb087b46b8706c9f886b7edf863701003051d6fb57e45e61d33412591ec818d016eec7dee4254636615a43dacb4f1e6ec35702":"c15c9c0b0b70c7321df044bfde2b15fb":"":64:"c5c9851a6bf686d0":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"0bd64d222532dae8ab63dc299355bf2a":"":64:"3477cad1fd4098b2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a8538d609444e3197ab740cd33b66db1cf53600096b94e0":"8c2b8fb775d1b21c41a3dcf48ad6d68ab05be3879f9b94b305a6ce4d799e3a992c1c3a65a3e4eab563edb57424927c90c76e49386e29dd5e7de2800fcc0eefbc8b4f977f71be3754c006ee93dc09b1cfa59c424b6b3987aeb56feefc21004c63e8284b6845e395bc8843cca0917267fb4a8f2db1f7daafe7a9da95083a44de70":"0bd64d222532dae8ab63dc299355bf2a":"":64:"3477cad1fd4098b2":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"37e3a300542d9caf3975c6429cb8a2e8":"":32:"06bfca29":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"447f0f065771b6129952e52206a64fe0844658ed685e39cd":"fea5d227869e527882c63a68a6623f4a699df82b3dc715c7260a5554336df8376744c05ae89ec27d40da02d9f1c5e9e29405579fd4132143cb21cdbe3edfaaab62128ecc28018725c8dd309d2376223d2e2edfea9765699b2630ff5d9fe9bec416c0ca6418b938d195d31a08e4034c49d79e3a249edd65f985230b33c444dd02":"37e3a300542d9caf3975c6429cb8a2e8":"":32:"06bfca29":"":"e1bdd1c212b159b87e41a5f64dcba6b27aa0f5c8871fabfb588df0e06bd7730ec1beb0e3388f96c992a573ff69b34870f83c53fb65b420c1c6f92e2aa6f03917e8203d77c7f5ee08baf9fab12f9d38fc0ffb83807ba781c3dd7b62edca2121f68ef230b42b8adbd4cea072209d02713789ed559b83739a54cfde69e68bdc4128":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"6cba4efc8d4840aa044a92d03d6b4d69":"":32:"92750ac9":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f465e95f6fc19fe6968b98319b547104d0c01c17105f8fc0":"2426f108368a00d2a49670a3b64b4f0569c6da9660163e7b209ec3f8d058ee11f7818a8c5030c5f4ce6e1e5a93faa3e5ae3d0bd5d712fbc891cfeb20845707edcf5e29719a5246a3b024fb12d37bd1b81df3812fd50b1dfb3e948ce546dd165cc77f903c07fe32bc7da7fbc25036679017317ce94cd8a00c1bce7379774f1714":"6cba4efc8d4840aa044a92d03d6b4d69":"":32:"92750ac9":"":"2e59b104c1a6f6d651000396adbfa009bf4cf8cbf714da8e4d3b4a62bd7f522d614decf090c7552a4b9e8d7ee457ba642d5100c0c81c14cbba8c8ff49b12827f6ebd41504ccb6dfc97cdf8532d1f7f7e603c609efa72d2ae0dce036ec4ab36849a0c06f8737d9710075a1daaed3867ca0a7e22111c0e7afae91f553b6fd66c6e":0
 
 AES-GCM NIST Validation (AES-192,128,1024,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"4f4636d1b283bfa72c82809eb4f12519":"":32:"16c80a62":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f08e3e9f7b3a20ccdc4d98b56f2b567399a28a6b3908deab":"a986e816f1eafb532c716a555cca1839a1b0523410134ea0426ab309520b339fc1fdeb40478ae76823cee4e03b8d3450e6be92d5ff17b2f78400f0176e6d6a3930bd076a7a3c87c3397dcc0520c6b7b4ff9059ea21e71c91912a74aac2ca70eec422b507cc5c60860bb8baca01eec2a3003970ba84011efe576804b2820e306c":"4f4636d1b283bfa72c82809eb4f12519":"":32:"16c80a62":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87b5372571fb244648053c99405999130f87a7c178052297":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":128:"98177b3428e64bc98631375905c0100f":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87b5372571fb244648053c99405999130f87a7c178052297":"ae078d1554fc6a14447a28c3dd753e790f7ef9b53e35c3e0fe63a7b1b326bc56034847f8a31c2d6358049aae990bfe7575b439db370aa515e225e0ec730488c700a7b0a96a7b8e4e8e4c6afec20decd16fe3c0f3f8d7a6cf7a8711d170829d14c706cceb00e133b8c65c8e08cd984b884662eddd2258ce629abf6b9dd28688c9":"a1cc81b87bd36affe3af50546e361c9e":"684ce23f59632308d7db14f7f6eddaf4d83271fb0c27401b09518a775b36252540f14305f0dae13ff6c0dc565c9e570759e070c8ac73dfb97abd3285689a7cdcfc941f6271be3b418740b42ba4a114421065a785be3dfa944c86af56da8209779e8736e62529c418b507c6d8ae002cbc0431747722afd64521734f99273de455":128:"98177b3428e64bc98631375905c0100f":"":"8be7df33a86b1162464af738de582a357d0ce8e213bba1b7913c0d13ad759d62c3bf4366f5130b3af2b255b7ad530b4977627f9e76b07e360c079d0f763dabbd22e976b98cd5495c6182f95bc963aad4b719446f49d3a448d11cac5bfcba4b675b8e4d88a389e2580e8f383f95bf85c72e698680d2a2bc993c9ee1ce0d1f1ac3":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":128:"010195091d4e1684029e58439039d91e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2d069b826455d5e79e65db4f1d2b6a29ae9f401bc623917":"acd6225dc5b9109d56ea565ab38dd4db432a7ec08f0db04f1c6b691c96d2eaaa6be62da7cc7fd75f931716c7f39705ea7cf828f1a5a325955e9b2c77e7fb2d562be6a89b3351b1b3d1355b43b73ed425049430314c16bf0836ed580e9390a3b8e2a652fddbfa939ca4c3c99765b09db7f30bf2ef88e1aa030e68958722cb0da3":"6d40a0c7813bc0410ff73f19bb5d89c9":"9960376b1898618d98c327c1761959d045488cc6198238bbe72662f276d47b41e8aebc06dbce63da5adcb302a61ade140c72b9cf9f6dfad6ecedd7401c9509fae349d3c7debe35117776227ba167f2b75921d7321d79f4ebca13d20af1638a1567043365f179f4162795fe4fd80b5d832e4ca70e7bf9830bc272b82182f70d2e":128:"010195091d4e1684029e58439039d91e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":128:"63a310b4f43b421a863fb00fafd7eac4":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3252351fe8e7c628c418c1a49709bf1f8e20add82539948":"7e8d2816d280c91d232bad43b6610e2d0532a9f670f221a3a975fb16472c2e83b168115e87a487bcd14b37f075e1faa59c42515c353cdefc728ac617b7d273fa96778e3fb5f7a1132f8e2add4a57015b15d1984338b7862356243d1c5aa628406f4a507498eda12d2f652c55e8e58113ed828783b82505790654f036b610f89a":"eacd2b1c3cf01bf4ea7582d8ee2675d5":"141cb39a2fb8e735e0c97207f1b618a4b98f6b9bf8c44a1c8e9ea575a7759cc2a02301274553e7744408b2c577b4c8c2a00e18f8717fd8a6d2f46a44eeb05d685fbef7edeb4229e7ea9b8e419ffcb504d33583b3ae421c84caeca9f9789047dd7b1810318d3765307233567bc40e003401c9f4e1b07a2a7162889e1a092aedc1":128:"63a310b4f43b421a863fb00fafd7eac4":"":"699c146927ae29025e5b20088b20af27bc75449e4725ee6b7d5dc60b44ba8a06f7d265330c16060fbd6def244630d056c82676be2dc85d891c63d005804085c93ce88f3f57c2d2c0371c31027d0a4a0031e3f473cb373db63d4ff8f65be9ebe74045de813a4e6c688110d000f6b12406881c08085c9348e1f0315038907e33f7":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":120:"28a43253d8b37795433140641e9ffd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e462957f2c500bf2d6bfa9af97938fdd8930e360ea4175e7":"82a7a6dd82a5ea3d9a8e9541d854978487eda298b483df02b45c76b8b38bac98ffd969dd160a2765595b19d4ea3e64351ce95764a903f595dd673d13facf5a5594e01be1d60a0c6d28b866a1f93a63a74fecb6d73ac6fb26b20c008b93db53e9dc1d3e3902359fd47734fe22a5c6958f97e9001cc4e8b6484d9542dbbdfcfcdc":"b380584a3f4e0e59add4753c282f2cf7":"682b0af6592eef173e559407e7f56574c069251b92092570cbb7f5a2f05e88bed0af48dcda45b2930b1ee7d5da78dc43ec3598a38593df7c548058eda3c9275c1304489aff95f33a6cd79e724e8d12ca0ae92b20273eb3736efcd50dc49e803ad631dcbf64376a45a687eb4e417aef08a3f5f8230d3f0b266ea732c21ed2eed7":120:"28a43253d8b37795433140641e9ffd":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":120:"ab738073228bdf1e8fd4430b5c7d79":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4a62ddd87f41c6df756e8da0985dcd8c91e73ba395b3d79b":"37a83ee6dbdece212446739ea353cb957b9aa409c88bee042bbc3a6e5199aeb28f2b4b00ff433c0c68d6db5a197566019db8a4c7a792e2839a19a302ee02bee046adce04c1fbbd5b0c457d7cbe277992ce2c153d132269e2d1f12b084cf3026a202b4664bc9d11832e9b99c7cc5035dcfde5991dd41aeb4fbf8bec5126a9f524":"1d1843e2118772d76a0244a2c33c60bd":"028b92727b75b14cb8dfeb7a86a7fec50cd5de46aa4a34645754918b8606819d4bf8a2e7531a05ae5505492ca6cbc8c0e6d6ab2dea23bff1fdf581bb780b4a3312aa39639383fd10bcf92489801954733f16b021c2e84809345216f8f28a99773341e40c4a64305a2098eaa39f26a93bd556c97f02090e1a6c181a4e13e17d3a":120:"ab738073228bdf1e8fd4430b5c7d79":"":"e702f1bb9a1f395c74fca0ce9cdf29e7332c14acaca45200cd432a5767be38929ef8de43d0e1a5e7300c1eb669ac1ab997b31cb1403af8451e77e63505920af0f8c3abf5a9450ea47371039ba1cf2d65a14fa5f013b7ce1d175859404dcf6461a36e8bc260e7abf739d8951ddf1a3754e2d65e0aa31320a5ffca822023bc0906":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":120:"d4356cb417953b01f7b1110c8aa3eb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fc46976d38a581a7042a94ea4b5bfe3587ddc65d1162d71e":"4b9e858fc8f01903e426112192d4ae4686b1ae4d683b75afb2b8c63590275943d0d6d6a23b6d35796a2f101203acba107474ca6f4ff6dd87d6b77785ad1d160ef2755d84092dc70c86db5e639b689943b15efa646aff44b3f51f5d3f4cf6c8f7fc5adfe7bf2d72f75b93b8ee94ef3fa69ea0fc0bb77b3983901fdcd30bcd36f5":"b5e92563dd0339df00b7ffa2239d21bc":"7b6f6e104acbcd7188161477d8e425ff99add22df4d22de7f28d0a0075ca4ef848f68d07ed22d3165c08e40890ce04d1bd05b1a6ccb2fec8193d5f7dffc93d97a0c036b3748f708b011b68247a0249b9e1a60b652164e5c2fd7210377de804ac010c8aa08a11f40af97e8370a59f936cd14c22ea7a236d904145adc04a241fc0":120:"d4356cb417953b01f7b1110c8aa3eb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":112:"62646fc8bfe38b3ba6d62f9011e3":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"403e49feadd4db763652ed5c4b1e12680cfe0abc30f4696d":"221c61d769febce3913bfead9a201a805f11005ddcac185cbae00ce749de9c4362889b1b0d9546e91598e0ddedb88b673a90acca65d7e71a85636be052f361839a646dc8b834c02f3e2261d370e6bac9636b7536225b5ea77881200c8a3450d21bfd1e11afb3a470e178ecfe944a25a7cd0254e04a42b67723aac8afffd56fee":"1a60258a56e15f92814b4d372255a80d":"a4ffa9e3c612103224c86515dad4343cbca7a7daf277f5828670834f4d9af67b9a935c71b2130dfbc929c4409bffb7974ffa87523b58890770439c33342880b33319c626bf776c1c0aeb9c2a348a7681572f4ff711d94c192f3450e8b1275f9d02c742a2c9f1da316e9918bf787f22699172986cb9b10fc56d5f6b8392ff92b8":112:"62646fc8bfe38b3ba6d62f9011e3":"":"5c76c90dea7d659804ad873960906259fbdda3614277ec575d9eec730e747a2e7b9df6716b4c38d3451e319eeecee74d1f4918266fc9239de87080f1ad437b47c6904ed2d5514161ad25e3e237655e00e53fe18d452576580e89b2f1f0f6aa7e40a337fd8c48d690fe013a67264a80e9b5dfd009a9152d559aa02a68f401a09b":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":112:"6c5f38232e8a43871ab72a3419ad":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3471259512d1f03ce44c1ddac186e9a56c1434a6ac567c6":"dd5b98b3b3cf03fb92be579068a885afd984630692eb5f155fa6b49f2b1690b803d34b90e8de3cc39c2e61650ffffb51e7ef36d35ad17dc4d91f336363b0734996b162b509c9954cab3dd959bde7e437e9100d84c44104c61e29dbe12492a0272ce6eea2906d390de7808d337e8c650b3301af04a9ed52ab9ea208f3c7439d6c":"50164c63d466148ab371376d5c2b6b72":"11d1f523888bea1fbc680d34bc9b66957d651efa59e788db3d3f6f50e72184b9d14e9ff9bc05fb687520cf423d681812e007025eedf0e78e7e8191e6b62404e8eb400cf837d762a31aa248553367263d6de091fcf7abedc3e69fc118b7efb0594c89b96c387b7c28ed9a7b75db60b6b5133949b891ff81eca5790a265f12a58c":112:"6c5f38232e8a43871ab72a3419ad":"":"50438ee712720abf2089331e4c058b30c30c3d17834c507c0010ac3f974a256d01b14a45e9ce5193c5cede41330cf31e1a07a1f5e3ceca515cc971bfda0fbe0b823450efc30563e8ed941b0350f146ec75cd31a2c7e1e469c2dd860c0fd5b286219018d4fbacda164a40d2980aa3a27aa95f8b8e2cd8e2f5f20d79a22c3ff028":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":112:"3269922affb9d767f5abe041cc8e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ec326a1e0fe6a99421398df4fc7d8fea67b67e5f5fcd50ad":"6d5016c434a0f4b4a5d9e0b6b8e2d848a94f132f055d2d847e54601a4c9cfc5966a654d696f8a3529a48a90b491ea0d31c08eae8ef364f71f8ec7ae7f7e39bb9c331137b2578362ff165628099944ba8deb0d99ac660d5ed2215b9a7626ff1fa6173cd8dd676c988d16c9cf750a0d793f584c3c8f5fd5d167bc278f4d77a629c":"c94aa4baa840a044dbd5942787a0c951":"f8401c578f20d9c250ea86eb945184e007a0190462c7abddf238ce1ceddcc230756aa222386d8ba66ebbba13de008ced140896ac55bc47c231cc81370ca9feadc225e017d59890e6291cc4cca27db3078c0cd6cbb51afb62210226a76837c5454728cb5ce3afe7352e7fe75421f94986e6b7b26321bbca15c75ac7c13dc15f50":112:"3269922affb9d767f5abe041cc8e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":104:"22c2efeddfd5d9cb528861c4eb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a7ef81652f604e88a72416924c53979dc73cadd3575eda1c":"9ecd19a8eba9fba843486e1bbfb8d9053c5e04b24e30174d4aa89d8307439d653f8630edddafd51719c744bcb4bce3e444847567bd2cdde2995870d0634cc0ba2bde4b6bc2bc583062fb83874a1c25b50aeb945bd109a151772c077438c4d1caaeb5b0c56390ac23c6d117f3a00fd616306fc2ffc4c1e76f934b30fbbc52eec2":"0cc9ae54c9a85f3e9325c5f3658ab3b2":"d0195b744351aa25a57a99df9573dfa3cebe9850139149b64f7e4af37756a430dda8af98e4ed480e913aa82821c01c1f75b187e105a8f39621757d522c083a8d81d7d8bfe6cf15c439d0692b6affd655a11bcd2457046fae996a1075c66029867b88cd23c503ae04037dd41f27bafd5000d1f516002f9fcc0f2500e8c1b27de0":104:"22c2efeddfd5d9cb528861c4eb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":104:"673afea592b2ce16bd058469f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"605271a41e263c92dc14fe9df5203e79d58cc2d1289dc361":"2bda3448a283ecba31e0299c0a9e44628cb2b41fa7b1a41107e107cabc381083bdbe048f2804568fdd5fe016f4d607f694042a459ba03a2deda4cccc8cbe4612d8ed0d4575e48bc9f59843369dbe2af6d048e65ff4250e1eef61d7b1b378fe2f3305b133ddc7e37d95ca6de89a971730fc80da943a767ff137707a8d8a24329c":"7f128092a777fc503adc7f6b85eb2006":"aef9f984fb645e08d5f0aa07a31c114d2f8e9eca047e4a8d5471378cfc2ced1159dc093d174788e58447a854be58942ed9a3fd45f3f4a1af7351e087369a267797c525f134e79709097e733b9003b9be0c569fc70ee3462b815b6410e19954ce2efac121300c06fd9e00542a9c6a5a682fe1010c145acbbb8b82333bdb5ddfd9":104:"673afea592b2ce16bd058469f1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":104:"079e8db9c3e6eddb0335b1cf64":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fa076f36cb678e2275561e9553ebdf397360e5a5e44791c4":"513305e86c0cb046c5d3720b25a406392766bd1fb7de2758de370ff2e68281e211922890c61f3659460f22c45a57895b424441262a3ba0606df4e2701f38281fd3436a4d0e0f8efecd231808a9ea063dfb725015a91f27cadfe7909a0ee109eac391ac807afed1767ae0515b9c1b51ae9a48b38fe7fec7fe0ddee562c945e5ae":"1ecd53d94fe287047ff184e8b9b71a26":"5ff25f7bac5f76f533f9edffdfd2b2991d7fc4cd5a0452a1031da6094cd498297fb2a05ae8db71cb3451e4ac33a01172619035a9621d2d54f812ef5343e14b9dedc93838e4cf30e223d215b4d2476ea961a17ac7295069f25b2a12d6e2efe76d91f45632c6d4e61ff19a95d5ae36af960d95050ce98b5791df0b7e322411c884":104:"079e8db9c3e6eddb0335b1cf64":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":96:"e5dc92f4ad4000e9b62fb637":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ce9dafa0e7e53a8766fc0bc38fba807d04e14e5ed61bc234":"b585b8bf634757dac015f2f69f2ae674372a664f2115ad2d03bd3e0c335306b02d0947d3cda5991f5c0c25f12ead2c3cc2d65d575fd67091c70bc93ddb4b1e21f7b0fc6e6ae652dea93a6564ff13489f927942e64dd94bf8f821c7ffdef16df58bd8306a957821ac256da6f19c9d96e48eee87f88acb83bae05d693b70b9337b":"fd0751af49814ee98b2b0cdf730adaa6":"1cba488a0fc8a012f9a336cc7b01cbcc504178eeb08237dbedbc6c7ac68fdf3a6742751a207e43d43068abf6ef4e12a5e3c17e5a2f9398fc04ced67377cbb858fd6020fad675a880adb249e4aba94b96efa515d1cdf5c0c3071a27a3245968867ea94b2bfc2028a67be34c84c3f475944497aa8ca1ab009f8e4b11c8308c1996":96:"e5dc92f4ad4000e9b62fb637":"":"95f4324b0656bef19eca5570548fc6a7a9923f4e2a7e42066891bc132fd73bc1c9089755d996756de0072824e69c43f2db8ba2bf6f90d3c4eafc0721ceaccce1af896f9fb15fb19c4746979b6d945f593fad61d550f81d12b5945ed728c02931d7f8d917285c22a3af748d75a6bf163fddd84b941d8564c1a63192c816ad6d6d":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":96:"8e8320912fff628f47e92430":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a328554fed68dc4838fbc89fd162c99ec105b36651abbc9":"75986f56972c045c850ed68aeb229f203b228fdfc36cad6b16d9bd12037c48700d20d8062a983ffeca76b8d36a67ef51bc8853706e83a34e4e23ff4f4a4eb943f19dbe85e454043d7906be6587a85079f9ccd27962d2905117d2dbeaf725d6ffe87bef52b2138da153ef29b18065b3342b3f9d07837d57b8bc5f2597de06c54f":"e4f7c69a1d026eeebfc45e77bd7b3538":"e349dcedb0bfcc771c820f0d510b80cef32ae3326484e25aa183015941e7844bc46f617d5e61fd64fa71759e90fcb72ae220bcd507f0fb389b689dd3fa29b3b937eded85f26ada9e0f3f5109f82fef47c7eba7313049750ad17969e7550c0d4093ed18ee27843d082bcee8bf3fc7833d569b7723998595a5a1d871089fd238da":96:"8e8320912fff628f47e92430":"":"a1ed65cfc7e1aeccd0531bce1dc749c7aa84451ec0f29856f12f22c4105888c7d62e2e2fc8ad7a62748610b16e57490f061ad063c88800037d7244ee59e109d445205280473390336d7b6089f3a78218447b1b2398c4d0b3aac8b57a35891ad60dc1b69ad75e2e86248ceac7bb4cf3caade4a896e5ee8c76893ef990f6f65266":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":96:"974bd0c4a8cac1563a0e0ce0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e7f6feb4022312de5c804ed1d7a37580d74499107f8cc8b":"4f5bbdf575ab8f778549f749f2265e17dc7225713e73ee6d7be163ff7071557dcc2240b0705c079008605f81396414ac64f06b1b637876e04c3fca8d0fa576cef4dd3dc553fd6808eaf120f837f9bb1d9dbbd5cf67ed497167fc7db89d3a84151b81aeab0e921057f121583df5ed7f976b206ece17a913f23485385f64c462a8":"6ce13485ffbc80567b02dd542344d7ef":"c6804a2bd8c34de14fe485c8b7caa2564adaf9fcbb754bd2cc1d88ba9183f13d110c762a3c5d2afc0fbc80aedcb91e45efe43d9320075420ee85ab22505f20e77fa4624b0387346c1bd944e9cd54055b5135c7fc92e85390ecf45a7091136b47e3d68d9076594cfad36c36047538e652178c375a2fe59a246a79784577860189":96:"974bd0c4a8cac1563a0e0ce0":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":64:"84f1efd34ff84e83":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"46d6e982feff0e7d04a84384c56739b69626dde500e4b7fb":"a5160fb2d397b55a7eba02df33a042404188f02f4492d46f4edc03fc67723d64f5f7fed3a60728438703c60454a30f473ac918ffc8f98be5c5e9779ee984415e415ce3c71f9acc3f808d215be58535d3144cebe7982b9b527edbe41446161094d6fc74dec2e0a1c644bbc2cf5779a22bd4117a7edb11d13e35e95feeb418d3f0":"71a6d1e022a6bdff6460c674fb0cf048":"67a8455c7d3fbfdba3c5ec5f40e0be935fbb9417e805771832ffad06ba38a61b8377997af1f586dc0fa1e3da0b39facd520db1f0ec2bdf1904a3a897f0b507c901fab30a85de51effa9f7d4703ceeb2ca72abe0bd146ba0bd3ffdee11628310db7d65ea1343b018084ea2414995f86fefb45ba91a9dc2236d92078b4305671b5":64:"84f1efd34ff84e83":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":64:"15d456da7645abf2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"991dcaa2e8fdad2b4e6e462a3c06c96067ef5e9fb133496a":"9cd0c27f0c2011c1ab947400d28516c7f46d22a409a18fd35c1babf693b8030dfd7822d9ba03bb8fd56a00f9c7149c056640dde690889d2f23978eeeb28ccc26e2fc251220a3682c963f5580c654c1a6736cccb1b8ed104ec7390021d244bd9f92abde89e39a4b83eff8211c8a6259bd6ac2af1da7dfb8cf1355238056c60381":"978913d2c822ba7cc758041d5ee46759":"5a94dc81af011a8af263318b60215b9752292b194b89f6fc013b0fe8e29133de631d981862f2c131ee34905bd93caffc3b8f91aeb0264b27a509e5c6a41ae781209f8c5895d0d35b3c5e1ae34a1a92a2b979e0e62132051394940ea4d9bfffb8d89ba1e8331b15bdf05c41db83a57745a4a651a757cc8648acdcf850a2f25367":64:"15d456da7645abf2":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":64:"a1e19ef2f0d4b9f1":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f29cff00781f5916930f125489c87d21f6593324d1506f65":"a3e8595747b7147d471ac4fe38014bf4a409931e3f419ff88ae249ba7a7f51bd0ede371bf153bab4b28020b7a82a8ca30b75f1e3bcfee3c13db813cbc85138ef05874dedb14a6e5b6d06d7589a83bd5e052dc64433a8e24c1188b9470ddb2536d13b4b7bff0c5afcfaa9aa0157c3aae3b1774df2df14f965d6dee4332edba67e":"50db7ee25a9f815c784236f908bfd7f2":"ec1482e18692bcd6894a364c4a6abb9c3b9818bb17e5e1fc9ec0b41702c423f3a60907e94c888fad8e78f51e1f724b39969ba7b11d31b503504b304d5c4b4cbd42634f4ec5080a9fe51c82e121ae191270dd2c307af84c82d892d982413a50ccce33698054f761a3fa93da9a1fca321296b378a50d458ba78e57a70da4676150":64:"a1e19ef2f0d4b9f1":"":"eea18261a4de31d8619e77005ebbb3998c5dcfac2bc120ae465e29d6b4c46de7e6c044c8b148ffe4eda7629c243df8af4e7ceb512d5751a3ee58defb0690b6f26b51086dedfde38748f6f0bbe6b495f4304373188e5d2dc93461bd51bf720149a7d3aa543623b122b9af0123b2cdc9020136b041a49498ec4aa696c2d3c46d06":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":32:"5412f25c":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2087e14092dad6df8996715cb1cfca90094f030328080ffd":"6d039513061980fb195bdf2f7c7079ca4b7e0fdd50d948cbfab5ba10b99e3aea27f08abd000c428851de82cacb0d64c146cd9567e9d55b89819876d6a635bd68bcaf47ffa41e02d9ee97f5a2363bfe6131ae7a21ea5130ae953a64d57d6cbfd45260c5f1946388d445ce97d23ab7ba31a5069a4896bc940a71de32bde02bc18d":"d30504afb6f8b6ac444b4a76115d79d1":"d95845d268c8d8f9135d310c39e30f55f83ef7ffee69e6ba1f80d08e92ed473b5ac12cc8f7a872bfc8b325e6b8e374609c90beaf52d975f71caeef5ee4c13de08dce80d358ee1cd091faea209a24e3392adcfe01aeb2b2e1738bc75d4a9b7cd31df7f878141cf278d150f6faa83fb3a2fd1225542a39c900606c602f15c06a4f":32:"5412f25c":"":"1e81a4c10a3440d0002ddc1bfa42ebb08e504fcc8f0497915c51b6f5f75fee3f0cd3e9c5a81ff6528e0fecd68a36192114f17fa1a4cfe21918dac46e3ba1383c2678c7a6889a980024ee2a21bcf737f7723b5735e1ebe78996f7c7eace2802ebb8284216867d73b53a370a57d5b587d070a96db34b5b4f5afe7f39830498c112":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":32:"613ba486":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3fc76d627c775de2f789279dc7b67979a9f1cc23c8dcabc9":"92a60d38fc687b92d44635aafee416a142d11a025680e5aa42e9ba5aa010462991ad3dd7328ca4a693673410f9bba37f05a551b949ab0d43fc61ef3b8996dd3fc1b325e66eec6cc61ea667500f82a83e699756a139d14be6ca9747ed38cd9b1d9da032ece311331bdcd698666ddc970b8be2b746ec55fe60e65d7ae47c6f853c":"8f6fd53eb97e12dcd4d40f2843e25365":"e56995df73e52606a11de9df6c7bfb0ef93b86bf6766e319aea59372060294b0e1b13c6288c2310a4bef725a2dddb174f3e1228649861757903c4497a0eec9c141454fc75f101439a2150e368857c4f0f6e5161c42c77f632bf1c229a52595cbf16e9018de9a8f6a1e6b8b18bd244f93f001eb2eb315405d223c0d27ece9d4d9":32:"613ba486":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0
 
 AES-GCM Bad IV (AES-192,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data
index 9696a62be..d20721227 100644
--- a/tests/suites/test_suite_gcm.aes256_de.data
+++ b/tests/suites/test_suite_gcm.aes256_de.data
@@ -1,674 +1,674 @@
 AES-GCM NIST Validation (AES-256,128,0,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"":"3a0324d63a70400490c92e7604a3ba97":"":128:"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c186654406b2b92c9639a7189d4ab5ab0b9bb87c43005027f3fa832fd3507b1":"":"3a0324d63a70400490c92e7604a3ba97":"":128:"4c61cd2e28a13d78a4e87ea7374dd01a":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"":"7156358b203a44ef173706fdc81900f8":"":128:"9687fb231c4742a74d6bf78c62b8ac53":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"747d01d82d7382b4263e7cbf25bd198a8a92faabf8d7367584c7e2fa506e9c5f":"":"7156358b203a44ef173706fdc81900f8":"":128:"9687fb231c4742a74d6bf78c62b8ac53":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"":"4fe6ace582c4e26ce71ee7f756fb7a88":"":128:"d5bdf8ec2896acafb7022708d74646c7":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cbe30216136b7eaf223e6a7b46c06625176d9a08182fa806a63d8b143aa768b":"":"4fe6ace582c4e26ce71ee7f756fb7a88":"":128:"d5bdf8ec2896acafb7022708d74646c7":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"":"404efd26b665c97ea75437892cf676b6":"":120:"e491075851eec28c723159cc1b2c76":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f31194c83bb8da979a1eabb3337ceb3d38a663790da74380d8f94142ab8b8797":"":"404efd26b665c97ea75437892cf676b6":"":120:"e491075851eec28c723159cc1b2c76":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"":"4037eadb11249884b6b38b5525ba2df4":"":120:"360c6ef41cbd9cd4a4e649712d2930":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"daeed52ae4bf5cbe1ad58ae4ccb3da81fb9c0b6f7619ca21979313ad9d3e83c1":"":"4037eadb11249884b6b38b5525ba2df4":"":120:"360c6ef41cbd9cd4a4e649712d2930":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"":"cebbce06a88852d3bb2978dbe2b5995a":"":120:"bd7ca9f6bd1099cde87c0f0d7cc887":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ad81c34389406a965c60edb3214663ac4a6bd5cfd154ae8d9dc86dae93def64":"":"cebbce06a88852d3bb2978dbe2b5995a":"":120:"bd7ca9f6bd1099cde87c0f0d7cc887":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"":"008d040fbd7342464209f330cf56722c":"":112:"c87107585751e666bedae2b1b7e8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c152ba30aefa5b2a08b0b4d9bf3f16fc208bb0bc4c4eca9411dc262d9276bad":"":"008d040fbd7342464209f330cf56722c":"":112:"c87107585751e666bedae2b1b7e8":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"":"947c5f0432723f2d7b560eca90842df1":"":112:"7d331fedcea0fd1e9e6a84385467":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9aed4ae6b1d857fdcbe5aec6db38440613dcc49f24aa31fba1f300b2585723f1":"":"947c5f0432723f2d7b560eca90842df1":"":112:"7d331fedcea0fd1e9e6a84385467":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"":"51f639467083377795111d44f7d16592":"":112:"02d31f29e15f60ae3bee1ad7ea65":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cc80bc031676eff5f34dd076388a5130e985f9e06df4b4bf8490ff9ff20aae73":"":"51f639467083377795111d44f7d16592":"":112:"02d31f29e15f60ae3bee1ad7ea65":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"":"aea6f8690f865bca9f77a5ff843d2365":"":104:"7f2280776d6cd6802b3c85083c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"db7a40213b5b4b07e9900dc28f599403b0579cbce13fcd44dff090062f952686":"":"aea6f8690f865bca9f77a5ff843d2365":"":104:"7f2280776d6cd6802b3c85083c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":104:"ea01723a22838ed65ceb80b1cf":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"299b874eaa8b7baf769f81f4988a41e2708ae928e69a5ba7b893e8e6b2db5c3b":"":"2aa04d85d2c0dc6f5294cb71c0d89ac1":"":104:"ea01723a22838ed65ceb80b1cf":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"":"ae07f8c7ac82c4f4c086e04a20db12bc":"":104:"1132e4fff06db51ff135ed9ced":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6c7b4c8175db4cf23d0593ed8ea949043880fc02e2725f0ab90ae638f9dcfce":"":"ae07f8c7ac82c4f4c086e04a20db12bc":"":104:"1132e4fff06db51ff135ed9ced":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"":"929b006eb30d69b49a7f52392d7d3f11":"":96:"33940d330f7c019a57b74f2d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b98e1bf76828b65a81005449971fdc8b11be546d31de6616cd73c5813050c326":"":"929b006eb30d69b49a7f52392d7d3f11":"":96:"33940d330f7c019a57b74f2d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"":"e34b19381f05693f7606ce043626664d":"":96:"2adc2c45947bfa7faa5c464a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"09ccef64ae761a70fe16772cba462b058a69477c91595de26a5f1bd637c3816f":"":"e34b19381f05693f7606ce043626664d":"":96:"2adc2c45947bfa7faa5c464a":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"":"a56f27709e670b85e5917d5c1d5b0cc2":"":96:"177b9a5e6d9731419dd33c5c":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"654cf46598e5ad3e243472a459bcd80f1e026a65429352dbd56e73fcc5895d1c":"":"a56f27709e670b85e5917d5c1d5b0cc2":"":96:"177b9a5e6d9731419dd33c5c":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":64:"fe82300adffd8c17":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84bca1b2768b9202bf194f2d5e5a0a5f51fd8bb725f2bab8a3fccbdb64a4ea70":"":"c45b2708c5bdf65ec6cc66b6dfb3623b":"":64:"fe82300adffd8c17":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"":"1bd9ea6186450f9cd253ccfed2812b1c":"":64:"35214bbc510430e3":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c8ae011795c9a60ad7660a31fe354fa6f7e9c2724d7a126436291680cd95c007":"":"1bd9ea6186450f9cd253ccfed2812b1c":"":64:"35214bbc510430e3":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"":"728cb9608b67a489a382aa677b1f4f5b":"":64:"e2ef5d9cc5791c01":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df2f0a8a3849f497d12bda44e12ce30a6957f3febcd5ec9bc134171326ca66d3":"":"728cb9608b67a489a382aa677b1f4f5b":"":64:"e2ef5d9cc5791c01":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":32:"0fe57572":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"78e8a8ad1ecd17446cf9cd9c56facfd4e10faf5762da0fd0da177f6a9b9c3a71":"":"f169ce6f3ccc58f6434ae2b8ad1a63a1":"":32:"0fe57572":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"":"7b722fdd43cff20832812f9baf2d6791":"":32:"72dea6cc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"02ca6d8a862e25db9d68e4404abc107e700135df4157cfb135ce98eaa33151c9":"":"7b722fdd43cff20832812f9baf2d6791":"":32:"72dea6cc":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"":"729baa4c0ef75ed8aae746376b39fe3c":"":32:"2a0d607c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9a2b709dbcc3a4fb15b3ad541fb008c381b7e985b57df52f07ca7cd26ab1ecc4":"":"729baa4c0ef75ed8aae746376b39fe3c":"":32:"2a0d607c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":128:"c595b9d99414891228c9fa5edb5fcce3":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"449d39f863e4909984b37f2e5c09ea4d4b3e9fac67bd57c299e4e1d1f084aaa3":"":"d8e9118f331bb5a359f0aa8882861b72":"4ddcae0bc24d622e12bdeaac73e8d1ab7957af051d27dfaafce53aeed4cdd3f989ea25989a2f41cfb3c38dbd841c5560b0b5ab1861b1fbcd236865d13da55b50219462e021f8a21848a64a85326031fcec8fe47a6ef4a435dd2b2fff637644ffcf3914ef2dfa5dd556421bfd297be150b31db039f0f2cc422b282e659e70cceb":128:"c595b9d99414891228c9fa5edb5fcce3":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":128:"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3e70e66813fc48f984dcda4d1c9c24f1d5d1b71ecfc8bb9581782e7cca5a5cc6":"":"d804f1051e72c9b7117002b862eb45ff":"0b1ab2b7a87cebac668c7a532fa8fa56a22cabf0c41fc1e6744ffe07c857c6865d623f508351f98f3f0c577d1eb94300a30a445472218c8ac626b0bee7d4c122d33f8130436a89add341e8ef7e00694afb4ad80d314d87ad3f921c7105eed05431b8151df7cff2c8e3790efd4acd3f60332dc7f34fdd90beef70f9093361d65b":128:"c09c2e3fdfefa222f7345ae4efb978fc":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":128:"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8e534041090b45b80f287dc5fa20ebda017ad81b0530e680f62c6280fd8881af":"":"ead675b019ef5c6bbf4985f2a382d6c1":"b1db220052c4bebcef27eed6db0dc91be481179d71160c5a2ddb2fe497a05484840b04cce48980057d770fbbd0d5f3d5c633b55470617ad2cab5767188283310337825c4b0eafe13b5b11293dec230dad43b220885105767938c7ec4600fe063f98aa14bc6afb886fc874c10546749da295f571e696305bd9165486e29f43f52":128:"9aa0cdad5686ca515cd58aed94938ef4":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":120:"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2de18874470c09db683cf45cd752bdfa8bf33e7967220b1a69f41f2a02da1d80":"":"af30eb2d0a0c2a50ea413f3285aa88d4":"22889b868d8ccc9f488406813caed199b23091ddd796c8632f564e7cf5a39dfb725266a931fec958659b6fc5b6b9343b8217edb0acb010afc9416601155262b57bd398d62f555953f0e15958e19ae004fbc9cb25e0269a9eaa38a4635a27bfa719fb249fa49337796bcf5f416bba87fbf3b19f0d8c11290c25ca50bbdc822f01":120:"646bbc9b14681af65b0d1c4c9f1d0d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":120:"a8e29e08623a3efdbbe8b111de30a4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1a1bb9122e762ecd7ff861a1d65e52607d98e7ae5bd1c3a944e443710f3b0599":"":"32f99ea4cbf52c2701c2252e5e6c863d":"91b7a70c3a06c1f7f2ea584acb5dd76177ba07323c94f2e8f7cbe93fc0bb7c389c3c88e16aa53174f0fc373bc778a6ccf91bf61b6e92c2969d3441eb17a0a835d30dcf882472a6d3cb036533b04d79f05ebfaadf221ae1c14af3f02fa41867acfdfa35f81e8a9d11d42b9a63288c759063c0c3040c3e6ee69cf7c75f9c33fea1":120:"a8e29e08623a3efdbbe8b111de30a4":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":120:"e3645db0c600dba52044efcecfc331":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3bfad1e8f9850577f9ba3f290e9a5e91b494c2d99534220362e171a7543177ac":"":"8410886b70c57d7ded8596443bd1b157":"ca801c83596795515ea931edba00e06e332bf84246b7036e10b317e2d09a51b2981fcb664ee3bf4180bb0b12ed1cda221abc6790b27c26914f5ef9cea9536e2453cd5b247cb054e295c2687b725a97cbc484b8eb86c6ceee03bd07a54a9301a3ac0ddb23aecb825a238252e7575329058b40e75575a7f16439edf5be163ce5f5":120:"e3645db0c600dba52044efcecfc331":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":112:"c25fc157c3f2474885e2eea48aea":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"65debdf2f2191a6cd8de8ad4d5d4d0d8f731f67744e2545df6b2a7cba89c1ee0":"":"fdab2ee547dd8b6f5a4ea2dd19697b3e":"d2b0a0438ee0f145aec9a7ca452b788ecb473152b78fb75f6ace721afc7b0ae1942049b790f3a5b6221a8760295659756d35347cc04029be03459f3e23a71209b4e0bbe13a253a888c83db23376d3a6d9a539f7c9fa4a12dc64297e7c93dfa0ab53ef76b6e1d95bf6f3d5e6ee8f08662fc03ec9d40eff0a43f23ac313671bfd9":112:"c25fc157c3f2474885e2eea48aea":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":112:"4ed91af6340e70b0c2b94ab6f82e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"496ae810380460d40cd2fdae8c0739f16b87205cc7f57db0a71a473eb361d570":"":"77233de96f5e1744337778212b411bd5":"85f5b54b4c4af5c808120bd28d98e44e96f4126623e57684957e9fc4fd1a2d0583940b8fc8314a249325476e8d05247831b04709580ae714e8187cd38f9559419e14c9fc4f8c454ec191b8ef2a3610988fe3339d0dc6b72f5978f9eff9d596dfabf27056e3a908c6497267461386e860f6b9d65526294bcb92908b5661b06b5a":112:"4ed91af6340e70b0c2b94ab6f82e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":112:"3bcb5c2a4261d75bfa106fb25ee1":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aca188183b46139cc7cffc82a6aaaeb2fd73cecad14e75c663bd62daf1ec711d":"":"7bbf7fb55eb70cce94cc6a2b67de55ba":"015cfba90f069545fed60f31992ff3d3c3592eb91e7a53df5978ded64291954cb99a57de82d5398ce782b68d14ac04a8b425395bd076ead59eb445721bdb2f45e19fa089117800cbbac7b8313fb165ccb1122acb654e1242dc7fe6885ea1cbb7281b1270cfa1549cdfe9b47caf47b4ac3807e562e48c066566f5e606b5023b47":112:"3bcb5c2a4261d75bfa106fb25ee1":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":104:"0e463806ff34e206f703dd96b3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8cd6815f6ec15f03b7a53f159e877a5981e0ab7f6e6c261ddde4b47cbb2f2366":"":"c431c07d9adf5f61204a017259cddd75":"4e1a835402bde4f5227e64b46a1f8d0f23a9434e189377fcdf1b9621ba1987eb86a7f3b97ed0babfd674e74c5604a03dd016d71000a72bbbd00a7f7fe56ad0fcb36a3e24dd0fdb63bd66d4db415f35012416ed599796ca3f678df7eb5a1b17f75abb348ddd3b366369a7b362c9488aedab836b61f9a158f0b129c8ca0a53a81e":104:"0e463806ff34e206f703dd96b3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":104:"3f0ccc134091e0c0425887b1b9":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8f0a72abcda104aa7fae501f9a3b686d00d3f6fe984731db8a2865bfec587073":"":"ab8acd063775d1b1314f14e90fddd1be":"02c6d426e7f20b725d8cde0a6382e49b029b52126889013ef45251f27b2fadb95ca4a9a3b16ad06999eeca4a473e813045db4942e9b9ff2e5a5e429d9bac298372344d1b781d5facabf6d779643f31ada6124eb50aad599044b54279ec9b25714ac8a3b9ad2487cec7f4b1ee245d7be3d496d6af1d4cbee1c8201312541f3064":104:"3f0ccc134091e0c0425887b1b9":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":104:"888b836c9111073924a9b43069":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"417135cad74280e6f8597dc791431c95cb8fa63bbf7197e3ab37c4b1d6d9438a":"":"0fe22d9ba1d0e32656e3a9f07a517a27":"a0b2712e81d329d5b076a4be2ad6823cee6dbd17d9a592d065bdebb92b1ff37a56bf2f5e5341f39c574246ccda19e5f35fede49c9ba958f3920cc5440fb404fab7846884ca0c2a3af5b51f4fe97a1395571319cc5b40f8aac986d77de280db82343983982638326ef003e0c013af19c34672975dc99ccc0853a1acf7c617d965":104:"888b836c9111073924a9b43069":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":96:"b6044c4d7f59491f68b2c61e":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"304824914e32ea0efd61be6972586093349bd2cc2cf0cff44be943682b2dbff5":"":"b6d927a71929029f6766be42746f7cb1":"7281c81c7514f4b17cb125c4649006ef8959a400a1e4d609d277e363e433725fa32346a10bcbd826b6afc8222158920d0a2db1e6fc915e81231c34c3941ecf3c6f94ffe2136190cae3dc39a4277acbc247f36291b5614a8433b1a0780434a6c50521b72ec25145bbd3b192647155d5dd9df9e66762d39592602ea99bf9bfff49":96:"b6044c4d7f59491f68b2c61e":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":96:"5c5683e587baf2bd32de3df5":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"8a10e9abe9389738e12a4bb6f553ae81e8bd320e0dfbc05fbae2128c1fde7a23":"":"6da44354e198e3beb54792718becbcc1":"199d754630135b669bf2ec581d3027a569412ab39a78dd9d482e87b778ec65c6473656260c27827e00e566f1e3728fd7bc1853a39d00e43752c6f62c6f9b542a302eea4fd314473674f6926a878ec1e4b475d889126ce6317115aea7660b86ab7f7595695787f6954903f72361c917523615a86d6ce724bd4a20c9257984c0c6":96:"5c5683e587baf2bd32de3df5":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":96:"52e10495105799ead991547b":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d164ffde5dd684becaf73e9667e3e6acb316682c41aea247899e104a54dd7a7f":"":"1d388e19e9d7a9750e2fc1187d4b075a":"f166a5b6f91261cda56f1a537f42ffb8aed10af5e0248f8910034b92dbc58d25953f1497f571d31fbf5ec30d92234b440161703851f0e43530418147ce6270fbcb5db33ab819ba8973051908704b6bea8aaca0718947e6aa82498a6e26a813981783ed9bf9d02eb1ea60927530c4700ff21f00179002b27903dd4103bbc5c645":96:"52e10495105799ead991547b":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":64:"6ff8fd87e5a31eb6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2854188c28b15af4b8e528ab25c0950fc1384976f242716c91bddeec06f2fdea":"":"075af9c31f5252b8920092cbd999e7a0":"e9452f71093843a025bb5f655eb6a4e8316ab5946484b11818f22b62f4df75d5891fa3397537093a261dc9a7648b7477ea1f5fc761716e302763364bcab7992595edd0fc1c7f7ac719c879e6616e2007948eb8530065a6cccf73d0fe4a0598819b471b0856e6d90ea0fc0e5d36a30ee925b6b8e5dbf40e77f01efe782c0bb4f7":64:"6ff8fd87e5a31eb6":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":64:"49aaa806cb2eeadd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2bfc445ac0365ae6c3c3815fd18bbd0c60ea224f6620d9b6ac442a500221f104":"":"43c5f3367a9955aaee1a0c4d4a330059":"db0bae8ce7c66a8ba2fedec22f236212e9a7ad72b371de285c7dc6d2f6c22df0ce4920e0f03f91eb1653c4490050b9f18a2a047115796f0adc41707d1ffcbf148aed5c82013f557e6c28f49434fc4eb20112f43566f212c48cec9894ac40772fcd9b611ee9444df7b73e35b8a38428ccb064c9c50491d2535e0b539f424db83e":64:"49aaa806cb2eeadd":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":64:"a5b71ecf845b25d0":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b828f99aaf751bf22d993ed682e488595617a607ed74aaacbb6b60457453080":"":"d48dac1d8d77e245420feb2598812418":"f50f785f4e7c848a55a616ecf4b6b1e1ca85e16de7100c7e4273d411bd95c1380ee157ba501ba9616980195f34e39f43e335f33253342feb8ed64443483c721b85241a0320b3cac83104de2db47188c61a373fba592ea16feeefdee1f2bb43927396f58151418672ebb74afff5c029503a0d0be81430e81ed443e08b74c03183":64:"a5b71ecf845b25d0":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":32:"e9cdbc52":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b6da11d69fca3e4c907628d3eb63d95c7e502fc901372fd097e064e70831432":"":"6fe2148f250ea178d4c8ca8423ead87d":"a8097bb74ded776f578eb7588f5ef8915db9bfa7262af700c8e76ee114e07557b6786dd5a60a66b2703e7c9de5d6b42aca92568aec5d1ecc298dbd0edb150b8cc13c9a78698f7674caa94da6cacd1f3ef4ca4238c59830ea725ab3a6284e28966c8c32d9bccfb0cfd6583a5ca309debe86549a6f317d15c5f928cbc7f473310c":32:"e9cdbc52":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":32:"e35dbac8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c5ae9328be49e761064080fc213e53e373fd86359a09d0355e2d438d9b8e68f1":"":"a7e3f8660ff925d5c88c5aceffbd7026":"2ddddba7a56cc808aec4602f09ae9bd78887827bf0315d8dbe16821606ef9d117746dd138bf1f23565d1ab8f4cee36d53fe3730632c5df9f12109b16edbeae285bb49dfdd155f5dc97b319a85362d53cc86817b7c1c31e5e87c9f37422f133d00dd0776bd92ab05ce6860573cd911645cfe3fbe515e85f744899a447fe443653":32:"e35dbac8":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":32:"e7a37f15":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e4f8ca13ba86c658cc7f42d4f029422209efbd101bc10a1df81a42cfb3a0f79f":"":"1a362fa0e4054ba11e4b06d59c8bc9cf":"e7ad5c75aa13659f8ce4b1650c46382645ec67418199b84ea445b8ceef619ef3fbde59ed3d313c459e36fcf87d26ef2b453409b32f1086934c3072c1ef0aac83762d28b1193b9afff2c083ce4300b768b0ae23ff9d3dcf65bc1693f1350da65180620aab205aceacfc683c8be53a332e2d0337a7518d2a5204f9c8d7325a4799":32:"e7a37f15":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"2fc1afc1395d8409919248709f468496":"":128:"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"00050a21ca1e72cd0924be31b943c60854be6744577de3dd9d1f4fada4a19ea6":"693ffd3d92294857a99c702a0799eeca28ab066dd90917b9ea5ef8f6547f1d90b106cbec8ef2c22af9f8efa6c652f2f97c2baf33af14fe9def230d49524bd65909c3df1490f637f99e788dcc042b40e00bd524c91e2427ef991bf77e7b2f770cda6e90076c5dac4cac7ee3958b53ff8ce846c3a96281f53c2c52f5f3e523536f":"2fc1afc1395d8409919248709f468496":"":128:"e39b6a7fd5ac67a2a1cc24d5eb9d9c74":"":"cfcd6b9ff7641829cbadeaa2e56f1f150a099eccf3e378fa4da59794dcc4490aa4f9c5db0ab245bec36a7d4557a572008e42f03bc1baff3c946f23f54a4dc9828f106cf4264e4ab40165839d1085e7795b1ae0950f0ee4a08e46ada501b6b51dee0e518129c9426e5bd44c66674a9f99cfe676f002cfd344c5bbd22d3d91e600":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"c571ce0e911de5d883dc4a0787483235":"":128:"6d9d3a5dbc8dce385f092fff14bfffda":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f10965a66255f0c3515af497ccbb257a09f22ec2d57c5edae322a3e6d2d188ef":"91598690edf2de8b27f9bc7461a84e80811cee544f0542923898328cf157590251f0342cb81d359b5dccc5391a12320d1444c26f24178977dd6705c2b365dc1ece0152c42e2f0ee3162cf886ef5529f4f16a77f3bdd2aeccd405b59addf098521d0d38cc25f1991e11be7ecf24caedb48a2a286d2e560a38fa9001c5a228c4d1":"c571ce0e911de5d883dc4a0787483235":"":128:"6d9d3a5dbc8dce385f092fff14bfffda":"":"2867996e389e09ec0da94d42e77b1e436b50065b09ca4adf1cd03240444ee699dbb7b3fc081a1869ca607d77d5ff9754fc3c997ff0a4ee17543a2ba77886b88a7128bcc51d3450df58ff3a26671b02c1d213df6adb6f7e853080eb46b504517cbaea162710a9bbc2da8b552eb6b0e0cb98e44fcab0a157312be67974678d143e":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"275393276745bc43bae4af1e5d43a31e":"":128:"a82ff1e87d26e4d6e417b60fb2d3ce23":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4437ee7d16d8c3ca1aa01e20b66749efa901614d4bb4bee786ad5a5f1bfde2e6":"ff80727a3485cdbc7fab4ee9fadfdc621c538e2055706629046078f1aa3fb687fc728d3a7ffa52ae457b7b5649613eab7bafa464bb435314c49e5900750f7ad39ca9b75df6b2eaa755439e101f67b7ae4cd80dc4a9dea0027048253f2d0a6014056ca69b8c85605b00cf75fa7634a0ddf464270a8c79ce1a1324c4a4c513b24b":"275393276745bc43bae4af1e5d43a31e":"":128:"a82ff1e87d26e4d6e417b60fb2d3ce23":"":"88f994d276ed20be3932d16f551c4b7e2ed80411f2e72ce098fa0b70c22157a59edab30649fec447dd63f0c87dceca7238ef0d9561b58489ba7bd86f2892743099f40af63c432f78ac0ad0b5c2be47b9e3045e7237b096ee400f430af63a6f309de785caf190f3f4aabbe79f727a741590de542bd343df68d13db55a5f8bab41":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"47f5264f7a5b65b671892a05fa556f63":"":120:"660462b4088f6628a630f2e4170b21":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe4ec037ce563dadee435cfcb2bf090f1f7ccc7d1b5b4fab2f1b738348f8ed2f":"64eb8a4bda9804c09b04cfcd89094928c21480908b81ee19d6c29c2a3631b1a5bdc8e7f8ea56f7b8b8e14a5208296026785cac3a6afa54be8af4d5faedcd12b6621bde0f8ec5a2635fe72a89468ca7704c73aa40cd2ba97aef08886b27a694d339b00e7d12a31308672f87c06a7388a1432f869eb4cc1da864140b1b33931925":"47f5264f7a5b65b671892a05fa556f63":"":120:"660462b4088f6628a630f2e4170b21":"":"4a310e035361f98b8c54fb4cef70b1a9c910552ece056ca8fdab54c52308ec0ad7fe9dd1dae92badab5010577de522088768fa6466fbccce22e14c51ca7986c4063d0f06bf578dab16a91856713198a7138395c49c78b6314b57ab72fd079028c8dc351952d90b04a7cd2b245df0c0522447cdb7d3329fd9425fe5cb40a8e7c9":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":120:"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6e1ada628ca76eb9832cc6b5efc5c9d2686bb587366a6de2d734233fa95279e":"a0ac738e0fb35246b84a6fbe319f827039515df25d0c0fc6de7c048253ae63d3c561e44a12672ffeae1cb925610b482aa422bbee0e1784fc69baac3a97d69f51e6d2a17957b44b318624ea7ec680a559f4d3f2761d09bee66efb3a312ae6b3ecb673e756b2a0f654671e82500e7ace91f2be2a74bc3bc1ec1a4b6877a53c27c8":"5a100b451e3a63a3e6d4b8a9e59c6bce":"":120:"88df9a1ea54e5bd2ef24da6880b79d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"4e022d8d86efbd347e8cbab7e979771f":"":120:"e7df79af0aef011299c3b882e3a45b":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd5c1e90d78213155c51767c52c290b3d657db8414ee0a7604a2ec7b48105667":"8e987693da0fb77b6d1282eebd3a03e05d9955ff81929b1a2c721574862a067ddee392c7ece52ca1451f3e6e321d7208882d97b4149af6d78d65c054e1bfcdfa62bd2202de32dea8363f8d7f041891ce281840f3cd906ab46ca748e5b3b11890b4014bf0271c9427c874097782d1c13dbb40e78fc8276fc134f3c29923a43a01":"4e022d8d86efbd347e8cbab7e979771f":"":120:"e7df79af0aef011299c3b882e3a45b":"":"3b20473d9b5018d089e7f74d3fef22ec2805948a9e07689831973c704a6d8db4d090af88d696ab8c3aae9740a2bbd7f03e0b18b2b591e59c335c1043a2578a89b1a9f20fd0dd53f12e00e9bfdb27de8caac772bbfc4de9e4a255a5d1b04e59625a87b8279babe613def58d890d5502abf2f709aab625dcc20c58772832c7bbab":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"7c0f49fb54f5e68c84e81add009284e6":"":112:"b2ec0f3da02a9eb3132fb4ebe3b8":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6e3dfc07003bb6a2d82bd5263b2832f47db4e73279266c7a9ea21f4f18eddf83":"a960da222af9d4da5797e6957d59b00f6d3893599c70e95c0984b56eb3329b191703c2532f3288b15ebf655b9b5ee4617484e5ac9c39bb06731d03ebe4fef9495d003b0ed694cf540b4dc759d32629e55512680badd81234bd71ffd55fcb5e6a85031c1dc31ee1ed198939582d8336c905717cc87101dcfcf9d833fac815c8ea":"7c0f49fb54f5e68c84e81add009284e6":"":112:"b2ec0f3da02a9eb3132fb4ebe3b8":"":"a40b6f70f0572fe0bc70d83368e7c154f7dbd501f52501630a2e523d18e216e07368521f6040d806299397722b99bcf7f85d36b8bed934b49aa1fa76d38783e6a2e392d6d0786d467f7bc894a739ecf94f0fe884a9c391154f8326bf31ea5242a18aa263d04da4b63b11de23b42d3e10a2d5460cb32700cdf50a0d89165ba22a":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"5cea906737518c2cb901016e30206276":"":112:"3a3a771dd5f31c977e154ef5c73a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4103b1ddff87a508a219c808a04ad4750668688f4c2ee75b92d28d70b98a2c94":"a00a196193ff07006b7df524824bd0971d63f447a3a7bb1b75c1e2d11789482c115cff677b54948d36dc4de34200bce97be0101d88cee39b177857dd5da3cb0d2f9d6e1150f72a3bd655e0bace1d25a657ba9a7f8dff082b4460432075afb20173da22b49beeb6a030d72ba07869ff4389fc1c28d87018d7c1a9829c21932197":"5cea906737518c2cb901016e30206276":"":112:"3a3a771dd5f31c977e154ef5c73a":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"387ee8c1e7f047e94d06d0322eec02fc":"":112:"62356850d12b54e39872357cfa03":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cd8c2f0c330d5db316dae7a16b57d681ca058864f7bd60f3d0de174442283f77":"e2a5ad295d35031535bf13c2993bd0b292e8a9465b9dab738e59ba03670248a1ecc92b38a55bae34729162271cc1572c35fcccb27417b48dfcbff852a7a8845cc829a4461061b558ac8b5930a5c6491ffba04a9d0dff220b3cd5e4fc2e0f3db3b2ddd90328f2cad819573a7856299620b02f5ee0267f3b56981afbf1b7d9e3e1":"387ee8c1e7f047e94d06d0322eec02fc":"":112:"62356850d12b54e39872357cfa03":"":"17b7f6bdfc1993c56dd9bd674cc276a55a46fdd9fd5fe435b9e4b7ebc7052a9dc76a99e4e43aba7d486603189c90d10a21ad3722c86bf5bc856a0f930ff5bca65be708b76bb8a29105da67f31eebcec81f28aaf526d2f8f0feac393a24959dcd612e2b93b4463f61957d2b3046bcdf855e346601e4c7760c0ca618ee7bf55381":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"d2b277f78e98f1fa16f977ce72ee22a7":"":104:"4c81c044101f458fdfac9ca3b9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7e19e400872eed721d560202cd757d3eb99729496b6e3a6d38dd8afe1066045a":"3fb9abc7aba654dfb174e8899c17db222ffbb387b7260fc6f015b54f1cd74284c516e21aae3b72338e5e8dc643cfafca0678f5bda3a7539f1612dddb04366031b5a3eda55f3232c1b176cc9be7cc07e0ebca674a272224929c401a2530efc6d4eed0087b544b12d172a01bc8340d9c2a2ebcb5af8b07d96073a879fda140c196":"d2b277f78e98f1fa16f977ce72ee22a7":"":104:"4c81c044101f458fdfac9ca3b9":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"94886a1845aebba5ed6b86f580be47f9":"":104:"4be34ff42085ef4443c8b6042d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0653934a16fd36c27d54488a1829302b931bed6e26ca26047242b85b50bfb61":"c02347e1add9178d830d8baaad9aeee37e958bedf2cc846e2561fe8c83481d0a8a85911e7f1f6e444b28f30bd96c13c390e80f616feb6844ee6fa486543a2e3f38c138f45b4405e3fb331b64648219aaf1d574be948ccfca6afc18d12488db19c35b05601e47c0af5d49a93a5dd4420f38585c1eb033e173376fa390d3f948df":"94886a1845aebba5ed6b86f580be47f9":"":104:"4be34ff42085ef4443c8b6042d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"e5ca84b907ac761a5e68a9080da0a88a":"":104:"c8f78e4139dd3eaf2baef8aafb":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d0f0ccb88c7cec9496f26a59ddc67dc59ebe49ae3dd89ef3be008598727e214c":"7845e155f4f28021291e7c814a1ace8f42b239990831aa82758fc1e376cace0b6f668f7f2f224dede1ef5b1df7ae74b2c01483701044acbbb72a9216eec6b7ef0190f114b3c73c6985c4653f11601c774d10b7f9df1f1e1f3ff4fafa20d6525edb37d9e5acfafe6d3468ee068d407fdb56dc718c98425926831253978d727854":"e5ca84b907ac761a5e68a9080da0a88a":"":104:"c8f78e4139dd3eaf2baef8aafb":"":"0cc3ede50b0d3fb9ada11300a3239a383c98f968ad65266d57a195bb18d3e568fe6cabba258da4bee9e923c7c838e06dc887a6c49cc1453ea6a227c6a83e651a8742e0316cad5efc93739393e3603446b5c920a206db1434adbb8ebde4d1a7a8699c7f6c61b2d57c9709b564338423b4f526d6c157647a6c45da9dd521061f05":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"fa549b33b5a43d85f012929a4816297a":"":96:"afa61e843cee615c97de42a7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e35dcea17cbf391491ae5ba6056d0dd13b348183474dd4b614742751bdebfc32":"5213542beb044910d7fdeec8bb89de93f350760e493286eaef1140485380d429f74a4279c1842a5c64f3ca3381cb5dbb0621de48821bded650cb59703e0ca88f4e9c3d15875f9dc87d85ba7e4bae9986ef8c203fce6f0ce52c28e3a93befb4cc4ba3d963d2283cd30f9bf6ab99d92f2f4f3aff0b022f1751b89d43ea10bbb28a":"fa549b33b5a43d85f012929a4816297a":"":96:"afa61e843cee615c97de42a7":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"2f8512bb7e214db774a217a4615139e1":"":96:"f1da1cebe00d80eb4e025feb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"844c50ddc0ac1d9364b21003287d6ae6360d12bbb17a85351362420ee4ca588e":"3a3bf4ccaf05f7c02f5e158dd2c5cb08c6aed4b1ba404a6d8ef9a0737fe2f350b3e22188fc330ea63e35df82f996e3cf94d331c4246cdb25bb2c409762e05ddc21f337edee51b64f1766ad18f520b3f34735b24278d9d647c533a743e0c1e9c81e9dee975cdc47e8582113fd250ef59353605b64acb7c025a97854c1a5c03237":"2f8512bb7e214db774a217a4615139e1":"":96:"f1da1cebe00d80eb4e025feb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"3da9af3567d70553ca3a9636f0b26470":"":96:"e1026b3d15d261b2fb47632e":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2aae1aa047a20ed2d6d8336d923864cee9404f924031ae327fbfe2d293e1d93c":"8e5b6b9e4e7d01de9a919dd33c0c1eb94dcfebf28847c754c62c1c00642d9e96f15b5d28ad103ff6969be750aadfd02fc146935562c83ec459a932a2fd5fda32eb851e6cff33335abd5c2434ae4f5524d6bc74a38094ced360f4606a1a17096ff06604952c8ca94a9a6dc4a251e13b0e0c54bd8a6dff5f397a1eb1cf186fa518":"3da9af3567d70553ca3a9636f0b26470":"":96:"e1026b3d15d261b2fb47632e":"":"58c52ea9f3b162511160eed1a68b6f52b3c4f5834af728de97a3d9e4ba337b29aad12636003cf5be9ffbeae0f383f7cf32f645a8f6fc5cdc1cde91c625c69a92bc434ed671e52a0044a48f3fce55cae49a7d065c2a72603a7efe58b5a7b18ac500d1a51420e820357e7a439b1c02198ebe3d4e62d5573a3aa5f40900a21e3b41":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"b957f05921d21f2192f587768dc12b4f":"":64:"322374fbb192abbc":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f3d69208cb0d27474e9a231cd46eac7c1574fff950c48bbd1ba03fad16f563df":"0d1f06eef5e8f2c81d1a73bb1dca93c22cfb6e40e9948bc75b0d84830fb9216330424f580b89050c3fb3f620eca8f9fd09fb86d2e8b3a0869c6022d8a705fc280d66fd16d3aba7395d6be4bed44145d51d42d56285f3675726d62d94c081364a6d440511de83a613c598b03078e2ec7648c6302defbbea66aafd33e1a4b1686c":"b957f05921d21f2192f587768dc12b4f":"":64:"322374fbb192abbc":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"31bd7c971a6d330b566567ab19590545":"":64:"efc5a1acf433aaa3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cb2cdeb17fa6bcb006c7fc60858a12a411804464458db351957e8caf42f1ee6c":"296504131354b2c1928982f12d408ba2377f2d4bbe87e4c69f92a15bf6003910a43bda6c8929df66b3ab1d202a5258cad199f32f36cc30d2dc06199c2a52f7ccadad1fce50123c5f8434dec57cc60cc780263d7aace8f59cc8a6c54bddbaded3adb12ae2ee0bacf6a8da635ff85b51a4e8a1b3dc404863b90059de4ad0f158dd":"31bd7c971a6d330b566567ab19590545":"":64:"efc5a1acf433aaa3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"2f9c0647a4af7f61ced45f28d45c43f1":"":64:"ab74877a0b223e1c":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f94170790fadab3240df568197f9d6f6855afaed8d07eceeaa2380121872529f":"ed231b78db082f652bc6310c396993b52de804a82464fa3fac602a1286535f59c67fc2b1b420c7321eb42b971edde24cd4cb9e75c843f2ac6fb8ecdad612d2e5049cf39327aa7a8d43ec821161c385f3fdc92284a764a5d1cbae886f07f93017f83a105bb7c3cc4fc51e2781516a2471b65c940ddae6b550ad37b35f53d7cc64":"2f9c0647a4af7f61ced45f28d45c43f1":"":64:"ab74877a0b223e1c":"":"1cb5ed0c10cee98ff8ecfa5a1b6592391bbd9f9b1dc1ff351e0af23920d546b5e27d62b94daabd32f7f96a2632dc9fd7c19bf55f3b9b7cd492e76f4d6b0f5b437c155c14a75e65bfc4120bef186da05e06a2fd3696f210292ee422ddbce6e63d99ee766b68363139438733c5e567177f72e52ef2df6a7dd33fc0376d12ec3005":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"69d81c73008a6827a692fa636fbab8bb":"":32:"be2dda5c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"797c0091ff8787fe7cd0427c02922620e7f6fb71c52ddcc03a9f25c89ba33490":"2d3efc8900315c3691a8e3c9de3319d4deaf538fcf41aa0e295b861d0ac85baf56d149a6437747dd6976f44016e012b88de542fb8e5b9e4ad10c19deec4b7c0b69bc1b2e33d44a981ded66127dea354b072010b8dc24b85ed2ffeea3b9c0e931619dbbf22677691f0d54fc03eaa162e0ab0d760ad41021f67057c0d6ac19ca8f":"69d81c73008a6827a692fa636fbab8bb":"":32:"be2dda5c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"e119e166471ecf44bc3a070639619931":"":32:"b2f54b3a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90ce1afb5500489b9edbad987f4009509c847b3e55cdf0c764ef2fb085e3d033":"98482b54edce2bac1cd64d44917dcf117ebfbfe26ad17a9b263447028304f1cf5a69559c05b5d833420f4fddb6e308277d01eb4b3235f1c4b47d33d3899325b55e7be19d43187a5b1b1354ce02a529b3df1c13b4883902ae9fc565079dee825e705f3e580371e4fd86c3b0d31bae98adb529901f346ca07127314152b4370edd":"e119e166471ecf44bc3a070639619931":"":32:"b2f54b3a":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"cf296aa43cb7b328e09c8975e067404e":"":32:"56015c1e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29264a90f114a800c0fc3247b3bda00981a12a8f85cf3a19ea4c7ffdd005f4bb":"587c8e53ab5ae8c31e16160b4a41d88798e27f4ad61c573c023c62d4dbb3952eef5026ad7b453fa9e0694347ab8fe50a6cf20da566202b81e325cee9c07ab2d4d53ed45b3ec2d2135936515f8a24f2a8116807dce9df3c44edf64c32647145152ff241d9e018e4101e400af070192dc3b498b5a213d265b4cfc8c8d4d7deccb5":"cf296aa43cb7b328e09c8975e067404e":"":32:"56015c1e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":128:"72ddd9966ede9b684bc981cbb2113313":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84ff9a8772815b929d55f6052c0354cf3e02bcc8336fcfe5794952b4c45d5d96":"a87de56d49725a1625baf12fd15931fe1a6783dce5d1e744eba108f45e0c105d8141dc027d0e33ad7efb6752b43729715e2f3e2c42ebdab4d5f72f886bd821c4372244699ddded99a63dbe7763a5a3bc21cbfc253cdc2514eba2a4f54e24dca7c207cb3f6ae80153d77fe0641f357d5a073dcd425c38deb77c45f27427345516":"5c044a66e488b853baf479f7dee2aadb":"00304e3d40cbc6d2bee0778462884f4ec047a8c74bb3dd7e100f2b9d0e529fd24730063986117b56ca876b208a3691425ac63afc3d504ccb499c76622eade09717023fcb7d956b01ce24a3e53cb5da472be3fcf5b278b5d9e377de22fab75bc74afa9670f5fe9691aa0ed77e43f6abc67a61ec409ec39fd66ac0307bf195f36f":128:"72ddd9966ede9b684bc981cbb2113313":"":"aadb8537309940422f67ca393aa6182d67fe7c52092538a15e98a4254f0a9087c7f10903d5e78078c2e55de914dec8b6b35cb720e3e55963c0ac9901e44b83a0e7c5b2d3f002aec0a4a08354febe47b2abb955f2a21107626ef0b8e1e099650812a6fecf36908fce2d078c2735cf7c2b970a309e5c6d6ff29c26a05720c57105":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":128:"9e8b59b4971130557aa84ec3ac7e4133":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5ca3991d0160b1729ae1a622dcf4b03b1f4ba86150bd66bf35cbbee9258af10":"62aad5854a238f096bdde0711ac6f5763e7fea29db068ea8c911f17ba91e6d7807883e6fc5ba7db17af33da2b00973008a3425e65cc786ce1b97360019ee2cef74563d54752be436b905705b507c3d62689df4edf0356d26b693eb43d8a2a927a9f3866b7e0e19e84a90447bd6f47e31070fa7c2a71e3f78229ee19fa47e848f":"f8402184d1cc36df07b68ecb1ab42047":"d378cfd29758bcbd21e26a324239c42c992941b3ad68d9f2b3d2def3a051fd172ee882562970ef59798ff8d9eb5f724ff17626156f4cf5d93e41ffef6e525919af6194ea9bbb58c67563d3ffd90e5a6e2a3a33bd1fa3d55eff5dba7cd439d571f7e08014c4780e3d10904ef22b660897e78258da20b2600e88d71c35ecb6329a":128:"9e8b59b4971130557aa84ec3ac7e4133":"":"556dd32edc0af3c64186fe8c000ddad1516cd14721c93c228e379d4f87e32c79e734539cec930322048f34a2b34931c585d44f09966caf187ec4b9244c991a8a5f263e9da1d08d6086e52535afdb36c7662307521cbceb9ecb470a76970243723fbc1613b6ebbcae261ac2f1936e66ce29ec7350b2e6b2f73a910ade645154f7":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":128:"e49beb083a9b008ae97a17e3825692f0":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"df867d1dd8a287821a54479cab6f88636d2aca30e1bf01a5dffc735e17590356":"6517272cac85d7f38902bcb4b96a0c59c4bdc46bfefa6ebacd7f2fb1629b87ca91de2ffefc42ce3cfd34dcbf01b3f7cadcea3f99e6addf35d36c51f2ceb1f85c1f56a04ec9c9fff60cd7fc238674992183ea3de72ef778561b906202b7b83fe6562a0bca9c1e0a18638e8685b998b4192f5120435809ad6e93a0422d00725262":"35019826c51dd1ef07ff915d9ac4ea96":"0375ed93f287eefe414ab2968844bd10148860c528dbf571a77aa74f98cc669a7fc317adc9f7cf2d80dda29b19db635b30a044399f3665b6176ed669146d28f5ada03b3d32d53fe46575a8afcd37f20386d9e36f7e090b4fefadfab7f008e02f1b5022c0eeb81d03443a276eae48c038ed173631687d2450b913b02c97243edb":128:"e49beb083a9b008ae97a17e3825692f0":"":"723be39bc13adbc48c861b07753f64fac1ae28fc8933acba888b6538721df0a8b91c040a26522fe0dbb7335d8f63d209e89f7cde23afa9ca3c584b336d63a91e07fdd8808b14c3214c96a202e665bbaaa34248ff30348f3d79c9f16e66ad6c5903305acd887a89b6244eb7c2d96e18b13a686de935bf3821444ee20f48678be5":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":120:"03cfe6c36c3f54b3188a6ef3866b84":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e8e9ce6294b7fbc534a96bdd060120976a6e08315d2ea73ac61d085cd462a44":"9855f186b51358f0e2111c06bfaaeaec9bf95c55e246375c614fad9883d86c82a20c86538dc5f42a0ea69677d59a20c5112d15d2a8396f12096242ad5d7b838d16ee0679fc4017af75bc15e8ad2f77b0e802c864031cbfb0bacd95c828d1db4b7bab0713619e9e5e8fe6902aac7a9e6c42eb05f5b156f7e663ee43e6fdb62480":"4edc6be20f904b4789e5bee0a80a3fc8":"db28ce076b360816cd1e04b7729f8ab080e0a07f35204350f3bd056945aab8638c0e8311ab056f3e5debdbfbb03fae700770264faf73e0f3a05a5812aee84ab613c82f4a76da276250675f6a663f85e2c26d4f4a8666a7f4cedaffc1a7218dec11ca4e72b8b5d5b620d1efbd3d3b94a5ae0d118b9860dfd543b04c78d13a94c3":120:"03cfe6c36c3f54b3188a6ef3866b84":"":"e10142f852a0d680c983aad2b4609ccbd35ff61bb3eb66442aee6e01d4cc1cd70f45210acbd506395d6ca0cfebc195a196c94b94fc2afb9ffa3b1714653e07e048804746955e2070e1e96bff58f9bc56f3862aaa5fe23a6a57b5e764666ddec9e3e5a6af063f2c150889268619d0128b3b5562d27070e58e41aadd471d92d07e":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":120:"ffdf56e1c1a7252b88422787536484":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"886c77b80f5f3a21c01932685a540b23629f6d41d5574fc527227ed0bdf2e21b":"53a17d7b69f607f08676d6f6dd4e8db08e01333a8355d8c87616e84cdf10ef5b041fc6ddc3f6a245c0f534c2b167064af82f45e4702a5e8dede59579fdecf6713353392433950c9b97c38d9ee515ac97d0970ccf03981954540088567a30941bb2cca08cbed680500f8342faa7aebbc6c143e2ea57ba6b4ac1fd975dcc5d0871":"5ec506edb1890a5a63b464490450d419":"05b8d820c9f439d7aeae5c7da0ee25fb0dad47cc3e6f3a47e8b984e856201546975f8214531fc3c2e504d2ac10fa49cb948596b9a8fab01b95c49d6f04d1589f93b77b899e803dd20e1f00a51c0b5953e85be639109b14b100e35ca26d84ea629964b0db8260dfa5a150a66261bf37e79de2ec49e9f1b082a7c58ecd3d39b6c9":120:"ffdf56e1c1a7252b88422787536484":"":"79ee27adfa9698a97d217c5010ec807806feda37db811e398c3b82abf698aece08561fffc6c601d2691738e279eeb57e5804e1405a9913830e3ba0d7b979213ef40d733a19497d4bb1b8b2c609a8f904e29771fa230c39a48ebb8c3376f07c8013fff6e34f10fe53988a6ec87a9296c0a7cfba769adefe599ec6671012965973":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":120:"ba61edeb7b8966188854fc7926aad2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5231ca6d772edd9ea2d251e22d7d455928c22474b4b44130dad57e6511fed6ee":"2767c808410ee132291585ea74a48ad3102f883f07d060c91c5f10abd37fe0996d2210dc490260238ae15f5d74c7be2a1e15d80db09079c520047f88488a7802857a3fc3b81d85a96949997430a880177880a31d4d0c9c9045247804f057a4f2756d6e40375a4a3187c4376d6bf573ce334cda1ed88d8a50db499e7cdb89d8db":"048698a4a0feabc1f336112e2794795a":"3a81b6b0b722899ff931cb73c39222d555b83ae3f8880b982593cbc1ab8be90d1ee32fd7dfe697cf24c95b7309d82c3fed3aa6b3d5740cc86a28174ac8f17d860ebb251ac0d71751c2ff47b48bfb0b3beb4f51494464cda34feaecddb1dbbe5fa36c681ada0787d6ed728afc4008b95929a1905787917adc95f1034fedcd817a":120:"ba61edeb7b8966188854fc7926aad2":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":112:"993fc8e7176557ee9eb8dd944691":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a3f516a7898e04e5da4efd6c7c5989b77552d195464620c2b35b9a4fda29cce":"5cc28b61ae97557774bdcd7ff653f4aa349df68d53c7e5a65263883ef1fe224ad40e86bffc2d38f28a2ed9ae1fc08563e2a1e46246106546eb8e6064c06baa0046fa137421734b7f0f94656a4f459d9d981717557d843700d116b6e5e2dd3af5f67c34edf31b40b71fd3c6f2475f9310feb70bcb973be52d41e86792c49d54c0":"9310af6974890c0a0364231f9cc8103d":"2103af8356bcb9dfc2a4f1d4ed09cbcd8e1990d23865605e19f87feb50bf8d10d0257740e5557a9297f0499c01e29a1a513ca18e6f43f7406c865cbe3951a7771128f3110c8da3bd696368901944549552842a1f6fd96cc681b45da098f3c1acb3d237d2363285f520d0b6714b698790b7660c52ac84a42c9721ac7e9d38a2ef":112:"993fc8e7176557ee9eb8dd944691":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":112:"ee6d85d3f3703b45adb4f9b2f155":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"59c9258554363d8a885fc0f5d112fee08eadfc7ce52a0e7e73e3d0d41d9a0290":"79c491411402ea7878e480519fd984dde44bce6459303bb76d4eaf97d4e345d1aafaa68ceb0590b41cfed0f411b675d9344c7e888cccfc9eb6fe6b229d198f94ba516ee850ee7f078a4f5f32a23f92f72264e3a76a31ebd042564315ac4f2ec0bb49ba6d08cfd2d3a6308688e39f28e3ecd669c588368cee8210edf5dbefb925":"77e51e89dc47bbcac79cca21e81a61de":"25a6f8800a9b914c0ebf9a45d72355c03ee72a138eb81b2980f332645ce1d7aa4659805821866aee2b276e2c032776b4eaf36f93b5f9a72b791be24e31eff105ca6d0700e3069ee327983dd7fe1c7465d6c6d77837aff69055149988e7199847fad98605c377d997dbd40f3e2ff1a4f978a493684e401249e69540fbde96323c":112:"ee6d85d3f3703b45adb4f9b2f155":"":"44ca68deed5478074adfddc97f06f44c08bf7bca4dee8707d621fc7396fe2efcdad0a167d1708a9ff59ce4cddb86920bf1dbdf41b2109a1815ffc4e596787319114cad8adab46cf7f080c9ef20bcf67a8441ba55eac449f979280319524c74cf247818a8c5478ea6f6770996026a43781285dd89c36212050afc88faa56135fb":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":112:"92282b022e393924ab9c65b258c2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5e9eae594cb54c8089330e4404ff79abb1c0841b0be5347a14633ad1e1ff44fa":"32abc1eb6077555a85a0a6fd1c78cccca6c8b375842e2eb8eee45ee6c38dc0837443d16c647252e8124639dd01c808ac5e857a25d927c2a75e2fa8955cad5beb5c206fc050cd933fc4621f5718936f01f39dd700ae1aee7537cc595df8789c5d1a6e1e87b1c7a60e3ce5d57c80dd65dee3801798e1481b1963bcc78cc69f8c50":"0917b486da754f48bb43ecc8766a7ce3":"2aa1ef2f91aeba5da10b48a882dbd4574df4e9157a18abf8cecd03e4176712ba171b6ecb0e745841ff84e35063e47b08101afc44cfd9cededb913a82f00b9d4bac922f23a22f200642270399896405d00fa5271718eefb4cd5fe7e5f32097766ebff36ff1898a1c8a1a01cc18e6121e470805c37ff298fc65ef2fb1b336d09fd":112:"92282b022e393924ab9c65b258c2":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":104:"6154c6799ad7cdc2d89801943a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"aaf03c3055a35362212b9b059931e7a24fc71e32bc9a533428c9dc31077f2ebc":"c0e12cdd8233878505e025d52427536be7b6bf1887d2dd20eac7092db80b22417a3a4ca83cdf5bc5e36161be1ff9b73f7ceb297c6d07c9cb2a75035a5dc079e48283daea60596f4b356ca28c243e628cbe459f069709fe193394c9b1a31d8ccc5a3a4eba30056c415e68571a2c34bb5c32efff12e9aa483c4a68be5e76aba4cd":"7dfccd077b29e6ed5720244bb76bde9f":"21edd1c6056f51fd5f314e5c26728182edcd9df92877f30498949098dcde8089eed84e76d774ef8874d77125669a302d268b99dcd66b349d0271dde6f8cc94dc4f2df3787887b1173cad94d067e346846befb108005387102854d9387d2c0fbc9636cdf73a10d145f4b612c201b46e1ff4465f6a7654ce3da5792daf9a27fb35":104:"6154c6799ad7cdc2d89801943a":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":104:"1d6cd4ab3914e109f22668867f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"60c775971a9eac7950ed2bdd85bd60fe948ba04c419f6743fb67f37557e46c6e":"8abb2e66a4d08074916056bb8e925551372f737f0e1b597c5d08ee102989743a273b29d7281013f8b3aee2934399cb427370d70370ee86eb41584b653660c633506a53cae747826bb7d93909f069d5aacf058b7f2bbdc58ea08653db857bda83a979fc22a4f126dfef7aac45177f4cdb802fab0c812fb35d12a8176ec21336d7":"9b92ad7079b0de09c94091386577338b":"1f6a84b0df75bd99a2a64849e9686957c6a60932ebe898d033128be9b757e9890225925d856bfdc33ff514c63145f357730bb0435c65342bc5e025267b410af6fd388a5eca01b7efc87fd3b1b791df791bd47dfab736350d7b7f368b4100e04c939d5af957bab95ed502dac904e969876674602a0f0790da2d7351b686e46590":104:"1d6cd4ab3914e109f22668867f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":104:"ca4bfeedcd19d301d3f08cb729":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3b426e449337a14bc0663246ab61b671b523c9a3130c21ed59c93fa6a5aa5ae3":"291bd5a00d71eb7d547b7c94e7030ba4a947418eaeb378a3bacd304b08c6f92f6958eaba968ac6aa23e0512a2a8ad7c1ca2f8fcf623bfc1281f5b7b598c08d2aebcd447668b23238c5e338b4c2ac7f8fd381714c596ea3e0c17aca4317a08563e58f0f52a8af08e078dc242ae54ee0fe3869f8c9687b004a4ded0aa27d8f4c5d":"e6efc96acd105fe4a48d1ac931eea096":"0902cf7a0685444126369712ac47962bc2f7a3a5837f1b6190d9ab1adb4cd35e7f0892eee628b8e07fcf2b598cebe1ec07d8c4823172ae66a135bb51cc71590707b691a66b56af1ffe38772911d11685da355728eaddd83752d21c119d7b59f4c17c2403629fa55cd70cd331aed7b0de673c85f25c2e9e0267f53f0b7480c8ca":104:"ca4bfeedcd19d301d3f08cb729":"":"bcef3f2fd101b828d36cb38530cf9a0a7a285ac1c55ee1069cc78466327e85887534c98a8891d579effd832c0f7d6e7e822fb1eea85a39317a547591def4aeed6660872859fc9d1df9725d3c40e9ccaa900e0f1426a55d20ac4f2e8e07bd3bbc687f8e059ab93e7604c97e75ac94be1c8c24f4c4da0080a4d77953fb090cbb62":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":96:"9e45029f4f13a4767ee05cec":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ceaf204ff504ea8e7fade1a2097f2b527a44766860447322fa5ad346cd810217":"1c8e4cf6018211518494d46c2e0607fa42e236abc28d58f8175c530f84b1f030572f5f6a74cb5517e1fb999a637d352afcbeadea9121e695675859b66b499a3a351ecba5226e58ebbb59fe12e359e4c89cd51c8703d4643c49921ae495801c73627df404b91e828e1d0e03ae09a39defb5aa5f2c8106953772ba0713d3261329":"cfdb8183251f4b61c64e73243594fdc6":"a60f3969fd1b14793dd1425aa0b1f742a4861e0b50eaffd1525cd209ba6d1252176763bb5bee59aaa55f92341cdc0705899aba44cf0ec05cbf80274ebef65cd9507fd4224b25cac19610968d6a37e2daf9ddf046ef158ef512401f8fd0e4f95662eebdee09dd4a7894cc8c409be086d41280bd78d6bc04c35a4e8cd3a2e83be3":96:"9e45029f4f13a4767ee05cec":"":"5cdc66b587ed5eebb04f42b83a6ab7017093514881c598cce332d74fa3fab927493ac15bff26835296e080b5b45ef907c0529fc2f4ed2fc09db179ef598e5d193ea60c301d3f8d823404814e3e74de0e1d2417c963e9246c353201c7a42659d447376e7d05c579dd4c3ae51c2436407b8eff16ec31f592f04b8013efcfd0f367":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":96:"01a573d8e99c884563310954":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"15652abe38cd09777bba21d0db04637f5737d3cb3922181b9f2d07bfdafd327a":"1d6c153dec3b4738a09c9fbdfe31a093eb7ea79b8fa49f83e5e1f46893590f074fb171fb66e30ef887767014e3a10a3aa05da2bd50dd7b7936e1d7f6f31af9030e31e76bdf147f4396464db0f6a72511c4885c6c2305d339906e3c761a3249d7ebea3bf463e8b79c3706e684575550e964b8047979f7aed6ea05056c4b5840b1":"3a5e0d223ae981efb405566264e3e776":"cd755437cb61b539908e0cfaaa36c0123f8f17d1e6539783cb61d4b56cac3bc1e971c1ea558b12669b025cb6b9ad55991c6e2f8ee8b0b7901790193e226a0fbbfff7ff0bee6a554660b9f32e061b6c04bf048484ff9ebd492f7e50e744edd72d02c8fd32f87f9421bf18a5a20ebb4d9dbe39a13c34b7296232470e8be587ba09":96:"01a573d8e99c884563310954":"":"162430c23f7adcf98575a2d9249b4b5cec42efae33776360ebfa6a19c8eee4bd6b07cbd274deadc3292b7cdbb7803e99d9f67ccc5077f3ad5808f339a05b3213dbfd11377673d4f9b486a67a72a9ac8ea9ba699861dce0de7e2fd83d3ba2a2ec7fabf18b95a2bbe2184ff7bddd63111b560b3afe7f2c76807614ba36c1b011fb":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":96:"43470bc3d7c573cb3a5230f5":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a43f6d07042a15cd49f6f52a2a3a67c6c2ff420d95bb94b9fe03b287c3abcaf8":"b67e58c8b608724fd20aa097ee483bc4c804490cc79de635170944af75c87ae0ad8261365c1dc80d852553bcba18da9fbc3fbe61d27550a03003ef0c60202054626655509a9e1ab54677e537a4e761df011d6c6dd041c795446b384161ae9eab441afd24d19b58eb4fe5116cd7b11b751ebbd0a2adba7afc380d9d775177099a":"3b6fad21f0034bba8b1f7a344edf7a3c":"2e01c0523c8293fc51388281dccdb8d0a2d215d729289deb327b8142d716c2bb849e9476545b82f3882ba7961b70c5da2a925ba18b6b121e9215d52ac479c9129c9cd28f81584ff84509d5f9dcb7eaae66911b303cc388efa5020ac26a9cd9ea953f61992a306eb4b35bcd8447eea63cef37bb0c95c1e37811115cf26c53e8c5":96:"43470bc3d7c573cb3a5230f5":"":"e1720d451fa7ab9db4988567187244b15b6fe795dd4fef579fb72e41b21aaa436d2e5d8735a4abd232a3fb9188c75c247f6034cdebb07fd7f260f8e54efefa4f2981cafa510dd5c482a27753a7c015b3cae1c18c7c99a6d6daa4781b80f18bbe6620bfc1518a32531017a1a52aadb96a7794887c11ad6bdd68187ba14f72a4b5":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":64:"d8bd7d8773893519":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1f0f0191e18db07c0501dbab4ed952c5603a4cd249d2d8d17e62e10b96ae713f":"aad40e7866c26e486b6f6e8eb14a130d5f88891bf0d09aa8fe32f447ab8dea7bee5d3eda4499c0103a010483f2b64fdf1155499d31decf528c77dd7627884f9995c213cf7402143dbb7561d69c86886734260ac94ffac7eb33598d25714228ef43f744ec1af2a87e789f1e5d6fff0fbd5082dcc49328f194e8f8a14a5bfc962d":"ab8be16b4db809c81be4684b726c05ab":"a5a6e828352a44bd438ad58de80011be0408d410f6e762e3145f8b264a70c593476b41bb87875746c97de7d5fab120bd2f716b37c343608ee48d197a46c7546fafcdbe3e7688b7e9d2f5b6319c91d3881d804546b5f3dbe480996968dd046f406c11f0dc671be0421cbc8b4ea6811dd504281518bb96148dddf9f0dc4e2e2436":64:"d8bd7d8773893519":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":64:"74110471ccd75912":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a6cf7d83137f57f2310ee6bf31e8883952bb07ccdc12f516233ed533ea967e5d":"83ab20698fd7573fd121976a72b45a7f03aad84702fc8ac73d6926eabd8a546895aeffe4ba81d117507e2cd37d58eeff71cc3afa8a4449be85f228ea52f6dc6395bb43c1c9f795343720841682d9b2f00602eafa4d4cbe297bfc62467e526b9d823cc8eeecd9e5f8dbc2f65610663c6f37b3d896651b254bd60215629ade3b2a":"f17e37e73a28c682366bfe619cc673bb":"0f4dd201b18e20230b6233e0d7add6f96537dd4e82d3d0704c047fab41af5faf6bd52bd14fa9a072f81d92a2ce04352f0b66f088c67102d2d127a9850b09ff6087f194a6e8ccaba24091feb303eebb65f1203b2d22af44e7be4de71f03e6f6cbadf28e15af58f58eb62e5bddfae06df773cc3f0942520de20078dda752e3270f":64:"74110471ccd75912":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":64:"6fb0b5c83b5212bf":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b0c85ac6b3887639838ddca94c5c69f38115aa00122322c8114642d12ea1b8fe":"0210fce418e7e2199cb8f899c81b9be74a630d00269755f882fc4db27632e99685cc12c426a7503473646df1288d0ede28408be9add5713628700f8e2b2e27d7522520ed00ac47239084651eb99e7d03e1520aae137b768f3144232c16b72158fd5da4a26a2525b9b27791bf06d1eb2e671c54daf64fddc1420bc2a30a324ba5":"14f68e533ecf02bceb9a504d452e78c7":"796a46236fd0ff6572b1d6257c874038f870aa71cbb06b39046d0fb6489d6ae8622b5154292ae5c4e1d5ff706daedb2e812533ae3a635d339a7fbe53780e3e8204924a5deb4b6856618f4c7465d125a3edffe1ab8f88b31d49537791c0f3171f08dbb5ed1d9ed863dafbae4ecb46824a4922862fe0954ee2caa09ab0e77ed8fc":64:"6fb0b5c83b5212bf":"":"5e6c362f7587936bcb306673713a6f1fb080783a20e9bbb906456973e529cfa0298206184509c30e1d3793eaaa5d564edd4488f04311821eb652e0a1f4adaf6971505ca014788c8ce085ceb3523d70284ed2bb0aebeba7af83d484df69c87f55a93b3d87baa43bd301c4e55eb8c45dcf3e4612535ea1bd5fdb4c3b9056d0cae9":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":32:"86acc02f":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e61b1a6b40e2ab1245ff65dcfb9948318ac4fe55e9ed600cec301dae32ae0e93":"8d67fa9fcf078e421cb63abeb25dba739ab0e09a091dd06b0c616e1e888f350edb2d73a42f57f115266ea20c7f8fc143ac746649612df06a5e29b4a15934dc049be1ab49d018ab86c4f37d8c3d9c714f038029e74d8ee3dbe61d81adc63712ea413b37f7604da12107aa1695d9b0981e5a92cdfaa5fbda0e31b22c6fd6f3b499":"c356244b3034d288e4d4fe901b8e27c1":"bdcfeb09d5b97bab05a7acd9849e7de2c5beb7a4dc573c7e1c1d0c0409245a6584023114fdcc6413c800ca16847bde750b27c4d590248e2ce457c19b0f614f6aff4d78d4a19b3251531e5e852fbb05d09412cc1ff8988d1955ca6f5fe2d820f20a7642e3ae69e8122b06ba0918e806400b9b615e1abe6fdd4f56a7d02d649083":32:"86acc02f":"":"7c73182eca97d9617abb478a6ce62e3491a7e9951981c89c3071b161a4c80440614c3f24d0155073e28dcccee96bc8303dab4901ef77318df522d16d9da47770ef022395d6104cd623d93d67090a27507fc8ca04157e7939e639c62cd0e7d8a472314833c0eaa9ba2fd54a25b02854e3bff25cccd638885c082374ae520ed392":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":32:"30298885":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4f5a02e9843d28c8c226ed70d44b8fced8fb757ab6ece4d4f06e3c3cec79e44f":"3ec13950d329f24074714c583bdc35686b811f775b76b0a8fcfa66fc56426c9d022f8ab0af38f8d2f71a068548330cdbe891670181ed7491bf40c739ef4dd93689fd35929b225089d2b151f83d9b3cd767300611144586767354c0491112c205409f3168092d27f9b9f433afb79820a2811984d48e70c1fb2a13bbb3ddbc53fb":"099e5d9aae89fb6391a18adf844a758e":"ad93e8662c3196e48cfdb5aa3bc923cd204151aa980cbec78f0d592b701f779c1c49f9e8686d7e2385a4146b21a643a59c18c8b82214f42560bcd686fad7c7c8e8c1944ce6b20ec9537dd14b6cf2592740ca112f4cd582250d69f240d3e957040e1f7e19c60b3c8f2bd00cb666604c38946eb9b2f17336d281b4794f71e538a2":32:"30298885":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":32:"1997daa9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1cdb218e0bd0e02156e5b48182990f778889793ef6018a8928e61164ac047c8e":"4d039618a0eb640329f90fe97de18bc928fc3fc7a0db42c97774bec2e882e872fc1097c8319f7837a16516bf387b1bae321c565e8fc1cb8480f051158e4685f0adba310d2c6253bc1300403cbd3f7ddcb2796a69f8bf9e73d47aada9a02673c1a3d5ecdac838abf22b385906236529a1b7dd5b8af2611a04cf4f83b15ba41cfc":"d2ffbb176f86bee958e08e5c7c6357c7":"bc580c4223f34e4f867d97febf9b03629d1c00c73df94436852cafd1408c945c5474c554cb0faf2bae35d3160c823d339a64ebd607cf765fa91f416fc6db042bc2bd7445c129b4a0e04b6f92a7b7b669eb70be9f9b2569e774db7cb7ae83943e3a12d29221356e08e5bf1b09e65f193d00d9fe89f82b84b3b8b062e649163dc8":32:"1997daa9":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"":"7f8368254955e1b6d55b5c64458f3e66":"":128:"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"dc1a145c18bdbca760f35eea0d4a5992de04a0615964ec8b419c8288ab1470f0":"":"7f8368254955e1b6d55b5c64458f3e66":"":128:"8ddaa2c3ed09d53731834fa932d9d3af":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"":"274367f31ec16601fe87a8e35b7a22dd":"":128:"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7b4766d3a6615ee58b390daa228ae7a541c46ce80a1efe227cc43cb777df3232":"":"274367f31ec16601fe87a8e35b7a22dd":"":128:"5f3a757b596e06e9b246ed9bac9397f9":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"":"796efaff4f172bef78453d36a237cd36":"":128:"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d19b04055bf6e7ff82e89daef66c9d8319ab25f9197e559444c5729b92c4f338":"":"796efaff4f172bef78453d36a237cd36":"":128:"3b445f38bf4db94f1a9ec771173a29e8":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"":"45e6b23f8b3feefd4b0ea06880b2c324":"":120:"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7ca68e300534a90a7a87ca9906e4ac614a6aa51f769b6e6129753a4f83d10317":"":"45e6b23f8b3feefd4b0ea06880b2c324":"":120:"6c0a1c9c2cf5a40407bfa1d5958612":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"":"548c9c8fcc16416a9d2b35c29f0dacb3":"":120:"3aa21f221266e7773eeba4440d1d01":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a2b7cd693239bbc93599d3d12c9876e7303b227b8ae718e2c62e689e1fd62903":"":"548c9c8fcc16416a9d2b35c29f0dacb3":"":120:"3aa21f221266e7773eeba4440d1d01":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"":"a5129e2530f47bcad42fc5774ee09fe7":"":120:"6bb09ed183527c5d5ed46f568af35f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"156b854beb0c276a5e724f5da72f0d1ca4ae7cbd5f93a2257d95c2e5bfd78ad4":"":"a5129e2530f47bcad42fc5774ee09fe7":"":120:"6bb09ed183527c5d5ed46f568af35f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":112:"55952a01eee29d8a1734bbdf3f8f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d824330c60141264e1f709d63227a9a731bcc42b4adec1d8f0161b10b4fdb2ab":"":"c5afaa45312c64ab3c3cf9d6c4e0cc47":"":112:"55952a01eee29d8a1734bbdf3f8f":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"":"6404b111c6289eefa0d88ed6117bb730":"":112:"637f82e592831531a8e877adfc2c":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5517589948d8aea778df6fd66c17a170d327f69e504f0a4bd504c4286a9f578":"":"6404b111c6289eefa0d88ed6117bb730":"":112:"637f82e592831531a8e877adfc2c":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"":"3b87b08337a82272b192bd067e3245ec":"":112:"1f2dda372f20ffddd9dd4810e05f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"f6137b2bcbd327fbcc7f313efa10f6ffaed30e4782e222e1225c87103fcae905":"":"3b87b08337a82272b192bd067e3245ec":"":112:"1f2dda372f20ffddd9dd4810e05f":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"":"58e70095c6f3a0cda2cdc7775e2f383d":"":104:"1763573f7dab8b46bc177e6147":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b5e70d1b78e931abf44bba3f937dbc344858516a8a8afe605818dc67d0c3e4c4":"":"58e70095c6f3a0cda2cdc7775e2f383d":"":104:"1763573f7dab8b46bc177e6147":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"":"d565c9cdfb5d0a25c4083b51729626bd":"":104:"78738d3e9f5e00b49635ac9a2d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"90de0c047d1dd01d521f2dedec7eb81bc0ace7a5a693a7869eaafbb6e725ad7b":"":"d565c9cdfb5d0a25c4083b51729626bd":"":104:"78738d3e9f5e00b49635ac9a2d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":104:"ea7b52490943380ccc902ca5ae":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c43e8dbeafb079692483a9fcbab964b76fccca6ca99e1388a1aa9bf78dfd2f02":"":"f2bd4fe0d30c0e8d429cac90c8a7b1c8":"":104:"ea7b52490943380ccc902ca5ae":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"":"c993c1802df0f075ce92963eb9bff9bd":"":96:"edfab013213591beb53e6419":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13540919fdb95559e37b535a427efeee334309e34c4608459e204d931b8087e7":"":"c993c1802df0f075ce92963eb9bff9bd":"":96:"edfab013213591beb53e6419":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"":"8f7e1621c2227839da4ea60548290ffa":"":96:"f9da62f59c080160ec30b43d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2a7b2e07c148ff0f627ae28c241a395876bbed0c20f3fd637330e986db025714":"":"8f7e1621c2227839da4ea60548290ffa":"":96:"f9da62f59c080160ec30b43d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"":"05d363b2452beff4b47afb052ac3c973":"":96:"6b4a16d1ea1c21b22bdcb235":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b3e7837a75b38ae6d4299a1ae4af3c2460dfca558708de0874d6b1a5689b8360":"":"05d363b2452beff4b47afb052ac3c973":"":96:"6b4a16d1ea1c21b22bdcb235":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"":"774f4e70a7577b5101c0c3d019655d3e":"":64:"98ff89a8e28c03fd":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9df3ccd95f7570f6ecf5e5329dcb79bcd46cbcf083fe03aa8f5bd0f645c6a607":"":"774f4e70a7577b5101c0c3d019655d3e":"":64:"98ff89a8e28c03fd":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"":"99f25cebd6cfa7f41390b42df6a65f48":"":64:"8e14a0a4853a156a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c7123e2e8d3774c8f1bdbb2272f19129e04f29b4351ae19c3b9d24e6ea1fe87":"":"99f25cebd6cfa7f41390b42df6a65f48":"":64:"8e14a0a4853a156a":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"":"c1beff1ff6cdd62339aa21149c4da1e6":"":64:"f998d7c08d609b3a":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"490090323e9257517e2453469caa3414045cacb4d05d5cebc6b9c06fa6d19291":"":"c1beff1ff6cdd62339aa21149c4da1e6":"":64:"f998d7c08d609b3a":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"":"88126c350dfc079c569210ee44a0e31a":"":32:"f2ebe5e4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"360e48dd38d9e7f5bf29a2994ab5b3c9c70247102d94049ae791850807a4c845":"":"88126c350dfc079c569210ee44a0e31a":"":32:"f2ebe5e4":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"":"af29fdb96f726c76f76c473c873b9e08":"":32:"13fd6dfd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1562b32e4dd843edaf4474b62cadd8f46d50461f5b22c9f1a8eae7367d35d71b":"":"af29fdb96f726c76f76c473c873b9e08":"":32:"13fd6dfd":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"":"1552604763453b48a57cea1aed8113f4":"":32:"660c5175":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d5160d0c98ffcb1c26aad755f67589000e2bb25fa940e6b1d81d780f421353d9":"":"1552604763453b48a57cea1aed8113f4":"":32:"660c5175":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":128:"6b4b1a84f49befe3897d59ce85598a9f":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c3a3ea3a097c0c2b3a4cb78462d87fd5a8f348687c4150e9d3354b388ab13d17":"":"f77945979241fb3a454d8e3da193e169":"a69bac31241a2c07d3f7e331b77f662b1e67ccb81c07f52578b01f5785de9437f02eb7627ca7b9af09c1cb428fe93d6deb31f4d6dd2f0729f87480bdeb92d985de1aaad4bcebc6fbad83bede9a5dd1ca6a15bf5d8a96d4edb5bee1f7d195e9b2e5fb2221a596d69f257c18a143eda870e22d3f2ed20c9b3b0d8c8a229c462fff":128:"6b4b1a84f49befe3897d59ce85598a9f":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":128:"8faa0ffb91311a1a2827b86fec01788d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e1626327d987342cba5c8c63b75b4ed65463a2b9c831f4f9f80325fa867d1d73":"":"4e25800deab7ecec2a2311f8fb44eb7d":"ebaffd558f24dae03117c69ac4b2b4aaeaffe7e0e7599eaba678bfce23a9914dc9f80b69f4a1c837a5544cba08064a8f924064cba4d783623600d8b61837a08b4e0d4eb9218c29bc3edb8dd0e78c1534ab52331f949b09b25fbf73bece7054179817bc15b4e869c5df1af569c2b19cb6d060855be9a15f2cf497c168c4e683f2":128:"8faa0ffb91311a1a2827b86fec01788d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":128:"2211ca91a809adb8cf55f001745c0563":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"938da64b837275b0c80c442bdf2301aa75e387fe65a775d10a8ec840f62ff429":"":"dec6adeb60216cbb8a6c3afba49fa201":"4ac144bd95f405649444f01ab67ef3e4c0a54fdbd933b6ba00518c79db45c22c90030c45aadcfdb53ec8199be0cbb22dbb9ab938a871f4b3b0c98ed32590a051abb946c42726b3e9701f183b2092985e3457943a6350fbcaece2e6b111b179ea3fd10ac080a577a1481785111d5f294bc28519c470ff94392a51a2c40a42d8b5":128:"2211ca91a809adb8cf55f001745c0563":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":120:"2e080ba16011e22a779da1922345c2":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e2436484ea1f454d6451ad8dbd1574b208d7a3ab4fa34869299b85c24348b43d":"":"97040d2ec094fe1c64fa35b35b7451a7":"bc198677513ce0e66697dfe52b22315fa5d8f92042f34cc9f373a01f94607df1a599132f60af010ed9b5e52162dd7b162912b68b11700e08f5fdafd84d10f760fc05ec97c05b83e55155194f399594015b90a19c04fb992e228940fe1b54ba59c4bb8318b33cc0df1cb1d71c389473dfb3eefabfe269ca95db59a7bc0201c253":120:"2e080ba16011e22a779da1922345c2":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":120:"83de3f521fcfdaff902386f359e683":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7fb3fc72eb8a3aa5b102f90039f852cc3fd64f46915f5e49f1d9e02fe9cc13b1":"":"f6120fea313362524917c53d90bafb4f":"60c2be7fbd15faf895fd19a9ce775fe2b183b45cffafe4fcbf50d421bea97347e41a9418cfa129b2dda63b889a70063010215dbe38c37feae18bc31b34f31b726f22177f2b4b9d648dd4aa80edfd12dafaee10baa83224354432d1cb62ccabe38bb8448d162cd0d30e988d2e1a2458ffdafaacbdff928756390f66dc60d7ea45":120:"83de3f521fcfdaff902386f359e683":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":120:"cd4542b26094a1c8e058648874f06f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"697c96d80d0a3fa9af35b86f31fb71a17aed30ce841c79896bbc8863b3b3ee04":"":"3a5163ec7e007061838d755ac219855e":"de50c12da63232768d5eb9920d49683b5b7114cb77448fa10b9d63552ec5d9c2eac94b375d11f944959f903bb20c696639b6e7f108ec1e873870098c631ddacb2c25268cfc26d2a4cacfb7dda7383374c5456bcf4daa887a887f4293f8caa14419472a8bf7ffd214dfb2743091238b6d1142b116c2b9f4360c6fe0015cd7de81":120:"cd4542b26094a1c8e058648874f06f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":112:"96ca402b16b0f2cd0cdff77935d3":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"66c1d9ce3feb0e966c33e3fd542ec11cc32f18c2514b953103d32abcdc72633a":"":"46fdb88fdde9b7d74e893802a0303256":"55d2f263d2e3cf0b390fce1dd1ebd5f666086f26e1ce2f08002bedbb810ada3922c6bfcf6a6adaa556e9e326c9766f02b3eb6e278da2fa3baa7dbdb6373be3c6ecfbe646b1a39e27c5a449db9b559e7ea3496366b8cdbca00ee7a3dea7fdfbea1665bbf58bd69bb961c33a0fd7d37b580b6a82804f394f9d5d4366772cee3115":112:"96ca402b16b0f2cd0cdff77935d3":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":112:"8233588fca3ad1698d07b25fa3c4":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d7c949420dc9497232cd5810f316d11f9e85d36c430b5943ba79836d88c1eb92":"":"7ef9788ff09cbeedd9569d49083a4097":"ca1de5cc3fcde2638eb72210e551e9c0e0a3f5570d5be83a9a4406b545d854bf17e75b9cd0f4c45722fbd71319a317b72a8798485e9316a1c8102432b83bc95af42f6d50700ba68f6f2e19b6af609b73ad643dfa43da94be32cc09b024e087c120e4d2c20f96f8e9ddfe7eae186a540a22131cedfe556d1ebd9306684e345fd1":112:"8233588fca3ad1698d07b25fa3c4":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":112:"477b0a884d788d1905646bd66084":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe7c70815aa12326cdcbb2d2d3e088bbaaef98b730f87fe8510b33d30e12afe":"":"e0253bd1f19e99a7f8848206fb8ac4a4":"397897eca4856f90d14c3cdfe1ad3cba47e23174ae2dab7d2a6320898584e03bffa3ffd526f416d7b3c579b0f3628744e36eebb5df519240c81d8bbbf5c5966519c5da083ab30a7aa42deae6180e517cdd764b7f77d19cc1a84141817758887a8d7265e7e62279b9d33cd2f1ba10fd54c6c96d4b8a5dbe2318fef629c8e2af0f":112:"477b0a884d788d1905646bd66084":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":104:"0cb67cec1820339fa0552702dd":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"cbeefb3817cb02d617f385cf2371d52c8bcbc29e5e7a55cd2da131ca184c6e89":"":"f74156d6400ae46b612531848bffe18f":"1abe2ab05ceccf2391273126fe4a4426b94d2c3b97a7f1cd2ee6bb952bf4a546e972b5a1701d5ddb0e5bb7a248fcb47107a9fc77e4b9806b68a11850119aa239fa8be1370e3a2e1a8b168f7323afdfc4b8917d92570167848a56132d68876abc386c258a9233dc8a9eb73443b052e842c3d63e8b5369acdd038404e4e9a4b038":104:"0cb67cec1820339fa0552702dd":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":104:"08d7cc52d1637db2a43c399310":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e6f5f65ce2fc8ec3f602f5df90eb7d506dd771337913680ac16bdcd15c56583d":"":"9212a548c597677d1747e98ce6fb18a4":"55ca486c0183d0134925880d2e21dde0af51c4c77c6038a5a9c0497884e0aa4715bdb5b4bb864acc708ac00b511a24fa08496df6a0ca83259110e97a011b876e748a1d0eae2951ce7c22661a3e2ecf50633c50e3d26fa33c2319c139b288825b7aa5efbd133a5ce7483feecb11167099565e3131d5f0cb360f2174f46cb6b37c":104:"08d7cc52d1637db2a43c399310":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":104:"fbb477dd4b9898a9abc5a45c63":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0e9a0391435acb57eae2e6217e0941c79a3ff938ec6a19b8a7db2ea972e49f54":"":"27cd1d7af7e491e30c8110cc01392529":"79140d32bb32dace0779e2d37a0f744d6d973e99a279962b43a6c0af63772e8a0a21d5d9dd3c33d4b218cb2f6f24dd8d93bb4e1e6a788cb93135321ecfed455e747fa919b85b63b9e98b4980a8ccb3b19d50d735742cb5853720c2ad37fa5b0e655149583585830f8d799c0d2e67c0dc24fc9273d9730f3bb367c487a5f89a25":104:"fbb477dd4b9898a9abc5a45c63":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":96:"99230019630647aedebbb24b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55a12eeca637654252e3e40b371667e3f308b00f2fd2af696223e4cd89e3fd4e":"":"8a3793b6441258360f7f4801b03d0b26":"f5810dc5f25e49bd6d94bc63c2494aa7a579a4056a25f1dd9b2734d0b8731ee52523edd54ff475651d45c213e1bf254327fb0e2c41a7d85345b02bcc9d27b08915d332e1659671991a4bb74055967bebbba6ecceb182f57977130623d5a7b2175fa5a84b334868661c1f450b95562928b4791759796a177d59ed18bbf141e2ad":96:"99230019630647aedebbb24b":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":96:"9553b583d4f9a1a8946fe053":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3d353f870a9c088de5674efd97646b9c5420b2bcdfcffefcadd81682847e5331":"":"f267fa982af5c85359b6447f9b7715ea":"7cf55630867af5dff747c8dd25bcc531d94a7730a20b6c03d46059ea93fcaa00d07ee17dad0e0dff814b02dfef0cbe00b37fd2f5f95ead7c72be60016f2934d7683fc1e47185c7211c49cb03e209b088edb14e533dbcb792ab7033728904f7ff12381a236dba97894ec1fafcf853ab15fff343f9265d0283acef10168ffd1271":96:"9553b583d4f9a1a8946fe053":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":96:"44b95a37fab232c2efb11231":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d227c9ff5d17a984983056fb96f3991932ae8132377529c29238cf7db94a359d":"":"b8f6536f376a7efe0e684acf350bae70":"1cc25da31f90de7fa47ebce92754d3faa99f88d4e25ccab45645c1acdf850d55d7f02f61a0bfdc3125f29259d7da8abef532fe0966c63d3486753c8a2cb63a39349a0641b2f2b9526a03b97d58ca60fbb054c6c164ff2836688b0cad54df2b165bc082eeae660e768dde5130e30f8edc863446661c74da69b9e56de8ae388da0":96:"44b95a37fab232c2efb11231":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":64:"072d4118e70cd5ab":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b2a57ef85ffcf0548c3d087012b336c46f6574cf1d97ca087bfad042ee83eec2":"":"3d580402d2a8dc4d7466e5dcb456be7a":"c2b9e95c16e55028794a63ef82d11fb83a2a75dc34a81f238e472c33264534bdd54cd07d02a0ecf9019ad1a6d6c779f339dd479e37940486950f183bade24fca2f24f06d4037b3555b09fc80279ea311769473eb0630b694a29823324cdf780d7d1a50d89f7a23b05f7a8c3ad04b7949aa9e6a55978ba48d8078b5a2fd3c1bbb":64:"072d4118e70cd5ab":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":64:"1bcea0ac2c1a0c73":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"63889ed5bf2c27d518a696b71c0f85592e3337aae95b5bf07289e4c5dfdc088d":"":"1ad534280a0fac7dce31f2ae4fb73f5a":"be1b9dabea33bb9443e27f674b27931c0fba699a33dc86fab29e50b76a9441030444b465317bbf2949faf908bc1b501d11a5ea2042e4b460a85f3be5836729e523d99b56ef39231d5c6d8ae2c2ab36ef44e2aa02a1f2c559c6e333216c7f9ed5f9b880a88e920219204c99a3ae8f90afd1396563bc59a691a93e0070b0b5fd90":64:"1bcea0ac2c1a0c73":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":64:"faa5c13d899f17ea":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"94e3e2c17cfb6f52d4fdba3ba6d18bba891b6662e85df14d7e61f04adb69e0e5":"":"8a80efb3bfe220526997543409fddb4d":"05da1b0f7ac6eef488d3f087ecae7f35abe3ef36d339709dc3fcb5b471979268ee894c3b6c7f984300d70bc5ea5fba923bfb41d88652bdaecc710964c51f3e2ae2c280b7d6c8e3b9a8a8991d19d92d46c8a158123187f19397ad1ad9080b4ffd04b82b5d68d89dacd3e76439013728c1395263e722b28e45dabf1ef46b8e70b5":64:"faa5c13d899f17ea":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":32:"a3958500":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"fe5e479ad0d79dbf717a1f51f5250d467819e444b79cb3def1e0033c80ddadd8":"":"47ce838083fd070d8544c0ad5337cdc6":"98476bf05a18c4ff1b6024dd779c1ac06d838705a0a83fe42bee5fc6ebf3b2a1a5049b67f4aabc8239cd6ff56504bcbad1e2498c159bbec2a6635933945f6ea49e5bc763dcf94f4b3643d3888f16105abb0965e24f51cb4949406124145e9ae31cc76535b4178492f38b311099df2751f674363ae7a58f6f93019653b7e6a6f0":32:"a3958500":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":32:"50fd1798":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"27d4dedb71a8f68ca5ce2b9e56da772bf5a09b7981d41cd29f485bd2d1adb8d4":"":"7e6f0343c54539717a97b6c8b9f7dec4":"d386db78043f719b7e137cbf79a7f53dda2fe3baccbebb57d499f6eb168e5151f10081d76b72ae0f30165efbdda469e826f9246e59dbcad5c0b27691c00d6c192c24073e99c19cf8c142087c0b83c4ce2fc7ba1e696394e5620ab2d117d5dcd2ac2298997407fd5de07d008de8f9941a4a5f8074736a59404118afac0700be6c":32:"50fd1798":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,0,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":32:"07764143":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"5a7aa836a469d28542d0d24d3232fad266da8fc889c6b6038b726d3da25f7b20":"":"9faf7cd805803e143ec8f3f13475efd2":"1006c707f608728b2bf64734062b12a5625062bcdcb80a3ce2058352a2922d5e6fbe19681b4f0d79ad3c837f81e72f2fbf8df669894e802a39072b26c286f4b05188c708f7c6edd5f5bb90b87ffa95b86d84d6c1c4591b11d22c772a8ad7f2fe6bd8b46be0e93672df2e8bff8ba80629e1846cfd4603e75f2d98874665c1a089":32:"07764143":"":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"5714732145470da1c42452e10cd274b5":"":128:"db85b830a03357f408587410ebafd10d":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a9444fd176acbe061d0221fde3ddfcc4ff74e995d981a831297c4cbda51c22a1":"c146ff5a988496cad7eced7a2ea471e0117d5d6bd2562c23ce9db4bf36d83ba3fc22e90486ec288a627d208e0b2fd3b65f8301cf7fc41d97959981a95cd1cf37effc46db99b94b21c941c3613c26a10b1a6b7793f467d58ff5134612230f1c49d7e1fcf664fe52fc6eca46273982f6fe729b009d90eb8d8e4a0b0dbe907b76da":"5714732145470da1c42452e10cd274b5":"":128:"db85b830a03357f408587410ebafd10d":"":"a3cad9a57fa28e6f6aaa37150a803bf8b77e765f0702e492c4e5ebb31ae6b12d791149153e469a92bb625784a699fd7ca517500ee3f2851840ba67063b28b481e24ba441314e8b7128f5aaccaf4c4e2c92258eb27310bf031422b7fc2f220f621d4c64837c9377222aced2411628018a409a744902c9e95c14b77d5bb7f5846b":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"a714e51e43aecfe2fda8f824ea1dc4b7":"":128:"cd30c3618c10d57e9a4477b4a44c5c36":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"686d3bd071e3f46f180611bc4ec8d7726fe72b6c617e7d42b3339f53918c9e36":"21983ad66449c557263aef299da6eef8f31d576fc17ed2dac3e836f7c2ceaff3094b2695452680e188df10c174810efd1fbaa6c832baedce0b92e4c7121447f6461ac909b4302cdf658095b1de532b536faa4fb38cfdf4192eb5c3fe090d979a343492f841b1edc6eb24b24bdcb90bbbe36d5f8409ce7d27194a7bb995ecc387":"a714e51e43aecfe2fda8f824ea1dc4b7":"":128:"cd30c3618c10d57e9a4477b4a44c5c36":"":"9610908a0eb2ee885981c9e512e1a55075a212d311073bbb2fb9248cce07af16ee4c58bdc8dbe806d28480f9065838146f3e1eb3ae97012cfe53863a13d487f061a49a6c78ca22a321fa25157dbe68c47d78f2359540cc9031ee42d78855ed90e6b8ea3d67725bfffcb6db3d438c982b5f88d9b660f7d82cb300c1fa1edebb6b":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"91d55cfdcdcd7d735d48100ff82227c3":"":128:"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6fe81f15a02e2ecf46e61199c057102d160e6b5d447d4a275972323fff908c3e":"0b4ee0385e6665da8fd2ae47f2d0cf1c5bd395a3bb447047ab5a3ae0b95355bf83d0381119a8d4c01acbe60cd7885da650502f73498a682fdc94f7b14f4c753226064fa15e3a90a6083e053f52f404b0d22394e243b187f913ee2c6bb16c3033f79d794852071970523a67467ce63c35390c163775de2be68b505a63f60245e8":"91d55cfdcdcd7d735d48100ff82227c3":"":128:"cd7da82e890b6d7480c7186b2ea7e6f1":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"19788b2e0bd757947596676436e22df1":"":120:"f26a20bea561004267a0bfbf01674e":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"4c2095e1379389dc3810e8819314f5a2f87d1494213c5b1de1a402f7f4f746c4":"26ec8ebac0560538a948afbc18fb730e9a91f21392bde24b88b200f96114b229a5b57fa9d02cf10e6592d4dfb28bf0f00740c61157ce28784e9066ea3afd44ecf3a494723610cb593c0feffc6897e3435c6f448697ad3e241685c4e133eff53bdd0fe44dd8a033cfb1e1ea37a493934eb5303ae6ef47ce6478f767ef9e3301ab":"19788b2e0bd757947596676436e22df1":"":120:"f26a20bea561004267a0bfbf01674e":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"c6b26117d9dbd80c1c242ad41abe2acc":"":120:"61051d6c0801b4a6b6ca0124c019f3":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"be5351efc0277afc9759ec2464a22cb4401f7a17efd1a205e7af023c7ed30ee1":"1eca91406f338fc09c2988b1d7dc8c409d719300c03840a497d7b680cdd5e09b144903477f7116a934e1d931cf368af1fc2a0a0e7caa95475a3cd7bf585a16fda31eb3f8201db0216b37a1635c1c030836b3dd05ca5b0194388fa198e717822131d5d4318690ef82d35ac80b27fff19aec8f020dc6c6ce28f0813bbbf8230ad9":"c6b26117d9dbd80c1c242ad41abe2acc":"":120:"61051d6c0801b4a6b6ca0124c019f3":"":"95447aded336d6c20d483a6f062d533efed0261ad321d37bf8b7321b98f55c0f0082ce7f3d341b18fea29a72fc909d30cd8c84a1640227227287674a9b2f16a81b191ecf3b6232d656c32d7b38bea82a1b27d5897694a2be56d7e39aa1e725f326b91bad20455f58a94a545170cb43d13d4b91e1cee82abb6a6e0d95d4de0567":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"0db3ade15cb0dea98a47d1377e034d63":"":120:"e62f910b6046ba4e934d3cfc6e024c":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"814c2cdfdeecf39d43bb141fbfc62dac44f7552c5e5dac2d4913303fc860119b":"0d3013a1d7132f685d001420daa6c7b643bc36b887511acc4588237d3b412c79e4ebba29c08248ad46c7239e8daa232b7483c9c4e3d1c0bbebc696401efe21f7fd6fc0525a4ab81bd9a893d5f7ab23b70ed07c00f33649b8a996a006de6c94f7793f72848793f4d5b31311c68aae1e715b37409fbe506dac038a0950f05fe82b":"0db3ade15cb0dea98a47d1377e034d63":"":120:"e62f910b6046ba4e934d3cfc6e024c":"":"374d03cfe4dacf668df5e703902cc784f011f418b43887702972dcc3f021bcb9bdd61ed5425f2975b6da7052c4859501eb2f295eb95d10ba6b2d74e7decc1acacebf8568e93a70a7f40be41ac38db6f751518c2f44a69c01c44745c51ad9a333eda9c89d001aa644f1e4063a8eb2a3592e21c6abc515b5aacaec8c32bcf1d3c4":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"83f98eec51ee4cae4cb7fe28b64d1355":"":112:"df47eef69ba2faab887aa8f48e4b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1ae4541110f2bc4f83cd720b5c40c8315413d896e034b75007f172baa13d29ec":"5ea811e7fbfc0e00bf2a6abfac50cad9efd90041c5f7fb8f046a0fecbd193b70a2de8a774d01dd3cd54f848cb3e9f5152ee1b052ba698bebfba1fbbdae44a260447d6e6482640ae4d01c9cac3d37d4ffe9a0de0b6001de504a33ef7620efe3ce48ecd6f5b1b3a89185c86d4d662a843ff730e040e3668d6170be4cced8a18a1c":"83f98eec51ee4cae4cb7fe28b64d1355":"":112:"df47eef69ba2faab887aa8f48e4b":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"2bc0847d46f3d1064bbf8fe8567f54a2":"":112:"5a1bf25aa8d5c3fe5cf1be8e54a1":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"20c9b662ec4bd13bf58d64cb0a7159b0e7fee4703af66292bf75c8bd6e42e8dc":"45b64f2ed5ac707890c0c1726adf338770ce6a728fe86bb372c4c49409a32705f881bc4d31a27c455c7c7df9dd2c541743523e7d32f88930d988857847f011be5f5f31a31e8812745147cbff5c1294d0fd4a7285db4833f22bf1975250da99c4d0dd2c9688d7f8001bb6ef2bc898ce4d42c5b78e74645b56ce992338f49d4183":"2bc0847d46f3d1064bbf8fe8567f54a2":"":112:"5a1bf25aa8d5c3fe5cf1be8e54a1":"":"9079d6275db076625e8474c2914fe483d413d5339202f98f06c3b0ef063d8f3d31029deaf7f9349bfec57e5cf11f46f02d5a6520c7992efc951adbbea6d08e53faeb10dfe8b67ee4685da9ea4fe932551a65821147d06d4c462338e6ddda52017c2bc187fd6d02b7d5193f77da809d4e59a9061efad2f9cadbc4cd9b29728d32":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"b9194a4d42b139f04c29178467955f1d":"":112:"05949d591793ca52e679bfdf64f3":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0a1554db37f2e275732a77e521cbd8170729d8677a85db73feacf3c66a89d689":"5421d93b7e6e0091978c673df4f3a406aef5f13eb5e6f95da19b0783308cbe26d4fd6c669cc4a9f069d7e62e4c6fad14b80e918fe91556a9a941a28b3dbf776a68ac7c42df7059b5ed713e78120aec84e7b68e96226c2b5e11a994864ed61b122e7e42ef6cfdae278fadbae1b3ea3362f4e6dc68eef6a70477b8a3ffcfba0df9":"b9194a4d42b139f04c29178467955f1d":"":112:"05949d591793ca52e679bfdf64f3":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"6a5335901284dd3b64dc4a7f810bab96":"":104:"04b8e5423aee8c06539f435edd":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"3ab1d9bb571c4bdc9f3ef340914bddcfe0c8e7718d4a2530334372cec86e5fcb":"80bcea307e009745724d5f15d21f3b61a5d5a8401530346b34a2adfa13e3e8c9c9327d6fad914b081e554fbe6c1c6fe070b566620e559555c702c0ab5becf61ea1d9de64351ce43b2276ef4e20b5af7ce43db6d21286af4e740ef00c6d790705afcf0ee4850fffc12c662f2bd8212feb21db31065ab8f717a7509c213352b869":"6a5335901284dd3b64dc4a7f810bab96":"":104:"04b8e5423aee8c06539f435edd":"":"36b9602eee20b8f18dce0783cd1e01a799f81ae0a1ce6d293a26c62f47e7dad85c8446697cc09c81d3d9ead6f9e55c4147211660c8aea9536cc5516e9883c7d6854be580af8cd47ba38fa8451f0dad9c904e0e7f9997eff7e29bf880cd7cedd79493a0e299efe644046e4a46bf6645dfb2397b3a482a346b215deb778c9b7636":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"fcb962c39e4850efc8ffd43d9cd960a6":"":104:"1d8cdadcf1872fb2b697e82ef6":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7dddbd5657e22750bfe6baa70a1f4ac46c1ef8bee573a57cfcef50b66f85e593":"2bf5aba83a8161b9d21ff29251fb0efa697b1ea9c1b3de8481d5fd4d6b57afda0b098decdc8278cc855f25da4116ed558fc4e665a49a8fff3aef11115757a99c10b5a73b1f794f9502186c13dc79442f9226bbf4df19a6440281f76184933aeae438a25f85dbd0781e020a9f7e29fb8e517f597719e639cbd6061ea3b4b67fb0":"fcb962c39e4850efc8ffd43d9cd960a6":"":104:"1d8cdadcf1872fb2b697e82ef6":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"b4d9248bb500e40de99ca2a13e743f1c":"":104:"090d03446d65adcc0a42387e8e":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6916b93b2712421f1f4582de7ec4237c4e42e2b32c7dced2f8bb5bd2e0598312":"3739cca20279a36ddb857ac22beae901a49529b3182463ab81a7c46e437eb0b0571e8c16f7b626ecd9f2ca0cd83debe3f83e5d58ed3738899f4b616755eb57fb965208f261736bdf7648b1f8595c6b6a779768115e3077dfee7a42d44b555a51675fb1ce9961d0e21b2b9b477c0541184350e70decf7c14a4c24b8a6cd5fed8e":"b4d9248bb500e40de99ca2a13e743f1c":"":104:"090d03446d65adcc0a42387e8e":"":"0255be7ac7ac6feb3a21f572f6a593cc8a97f17af7064c80e478f4a6c469cf94d604bc014b003bf284d216161a9c8a493af43c6a0d8caf813a9e6f83c7ed56dd57543876b11f76aa2be80dcd79d19ac61f00fa423ac2f52fae7a8327cd91494ca4116feb735980ad0a4b1445cb7f38cc712b8aee72179e65b97fca38694e3670":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"160c50c0621c03fd1572df6ba49f0d1e":"":96:"9fef9becf21901496772996f":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b751c8b724165009a8bd97a9d2a0e22cae5a95c4743c55eeeef0a6fe7d946bec":"e8546a5af1e38114822e60e75563a9399c88796f303c99c69d1f3c50379da81e1cd5b5a4a721e23c59da58ea4361b7ff58408e506a27fea24f9a235c6af7f7a5bd93fa31e90edfc322821c08d6324134830b7fe160b4a3e6d27866a10e6e60762a31618ef92f5c67ccb1deb1f1b188f0e687165e7c366c7418920df4f4fcdcae":"160c50c0621c03fd1572df6ba49f0d1e":"":96:"9fef9becf21901496772996f":"":"175fa6b7cd781ec057ff78ba410f2897a920739b5fc4f04bc9b998fbc7cc18e327ad44d59b167e4627256aaecd97dc3e4a7c9baaf51d177787a7f4a0a2d207a855753c4754d41348982d9418b6b24b590632d5115dc186b0ba3bec16b41fa47c0077c5d091ec705e554475024814c5167121dd224c544686398df3f33c210e82":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"04885a5846f5f75a760193de7f07853c":"":96:"0c13506ed9f082dd08434342":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0faf32c22c2a4ee38fe4b5ce08f98fdf6f83b5038dcba5ec8332b3eeb5c710c7":"8a556cc30075753c6e94c2f669bca2058ff6abcbffffc82da7cfca0a45af82dfb4cf487ceb4ede72be87ee4c8b72db1e96459de1dc96721464c544c001d785f2188b9fccaec4b1a37970d38b326f30163d2fdfdf8a2ce74aec55abcd823772b54f8081d086a2e7b17b4086d6c4a5ea67828ef0b593ea1387b2c61f5dfe8f2bb0":"04885a5846f5f75a760193de7f07853c":"":96:"0c13506ed9f082dd08434342":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"0a93b883cbd42998ae2e39aab342cb28":"":96:"5c37918edb7aa65b246fd5a6":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0dddc3d2f82bdcdbc37648a6b9b416af28753740f8e998cd1a52a0b665369f1c":"07bf84b15b21951fd22049be6991a672503ae243b8d285fb1e515e1d2c36bfd5b0d0bcce85791f2cea8f616aed68a7d9cf4eaf76418e8b1ec27751de67cbfd9d9f7905b2667904f10d598503f04c04ea00a681ff89a9c446d5763898430bd7a9dfebfe544e3ed3e639b362683a651e087626ffa63c0c2b3e0dd088b81b07f75e":"0a93b883cbd42998ae2e39aab342cb28":"":96:"5c37918edb7aa65b246fd5a6":"":"ff7b7b2f88b8c6f9f9bad7152874e995eea0ff1ce1ecd9b8d563642a37a31499f14d70f0dd835b7adf80928497f845fd8c2786cd53af25f8c9fe1bba24e3c3860162635bbed58f06cf6c9966bb9b570987a48329279bb84afb9e464bb4ad19ae6600175086e28929569027c5285d2ed97615e5a7dada40ba03c440861f524475":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"e20957a49a27e247d00379850f934d6c":"":64:"c99751516620bf89":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"a0b1a62e46e7712277fc711e19d0c0c865ee77b42ac964b7202dbcaf428086c2":"7dd7c0787fdbea4aacf929341659dcf4b75cbca8f92001e8b62a4d7b40272c5755fa9c445857db05328dc11ce5221f044f4b3dafbf0e2d72a1ad0d3e4c804148db578218690ccc620d8b97b4450ff83400a6caaa959617611446a6627138a4067be9ea410d4b0581022ab621928205b4a4480560fc4c2c3b39a2805684006f35":"e20957a49a27e247d00379850f934d6c":"":64:"c99751516620bf89":"":"9307620479f076c39f53965c87d20c2aff11c736c040dba74cd690d275591a5defc57a02f6806de82eb7051548589484364f6c9b91f233a87258ede1ee276cb2c93b4fc76f4d7e60cbd29ba2c54cb479c178fa462c1c2fb6eeb3f1df0edfb894c9222b994c4931dedf7c6e8ddecbde385ddf4481807f52322a47bf5ff7272991":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"d533c2170c5dc203512c81c34eff4077":"":64:"167ec8675e7f9e12":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ffcc1c88fba1723b3ab57b458d9bffb98b878c967fb43b9db2ae0753d32a3bb1":"19b6dec86d93c466307de3a36c0791ed1010b1b9cf8d30347ae46e0f9283c9fda43da8cb491dd17cc4298b1f0b876d6a0f4bcbc9667fe34564bc08f8f7b67045057d19f4bf027bc839e590822fa09a5cef1af18e64a0116aa2a01a3f246c2b5272c18c9aa23efe674ba53d533ae8f0695cb78c1155cdc7a9d7fae2c4567dc07c":"d533c2170c5dc203512c81c34eff4077":"":64:"167ec8675e7f9e12":"":"0539287ac546fe5342e4c3c0ec07127dcd22899abfe8cdd6e89d08f1374d76e877bec4844d06e0a9f32d181c8d945ba16a54ce3725fae21d8245c070a4da0c646203d6b91325b665ab98c30295851c59265b4ab567b968b6e98536b7850738d92e9627b4c9c6f5d9ae2520944783d8f788a1aa11f3f5245660d41f388e26e0a1":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"2e2b31214d61276a54daf2ccb98baa36":"":64:"5266e9c67c252164":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"55e94b339c3bafe068ef9cc30787cc6705850114976843777c92b4b331801650":"147cc7bc4008dadf1956520b5998d961499bdf3d8b168591adbfd99411ad7b34eb4b2a5c1bb0522b810fec12dd7c775784d7ecdc741e6dec8191361e6abf473b219221801951b4d5ffe955ab50eef9cffdfee65ba29ddfa943fb52d722825338c307870a48a35f51db340aa946c71904d03174b1e4a498238b9d631a6982c68d":"2e2b31214d61276a54daf2ccb98baa36":"":64:"5266e9c67c252164":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"a8339ba505a14786ad05edfe8cebb8d0":"":32:"df3cab08":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"13c9572bdef62510d84f2d415cc481cd1e71b9c1132b43e63b21ba4e16de9b39":"7c78e634dec811173ff3c4a9a48ae3ae794fbd2aefd4b31701777ff6fcb670744c592a1d298d319717870dca364b2a3562a4ffa422bf7173c4f7ea9b0edf675e948f8370ffd0fd0d5703a9d33e8f9f375b8b641a1b1eecd1692ad1d461a68d97f91f9087f213aff23db1246ee16f403969c238f99eed894658277da23ced11ee":"a8339ba505a14786ad05edfe8cebb8d0":"":32:"df3cab08":"":"91f9780daefd2c1010c458054ac6e35baa885cdd2c95e28e13f84451064e31e0739f27bf259cb376ab951e1c7048e1252f0849ccb5453fc97b319666ebbfbc7ef3055212a61582d1b69158f3b1629950a41bc756bded20498492ebc49a1535d1bd915e59c49b87ffebea2f4ad4516ecdd63fa5afda9cce9dc730d6ab2757384a":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"4f23f04904de76d6decd4bd380ff56b1":"":32:"18e92b96":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"30a14ca53913acbb215b4e4159083106db3fff83cbedd1e5425f65af1e94f5dd":"8c5f73ee1544553b712ad7a14f31379c8d54a4e432fb6c5112436988d83c4e94954b0249b470538fb977b756fbee70b811d4dc047a869e207bb0b495f1e271d0034e912000e97594033e0dedde0591b297f8a84bafcc93a46268a5bba117b558f1c73513e971c80a7083e1718fc12d0cc0d996a8e09603d564f0b8e81eea28bc":"4f23f04904de76d6decd4bd380ff56b1":"":32:"18e92b96":"":"bb4b3f8061edd6fa418dd71fe22eb0528547050b3bfbaa1c74e82148470d557499ce856de3e988384c0a73671bf370e560d8fda96dabe4728b5f72a6f9efd5023b07a96a631cafdf2c878b2567104c466f82b89f429915cf3331845febcff008558f836b4c12d53e94d363eae43a50fc6cb36f4ca183be92ca5f299704e2c8cf":0
 
 AES-GCM NIST Validation (AES-256,128,1024,0,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"531248afdaaf1b86cf34d2394900afd9":"":32:"c6885cdd":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"e69f419140289ac25fb0e2ef9cc4f7e06777ac20f7d631918d1af0c8883b7d6a":"ff8dfa4e70490ea9c84cb894dc5d7e1b935ebcdea80a39c4161d4db42cbb269cc86abd381af15ec9a4a42ed18c1eed540decec19722df46f22aa06883297cb393fb23e4bb31a817e88357aa923c7ecbcf24c28a09f622dd21fa70c0a02193024fdcefeaa96cc1b50f81a65dfa9e1bb5126f0c9766a861eed096ec15fb07b0f81":"531248afdaaf1b86cf34d2394900afd9":"":32:"c6885cdd":"":"f75299e0ead3834fc7ebd4b2051541b598ad57cc908fdcd4324cf4ccf7dcf7b3f0737ad6c026399a8b1b6d3d50011b3c48ea2c89833b4b44c437677f230b75d36848781d4af14546894eecd873a2b1c3d2fcdd676b10bd55112038c0fdaa7b5598fe4db273a1b6744cba47189b7e2a973651bfc2aaa9e9abea4494047b957a80":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":128:"94c1b9b70f9c48e7efd40ecab320c2d3":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"404a5d1ac9e32f9caabffbfa485ce9c27edc9e5cde0f2aab4f32ce3121449b88":"b63ec4d28854b7fe2d4d13973f5bcb16f78494ce25cc2820de9d0dc1d8d91db1f19bc9e01cee8418c9e88a69b2f30cdbb0dbdbb50be71e1e666c111c126f2b7197c02f69a1b2ec5e1bf4062b2d0b22fb0fa1585b4e6286b29f6ac98d1b1319dd99851fa6921607077d2947140fdeeea145b56ea7b6af276c9f65393bc43ede33":"b6e6c078e6869df156faa9ac32f057c3":"6ebc75fc9304f2b139abc7d3f68b253228009c503a08b7be77852da9e1afbe72c9ab374740b0dc391fa4d7e17de6a0aa08c69e6f5c5f05411e71e70c69dfbcf693df84c30f7a8e6c7949ea1e734297c0ea3df9b7e905faa6bbdcaf1ff2625a39363308331d74892cf531cb3f6d7db31bbe9a039fca87100367747024f68c5b77":128:"94c1b9b70f9c48e7efd40ecab320c2d3":"":"56a0ac94f3ec7be2608154f779c434ee96db5ed4f5a6e1acfb32361ce04e16e1337be5978df06d7c4f6012385fb9d45bb397dc00f165883714b4a5b2f72f69c018ffa6d4420ad1b772e94575f035ad203be3d34b5b789a99389f295b43f004de3daaef7fa918712d3a23ca44329595e08da190e3678bc6ad9b500b9f885abe23":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":128:"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b56f0c980acf7875cf7f27d53ad4a276adc126d0b93a5774ac4277eecad4309e":"2c94299e36b7c4a825ecbc5a7809061e0a6761764a5a655ffdb0c20e5c3fcb10f4e93c68aa0a38c2acc5d06f2b7c4ff4fcf814b551bfefa248dbe06a09a0f153213538a31fa7cf7d646b5b53908d8978f514c9c4d6d66f2b3738024b5f9c3fd86b6da0c818203183f4205f186ea44a54edb911b1a17c424c95852c8d271b2e93":"b004c049decfb43d6f3ec13c56f839ef":"b2045b97fbb52a5fc6ff03d74e59dd696f3f442c0b555add8e6d111f835df420f45e970c4b32a84f0c45ba3710b5cd574001862b073efa5c9c4bd50127b2ce72d2c736c5e2723956da5a0acb82041a609386d07b50551c1d1fa4678886bac54b0bd080cc5ef607dca2a0d6a1e71f0e3833678bf8560bc059dae370ec94d43af6":128:"fce7234f7f76b5d502fd2b96fc9b1ce7":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,128) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":128:"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"1c5027c36e6caa1b3e5e45fead32b5e3126ac41f106c491b0b3a7c16502f4fe6":"58f0ceaa31c0025d2e6bb58720cce4b64f5f6c657c847ae42936eb1e343fea397c8a8cf2f5ef02ffaec25f431900dcb0910cf32cea9eca3b78aed1c451c7af51066489f87b2a5f8cf28d6fdb6ce49d898b6167b590a3907be7618be11fb0922a3cfd18e73efef19e5cdc250fa33f61e3940c6482ae35f339e8c0a85a17379a4e":"3ee660f03858669e557e3effdd7df6bd":"93e803c79de6ad652def62cf3cd34f9addc9dd1774967a0f69e1d28361eb2cacc177c63c07657389ce23bbe65d73e0460946d31be495424655c7724eac044cafafe1540fcbd4218921367054e43e3d21e0fa6a0da9f8b20c5cdbd019c944a2d2ee6aa6760ee1131e58fec9da30790f5a873e792098a82ddf18c3813611d9242a":128:"ac33f5ffca9df4efc09271ff7a4f58e2":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":120:"0bae9403888efb4d8ec97df604cd5d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"34c3019810d72b5e584f0758f2f5888a42729a33610aafa9824badade4136bbd":"22deef66cbb7db240c399b6c83407f090d6999ba25e560b2087fed0467904bb5c40cbaa05b8bf0ff5a77c53fa229478d8e0736414daf9c420417c391c9a523fd85954533f1304d81359bdcc2c4ac90d9f5f8a67a517d7f05ba0409b718159baf11cd9154e815d5745179beb59954a45a8676a375d5af7fae4d0da05c4ea91a13":"f315ea36c17fc57dab3a2737d687cd4f":"f33c5a3a9e546ad5b35e4febf2ae557ca767b55d93bb3c1cf62d862d112dbd26f8fe2a3f54d347c1bc30029e55118bab2662b99b984b8b8e2d76831f94e48587de2709e32f16c26695f07e654b703eba6428f30070e23ed40b61d04dd1430e33c629117d945d9c0e4d36c79a8b8ab555d85083a898e7e7fbeb64a45cc3511d99":120:"0bae9403888efb4d8ec97df604cd5d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":120:"7b334d7af54b916821f6136e977a1f":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"29397d98fc5a7f04b5c8b6aa3a1dd975b6e4678457ae7f0691eee40b5397503a":"0bbf1079cb5569c32257bc7e52371db46f3961b457402b816588243b4523543430d5ca56b52de6632724c51e6c3af310b28822c749a12bdd58dee58bbc3266631562a998ec3acdc8a2567a9f07f7f9759c3f50b1d1dcdd529256b80c0d227fc1fe8b58c62d1c643f1ac2996809fd061afcf4a9af184c14db9e63ec885c49de61":"885543a45fd1163e34ef9276145b0f8c":"d88beaa0664bcef178cbdbfab17ff526b5c0f8ad9543c6a312d93c336707fbf87c0448b07a550580953279f552f368225cc6971f1eecc718d6aad1729c8d8873081357752bd09d77075fa680cb2dc4139171e4a0aaa50b28c262c14fd10b8d799ca1c6641bb7dfdfdf3dea69aa2b9e4e4726dc18b0784afa4228e5ccb1eb2422":120:"7b334d7af54b916821f6136e977a1f":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,120) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":120:"d8ef5438b7cf5dc11209a635ce1095":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"7555dfcf354da07fd70f951d94ec1d86a635edfdb7929460207b2a39cc0cf4a3":"a1351cfffd1b0cbf80c3318cc432d3238cb647e996b7b53c527783594683f535950cd08788687c77226b2d3f095955884adc2e475ca1e1eab04e37d5e901ae8934a9d3a0cb37b80612ca25d989856dfa7607b03039b64d7dcd468204f03e0f2c55cb41c5367c56ca6c561425992b40e2d4f380b3d8419f681e88ebe2d4bdad36":"e1b30b6a47e8c21228e41a21b1a004f0":"bf986d3842378440f8924bb7f117d1a86888a666915a93ba65d486d14c580501e736d3418cebee572439318b21b6e4e504a7b075b8c2300c014e87e04fa842b6a2a3ebd9e6134b9ddd78e0a696223b1dc775f3288a6a9569c64b4d8fc5e04f2047c70115f692d2c2cefe7488de42ff862d7c0f542e58d69f0f8c9bf67ef48aea":120:"d8ef5438b7cf5dc11209a635ce1095":"":"95e8db7c8ecab8a60ceb49726153a7c5553cf571bc40515944d833485e19bf33cb954e2555943778040165a6cfffecef79eb7d82fef5a2f136f004bb5e7c35ae827fac3da292a185b5b8fc262012c05caeda5453ede3303cfeb0c890db1facadaa2895bdbb33265ada0bb46030607b6cf94f86961178e2e2deeb53c63900f1ec":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":112:"a4809e072f93deb7b77c52427095":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"bbeafe86c72ab0354b733b69b09e4d3462feb1658fe404004d81503f3a6e132f":"a033c2051e425d01d97d563572e42c5113860e5dedcd24c76e3e357559ba3250f1fc5d4a931a9d0900ac025400f0158621f0b1215b2907467bfc874bcabbb28e28de81fe1ee5b79985261c512afec2327c8c5957df90c9eb77950de4a4860b57a9e6e145ea15eb52da63f217f94a5c8e5fcb5d361b86e0e67637a450cdbcb06f":"ee1caba93cb549054ca29715a536393e":"e44b0e0d275ae7c38a7dc2f768e899c1c11a4c4cb5b5bd25cd2132e3ecbaa5a63654312603e1c5b393c0ce6253c55986ee45bb1daac78a26749d88928f9b9908690fc148a656b78e3595319432763efbcf6957c9b2150ccabfd4833d0dcee01758c5efb47321a948b379a2ec0abcd6b6cbf41a8883f0f5d5bf7b240cb35f0777":112:"a4809e072f93deb7b77c52427095":"":"e62adf9bbd92dd03cc5250251691f724c6ece1cb89d8c4daf31cc732a5420f6bedab71aab0238ba23bd7165ed1f692561ef457fd1d47413949405b6fc8e17922b17026d89d5830b383546ea516a56f3a1c45ec1251583ae880fa8985bd3dcc1d6a57b746971937bf370e76482238cc08c2c3b13258151e0a6475cc017f8a3d0e":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":112:"e3ede170386e76321a575c095966":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"6ad06c88dd4f3becf35eed95bb859be2406a1803a66e4332a74c5f75c09b9a01":"2219c11672884b93d0290b6a7140feafe416461f1cdaf0b3aa64693d7db2eb10feae46aac7af549fa1b0abc78c11f8df7ee803ef70310fc3e67769f8b4bc64f81143a6ebf8bee9d386a8ede5d2cc0ed17985a3b7bb95191ef55e684690ccdc5ca504bc6eb28442b353861a034a43532c025f666e80be967a6b05b9dd3a91ff58":"07d8b4a6e77aef9018828b61e0fdf2a4":"cca1fd0278045dda80b847f0975b6cbf31e1910d2c99b4eb78c360d89133a1c52e66c5c3801824afc1f079d2b2b1c827199e83f680e59b9a7de9b15fa7b6848b5bf4e16a12ac1af4cf2b4d7bb45673c5e1241e9996440860a9204fc27cae46a991607bc5e7120d6c115ddcbdd02c022b262602139081e61eee4aba7193f13992":112:"e3ede170386e76321a575c095966":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,112) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":112:"5c43fc4dc959fabeebb188dbf3a5":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"87bbf7c15689e8c99a5a32a8ba0dfebcfe1989159807428cdd1f382c3ea95178":"b77d3bf3b30b3e6e5c86cbfb7e5455f6480f423cc76834b4663d28d9f1eb5c40212634e3347668427f7848352ab789886f96682a568260bdaeb7de0aae2af36f5ae04f06c332b158d923706c1c6255c673feeadb6d30bfc901e60b92acd9ddd83ef98686c4d492f4a60e97af2541d470a6a6b21903441020ea7619cf28a06986":"2f19aa1f3a82a7398706953f01739da7":"590dbd230854aa2b5ac19fc3dc9453e5bb9637e47d97b92486a599bdafdfb27c3852e3d06a91429bb820eb12a5318ed8861ffe87d659c462ef167be22604facfa3afb601b2167989b9e3b2e5b59e7d07fda27ffccd450869d528410b0aff468f70cc10ef6723a74af6eebc1572c123a9b5a9aab748a31fa764716d3293ff5de7":112:"5c43fc4dc959fabeebb188dbf3a5":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":104:"75a31347598f09fceeea6736fe":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"24095a66b6eb0320ca75e2ab78e8496a45f4b000fc43436904c3e386fb852ed2":"4690edc843e23d9d9b9a4dab8fa8193f8bf03897d3d29759e9dc9e0f8a970c0f5d4399b9f60461fe5cf439f9b0d54bbc075695e4d76b76298cc2b75bb3e0b516ee9ada93f77c4c002ba9fd163a1e4b377befb76c1e5ab8b3901f214c0a4c48bd2aa2f33560d46e2721a060d4671dc97633ff9bcd703bb0fbed9a4a2c259b53f3":"0955c1f0e271edca279e016074886f60":"f5160c75c449e6bb971e73b7d04ab9b9a85879f6eb2d67354af94a4f0ca339c0a03a5b9ede87a4ff6823b698113a38ae5327e6878c3ccc0e36d74fe07aa51c027c3b334812862bc660178f5d0f3e764c0b828a5e3f2e7d7a1185b7e79828304a7ad3ddcd724305484177e66f4f81e66afdc5bbee0ec174bff5eb3719482bd2d8":104:"75a31347598f09fceeea6736fe":"":"0dd2dca260325967267667ff3ccdc6d6b35648821a42090abba46282869bac4bdc20a8bee024bea18a07396c38dbb45d9481fedcc423a3928cfa78a2f0ae8eedb062add810bdbee77ddc26c29e4f9fda1ab336d04ef42947b05fbdb9bc4df79e37af951d19d6bf5e5cb34eef898f23642a9c4a9111ed0b7a08abeeefbbd45c23":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":104:"2eb6eb6d516ed4cf1778b4e378":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"086b77b5731f971f0bf5b8227361b216746daf8b08c583ad38f114a64aa7877b":"629317212ff8bd8a7676e4c00b81a9577de6397c832f99ac974fa2bbbccb6e3b8aa776db6922eed0b014bf3923799da7d9d0854c8817470e1e2f7fc7a572f9d0316ee60cde7ef025d59b897d29a6fee721aeb2f7bb44f9afb471e8a7b0b43a39b5497a3b4d6beb4b511f0cefa12ce5e6d843609d3e06999acfbee50a22ca1eee":"164058e5e425f9da40d22c9098a16204":"6633eae08a1df85f2d36e162f2d7ddd92b0c56b7477f3c6cdb9919d0e4b1e54ea7635c202dcf52d1c688afbbb15552adda32b4cd30aa462b367f02ded02e0d64eeee2a6b95462b191784143c25607fd08a23a2fbc75cf6bee294daf2042587fdd8fe3d22c3a242c624cf0a51a7c14db4f0f766ec437de4c83b64f23706a24437":104:"2eb6eb6d516ed4cf1778b4e378":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,104) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":104:"83155ebb1a42112dd1c474f37b":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"0f9e806b0d937268561c0eafbbdd14ec715b7e9cef4118d6eb28abbb91266745":"2ae4baef22ace26f464a9b0c75802303f2d7c0f9a1ed1d0180135189765bdd347fea0cc2b73ee7fbbf95ea1fda22597b8aad826f63e744069a9c349488b2cc1cf9372f423cc650302082125724730ae5a4d878e07385ddc99034c6b6b46748f02c80b179fe6406b1d33581950cb9bcd1d1ea1ec7b5becfd6c1f5b279412c433a":"8657996634e74d4689f292645f103a2e":"2ca253355e893e58cb1a900fbb62d61595de5c4186dc8a9129da3657a92b4a631bbdc3d5f86395385a9aa8557b67f886e3bb807620e558c93aea8e65826eadeb21544418ee40f5420c2d2b8270491be6fc2dcbfd12847fa350910dd615e9a1881bc2ced3b0ac3bde445b735e43c0c84f9d120ca5edd655779fc13c6f88b484f7":104:"83155ebb1a42112dd1c474f37b":"":"87d69fc3cbc757b2b57b180c6ba34db4e20dde19976bfb3d274d32e7cea13f0c7d9e840d59ce857718c985763b7639e448516ddbbda559457cd8cb364fa99addd5ba44ef45c11060d9be82b4ebe1f0711ac95433074649b6c08eeab539fdfc99c77498b420427e4d70e316111845793de1f67fb0d04e3389a8862f46f4582dc8":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":96:"f7930e3fab74a91cb6543e72":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c24c17911f6db4b3e37c46bcc6fa35efc1a55f7754f0bb99f2eea93398116447":"0bd92cb106867e25ad427ff6e5f384d2d0f432fc389852187fcc7b0bf9f6d11a102a872b99ed1ad9a05dab0f79fa634745535efed804ff42b0af8dad20ba44709391fb263f245e5a2c52d9ce904179633282f57a1229b0a9c4557a5c0aeda29bbc5a7a871fa8b62d58100c3722c21e51e3b3e913185235526e7a5a91c559717d":"5098cc52a69ee044197e2c000c2d4ab8":"9ad4dee311d854925fc7f10eca4f5dd4e6990cb2d4325da2ef25a9a23690f5c5590be285d33aaeba76506c59edec64b8c3ff8e62716d1c385fbce2a42bc7bd5d8e8584de1944543ab6f340c20911f8b7b3be1a1db18a4bb94119333339de95815cae09365b016edc184e11f3c5b851f1fa92b1b63cfa3872a127109c1294b677":96:"f7930e3fab74a91cb6543e72":"":"6124ede608d416baa5e653a898ca76e9f47f08403c1984feec112e670ded2226e0073f8881ab2161cfda541dccae19691285f7391a729f07aba18f340bb452c1da39cbe83cf476cfc105b64187e0d2227dd283dcba8b6a350f9956b18861fa131d3f00c034443e8f60e0fdfcfaabbed93381ae374a8bf66523d33646183e1379":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":96:"bea660e963b08fc657741bc8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"d267a8379260036ff3d1ec07a7b086ff75706bad12d37d9656f04776f3d8b85c":"80c68a330ef50e3e516681f1e535868b03466e7edbb86cb385d01db487da3dd3edad940fdc98d918b7db9b59f8d61369eee2928c88557306c4a13e366af0708d94cb90a15f1c3bc45544bdb05ff964da5e06c5ae965f20adb504620aed7bce2e82f4e408d00219c15ef85fae1ff13fea53deb78afa5f2a50edbd622446e4a894":"674dc34e8c74c51fa42aacd625a1bd5b":"6a9a8af732ae96d0b5a9730ad792e296150d59770a20a3fdbbc2a3a035a88ac445d64f37d684e22003c214b771c1995719da72f3ed24a96618284dd414f0cac364640b23c680dc80492a435c8ec10add53b0d9e3374f1cf5bfc663e3528fa2f6209846421ea6f481b7ecf57714f7bc2527edc4e0466b13e750dd4d4c0cc0cdfc":96:"bea660e963b08fc657741bc8":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,96) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":96:"7859f047f32b51833333accf":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"c86cb637753010f639fa3aa3bff7c28b74f012ad6090f2a31b0801d086f183ad":"6b7858557e0fd0f957842fb30e8d54dedbc127eb4bbf9de319f731fa28a606df2c046a0bce8ecda4e75d3596e4e988efd6bc279aa005bc52fad92ba07f5b1dfda4cc417029f9778c88d6fe5341a0fd48893dcb7c68d0df310a060f2a5235aee422d380f7209bc0909b2aa7e876044056f0b915dab0bc13cbea5a3b86d40ca802":"87ff6e0bb313502fedf3d2696bff99b5":"2816f1132724f42e40deabab25e325b282f8c615a79e0c98c00d488ee56237537240234966565e46bfb0c50f2b10366d1589620e6e78bd90ade24d38a272f3fff53c09466aa2d3ef793d7f814a064b713821850a6e6a058f5139a1088347a9fa0f54e38abd51ddfc7ef040bf41d188f3f86c973551ced019812c1fc668649621":96:"7859f047f32b51833333accf":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":64:"21309d0351cac45e":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2c31ca0cac3efe467168198f06beacf39565a6f57f82e1048a5c06a231315882":"65261d6e29b2369b1828a7cef2df9873d6e6057c499301afedd6cb65b5036ddb95f9e353fbf38e54c4f46f88164325b33620ce183beb2e411fbb89a0e0002e542fc161cad32a61ee6f1e1717e0b4dcd0340b116f795bc1009dbbc65bc31c9b549bf03c40bc204cd0d02ec884be907777ebeed8b527ec3af7cbb508193c0745de":"95cae6e85f33f3043182460589be3639":"67523751a9b1b643d00de4511b55e4268cb2d18e79e01a55fc7b677d529bd6400940fb25ea6ae135c1a816e61b69e90b966981aeda685934b107066e1467db78973492ad791e20aef430db3a047447141def8be6e6a9a15089607c3af9368cdb11b7b5fbf90691505d0c33664766945d387904e7089b915a3c28886ba1763bb5":64:"21309d0351cac45e":"":"1d5f2cb921f54aeb552b4304142facd49497837deb1f00d26fbeddbab922fd80b00dba782961f8fce84f1f7973e81eed6ee168b1760c575c891f40a1dae0fa1a08738025d13ef6e0b30be4f054d874f1b8a2427a19ebb071d98365c32316a88a68c2b40daf1ea831a64519ac3679acb4e04986ecc614ec673c498c6fee459e40":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":64:"2111d55d96a4d84d":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca9fa36ca2159dff9723f6cfdb13280446eb6bc3688043c7e2e2504184791596":"ac04c4293554cd832aa400c811cb202d815d6178aa1343b4628592b7f3ae45dc5f12ea47be4b43e1865f40b06ab67b3a9fb3644248a9b3efe131a8addb7447978bb51ccf749e75574fea60e8781677200af023b2f8c415f4e6d8c575a9e374916d9ec3a612b16e37beb589444b588e0b770d9f8e818ad83f83aa4ecf386d17a7":"d13ca73365e57114fc698ee60ba0ad84":"2aa510b7f1620bfce90080e0e25f5468dbc5314b50914e793b5278369c51ac017eace9fd15127fca5a726ad9e67bdee5af298988d9a57ec4bbc43d4eb849535eb10521ac7cd7ed647479a42876af2ebc9e2108b539febdaa9127c49bda1bda800f6034050b8576e944311dfbca59d64d259571b6d2ed5b2fc07127239b03f4b7":64:"2111d55d96a4d84d":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,64) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":64:"bd6c8823c9005c85":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"2f802e838250064c15fdee28d7bd4872850355870847701ad9742b2d6eb4b0c0":"e2ca8c8d172ff90232879f510d1225af91bc323bdf636363c2903fcd1790692c8bcb03a1cccb18814678852c6b3a441552e541b843ee5e4f86a152fa73d05aea659fe08aa6428bb257eaa2a7b579fdc4022c1dec359a854253c1aefc983c5ede8c97517ea69fc4606e25f13ffb0f5f49160691454fbb74e704326738353525f7":"2dd550cfd97f8e1d8d31ba5537ae4710":"72b9630dda40306e785b961934c56e20948f8eac0e981f49787eb3dbd6e4607f7d08d10ca643746bf1efa7e5066993683d527a90f2d45ec9cf73113f1f17bb67958be669acd4e2927f1dacfde902cd3048056d7f6dfdd8630ff054efce4526db7c9321d6d2be2236f4d60e27b89d8ec94f65a06dc0953c8c4533a51b6a29bd2c":64:"bd6c8823c9005c85":"":"f6dd0b5f3d1a393a1837112962dba175a13c2d1e525ef95734caf34949d8b2d63b4fe5603226b5f632f2d7f927361ba639dc0e3c63414f45462342695916d5792133b4a24c7c4cbe2b97c712bf27ab62d3d68b3875d58ffe4b7c30a8171bff1a9e2f3995768faacda2ea9213ff35798b9e4513f6a87bd3f5a9d93e847e768359":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #0
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":32:"b1ece9fb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"84dd53ce0146cb71c32776033bb243098d78a22ac17f52a62a122f5653fb4e33":"68222bffa782dcfe4f328fc20eb520e75a9a5fedbe13ec7fcf0e82fba08bb87a8a8e02902638e32fe0e2294344b380797f8028426ffcc0531c739c884892394c48ff0779c5f5edf0a36a3fb8aa91213347774ec4bf0fe1049bd53746b13beef3c637169826c367056cb1aa0a3868e23f886a9c7b8015c26af9e40794662f6b21":"f0c90a1bca52f30fab3670df0d3beab0":"a3ea8032f36a5ca3d7a1088fd08ac50ae6bdc06ad3a534b773ac3e3d4a3d524499e56274a0062c58c3b0685cc850f4725e5c221af8f51c6df2bbd5fbcff4a93ba4c1054f7f9c67fd9285511a08d328d76a642f067227d378f95a1e67587b90251f9103ed3cacdb6bf69e0794e366d8b92d8de37b4e028de0778841f356ac044d":32:"b1ece9fb":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #1
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":32:"cb3f5338":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"9bb36fe25e966a075ae2c3bb43b5877679ebc379d5123c8eda3fa0e30b95cae0":"fb3a4be643c10343251c6f0745aaa54349463f622ca04a792e9b4780866844b30aeef3269fc60cac0ea031c5f3780b535e15154f7c76eb4a371b8ae368550f3fa2ce693c34511ec96b839cac567f1b0de0e7e3116d729b45d1b16e453703a43db73f5d0c3e430f16b142420b5f0d26d72ac3dba543d7d813603b0bfdca3dd63e":"59869df4ef5754b406478a2fb608ee99":"ecd125682e8a8e26757c888b0c8b95dec5e7ed7ac991768f93e8af5bcf6f21ed4d4d38699ee7984ed13635fff72f938150157c9a27fcda121ffced7b492d2b18dad299cb6495ed5f68441aefc8219d2cf717d15d5cd2dbce4606fcf90fe45f3601127cf6acee210bd7df97309f773974a35bef1d33df984101c2fc9d4b55259e":32:"cb3f5338":"FAIL":"":0
 
 AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2
 depends_on:MBEDTLS_AES_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":"":0
 
 AES-GCM Bad IV (AES-256,128,0,0,32) #0
 depends_on:MBEDTLS_AES_C
diff --git a/tests/suites/test_suite_gcm.camellia.data b/tests/suites/test_suite_gcm.camellia.data
index 5f739d546..9b71d7c0b 100644
--- a/tests/suites/test_suite_gcm.camellia.data
+++ b/tests/suites/test_suite_gcm.camellia.data
@@ -72,144 +72,144 @@ gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #1 (128-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df9":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df9":"":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #2 (128-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f6210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"00000000000000000000000000000000":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f6210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"":"00000000000000000000000000000000":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #3 (128-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf888":"":128:"86e318012dd8329dc9dae6a170f61b24":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf888":"":128:"86e318012dd8329dc9dae6a170f61b24":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #4 (128-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8101":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8101":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #5 (128-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #6 (128-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c93f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c93f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #7 (192-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce587":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce587":"":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #8 (192-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d41":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"00000000000000000000000000000000":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d41":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"":"00000000000000000000000000000000":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #9 (192-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #10 (192-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"01b15bb5ab6fac0c422014e91eacbf2b":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"01b15bb5ab6fac0c422014e91eacbf2b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #11 (192-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"f876143d933214a5035ff0bb96ff650b":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"f876143d933214a5035ff0bb96ff650b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #12 (192-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #13 (256-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #14 (256-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000000":"":128:"284b63bb143c40ce100fb4dea6bb617b":"00000000000000000000000000000000":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000000":"":128:"284b63bb143c40ce100fb4dea6bb617b":"":"00000000000000000000000000000000":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #15 (256-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #16 (256-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #17 (256-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094461":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094461":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #18 (256-de)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"":"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #1 (128-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df8":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"":"000000000000000000000000":"":128:"f5574acc3148dfcb9015200631024df8":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #2 (128-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f7210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"00000000000000000000000000000000":"defe3e0b5c54c94b4f2a0f5a46f7210d":"000000000000000000000000":"":128:"f672b94d192266c7c8c8dbb427cc989a":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #3 (128-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf889":"":128:"86e318012dd8329dc9dae6a170f61b24":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815":"cafebabefacedbaddecaf889":"":128:"86e318012dd8329dc9dae6a170f61b24":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #4 (128-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8100":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"9f458869431576ea6a095456ec6b8100":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #5 (128-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfadedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd":"cafebabefacedbad":"feedfadedeadbeeffeedfacedeadbeefabaddad2":128:"e86f8f2e730c49d536f00fb5225d28b1":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #6 (128-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c83f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308":"2e582b8417c83f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"ceae5569b2af8641572622731aed3e53":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #7 (192-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce586":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"":"000000000000000000000000":"":128:"ba9ae89fddce4b51131e17c4d65ce586":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #8 (192-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d42":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"000000000000000000000000000000000000000000000000":"8f9c0aa2549714c88bb2665e8af86d42":"000000000000000000000000":"":128:"783cff5c5aca7197320658a74279ab37":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #9 (192-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"ffffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"ffffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6a60bb2e9":"cafebabefacedbaddecaf888":"":128:"8d645a0b0e48d3c3b60a014157cb49b4":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #10 (192-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"11b15bb5ab6fac0c422014e91eacbf2b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"0f009e88410d84ad93c90d55efbe20ffa855492f4dfd0fb485c4f02f536feffbb4d967729e5c67f1de0750255cc500716ba483eb3b0a2bf607af28f6":"cafebabefacedbaddecaf888":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"11b15bb5ab6fac0c422014e91eacbf2b":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #11 (192-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad3":128:"f876143d933214a5035ff0bb96ff650b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"678b3dcb270faa206dc5f6fbb5014996e86d6f3e35cdcdfeb03b37b9b06ff4ff2682248823bd3c84124dc76af7bde3dd440c228b5efbc795dd80dfb6":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad3":128:"f876143d933214a5035ff0bb96ff650b":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #12 (192-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a328a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c":"9733ea567c3bad2259ccd63ef7012f5de709e50b1fdc31f1a16db02ede1b66f11dcc4d953f2d4d4671587b65882afbf9545fdb6deab22413d091b703":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a328a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4b72e520b2521e63d240ed5c903216fa":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #13 (256-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000001":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000001":"":"000000000000000000000000":"":128:"9cdb269b5d293bc5db9c55b057d9b591":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #14 (256-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000001":"":128:"284b63bb143c40ce100fb4dea6bb617b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"0000000000000000000000000000000000000000000000000000000000000000":"3d4b2cde666761ba5dfb305178e667fb":"000000000000000000000001":"":128:"284b63bb143c40ce100fb4dea6bb617b":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #15 (256-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4949d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4949d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092":"cafebabefacedbaddecaf888":"":128:"c912686270a2b9966415fca3be75c468":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #16 (256-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"ffedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77":"cafebabefacedbaddecaf888":"ffedfacedeadbeeffeedfacedeadbeefabaddad2":128:"4e4b178d8fe26fdc95e2e7246dd94bec":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #17 (256-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094462":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308":"6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652":"cafebabefacedbad":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"e6472b8ebd331bfcc7c0fa63ce094462":"FAIL":"":0
 
 Camellia-GCM test vect draft-kato-ipsec-camellia-gcm #18 (256-bad)
 depends_on:MBEDTLS_CAMELLIA_C
-gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a9f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"FAIL":0
+gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_CAMELLIA:"feffe9928665731c6d6a9f9467308308feffe9928665731c6d6a8f9467308308":"e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862":"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b":"feedfacedeadbeeffeedfacedeadbeefabaddad2":128:"5791883f822013f8bd136fc36fb9946b":"FAIL":"":0
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 782a89687..17d79c579 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -92,8 +92,8 @@ void gcm_decrypt_and_verify( int cipher_id, uint8_t * key_str,
                              uint32_t iv_len, uint8_t * add_str,
                              uint32_t add_len, int tag_len_bits,
                              uint8_t * tag_str, uint32_t tag_str_len,
-                             uint8_t * pt_result, uint32_t pt_result_len,
-                             int init_result )
+                             char * result, uint8_t * pt_result,
+                             uint32_t pt_result_len, int init_result )
 {
     unsigned char output[128];
     mbedtls_gcm_context ctx;
@@ -110,7 +110,7 @@ void gcm_decrypt_and_verify( int cipher_id, uint8_t * key_str,
     {
         ret = mbedtls_gcm_auth_decrypt( &ctx, pt_len, iv_str, iv_len, add_str, add_len, tag_str, tag_len, src_str, output );
 
-        if( strcmp( "FAIL", pt_result ) == 0 )
+        if( strcmp( "FAIL", result ) == 0 )
         {
             TEST_ASSERT( ret == MBEDTLS_ERR_GCM_AUTH_FAILED );
         }
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index a700b33e8..23758ebdd 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -289,7 +289,7 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, uint8_t * key_str,
 
     TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str, key_len, src_str, src_len, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size * 2, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size, hex_hash_string_len ) == 0 );
 }
 /* END_CASE */
 
@@ -322,7 +322,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, uint8_t * key_str,
     TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size * 2, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size, hex_hash_string_len ) == 0 );
 
     /* Test again, for reset() */
     memset( output, 0x00, 100 );
@@ -332,7 +332,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, uint8_t * key_str,
     TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size * 2, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size, hex_hash_string_len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index c45008823..227c4729b 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -59,7 +59,7 @@ Test mbedtls_mpi_write_binary #1 (Buffer just fits)
 mbedtls_mpi_write_binary:16:"123123123123123123123123123":"0123123123123123123123123123":14:0
 
 Test mbedtls_mpi_write_binary #2 (Buffer too small)
-mbedtls_mpi_write_binary:16:"123123123123123123123123123":"123123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+mbedtls_mpi_write_binary:16:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
 
 Base test mbedtls_mpi_read_file #1
 mbedtls_mpi_read_file:10:"data_files/mpi_10":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 47539ca32..7b57bee53 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -85,7 +85,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, output_len, result_hex_str_len) == 0 );
     }
 
 exit:
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 5fdca8128..4ebeca927 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -87,7 +87,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, output_len, result_hex_str_len ) == 0 );
     }
 
 exit:
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index e13735b3d..e7537bba5 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -316,7 +316,7 @@ void rsa_pkcs1_encrypt_bad_rng( uint8_t * message_str, uint32_t msg_len,
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, output_len, result_hex_str_len ) == 0 );
     }
 
 exit:
@@ -469,7 +469,7 @@ void mbedtls_rsa_private( uint8_t * message_str, uint32_t message_str_len,
         if( result == 0 )
         {
 
-            TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
+            TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
         }
     }
 

From d59391afcd488f4fe44dd7f92cd9a53b8eb87242 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 1 Jun 2017 14:04:17 +0100
Subject: [PATCH 271/578] Add support for sending hex parameters

---
 tests/scripts/mbedtls_test.py       | 29 ++++++++++++
 tests/suites/embedded_test.function | 72 +++++++++++++++++++++++------
 2 files changed, 88 insertions(+), 13 deletions(-)

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 19893ffb4..fa5b50706 100644
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -160,6 +160,28 @@ class MbedTlsTest(BaseHostTest):
         """
         b += bytearray((4 - (len(b))) % 4)
 
+    @staticmethod
+    def hex_str_bytes(hex_str):
+        """
+        Converts Hex string representation to byte array
+
+        :param hex_str:
+        :return:
+        """
+        assert hex_str[0] == '"' and hex_str[len(hex_str) - 1] == '"', \
+            "HEX test parameter missing '\"': %s" % hex_str
+        hex_str = hex_str.strip('"')
+        assert len(hex_str) % 2 == 0, "HEX parameter len should be mod of 2: %s" % hex_str
+        b = bytearray()
+
+        for i in xrange(len(hex_str) / 2):
+            h = hex_str[i * 2] + hex_str[(i * 2) + 1]
+            try:
+                b += bytearray([int(h, 16)])
+            except ValueError:
+                raise ValueError("Invalid HEX value: %s" % hex_str)
+        return b
+
     def parameters_to_bytes(self, b, parameters):
         for typ, param in parameters:
             if typ == 'int' or typ == 'exp':
@@ -175,6 +197,13 @@ class MbedTlsTest(BaseHostTest):
                 b += bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
                 b += bytearray(list(param))
                 b += '\0'   # Null terminate
+            elif typ == 'hex':
+                hb = self.hex_str_bytes(param)
+                b += 'H'
+                self.align_32bit(b)
+                i = len(hb)
+                b += bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+                b += hb
         return b
 
     def run_next_test(self):
diff --git a/tests/suites/embedded_test.function b/tests/suites/embedded_test.function
index e885a0e99..ba5908999 100644
--- a/tests/suites/embedded_test.function
+++ b/tests/suites/embedded_test.function
@@ -155,6 +155,47 @@ uint8_t * receive_data( uint32_t * data_len )
     return( data );
 }
 
+/**
+ * \brief       Parses received byte array and finds number of hex parameters.
+ *
+ * \param count     Parameter count
+ * \param data      Received Byte array
+ * \param data_len  Byte array length
+ *
+ * \return      count of hex params
+ */
+uint32_t find_hex_count( uint8_t count, uint8_t * data, uint32_t data_len )
+{
+    uint32_t i = 0, sz = 0;
+    char c;
+    uint8_t * p = NULL;
+    uint32_t hex_count = 0;
+
+    p = data;
+
+    for( i = 0; i < count; i++ )
+    {
+        c = (char)*p;
+        INCR_ASSERT( p, data, data_len, 1 );
+
+        /* Align p to 4 bytes for int, expression, string len or hex length */
+        ALIGN_32BIT( p, data, data_len );
+
+        /* Network to host conversion */
+        sz = (int32_t)parse_uint32( p );
+
+        INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
+
+        if ( c == 'H' || c == 'S' )
+        {
+            INCR_ASSERT( p, data, data_len, sz );
+            hex_count += ( c == 'H' )?1:0;
+        }
+    }
+
+    return( hex_count );
+}
+
 /**
  * \brief       Parses received byte array for test parameters.
  *
@@ -170,15 +211,16 @@ uint8_t * receive_data( uint32_t * data_len )
 void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
                             int * error )
 {
-    uint32_t i = 0;
+    uint32_t i = 0, hex_count = 0;
     char c;
     void ** params = NULL;
     void ** cur = NULL;
     uint8_t * p = NULL;
 
-    params = (void **)malloc( sizeof( void *) * ( count + 1 ) );
+    hex_count = find_hex_count(count, data, data_len);
+
+    params = (void **)malloc( sizeof( void *) * ( count + hex_count ) );
     assert( params != NULL );
-    params[count] = NULL;
     cur = params;
 
     p = data;
@@ -211,16 +253,15 @@ void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
                     INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
                 }
                 break;
-            case 'H':
-                {
-                    *cur++ = (void *)p;
-                } /* Intentional fall through */
+            case 'H': /* Intentional fall through */
             case 'S':
                 {
-                    uint32_t sz = *( (int32_t *)p );
+                    uint32_t * sz = (uint32_t *)p;
                     INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
                     *cur++ = (void *)p;
-                    INCR_ASSERT( p, data, data_len, sz );
+                    if ( c == 'H' )
+                        *cur++ = (void *)sz;
+                    INCR_ASSERT( p, data, data_len, ( *sz ) );
                 }
                 break;
             default:
@@ -324,7 +365,8 @@ int execute_tests( int args, const char ** argv )
             if ( ret != DEPENDENCY_SUPPORTED )
                 break;
 
-            INCR_ASSERT( p, data, data_len, count );
+            if ( count )
+                INCR_ASSERT( p, data, data_len, count );
 
             /* Read function id */
             function_id = *p;
@@ -334,9 +376,13 @@ int execute_tests( int args, const char ** argv )
             count = *p;
             INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
 
-            params = parse_parameters( count, p, data_len - (p - data), &ret );
-            if ( ret )
-                break;
+            /* Parse parameters if present */
+            if ( count )
+            {
+                params = parse_parameters( count, p, data_len - ( p - data ), &ret );
+                if ( ret )
+                    break;
+            }
 
             ret = dispatch_test( function_id, params );
         }

From b3a103c4997d584dfcdb61610881327cb3499038 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 1 Jun 2017 14:05:03 +0100
Subject: [PATCH 272/578] Put else in it's own line

---
 tests/suites/mbed_test.function | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/suites/mbed_test.function b/tests/suites/mbed_test.function
index e09ed705c..ab56dec54 100644
--- a/tests/suites/mbed_test.function
+++ b/tests/suites/mbed_test.function
@@ -141,7 +141,8 @@ int dispatch_test( int func_idx, void ** params )
             fp( params );
         else
             ret = ( DISPATCH_UNSUPPORTED_SUITE );
-    }} else
+    }}
+    else
     {{
         ret = ( DISPATCH_TEST_FN_NOT_FOUND );
     }}

From 392267a7c8fbf3fef70665f2f0fd653088f4e372 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 1 Jun 2017 16:46:17 +0100
Subject: [PATCH 273/578] Fix missing data in the RSA test vectors file

---
 tests/suites/test_suite_rsa.data | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 41149063f..bfaae6c65 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -378,13 +378,13 @@ RSA Check Public-Private key #5 (E mismatch)
 rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"17":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
 
 RSA Private (Correct)
-mbedtls_rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
+mbedtls_rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
 
 RSA Private (Data larger than N)
 mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 
 RSA Public (Correct)
-mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
+mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
 
 RSA Public (Data larger than N)
 mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA

From 47b40609de15a42e855a2e9c62f62b4c0cf04acb Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 1 Jun 2017 16:48:09 +0100
Subject: [PATCH 274/578] Fix RSA test suite bugged by hexify/unhexify change

---
 tests/suites/test_suite_rsa.function | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index e7537bba5..8c9e8fde6 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -403,7 +403,7 @@ void mbedtls_rsa_public( uint8_t * message_str, uint32_t message_str_len,
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
     /* And now with the copy */
@@ -418,7 +418,7 @@ void mbedtls_rsa_public( uint8_t * message_str, uint32_t message_str_len,
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
     }
 
 exit:

From 3e5d0004ab98b294fb30841e5e23d80cb4a3e141 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Mon, 5 Jun 2017 13:16:10 +0100
Subject: [PATCH 275/578] Update Greentea API header

---
 tests/suites/embedded_test.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/embedded_test.function b/tests/suites/embedded_test.function
index ba5908999..4436ccbdd 100644
--- a/tests/suites/embedded_test.function
+++ b/tests/suites/embedded_test.function
@@ -1,6 +1,6 @@
 #line 2 "embedded_test.function"
 
-#include "greentea-client/test_env_c.h"
+#include "greentea-client/test_env.h"
 
 /**
  * \brief       Increments pointer and asserts that it does not overflow.

From 5cfc06832e92849d65753b800942153bdee14dda Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Mon, 5 Jun 2017 13:18:32 +0100
Subject: [PATCH 276/578] Fix name conflict in function params after
 hexify/unhexify change

---
 tests/suites/test_suite_cmac.function | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index 7bae762e9..08ee207ee 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -122,11 +122,11 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, int result )
 void mbedtls_cmac_multiple_blocks( int cipher_type, uint8_t * key,
                                    uint32_t key_len, int keybits,
                                    int block_size, uint8_t * block1,
-                                   uint32_t block1_len, int block1_len,
-                                   uint8_t * block2, uint32_t block2_len,
+                                   uint32_t block1_sz, int block1_len,
+                                   uint8_t * block2, uint32_t block2_sz,
                                    int block2_len, uint8_t * block3,
-                                   uint32_t block3_len, int block3_len,
-                                   uint8_t * block4, uint32_t block4_len,
+                                   uint32_t block3_sz, int block3_len,
+                                   uint8_t * block4, uint32_t block4_sz,
                                    int block4_len, uint8_t * expected_result,
                                    uint32_t expected_result_len )
 {
@@ -191,24 +191,24 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
                                                 uint32_t key_len, int keybits,
                                                 int block_size,
                                                 uint8_t * block_a1,
-                                                uint32_t block_a1_len,
+                                                uint32_t block_a1_sz,
                                                 int block_a1_len,
                                                 uint8_t * block_a2,
-                                                uint32_t block_a2_len,
+                                                uint32_t block_a2_sz,
                                                 int block_a2_len,
                                                 uint8_t * block_a3,
-                                                uint32_t block_a3_len,
+                                                uint32_t block_a3_sz,
                                                 int block_a3_len,
                                                 uint8_t * expected_result_a,
                                                 uint32_t expected_result_a_len,
                                                 uint8_t * block_b1,
-                                                uint32_t block_b1_len,
+                                                uint32_t block_b1_sz,
                                                 int block_b1_len,
                                                 uint8_t * block_b2,
-                                                uint32_t block_b2_len,
+                                                uint32_t block_b2_sz,
                                                 int block_b2_len,
                                                 uint8_t * block_b3,
-                                                uint32_t block_b3_len,
+                                                uint32_t block_b3_sz,
                                                 int block_b3_len,
                                                 uint8_t * expected_result_b,
                                                 uint32_t expected_result_b_len

From d30ca130e8a597b8dfeda7ccfab9a54bd2db4967 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 9 Jun 2017 04:32:58 +0100
Subject: [PATCH 277/578] Combine hex parameters in a struct

---
 tests/suites/helpers.function              |   7 +
 tests/suites/test_suite_aes.function       |  98 +++----
 tests/suites/test_suite_arc4.function      |  12 +-
 tests/suites/test_suite_asn1write.function |  28 +-
 tests/suites/test_suite_base64.function    |  33 +--
 tests/suites/test_suite_blowfish.function  |  93 +++----
 tests/suites/test_suite_camellia.function  |  80 +++---
 tests/suites/test_suite_ccm.function       |  55 ++--
 tests/suites/test_suite_cipher.function    |  84 +++---
 tests/suites/test_suite_cmac.function      |  74 +++---
 tests/suites/test_suite_ctr_drbg.function  |  35 ++-
 tests/suites/test_suite_debug.function     |   5 +-
 tests/suites/test_suite_des.function       | 108 ++++----
 tests/suites/test_suite_ecdh.function      |  32 ++-
 tests/suites/test_suite_ecdsa.function     |  19 +-
 tests/suites/test_suite_ecjpake.function   |  36 +--
 tests/suites/test_suite_ecp.function       |  30 +--
 tests/suites/test_suite_entropy.function   |   8 +-
 tests/suites/test_suite_gcm.function       |  40 ++-
 tests/suites/test_suite_hmac_drbg.function |  89 +++----
 tests/suites/test_suite_md.function        |  74 +++---
 tests/suites/test_suite_mdx.function       |  20 +-
 tests/suites/test_suite_mpi.function       |  17 +-
 tests/suites/test_suite_pem.function       |   8 +-
 tests/suites/test_suite_pk.function        |  65 +++--
 tests/suites/test_suite_pkcs1_v15.function |  49 ++--
 tests/suites/test_suite_pkcs1_v21.function |  67 ++---
 tests/suites/test_suite_pkcs5.function     |  33 +--
 tests/suites/test_suite_pkparse.function   |   5 +-
 tests/suites/test_suite_rsa.data           |   6 +-
 tests/suites/test_suite_rsa.function       | 287 ++++++++-------------
 tests/suites/test_suite_shax.function      |  35 ++-
 tests/suites/test_suite_ssl.data           |  32 +--
 tests/suites/test_suite_ssl.function       |  11 +-
 tests/suites/test_suite_x509parse.function |  45 ++--
 tests/suites/test_suite_xtea.function      |  50 ++--
 36 files changed, 756 insertions(+), 1014 deletions(-)

diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 6bab65f65..c772af9a5 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -39,6 +39,13 @@ typedef UINT32 uint32_t;
 #include <strings.h>
 #endif
 
+/* Type for Hex parameters */
+typedef struct HexParam_tag
+{
+    uint8_t *   x;
+    uint32_t    len;
+} HexParam_t;
+
 /*----------------------------------------------------------------------------*/
 /* Constants */
 
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index ad65a1b36..a0f1b13eb 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -8,9 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void aes_encrypt_ecb( uint8_t * key_str, uint32_t key_len, uint8_t * src_str,
-                      uint32_t src_str_len, uint8_t * hex_dst_string,
-                      uint32_t hex_dst_string_len, int setkey_result )
+void aes_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                      HexParam_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -19,12 +18,12 @@ void aes_encrypt_ecb( uint8_t * key_str, uint32_t key_len, uint8_t * src_str,
     mbedtls_aes_init( &ctx );
 
 
-    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result );
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
-        TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str, output ) == 0 );
+        TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -33,9 +32,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void aes_decrypt_ecb( uint8_t * key_str, uint32_t key_len, uint8_t * src_str,
-                      uint32_t src_str_len, uint8_t * hex_dst_string,
-                      uint32_t hex_dst_string_len, int setkey_result )
+void aes_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                      HexParam_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -44,12 +42,12 @@ void aes_decrypt_ecb( uint8_t * key_str, uint32_t key_len, uint8_t * src_str,
     mbedtls_aes_init( &ctx );
 
 
-    TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result );
+    TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
-        TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str, output ) == 0 );
+        TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -58,10 +56,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_encrypt_cbc( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
-                      uint32_t iv_str_len, uint8_t * src_str,
-                      uint32_t data_len, uint8_t * hex_dst_string,
-                      uint32_t hex_dst_string_len, int cbc_result )
+void aes_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                      HexParam_t * src_str, HexParam_t * hex_dst_string,
+                      int cbc_result )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -70,12 +67,12 @@ void aes_encrypt_cbc( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, data_len, iv_str, src_str, output ) == cbc_result );
+    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -84,10 +81,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_decrypt_cbc( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
-                      uint32_t iv_str_len, uint8_t * src_str,
-                      uint32_t data_len, uint8_t * hex_dst_string,
-                      uint32_t hex_dst_string_len, int cbc_result )
+void aes_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                      HexParam_t * src_str, HexParam_t * hex_dst_string,
+                      int cbc_result )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -96,12 +92,12 @@ void aes_decrypt_cbc( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_dec( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, data_len, iv_str, src_str, output ) == cbc_result );
+    mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0)
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -234,11 +230,8 @@ exit:
 
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb128( uint8_t * key_str, uint32_t key_len,
-                         uint8_t * iv_str, uint32_t iv_str_len,
-                         uint8_t * src_str, uint32_t src_str_len,
-                         uint8_t * hex_dst_string, uint32_t hex_dst_string_len
-                         )
+void aes_encrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
+                         HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -248,10 +241,10 @@ void aes_encrypt_cfb128( uint8_t * key_str, uint32_t key_len,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
+    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
@@ -259,11 +252,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb128( uint8_t * key_str, uint32_t key_len,
-                         uint8_t * iv_str, uint32_t iv_str_len,
-                         uint8_t * src_str, uint32_t src_str_len,
-                         uint8_t * hex_dst_string, uint32_t hex_dst_string_len
-                         )
+void aes_decrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
+                         HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -273,10 +263,10 @@ void aes_decrypt_cfb128( uint8_t * key_str, uint32_t key_len,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
+    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
@@ -284,10 +274,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb8( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
-                       uint32_t iv_str_len, uint8_t * src_str,
-                       uint32_t src_len, uint8_t * hex_dst_string,
-                       uint32_t hex_dst_string_len )
+void aes_encrypt_cfb8( HexParam_t * key_str, HexParam_t * iv_str,
+                       HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -296,10 +284,10 @@ void aes_encrypt_cfb8( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_len, iv_str, src_str, output ) == 0 );
+    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
@@ -307,10 +295,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb8( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
-                       uint32_t iv_str_len, uint8_t * src_str,
-                       uint32_t src_len, uint8_t * hex_dst_string,
-                       uint32_t hex_dst_string_len )
+void aes_decrypt_cfb8( HexParam_t * key_str, HexParam_t * iv_str,
+                       HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -319,10 +305,10 @@ void aes_decrypt_cfb8( uint8_t * key_str, uint32_t key_len, uint8_t * iv_str,
     mbedtls_aes_init( &ctx );
 
 
-    mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_len, iv_str, src_str, output ) == 0 );
+    mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_aes_free( &ctx );
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index e3ff30376..2a56a5b2d 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -8,10 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_arc4_crypt( uint8_t * src_str, uint32_t src_len,
-                         uint8_t * key_str, uint32_t key_len,
-                         uint8_t * hex_dst_string, uint32_t hex_dst_string_len
-                         )
+void mbedtls_arc4_crypt( HexParam_t * src_str, HexParam_t * key_str,
+                         HexParam_t * hex_dst_string )
 {
     unsigned char dst_str[1000];
     mbedtls_arc4_context ctx;
@@ -20,10 +18,10 @@ void mbedtls_arc4_crypt( uint8_t * src_str, uint32_t src_len,
     mbedtls_arc4_init( &ctx );
 
 
-    mbedtls_arc4_setup(&ctx, key_str, key_len);
-    TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_len, src_str, dst_str ) == 0 );
+    mbedtls_arc4_setup(&ctx, key_str->x, key_str->len);
+    TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 );
 
-    TEST_ASSERT( hexcmp( dst_str, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_arc4_free( &ctx );
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index 3befa44d2..3b2d86e79 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -11,8 +11,7 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_octet_string( uint8_t * str, uint32_t str_len,
-                                      uint8_t * asn1, uint32_t asn1_len,
+void mbedtls_asn1_write_octet_string( HexParam_t * str, HexParam_t * asn1,
                                       int buf_len, int result )
 {
     int ret;
@@ -25,7 +24,7 @@ void mbedtls_asn1_write_octet_string( uint8_t * str, uint32_t str_len,
 
     p = buf + GUARD_LEN + buf_len;
 
-    ret = mbedtls_asn1_write_octet_string( &p, buf + GUARD_LEN, str, str_len );
+    ret = mbedtls_asn1_write_octet_string( &p, buf + GUARD_LEN, str->x, str->len );
 
     /* Check for buffer overwrite on both sides */
     for( i = 0; i < GUARD_LEN; i++ )
@@ -36,17 +35,17 @@ void mbedtls_asn1_write_octet_string( uint8_t * str, uint32_t str_len,
 
     if( result >= 0 )
     {
-        TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
+        TEST_ASSERT( (size_t) ret == asn1->len );
+        TEST_ASSERT( p + asn1->len == buf + GUARD_LEN + buf_len );
 
-        TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
+        TEST_ASSERT( memcmp( p, asn1->x, asn1->len ) == 0 );
     }
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_ia5_string( char * str, uint8_t * asn1,
-                                    uint32_t asn1_len, int buf_len, int result
-                                    )
+void mbedtls_asn1_write_ia5_string( char * str, HexParam_t * asn1,
+                                    int buf_len, int result )
 {
     int ret;
     unsigned char buf[150];
@@ -71,16 +70,17 @@ void mbedtls_asn1_write_ia5_string( char * str, uint8_t * asn1,
 
     if( result >= 0 )
     {
-        TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
+        TEST_ASSERT( (size_t) ret == asn1->len );
+        TEST_ASSERT( p + asn1->len == buf + GUARD_LEN + buf_len );
 
-        TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
+        TEST_ASSERT( memcmp( p, asn1->x, asn1->len ) == 0 );
     }
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_len( int len, uint8_t * asn1, uint32_t asn1_len,
-                             int buf_len, int result )
+void mbedtls_asn1_write_len( int len, HexParam_t * asn1, int buf_len,
+                             int result )
 {
     int ret;
     unsigned char buf[150];
@@ -105,9 +105,9 @@ void mbedtls_asn1_write_len( int len, uint8_t * asn1, uint32_t asn1_len,
 
     if( result >= 0 )
     {
-        TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
+        TEST_ASSERT( p + asn1->len == buf + GUARD_LEN + buf_len );
 
-        TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
+        TEST_ASSERT( memcmp( p, asn1->x, asn1->len ) == 0 );
 
         /* Read back with mbedtls_asn1_get_len() to check */
         ret = mbedtls_asn1_get_len( &p, buf + GUARD_LEN + buf_len, &read_len );
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 3077f16aa..53f0f6921 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -49,16 +49,15 @@ void mbedtls_base64_decode( char * src_string, char * dst_string, int result )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_encode_hex( char * src_hex, char * dst, int dst_buf_size,
+void base64_encode_hex( HexParam_t * src, char * dst, int dst_buf_size,
                         int result )
 {
-    unsigned char *src = NULL, *res = NULL;
-    size_t len, src_len;
+    unsigned char *res = NULL;
+    size_t len;
 
-    src = unhexify_alloc( src_hex, &src_len );
     res = zero_alloc( dst_buf_size );
 
-    TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src, src_len ) == result );
+    TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
     if( result == 0 )
     {
         TEST_ASSERT( len == strlen( dst ) );
@@ -66,45 +65,39 @@ void base64_encode_hex( char * src_hex, char * dst, int dst_buf_size,
     }
 
 exit:
-    mbedtls_free( src );
     mbedtls_free( res );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_decode_hex( char * src, char * dst_hex, int dst_buf_size,
+void base64_decode_hex( char * src, HexParam_t * dst, int dst_buf_size,
                         int result )
 {
-    unsigned char *dst = NULL, *res = NULL;
-    size_t len, dst_len;
+    unsigned char *res = NULL;
+    size_t len;
 
-    dst = unhexify_alloc( dst_hex, &dst_len );
     res = zero_alloc( dst_buf_size );
 
     TEST_ASSERT( mbedtls_base64_decode( res, dst_buf_size, &len, (unsigned char *) src,
                                 strlen( src ) ) == result );
     if( result == 0 )
     {
-        TEST_ASSERT( len == dst_len );
-        TEST_ASSERT( memcmp( dst, res, len ) == 0 );
+        TEST_ASSERT( len == dst->len );
+        TEST_ASSERT( memcmp( dst->x, res, len ) == 0 );
     }
 
 exit:
-    mbedtls_free( dst );
     mbedtls_free( res );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_decode_hex_src( char * src_hex, char * dst_ref, int result )
+void base64_decode_hex_src( HexParam_t * src, char * dst_ref, int result )
 {
     unsigned char dst[1000] = { 0 };
-    unsigned char *src;
-    size_t src_len, len;
+    size_t len;
 
-    src = unhexify_alloc( src_hex, &src_len );
-
-    TEST_ASSERT( mbedtls_base64_decode( dst, sizeof( dst ), &len, src, src_len ) == result );
+    TEST_ASSERT( mbedtls_base64_decode( dst, sizeof( dst ), &len, src->x, src->len ) == result );
     if( result == 0 )
     {
         TEST_ASSERT( len == strlen( dst_ref ) );
@@ -112,7 +105,7 @@ void base64_decode_hex_src( char * src_hex, char * dst_ref, int result )
     }
 
 exit:
-    mbedtls_free( src );
+    ;;
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index 55ab619fc..d88eac463 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -8,10 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void blowfish_encrypt_ecb( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * src_str, uint32_t src_str_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int setkey_result )
+void blowfish_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                           HexParam_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -20,12 +18,12 @@ void blowfish_encrypt_ecb( uint8_t * key_str, uint32_t key_len,
     mbedtls_blowfish_init( &ctx );
 
 
-    TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 ) == setkey_result );
+    TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
-        TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str, output ) == 0 );
+        TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 );
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -34,10 +32,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void blowfish_decrypt_ecb( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * src_str, uint32_t src_str_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int setkey_result )
+void blowfish_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                           HexParam_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -46,12 +42,12 @@ void blowfish_decrypt_ecb( uint8_t * key_str, uint32_t key_len,
     mbedtls_blowfish_init( &ctx );
 
 
-    TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 ) == setkey_result );
+    TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
-        TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str, output ) == 0 );
+        TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 );
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -60,11 +56,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_encrypt_cbc( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * iv_str, uint32_t iv_str_len,
-                           uint8_t * src_str, uint32_t data_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int cbc_result )
+void blowfish_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+                           int cbc_result )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -73,13 +67,13 @@ void blowfish_encrypt_cbc( uint8_t * key_str, uint32_t key_len,
     mbedtls_blowfish_init( &ctx );
 
 
-    mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
+    mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
 
-    TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, data_len , iv_str, src_str, output ) == cbc_result );
+    TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -88,11 +82,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_decrypt_cbc( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * iv_str, uint32_t iv_str_len,
-                           uint8_t * src_str, uint32_t data_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int cbc_result )
+void blowfish_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+                           int cbc_result )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -101,12 +93,12 @@ void blowfish_decrypt_cbc( uint8_t * key_str, uint32_t key_len,
     mbedtls_blowfish_init( &ctx );
 
 
-    mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, data_len , iv_str, src_str, output ) == cbc_result );
+    mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0)
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -115,11 +107,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_encrypt_cfb64( uint8_t * key_str, uint32_t key_len,
-                             uint8_t * iv_str, uint32_t iv_str_len,
-                             uint8_t * src_str, uint32_t src_len,
-                             uint8_t * hex_dst_string,
-                             uint32_t hex_dst_string_len )
+void blowfish_encrypt_cfb64( HexParam_t * key_str, HexParam_t * iv_str,
+                             HexParam_t * src_str, HexParam_t * hex_dst_string
+                             )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -129,10 +119,10 @@ void blowfish_encrypt_cfb64( uint8_t * key_str, uint32_t key_len,
     mbedtls_blowfish_init( &ctx );
 
 
-    mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_len, &iv_offset, iv_str, src_str, output ) == 0 );
+    mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_blowfish_free( &ctx );
@@ -140,11 +130,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_decrypt_cfb64( uint8_t * key_str, uint32_t key_len,
-                             uint8_t * iv_str, uint32_t iv_str_len,
-                             uint8_t * src_str, uint32_t src_len,
-                             uint8_t * hex_dst_string,
-                             uint32_t hex_dst_string_len )
+void blowfish_decrypt_cfb64( HexParam_t * key_str, HexParam_t * iv_str,
+                             HexParam_t * src_str, HexParam_t * hex_dst_string
+                             )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -154,10 +142,10 @@ void blowfish_decrypt_cfb64( uint8_t * key_str, uint32_t key_len,
     mbedtls_blowfish_init( &ctx );
 
 
-    mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_len, &iv_offset, iv_str, src_str, output ) == 0 );
+    mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_blowfish_free( &ctx );
@@ -165,11 +153,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void blowfish_encrypt_ctr( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * iv_str, uint32_t iv_str_len,
-                           uint8_t * src_str, uint32_t src_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len )
+void blowfish_encrypt_ctr( HexParam_t * key_str, HexParam_t * iv_str,
+                           HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char stream_str[100];
     unsigned char output[100];
@@ -181,10 +166,10 @@ void blowfish_encrypt_ctr( uint8_t * key_str, uint32_t key_len,
     mbedtls_blowfish_init( &ctx );
 
 
-    mbedtls_blowfish_setkey( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_len, &iv_offset, iv_str, stream_str, src_str, output ) == 0 );
+    mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_blowfish_free( &ctx );
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 96d25a251..4bfa1a5da 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -8,10 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void camellia_encrypt_ecb( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * src_str, uint32_t src_str_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int setkey_result )
+void camellia_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                           HexParam_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -20,12 +18,12 @@ void camellia_encrypt_ecb( uint8_t * key_str, uint32_t key_len,
     mbedtls_camellia_init( &ctx );
 
 
-    TEST_ASSERT( mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result );
+    TEST_ASSERT( mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
-        TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str, output ) == 0 );
+        TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 );
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -34,10 +32,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void camellia_decrypt_ecb( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * src_str, uint32_t src_str_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int setkey_result )
+void camellia_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                           HexParam_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -46,12 +42,12 @@ void camellia_decrypt_ecb( uint8_t * key_str, uint32_t key_len,
     mbedtls_camellia_init( &ctx );
 
 
-    TEST_ASSERT( mbedtls_camellia_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result );
+    TEST_ASSERT( mbedtls_camellia_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result );
     if( setkey_result == 0 )
     {
-        TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str, output ) == 0 );
+        TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 );
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -60,11 +56,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_encrypt_cbc( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * iv_str, uint32_t iv_str_len,
-                           uint8_t * src_str, uint32_t data_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int cbc_result )
+void camellia_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+                           int cbc_result )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -73,12 +67,12 @@ void camellia_encrypt_cbc( uint8_t * key_str, uint32_t key_len,
     mbedtls_camellia_init( &ctx );
 
 
-    mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, data_len, iv_str, src_str, output) == cbc_result );
+    mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output) == cbc_result );
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -87,11 +81,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_decrypt_cbc( uint8_t * key_str, uint32_t key_len,
-                           uint8_t * iv_str, uint32_t iv_str_len,
-                           uint8_t * src_str, uint32_t data_len,
-                           uint8_t * hex_dst_string,
-                           uint32_t hex_dst_string_len, int cbc_result )
+void camellia_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+                           int cbc_result )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -100,12 +92,12 @@ void camellia_decrypt_cbc( uint8_t * key_str, uint32_t key_len,
     mbedtls_camellia_init( &ctx );
 
 
-    mbedtls_camellia_setkey_dec( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_DECRYPT, data_len, iv_str, src_str, output ) == cbc_result );
+    mbedtls_camellia_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_camellia_crypt_cbc( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, data_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -114,11 +106,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_encrypt_cfb128( uint8_t * key_str, uint32_t key_len,
-                              uint8_t * iv_str, uint32_t iv_str_len,
-                              uint8_t * src_str, uint32_t src_str_len,
-                              uint8_t * hex_dst_string,
-                              uint32_t hex_dst_string_len )
+void camellia_encrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
+                              HexParam_t * src_str,
+                              HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -128,10 +118,10 @@ void camellia_encrypt_cfb128( uint8_t * key_str, uint32_t key_len,
     mbedtls_camellia_init( &ctx );
 
 
-    mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
+    mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_camellia_free( &ctx );
@@ -139,11 +129,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_decrypt_cfb128( uint8_t * key_str, uint32_t key_len,
-                              uint8_t * iv_str, uint32_t iv_str_len,
-                              uint8_t * src_str, uint32_t src_str_len,
-                              uint8_t * hex_dst_string,
-                              uint32_t hex_dst_string_len )
+void camellia_decrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
+                              HexParam_t * src_str,
+                              HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -153,10 +141,10 @@ void camellia_decrypt_cfb128( uint8_t * key_str, uint32_t key_len,
     mbedtls_camellia_init( &ctx );
 
 
-    mbedtls_camellia_setkey_enc( &ctx, key_str, key_len * 8 );
-    TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str, src_str, output ) == 0 );
+    mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+    TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 16, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_camellia_free( &ctx );
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 5dbc837e4..b9df023a7 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -116,34 +116,31 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_encrypt_and_tag( int cipher_id, uint8_t * key,
-                                  uint32_t key_len, uint8_t * msg,
-                                  uint32_t msg_len, uint8_t * iv,
-                                  uint32_t iv_len, uint8_t * add,
-                                  uint32_t add_len, uint8_t * result,
-                                  uint32_t result_len )
+void mbedtls_ccm_encrypt_and_tag( int cipher_id, HexParam_t * key,
+                                  HexParam_t * msg, HexParam_t * iv,
+                                  HexParam_t * add, HexParam_t * result )
 {
     mbedtls_ccm_context ctx;
     size_t tag_len;
-    uint8_t * msg_n_tag = (uint8_t *)malloc( result_len + 2 );
+    uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 );
 
     mbedtls_ccm_init( &ctx );
 
-    memset( msg_n_tag, 0, result_len + 2 );
-    memcpy( msg_n_tag, msg, msg_len );
+    memset( msg_n_tag, 0, result->len + 2 );
+    memcpy( msg_n_tag, msg->x, msg->len );
 
-    tag_len = result_len - msg_len;
+    tag_len = result->len - msg->len;
 
-    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
+    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
 
     /* Test with input == output */
-    TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
-                 msg_n_tag, msg_n_tag, msg_n_tag + msg_len, tag_len ) == 0 );
+    TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
+                 msg_n_tag, msg_n_tag, msg_n_tag + msg->len, tag_len ) == 0 );
 
-    TEST_ASSERT( memcmp( msg_n_tag, result, result_len ) == 0 );
+    TEST_ASSERT( memcmp( msg_n_tag, result->x, result->len ) == 0 );
 
     /* Check we didn't write past the end */
-    TEST_ASSERT( msg_n_tag[result_len] == 0 && msg_n_tag[result_len + 1] == 0 );
+    TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 );
 
 exit:
     mbedtls_ccm_free( &ctx );
@@ -152,12 +149,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_auth_decrypt( int cipher_id, uint8_t * key, uint32_t key_len,
-                               uint8_t * msg, uint32_t msg_len, uint8_t * iv,
-                               uint32_t iv_len, uint8_t * add,
-                               uint32_t add_len, int tag_len,
-                               char * result, uint8_t * hex_msg,
-                               uint32_t hex_msg_len )
+void mbedtls_ccm_auth_decrypt( int cipher_id, HexParam_t * key,
+                               HexParam_t * msg, HexParam_t * iv,
+                               HexParam_t * add, int tag_len, char * result,
+                               HexParam_t * hex_msg )
 {
     unsigned char tag[16];
     mbedtls_ccm_context ctx;
@@ -167,8 +162,8 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, uint8_t * key, uint32_t key_len,
 
     memset( tag, 0x00, sizeof( tag ) );
 
-    msg_len -= tag_len;
-    memcpy( tag, msg + msg_len, tag_len );
+    msg->len -= tag_len;
+    memcpy( tag, msg->x + msg->len, tag_len );
 
     if( strcmp( "FAIL", result ) == 0 )
     {
@@ -179,26 +174,26 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, uint8_t * key, uint32_t key_len,
         ret = 0;
     }
 
-    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
+    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
 
     /* Test with input == output */
-    TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
-                 msg, msg, msg + msg_len, tag_len ) == ret );
+    TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
+                 msg->x, msg->x, msg->x + msg->len, tag_len ) == ret );
 
     if( ret == 0 )
     {
-        TEST_ASSERT( memcmp( msg, hex_msg, hex_msg_len ) == 0 );
+        TEST_ASSERT( memcmp( msg->x, hex_msg->x, hex_msg->len ) == 0 );
     }
     else
     {
         size_t i;
 
-        for( i = 0; i < msg_len; i++ )
-            TEST_ASSERT( msg[i] == 0 );
+        for( i = 0; i < msg->len; i++ )
+            TEST_ASSERT( msg->x[i] == 0 );
     }
 
     /* Check we didn't write past the end (where the original tag is) */
-    TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 );
+    TEST_ASSERT( memcmp( msg->x + msg->len, tag, tag_len ) == 0 );
 
 exit:
     mbedtls_ccm_free( &ctx );
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 435c9a384..767e44102 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -471,12 +471,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void decrypt_test_vec( int cipher_id, int pad_mode, uint8_t * key,
-                       uint32_t key_len, uint8_t * iv, uint32_t iv_len,
-                       uint8_t * cipher, uint32_t cipher_len, uint8_t * clear,
-                       uint32_t clear_len, uint8_t * ad, uint32_t ad_len,
-                       uint8_t * tag, uint32_t tag_len, int finish_result,
-                       int tag_result )
+void decrypt_test_vec( int cipher_id, int pad_mode, HexParam_t * key,
+                       HexParam_t * iv, HexParam_t * cipher,
+                       HexParam_t * clear, HexParam_t * ad, HexParam_t * tag,
+                       int finish_result, int tag_result )
 {
     unsigned char output[265];
     mbedtls_cipher_context_t ctx;
@@ -494,35 +492,35 @@ void decrypt_test_vec( int cipher_id, int pad_mode, uint8_t * key,
     /* Prepare context */
     TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
                                        mbedtls_cipher_info_from_type( cipher_id ) ) );
-    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, MBEDTLS_DECRYPT ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) );
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
     if( pad_mode != -1 )
         TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
 #else
     (void) pad_mode;
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, iv_len ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) );
     TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad, ad_len ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) );
 #endif
 
-    /* decode buffer and check tag */
+    /* decode buffer and check tag->x */
     total_len = 0;
-    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher, cipher_len, output, &outlen ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) );
     total_len += outlen;
     TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
                                                  &outlen ) );
     total_len += outlen;
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-    TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag, tag_len ) );
+    TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) );
 #endif
 
     /* check plaintext only if everything went fine */
     if( 0 == finish_result && 0 == tag_result )
     {
-        TEST_ASSERT( total_len == clear_len );
-        TEST_ASSERT( 0 == memcmp( output, clear, clear_len ) );
+        TEST_ASSERT( total_len == clear->len );
+        TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) );
     }
 
 exit:
@@ -531,11 +529,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
-void auth_crypt_tv( int cipher_id, uint8_t * key, uint32_t key_len,
-                    uint8_t * iv, uint32_t iv_len, uint8_t * ad,
-                    uint32_t ad_len, uint8_t * cipher, uint32_t cipher_len,
-                    uint8_t * tag, uint32_t tag_len, char * result,
-                    uint8_t * clear, uint32_t clear_len )
+void auth_crypt_tv( int cipher_id, HexParam_t * key, HexParam_t * iv,
+                    HexParam_t * ad, HexParam_t * cipher, HexParam_t * tag,
+                    char * result, HexParam_t * clear )
 {
     int ret;
     unsigned char output[267]; /* above + 2 (overwrite check) */
@@ -552,12 +548,12 @@ void auth_crypt_tv( int cipher_id, uint8_t * key, uint32_t key_len,
     /* Prepare context */
     TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
                                        mbedtls_cipher_info_from_type( cipher_id ) ) );
-    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, MBEDTLS_DECRYPT ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) );
 
-    /* decode buffer and check tag */
-    ret = mbedtls_cipher_auth_decrypt( &ctx, iv, iv_len, ad, ad_len,
-                               cipher, cipher_len, output, &outlen,
-                               tag, tag_len );
+    /* decode buffer and check tag->x */
+    ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
+                               cipher->x, cipher->len, output, &outlen,
+                               tag->x, tag->len );
 
     /* make sure we didn't overwrite */
     TEST_ASSERT( output[outlen + 0] == 0xFF );
@@ -573,27 +569,27 @@ void auth_crypt_tv( int cipher_id, uint8_t * key, uint32_t key_len,
     /* otherwise, make sure it was decrypted properly */
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( outlen == clear_len );
-    TEST_ASSERT( memcmp( output, clear, clear_len ) == 0 );
+    TEST_ASSERT( outlen == clear->len );
+    TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
 
-    /* then encrypt the clear and make sure we get the same ciphertext and tag */
+    /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
     memset( output, 0xFF, sizeof( output ) );
     outlen = 0;
 
-    ret = mbedtls_cipher_auth_encrypt( &ctx, iv, iv_len, ad, ad_len,
-                               clear, clear_len, output, &outlen,
-                               my_tag, tag_len );
+    ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
+                               clear->x, clear->len, output, &outlen,
+                               my_tag, tag->len );
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( outlen == clear_len );
-    TEST_ASSERT( memcmp( output, cipher, clear_len ) == 0 );
-    TEST_ASSERT( memcmp( my_tag, tag, tag_len ) == 0 );
+    TEST_ASSERT( outlen == clear->len );
+    TEST_ASSERT( memcmp( output, cipher->x, clear->len ) == 0 );
+    TEST_ASSERT( memcmp( my_tag, tag->x, tag->len ) == 0 );
 
     /* make sure we didn't overwrite */
     TEST_ASSERT( output[outlen + 0] == 0xFF );
     TEST_ASSERT( output[outlen + 1] == 0xFF );
-    TEST_ASSERT( my_tag[tag_len + 0] == 0xFF );
-    TEST_ASSERT( my_tag[tag_len + 1] == 0xFF );
+    TEST_ASSERT( my_tag[tag->len + 0] == 0xFF );
+    TEST_ASSERT( my_tag[tag->len + 1] == 0xFF );
 
 
 exit:
@@ -602,9 +598,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void test_vec_ecb( int cipher_id, int operation, uint8_t * key,
-                   uint32_t key_len, uint8_t * input, uint32_t input_len,
-                   uint8_t * result, uint32_t result_len, int finish_result )
+void test_vec_ecb( int cipher_id, int operation, HexParam_t * key,
+                   HexParam_t * input, HexParam_t * result, int finish_result
+                   )
 {
     mbedtls_cipher_context_t ctx;
     unsigned char output[32];
@@ -619,9 +615,9 @@ void test_vec_ecb( int cipher_id, int operation, uint8_t * key,
                                        mbedtls_cipher_info_from_type( cipher_id ) ) );
 
 
-    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) );
+    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
 
-    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input,
+    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x,
                                      mbedtls_cipher_get_block_size( &ctx ),
                                      output, &outlen ) );
     TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) );
@@ -631,7 +627,7 @@ void test_vec_ecb( int cipher_id, int operation, uint8_t * key,
 
     /* check plaintext only if everything went fine */
     if( 0 == finish_result )
-        TEST_ASSERT( 0 == memcmp( output, result,
+        TEST_ASSERT( 0 == memcmp( output, result->x,
                                   mbedtls_cipher_get_block_size( &ctx ) ) );
 
 exit:
@@ -659,8 +655,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void check_padding( int pad_mode, uint8_t * input, uint32_t ilen, int ret,
-                    int dlen_check )
+void check_padding( int pad_mode, HexParam_t * input, int ret, int dlen_check
+                    )
 {
     mbedtls_cipher_info_t cipher_info;
     mbedtls_cipher_context_t ctx;
@@ -674,7 +670,7 @@ void check_padding( int pad_mode, uint8_t * input, uint32_t ilen, int ret,
     TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
 
 
-    TEST_ASSERT( ret == ctx.get_padding( input, ilen, &dlen ) );
+    TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) );
     if( 0 == ret )
         TEST_ASSERT( dlen == (size_t) dlen_check );
 }
diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index 08ee207ee..85b3be149 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -119,16 +119,13 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, int result )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_cmac_multiple_blocks( int cipher_type, uint8_t * key,
-                                   uint32_t key_len, int keybits,
-                                   int block_size, uint8_t * block1,
-                                   uint32_t block1_sz, int block1_len,
-                                   uint8_t * block2, uint32_t block2_sz,
-                                   int block2_len, uint8_t * block3,
-                                   uint32_t block3_sz, int block3_len,
-                                   uint8_t * block4, uint32_t block4_sz,
-                                   int block4_len, uint8_t * expected_result,
-                                   uint32_t expected_result_len )
+void mbedtls_cmac_multiple_blocks( int cipher_type, HexParam_t * key,
+                                   int keybits, int block_size,
+                                   HexParam_t * block1, int block1_len,
+                                   HexParam_t * block2, int block2_len,
+                                   HexParam_t * block3, int block3_len,
+                                   HexParam_t * block4, int block4_len,
+                                   HexParam_t * expected_result )
 {
     const mbedtls_cipher_info_t *cipher_info;
     mbedtls_cipher_context_t ctx;
@@ -151,34 +148,34 @@ void mbedtls_cmac_multiple_blocks( int cipher_type, uint8_t * key,
     TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
 
     TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx,
-                                             (const unsigned char*)key,
+                                             (const unsigned char*)key->x,
                                              keybits ) == 0 );
 
     /* Multiple partial and complete blocks. A negative length means skip the
      * update operation */
     if( block1_len >= 0)
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block1,
+                                                 (unsigned char*)block1->x,
                                                  block1_len ) == 0);
 
     if( block2_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block2,
+                                                 (unsigned char*)block2->x,
                                                  block2_len ) == 0);
 
     if( block3_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block3,
+                                                 (unsigned char*)block3->x,
                                                  block3_len ) == 0);
 
     if( block4_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block4,
+                                                 (unsigned char*)block4->x,
                                                  block4_len ) == 0);
 
     TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
 
-    TEST_ASSERT( memcmp( output, expected_result, block_size )  == 0 );
+    TEST_ASSERT( memcmp( output, expected_result->x, block_size )  == 0 );
 
 exit:
     mbedtls_cipher_free( &ctx );
@@ -187,31 +184,22 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
-                                                uint8_t * key,
-                                                uint32_t key_len, int keybits,
+                                                HexParam_t * key, int keybits,
                                                 int block_size,
-                                                uint8_t * block_a1,
-                                                uint32_t block_a1_sz,
+                                                HexParam_t * block_a1,
                                                 int block_a1_len,
-                                                uint8_t * block_a2,
-                                                uint32_t block_a2_sz,
+                                                HexParam_t * block_a2,
                                                 int block_a2_len,
-                                                uint8_t * block_a3,
-                                                uint32_t block_a3_sz,
+                                                HexParam_t * block_a3,
                                                 int block_a3_len,
-                                                uint8_t * expected_result_a,
-                                                uint32_t expected_result_a_len,
-                                                uint8_t * block_b1,
-                                                uint32_t block_b1_sz,
+                                                HexParam_t * expected_result_a,
+                                                HexParam_t * block_b1,
                                                 int block_b1_len,
-                                                uint8_t * block_b2,
-                                                uint32_t block_b2_sz,
+                                                HexParam_t * block_b2,
                                                 int block_b2_len,
-                                                uint8_t * block_b3,
-                                                uint32_t block_b3_sz,
+                                                HexParam_t * block_b3,
                                                 int block_b3_len,
-                                                uint8_t * expected_result_b,
-                                                uint32_t expected_result_b_len
+                                                HexParam_t * expected_result_b
                                                 )
 {
     const mbedtls_cipher_info_t *cipher_info;
@@ -240,7 +228,7 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
     TEST_ASSERT( mbedtls_cipher_setup( &ctx, cipher_info ) == 0 );
 
     TEST_ASSERT( mbedtls_cipher_cmac_starts( &ctx,
-                                             (const unsigned char*)key,
+                                             (const unsigned char*)key->x,
                                              keybits ) == 0 );
 
     /* Sequence A */
@@ -249,22 +237,22 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
      * update operation */
     if( block_a1_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block_a1,
+                                                 (unsigned char*)block_a1->x,
                                                  block_a1_len ) == 0);
 
     if( block_a2_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block_a2,
+                                                 (unsigned char*)block_a2->x,
                                                  block_a2_len ) == 0);
 
     if( block_a3_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block_a3,
+                                                 (unsigned char*)block_a3->x,
                                                   block_a3_len ) == 0);
 
     TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
 
-    TEST_ASSERT( memcmp( output, expected_result_a, block_size )  == 0 );
+    TEST_ASSERT( memcmp( output, expected_result_a->x, block_size )  == 0 );
 
     TEST_ASSERT( mbedtls_cipher_cmac_reset( &ctx ) == 0 );
 
@@ -274,22 +262,22 @@ void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
      * update operation */
     if( block_b1_len >= 0)
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block_b1,
+                                                 (unsigned char*)block_b1->x,
                                                  block_b1_len ) == 0);
 
     if( block_b2_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block_b2,
+                                                 (unsigned char*)block_b2->x,
                                                  block_b2_len ) == 0);
 
     if( block_b3_len >= 0 )
         TEST_ASSERT( mbedtls_cipher_cmac_update( &ctx,
-                                                 (unsigned char*)block_b3,
+                                                 (unsigned char*)block_b3->x,
                                                  block_b3_len ) == 0);
 
     TEST_ASSERT( mbedtls_cipher_cmac_finish( &ctx, output ) == 0 );
 
-    TEST_ASSERT( memcmp( output, expected_result_b, block_size )  == 0 );
+    TEST_ASSERT( memcmp( output, expected_result_b->x, block_size )  == 0 );
 
 exit:
     mbedtls_cipher_free( &ctx );
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 7dd3d5c39..619c76e19 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -51,11 +51,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ctr_drbg_validate_pr( uint8_t * add_init, uint32_t add_init_len,
-                           uint8_t * entropy, uint32_t entropy_len,
-                           uint8_t * add1, uint32_t add1_len, uint8_t * add2,
-                           uint32_t add2_len, uint8_t * result_str,
-                           uint32_t result_str_len )
+void ctr_drbg_validate_pr( HexParam_t * add_init, HexParam_t * entropy,
+                           HexParam_t * add1, HexParam_t * add2,
+                           HexParam_t * result_str )
 {
     mbedtls_ctr_drbg_context ctx;
     unsigned char buf[512];
@@ -64,12 +62,12 @@ void ctr_drbg_validate_pr( uint8_t * add_init, uint32_t add_init_len,
 
 
     test_offset_idx = 0;
-    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
+    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy->x, add_init->x, add_init->len, 32 ) == 0 );
     mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
 
-    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
-    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
-    TEST_ASSERT( hexcmp( buf, result_str, 16, result_str_len ) == 0 );
+    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1->x, add1->len ) == 0 );
+    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2->x, add2->len ) == 0 );
+    TEST_ASSERT( hexcmp( buf, result_str->x, 16, result_str->len ) == 0 );
 
 exit:
     mbedtls_ctr_drbg_free( &ctx );
@@ -77,12 +75,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ctr_drbg_validate_nopr( uint8_t * add_init, uint32_t add_init_len,
-                             uint8_t * entropy, uint32_t entropy_len,
-                             uint8_t * add1, uint32_t add1_len,
-                             uint8_t * add_reseed, uint32_t add_reseed_len,
-                             uint8_t * add2, uint32_t add2_len,
-                             uint8_t * result_str, uint32_t result_str_len )
+void ctr_drbg_validate_nopr( HexParam_t * add_init, HexParam_t * entropy,
+                             HexParam_t * add1, HexParam_t * add_reseed,
+                             HexParam_t * add2, HexParam_t * result_str )
 {
     mbedtls_ctr_drbg_context ctx;
     unsigned char buf[512];
@@ -91,12 +86,12 @@ void ctr_drbg_validate_nopr( uint8_t * add_init, uint32_t add_init_len,
 
 
     test_offset_idx = 0;
-    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
+    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy->x, add_init->x, add_init->len, 32 ) == 0 );
 
-    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
-    TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed, add_reseed_len ) == 0 );
-    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2, add2_len ) == 0 );
-    TEST_ASSERT( hexcmp( buf, result_str, 16, result_str_len ) == 0 );
+    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1->x, add1->len ) == 0 );
+    TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed->x, add_reseed->len ) == 0 );
+    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add2->x, add2->len ) == 0 );
+    TEST_ASSERT( hexcmp( buf, result_str->x, 16, result_str->len ) == 0 );
 
 exit:
     mbedtls_ctr_drbg_free( &ctx );
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 8c51bf20a..f517c8a9f 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -105,8 +105,7 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_debug_print_buf( char * file, int line, char * text,
-                              uint8_t * data, uint32_t data_len,
-                              char * result_str )
+                              HexParam_t * data, char * result_str )
 {
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
@@ -122,7 +121,7 @@ void mbedtls_debug_print_buf( char * file, int line, char * text,
 
     mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
 
-    mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
+    mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
 
     TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
 
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 3d1bb9235..8fab5e415 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -8,16 +8,15 @@
  */
 
 /* BEGIN_CASE */
-void des_check_weak( uint8_t * key, uint32_t key_len, int ret )
+void des_check_weak( HexParam_t * key, int ret )
 {
-    TEST_ASSERT( mbedtls_des_key_check_weak( key ) == ret );
+    TEST_ASSERT( mbedtls_des_key_check_weak( key->x ) == ret );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des_encrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
-                      uint8_t * src_str, uint32_t src_str_len,
-                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void des_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                      HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des_context ctx;
@@ -26,10 +25,10 @@ void des_encrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_enc( &ctx, key_str );
-    TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str, output ) == 0 );
+    mbedtls_des_setkey_enc( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_des_free( &ctx );
@@ -37,9 +36,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des_decrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
-                      uint8_t * src_str, uint32_t src_str_len,
-                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void des_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                      HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des_context ctx;
@@ -48,10 +46,10 @@ void des_decrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_dec( &ctx, key_str );
-    TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str, output ) == 0 );
+    mbedtls_des_setkey_dec( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_des_free( &ctx );
@@ -59,10 +57,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_encrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
-                      uint8_t * iv_str, uint32_t iv_str_len,
-                      uint8_t * src_str, uint32_t src_len,
-                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
+void des_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                      HexParam_t * src_str, HexParam_t * hex_dst_string,
                       int cbc_result )
 {
     unsigned char output[100];
@@ -72,12 +68,12 @@ void des_encrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_enc( &ctx, key_str );
-    TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+    mbedtls_des_setkey_enc( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -86,10 +82,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_decrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
-                      uint8_t * iv_str, uint32_t iv_str_len,
-                      uint8_t * src_str, uint32_t src_len,
-                      uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
+void des_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                      HexParam_t * src_str, HexParam_t * hex_dst_string,
                       int cbc_result )
 {
     unsigned char output[100];
@@ -99,12 +93,12 @@ void des_decrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
     mbedtls_des_init( &ctx );
 
 
-    mbedtls_des_setkey_dec( &ctx, key_str );
-    TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+    mbedtls_des_setkey_dec( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -113,9 +107,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des3_encrypt_ecb( int key_count, uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * src_str, uint32_t src_str_len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void des3_encrypt_ecb( int key_count, HexParam_t * key_str,
+                       HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
@@ -125,15 +118,15 @@ void des3_encrypt_ecb( int key_count, uint8_t * key_str, uint32_t key_str_len,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_enc( &ctx, key_str );
+        mbedtls_des3_set2key_enc( &ctx, key_str->x );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_enc( &ctx, key_str );
+        mbedtls_des3_set3key_enc( &ctx, key_str->x );
     else
         TEST_ASSERT( 0 );
 
-    TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str, output ) == 0 );
+    TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_des3_free( &ctx );
@@ -141,9 +134,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des3_decrypt_ecb( int key_count, uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * src_str, uint32_t src_str_len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void des3_decrypt_ecb( int key_count, HexParam_t * key_str,
+                       HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
@@ -153,15 +145,15 @@ void des3_decrypt_ecb( int key_count, uint8_t * key_str, uint32_t key_str_len,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_dec( &ctx, key_str );
+        mbedtls_des3_set2key_dec( &ctx, key_str->x );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_dec( &ctx, key_str );
+        mbedtls_des3_set3key_dec( &ctx, key_str->x );
     else
         TEST_ASSERT( 0 );
 
-    TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str, output ) == 0 );
+    TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
 
 exit:
     mbedtls_des3_free( &ctx );
@@ -169,11 +161,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_encrypt_cbc( int key_count, uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * iv_str, uint32_t iv_str_len,
-                       uint8_t * src_str, uint32_t src_len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
-                       int cbc_result )
+void des3_encrypt_cbc( int key_count, HexParam_t * key_str,
+                       HexParam_t * iv_str, HexParam_t * src_str,
+                       HexParam_t * hex_dst_string, int cbc_result )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
@@ -183,18 +173,18 @@ void des3_encrypt_cbc( int key_count, uint8_t * key_str, uint32_t key_str_len,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_enc( &ctx, key_str );
+        mbedtls_des3_set2key_enc( &ctx, key_str->x );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_enc( &ctx, key_str );
+        mbedtls_des3_set3key_enc( &ctx, key_str->x );
     else
         TEST_ASSERT( 0 );
 
-    TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+    TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
 
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
@@ -203,11 +193,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_decrypt_cbc( int key_count, uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * iv_str, uint32_t iv_str_len,
-                       uint8_t * src_str, uint32_t src_len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len,
-                       int cbc_result )
+void des3_decrypt_cbc( int key_count, HexParam_t * key_str,
+                       HexParam_t * iv_str, HexParam_t * src_str,
+                       HexParam_t * hex_dst_string, int cbc_result )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
@@ -217,18 +205,18 @@ void des3_decrypt_cbc( int key_count, uint8_t * key_str, uint32_t key_str_len,
 
 
     if( key_count == 2 )
-        mbedtls_des3_set2key_dec( &ctx, key_str );
+        mbedtls_des3_set2key_dec( &ctx, key_str->x );
     else if( key_count == 3 )
-        mbedtls_des3_set3key_dec( &ctx, key_str );
+        mbedtls_des3_set3key_dec( &ctx, key_str->x );
     else
         TEST_ASSERT( 0 );
 
-    TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_len, iv_str, src_str, output ) == cbc_result );
+    TEST_ASSERT( mbedtls_des3_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
 
     if( cbc_result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, src_len, hex_dst_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
     }
 
 exit:
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 0b88e653f..2d71828eb 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -43,11 +43,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecdh_primitive_testvec( int id, uint8_t * rnd_buf_A,
-                             uint32_t rnd_buf_A_len, char * xA_str,
-                             char * yA_str, uint8_t * rnd_buf_B,
-                             uint32_t rnd_buf_B_len, char * xB_str,
-                             char * yB_str, char * z_str )
+void ecdh_primitive_testvec( int id, HexParam_t * rnd_buf_A, char * xA_str,
+                             char * yA_str, HexParam_t * rnd_buf_B,
+                             char * xB_str, char * yB_str, char * z_str )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point qA, qB;
@@ -61,36 +59,36 @@ void ecdh_primitive_testvec( int id, uint8_t * rnd_buf_A,
 
     TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
 
-    rnd_info_A.buf = rnd_buf_A;
-    rnd_info_A.length = rnd_buf_A_len;
+    rnd_info_A.buf = rnd_buf_A->x;
+    rnd_info_A.length = rnd_buf_A->len;
 
-    /* Fix rnd_buf_A by shifting it left if necessary */
+    /* Fix rnd_buf_A->x by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
     {
         unsigned char shift = 8 - ( grp.nbits % 8 );
         size_t i;
 
         for( i = 0; i < rnd_info_A.length - 1; i++ )
-            rnd_buf_A[i] = rnd_buf_A[i] << shift
-                         | rnd_buf_A[i+1] >> ( 8 - shift );
+            rnd_buf_A->x[i] = rnd_buf_A->x[i] << shift
+                         | rnd_buf_A->x[i+1] >> ( 8 - shift );
 
-        rnd_buf_A[rnd_info_A.length-1] <<= shift;
+        rnd_buf_A->x[rnd_info_A.length-1] <<= shift;
     }
 
-    rnd_info_B.buf = rnd_buf_B;
-    rnd_info_B.length = rnd_buf_B_len;
+    rnd_info_B.buf = rnd_buf_B->x;
+    rnd_info_B.length = rnd_buf_B->len;
 
-    /* Fix rnd_buf_B by shifting it left if necessary */
+    /* Fix rnd_buf_B->x by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
     {
         unsigned char shift = 8 - ( grp.nbits % 8 );
         size_t i;
 
         for( i = 0; i < rnd_info_B.length - 1; i++ )
-            rnd_buf_B[i] = rnd_buf_B[i] << shift
-                         | rnd_buf_B[i+1] >> ( 8 - shift );
+            rnd_buf_B->x[i] = rnd_buf_B->x[i] << shift
+                         | rnd_buf_B->x[i+1] >> ( 8 - shift );
 
-        rnd_buf_B[rnd_info_B.length-1] <<= shift;
+        rnd_buf_B->x[rnd_info_B.length-1] <<= shift;
     }
 
     TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 5398ab5be..65d497d53 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -41,9 +41,8 @@ exit:
 
 /* BEGIN_CASE */
 void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
-                              char * yQ_str, uint8_t * rnd_buf,
-                              uint32_t rnd_buf_len, uint8_t * hash,
-                              uint32_t hlen, char * r_str, char * s_str,
+                              char * yQ_str, HexParam_t * rnd_buf,
+                              HexParam_t * hash, char * r_str, char * s_str,
                               int result )
 {
     mbedtls_ecp_group grp;
@@ -61,22 +60,22 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
     TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
-    rnd_info.buf = rnd_buf;
-    rnd_info.length = rnd_buf_len;
+    rnd_info.buf = rnd_buf->x;
+    rnd_info.length = rnd_buf->len;
 
-    /* Fix rnd_buf by shifting it left if necessary */
+    /* Fix rnd_buf->x by shifting it left if necessary */
     if( grp.nbits % 8 != 0 )
     {
         unsigned char shift = 8 - ( grp.nbits % 8 );
         size_t i;
 
         for( i = 0; i < rnd_info.length - 1; i++ )
-            rnd_buf[i] = rnd_buf[i] << shift | rnd_buf[i+1] >> ( 8 - shift );
+            rnd_buf->x[i] = rnd_buf->x[i] << shift | rnd_buf->x[i+1] >> ( 8 - shift );
 
-        rnd_buf[rnd_info.length-1] <<= shift;
+        rnd_buf->x[rnd_info.length-1] <<= shift;
     }
 
-    TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash, hlen,
+    TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
                  rnd_buffer_rand, &rnd_info ) == result );
 
     if ( result == 0)
@@ -84,7 +83,7 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
 
-        TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 );
+        TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash->x, hash->len, &Q, &r_check, &s_check ) == 0 );
     }
 
 exit:
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index e108a89a7..2579704a7 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -106,48 +106,33 @@ void ecjpake_selftest(  )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_one( int role, char * data, int ref_ret )
+void read_round_one( int role, HexParam_t * msg, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
-
     const unsigned char * pw = NULL;
     const size_t pw_len = 0;
 
-    unsigned char *msg;
-    size_t len;
-
     mbedtls_ecjpake_init( &ctx );
 
-    msg = unhexify_alloc( data, &len );
-    TEST_ASSERT( msg != NULL );
-
     TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, role,
                  MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &ctx, msg, len ) == ref_ret );
+    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &ctx, msg->x, msg->len ) == ref_ret );
 
 exit:
     mbedtls_ecjpake_free( &ctx );
-    mbedtls_free( msg );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_cli( char * data, int ref_ret )
+void read_round_two_cli( HexParam_t * msg, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
-
     const unsigned char * pw = NULL;
     const size_t pw_len = 0;
 
-    unsigned char *msg;
-    size_t len;
-
     mbedtls_ecjpake_init( &ctx );
 
-    msg = unhexify_alloc( data, &len );
-    TEST_ASSERT( msg != NULL );
-
     TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_CLIENT,
                  MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
 
@@ -157,30 +142,22 @@ void read_round_two_cli( char * data, int ref_ret )
                  ADD_SIZE( ecjpake_test_X3 ), ADD_SIZE( ecjpake_test_X4 ) )
             == 0 );
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg, len ) == ref_ret );
+    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg->x, msg->len ) == ref_ret );
 
 exit:
     mbedtls_ecjpake_free( &ctx );
-    mbedtls_free( msg );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_srv( char * data, int ref_ret )
+void read_round_two_srv( HexParam_t * msg, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
-
     const unsigned char * pw = NULL;
     const size_t pw_len = 0;
 
-    unsigned char *msg;
-    size_t len;
-
     mbedtls_ecjpake_init( &ctx );
 
-    msg = unhexify_alloc( data, &len );
-    TEST_ASSERT( msg != NULL );
-
     TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_SERVER,
                  MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
 
@@ -190,10 +167,9 @@ void read_round_two_srv( char * data, int ref_ret )
                  ADD_SIZE( ecjpake_test_X1 ), ADD_SIZE( ecjpake_test_X2 ) )
             == 0 );
 
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg, len ) == ref_ret );
+    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &ctx, msg->x, msg->len ) == ref_ret );
 
 exit:
     mbedtls_ecjpake_free( &ctx );
-    mbedtls_free( msg );
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 8c8dac04a..d5a092668 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -193,7 +193,7 @@ exit:
 
 /* BEGIN_CASE */
 void ecp_write_binary( int id, char * x, char * y, char * z, int format,
-                       uint8_t * out, uint32_t out_len, int blen, int ret )
+                       HexParam_t * out, int blen, int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
@@ -215,7 +215,7 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format,
 
     if( ret == 0 )
     {
-        TEST_ASSERT( hexcmp( buf, out, olen, out_len ) == 0 );
+        TEST_ASSERT( hexcmp( buf, out->x, olen, out->len ) == 0 );
     }
 
 exit:
@@ -224,8 +224,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_read_binary( int id, uint8_t * buf, uint32_t ilen, char * x,
-                      char * y, char * z, int ret )
+void ecp_read_binary( int id, HexParam_t * buf, char * x, char * y, char * z,
+                      int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
@@ -241,7 +241,7 @@ void ecp_read_binary( int id, uint8_t * buf, uint32_t ilen, char * x,
     TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
 
-    TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf, ilen ) == ret );
+    TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret );
 
     if( ret == 0 )
     {
@@ -257,13 +257,13 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_tls_read_point( int id, uint8_t * buf, uint32_t ilen,
-                                 char * x, char * y, char * z, int ret )
+void mbedtls_ecp_tls_read_point( int id, HexParam_t * buf, char * x, char * y,
+                                 char * z, int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
     mbedtls_mpi X, Y, Z;
-    const unsigned char *vbuf = buf;
+    const unsigned char *vbuf = buf->x;
 
 
     mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P );
@@ -275,14 +275,14 @@ void mbedtls_ecp_tls_read_point( int id, uint8_t * buf, uint32_t ilen,
     TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
 
-    TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, ilen ) == ret );
+    TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret );
 
     if( ret == 0 )
     {
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
-        TEST_ASSERT( vbuf - buf == ilen );
+        TEST_ASSERT( (uint32_t)( vbuf - buf->x ) == buf->len );
     }
 
 exit:
@@ -344,22 +344,22 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_tls_read_group( uint8_t * buf, uint32_t len, int result,
-                                 int bits, int record_len )
+void mbedtls_ecp_tls_read_group( HexParam_t * buf, int result, int bits,
+                                 int record_len )
 {
     mbedtls_ecp_group grp;
-    const unsigned char *vbuf = buf;
+    const unsigned char *vbuf = buf->x;
     int ret;
 
     mbedtls_ecp_group_init( &grp );
 
-    ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, len );
+    ret = mbedtls_ecp_tls_read_group( &grp, &vbuf, buf->len );
 
     TEST_ASSERT( ret == result );
     if( ret == 0)
     {
         TEST_ASSERT( mbedtls_mpi_bitlen( &grp.P ) == (size_t) bits );
-        TEST_ASSERT( vbuf - buf ==  record_len);
+        TEST_ASSERT( vbuf - buf->x ==  record_len);
     }
 
 exit:
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index c34c1854a..9b54f3027 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -302,7 +302,7 @@ void entropy_nv_seed_std_io(  )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-void entropy_nv_seed( uint8_t * read_seed, uint32_t read_seed_len )
+void entropy_nv_seed( HexParam_t * read_seed )
 {
     mbedtls_sha512_context accumulator;
     mbedtls_entropy_context ctx;
@@ -311,7 +311,7 @@ void entropy_nv_seed( uint8_t * read_seed, uint32_t read_seed_len )
     unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char empty[MBEDTLS_ENTROPY_BLOCK_SIZE];
-    unsigned char read_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
+    unsigned char read_seed->x[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
@@ -323,7 +323,7 @@ void entropy_nv_seed( uint8_t * read_seed, uint32_t read_seed_len )
     memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
     // Set the initial NV seed to read
-    memcpy( buffer_seed, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    memcpy( buffer_seed, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
     // Make sure we read/write NV seed from our buffers
     mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write );
@@ -348,7 +348,7 @@ void entropy_nv_seed( uint8_t * read_seed, uint32_t read_seed_len )
     // First run for updating write_seed
     header[0] = 0;
     mbedtls_sha512_update( &accumulator, header, 2 );
-    mbedtls_sha512_update( &accumulator, read_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    mbedtls_sha512_update( &accumulator, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE );
     mbedtls_sha512_finish( &accumulator, buf );
 
     memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) );
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 17d79c579..c0e799c19 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -51,14 +51,11 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void gcm_encrypt_and_tag( int cipher_id, uint8_t * key_str, uint32_t key_len,
-                          uint8_t * src_str, uint32_t pt_len,
-                          uint8_t * iv_str, uint32_t iv_len,
-                          uint8_t * add_str, uint32_t add_len,
-                          uint8_t * hex_dst_string,
-                          uint32_t hex_dst_string_len, int tag_len_bits,
-                          uint8_t * hex_tag_string,
-                          uint32_t hex_tag_string_len, int init_result )
+void gcm_encrypt_and_tag( int cipher_id, HexParam_t * key_str,
+                          HexParam_t * src_str, HexParam_t * iv_str,
+                          HexParam_t * add_str, HexParam_t * hex_dst_string,
+                          int tag_len_bits, HexParam_t * hex_tag_string,
+                          int init_result )
 {
     unsigned char output[128];
     unsigned char tag_output[16];
@@ -71,13 +68,13 @@ void gcm_encrypt_and_tag( int cipher_id, uint8_t * key_str, uint32_t key_len,
     memset(tag_output, 0x00, 16);
 
 
-    TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
+    TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
     if( init_result == 0 )
     {
-        TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, pt_len, iv_str, iv_len, add_str, add_len, src_str, output, tag_len, tag_output ) == 0 );
+        TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 );
 
-        TEST_ASSERT( hexcmp( output, hex_dst_string, pt_len, hex_dst_string_len ) == 0 );
-        TEST_ASSERT( hexcmp( tag_output, hex_tag_string, tag_len, hex_tag_string_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+        TEST_ASSERT( hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 );
     }
 
 exit:
@@ -86,14 +83,11 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void gcm_decrypt_and_verify( int cipher_id, uint8_t * key_str,
-                             uint32_t key_len, uint8_t * src_str,
-                             uint32_t pt_len, uint8_t * iv_str,
-                             uint32_t iv_len, uint8_t * add_str,
-                             uint32_t add_len, int tag_len_bits,
-                             uint8_t * tag_str, uint32_t tag_str_len,
-                             char * result, uint8_t * pt_result,
-                             uint32_t pt_result_len, int init_result )
+void gcm_decrypt_and_verify( int cipher_id, HexParam_t * key_str,
+                             HexParam_t * src_str, HexParam_t * iv_str,
+                             HexParam_t * add_str, int tag_len_bits,
+                             HexParam_t * tag_str, char * result,
+                             HexParam_t * pt_result, int init_result )
 {
     unsigned char output[128];
     mbedtls_gcm_context ctx;
@@ -105,10 +99,10 @@ void gcm_decrypt_and_verify( int cipher_id, uint8_t * key_str,
     memset(output, 0x00, 128);
 
 
-    TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == init_result );
+    TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
     if( init_result == 0 )
     {
-        ret = mbedtls_gcm_auth_decrypt( &ctx, pt_len, iv_str, iv_len, add_str, add_len, tag_str, tag_len, src_str, output );
+        ret = mbedtls_gcm_auth_decrypt( &ctx, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, tag_str->x, tag_len, src_str->x, output );
 
         if( strcmp( "FAIL", result ) == 0 )
         {
@@ -118,7 +112,7 @@ void gcm_decrypt_and_verify( int cipher_id, uint8_t * key_str,
         {
             TEST_ASSERT( ret == 0 );
 
-            TEST_ASSERT( hexcmp( output, pt_result, pt_len, pt_result_len ) == 0 );
+            TEST_ASSERT( hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 );
         }
     }
 
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index cf1f3683a..aeea62c36 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -161,12 +161,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_no_reseed( int md_alg, uint8_t * entropy,
-                          uint32_t entropy_len, uint8_t * custom,
-                          uint32_t custom_len, uint8_t * add1,
-                          uint32_t add1_len, uint8_t * add2,
-                          uint32_t add2_len, uint8_t * output,
-                          uint32_t out_len )
+void hmac_drbg_no_reseed( int md_alg, HexParam_t * entropy,
+                          HexParam_t * custom, HexParam_t * add1,
+                          HexParam_t * add2, HexParam_t * output )
 {
     unsigned char data[1024];
     unsigned char my_output[512];
@@ -176,35 +173,35 @@ void hmac_drbg_no_reseed( int md_alg, uint8_t * entropy,
 
     mbedtls_hmac_drbg_init( &ctx );
 
-    p_entropy.p = entropy;
-    p_entropy.len = entropy_len;
+    p_entropy.p = entropy->x;
+    p_entropy.len = entropy->len;
 
     md_info = mbedtls_md_info_from_type( md_alg );
     TEST_ASSERT( md_info != NULL );
 
     /* Test the simplified buffer-based variant */
-    memcpy( data, entropy, p_entropy.len );
-    memcpy( data + p_entropy.len, custom, custom_len );
+    memcpy( data, entropy->x, p_entropy.len );
+    memcpy( data + p_entropy.len, custom->x, custom->len );
     TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info,
-                                     data, p_entropy.len + custom_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add1, add1_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add2, add2_len ) == 0 );
+                                     data, p_entropy.len + custom->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add1->x, add1->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add2->x, add2->len ) == 0 );
 
     /* clear for second run */
     mbedtls_hmac_drbg_free( &ctx );
 
-    TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+    TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
 
     /* And now the normal entropy-based variant */
     TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
-                                 custom, custom_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add1, add1_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add2, add2_len ) == 0 );
-    TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+                                 custom->x, custom->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add1->x, add1->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add2->x, add2->len ) == 0 );
+    TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
 
 exit:
     mbedtls_hmac_drbg_free( &ctx );
@@ -212,11 +209,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_nopr( int md_alg, uint8_t * entropy, uint32_t entropy_len,
-                     uint8_t * custom, uint32_t custom_len, uint8_t * add1,
-                     uint32_t add1_len, uint8_t * add2, uint32_t add2_len,
-                     uint8_t * add3, uint32_t add3_len, uint8_t * output,
-                     uint32_t out_len )
+void hmac_drbg_nopr( int md_alg, HexParam_t * entropy, HexParam_t * custom,
+                     HexParam_t * add1, HexParam_t * add2, HexParam_t * add3,
+                     HexParam_t * output )
 {
     unsigned char my_output[512];
     entropy_ctx p_entropy;
@@ -225,21 +220,21 @@ void hmac_drbg_nopr( int md_alg, uint8_t * entropy, uint32_t entropy_len,
 
     mbedtls_hmac_drbg_init( &ctx );
 
-    p_entropy.p = entropy;
-    p_entropy.len = entropy_len;
+    p_entropy.p = entropy->x;
+    p_entropy.len = entropy->len;
 
     md_info = mbedtls_md_info_from_type( md_alg );
     TEST_ASSERT( md_info != NULL );
 
     TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
-                                 custom, custom_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1, add1_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add2, add2_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add3, add3_len ) == 0 );
+                                 custom->x, custom->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_reseed( &ctx, add1->x, add1->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add2->x, add2->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add3->x, add3->len ) == 0 );
 
-    TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+    TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
 
 exit:
     mbedtls_hmac_drbg_free( &ctx );
@@ -247,10 +242,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_pr( int md_alg, uint8_t * entropy, uint32_t entropy_len,
-                   uint8_t * custom, uint32_t custom_len, uint8_t * add1,
-                   uint32_t add1_len, uint8_t * add2, uint32_t add2_len,
-                   uint8_t * output, uint32_t out_len )
+void hmac_drbg_pr( int md_alg, HexParam_t * entropy, HexParam_t * custom,
+                   HexParam_t * add1, HexParam_t * add2, HexParam_t * output )
 {
     unsigned char my_output[512];
     entropy_ctx p_entropy;
@@ -259,21 +252,21 @@ void hmac_drbg_pr( int md_alg, uint8_t * entropy, uint32_t entropy_len,
 
     mbedtls_hmac_drbg_init( &ctx );
 
-    p_entropy.p = entropy;
-    p_entropy.len = entropy_len;
+    p_entropy.p = entropy->x;
+    p_entropy.len = entropy->len;
 
     md_info = mbedtls_md_info_from_type( md_alg );
     TEST_ASSERT( md_info != NULL );
 
     TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy,
-                                 custom, custom_len ) == 0 );
+                                 custom->x, custom->len ) == 0 );
     mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add1, add1_len ) == 0 );
-    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, out_len,
-                                            add2, add2_len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add1->x, add1->len ) == 0 );
+    TEST_ASSERT( mbedtls_hmac_drbg_random_with_add( &ctx, my_output, output->len,
+                                            add2->x, add2->len ) == 0 );
 
-    TEST_ASSERT( memcmp( my_output, output, out_len ) == 0 );
+    TEST_ASSERT( memcmp( my_output, output->x, output->len ) == 0 );
 
 exit:
     mbedtls_hmac_drbg_free( &ctx );
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 23758ebdd..07e2d5849 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -127,7 +127,7 @@ void md_info( int md_type, char * md_name, int md_size )
 
 /* BEGIN_CASE */
 void md_text( char * text_md_name, char * text_src_string,
-              uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+              HexParam_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char src_str[1000];
@@ -145,13 +145,13 @@ void md_text( char * text_md_name, char * text_src_string,
 
     TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hex( char * text_md_name, uint8_t * src_str, uint32_t src_len,
-             uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+void md_hex( char * text_md_name, HexParam_t * src_str,
+             HexParam_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -164,17 +164,17 @@ void md_hex( char * text_md_name, uint8_t * src_str, uint32_t src_len,
     md_info = mbedtls_md_info_from_string( md_name );
     TEST_ASSERT( md_info != NULL );
 
-    TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, src_len, output ) );
+    TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) );
 
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string,
-                 mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x,
+                 mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
 void md_text_multi( char * text_md_name, char * text_src_string,
-                    uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+                    HexParam_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char src_str[1000];
@@ -208,15 +208,15 @@ void md_text_multi( char * text_md_name, char * text_src_string,
 
     TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
-    TEST_ASSERT( hexcmp( output, hex_hash_string,
-                 mbedtls_md_get_size( md_info ), hex_hash_string_len) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x,
+                 mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 );
 
     /* Test clone */
     memset( output, 0x00, 100 );
 
     TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
-    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -225,8 +225,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hex_multi( char * text_md_name, uint8_t * src_str, uint32_t src_len,
-                   uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+void md_hex_multi( char * text_md_name, HexParam_t * src_str,
+                   HexParam_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -246,23 +246,23 @@ void md_hex_multi( char * text_md_name, uint8_t * src_str, uint32_t src_len,
     TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) );
     TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) );
 
-    halfway = src_len / 2;
+    halfway = src_str->len / 2;
 
     TEST_ASSERT ( 0 == mbedtls_md_starts( &ctx ) );
     TEST_ASSERT ( ctx.md_ctx != NULL );
-    TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str, halfway ) );
+    TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x, halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_clone( &ctx_copy, &ctx ) );
 
-    TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, src_len - halfway) );
+    TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
-    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
 
     /* Test clone */
     memset( output, 0x00, 100 );
 
-    TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, src_len - halfway ) );
+    TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
-    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -271,9 +271,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_md_hmac( char * text_md_name, int trunc_size, uint8_t * key_str,
-                      uint32_t key_len, uint8_t * src_str, uint32_t src_len,
-                      uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+void mbedtls_md_hmac( char * text_md_name, int trunc_size,
+                      HexParam_t * key_str, HexParam_t * src_str,
+                      HexParam_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -287,16 +287,15 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, uint8_t * key_str,
     TEST_ASSERT( md_info != NULL );
 
 
-    TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str, key_len, src_str, src_len, output ) == 0 );
+    TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hmac_multi( char * text_md_name, int trunc_size, uint8_t * key_str,
-                    uint32_t key_len, uint8_t * src_str, uint32_t src_len,
-                    uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+void md_hmac_multi( char * text_md_name, int trunc_size, HexParam_t * key_str,
+                    HexParam_t * src_str, HexParam_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -314,25 +313,25 @@ void md_hmac_multi( char * text_md_name, int trunc_size, uint8_t * key_str,
     TEST_ASSERT( md_info != NULL );
     TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) );
 
-    halfway = src_len / 2;
+    halfway = src_str->len / 2;
 
-    TEST_ASSERT ( 0 == mbedtls_md_hmac_starts( &ctx, key_str, key_len ) );
+    TEST_ASSERT ( 0 == mbedtls_md_hmac_starts( &ctx, key_str->x, key_str->len ) );
     TEST_ASSERT ( ctx.md_ctx != NULL );
-    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, halfway ) );
-    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
+    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x, halfway ) );
+    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
 
     /* Test again, for reset() */
     memset( output, 0x00, 100 );
 
     TEST_ASSERT ( 0 == mbedtls_md_hmac_reset( &ctx ) );
-    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str, halfway ) );
-    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str + halfway, src_len - halfway ) );
+    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x, halfway ) );
+    TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
     TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, trunc_size, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -341,8 +340,7 @@ exit:
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
 void mbedtls_md_file( char * text_md_name, char * filename,
-                      uint8_t * hex_hash_string, uint32_t hex_hash_string_len
-                      )
+                      HexParam_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -357,6 +355,6 @@ void mbedtls_md_file( char * text_md_name, char * filename,
 
     TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, mbedtls_md_get_size( md_info ), hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 7fe5e06f7..ddfe3697b 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -6,8 +6,7 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char * text_src_string, uint8_t * hex_hash_string,
-               uint32_t hex_hash_string_len )
+void md2_text( char * text_src_string, HexParam_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
@@ -21,13 +20,12 @@ void md2_text( char * text_src_string, uint8_t * hex_hash_string,
     ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 ) ;
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof  output, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof  output, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char * text_src_string, uint8_t * hex_hash_string,
-               uint32_t hex_hash_string_len )
+void md4_text( char * text_src_string, HexParam_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
@@ -41,13 +39,12 @@ void md4_text( char * text_src_string, uint8_t * hex_hash_string,
     ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof  output, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof  output, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
-void md5_text( char * text_src_string, uint8_t * hex_hash_string,
-               uint32_t hex_hash_string_len )
+void md5_text( char * text_src_string, HexParam_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
@@ -61,13 +58,12 @@ void md5_text( char * text_src_string, uint8_t * hex_hash_string,
     ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof  output, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof  output, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */
-void ripemd160_text( char * text_src_string, uint8_t * hex_hash_string,
-                     uint32_t hex_hash_string_len )
+void ripemd160_text( char * text_src_string, HexParam_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
@@ -81,7 +77,7 @@ void ripemd160_text( char * text_src_string, uint8_t * hex_hash_string,
     ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, sizeof output, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index da0d5e415..4b7a04859 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -53,8 +53,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_read_binary( uint8_t * buf, uint32_t input_len, int radix_A,
-                              char * input_A )
+void mbedtls_mpi_read_binary( HexParam_t * buf, int radix_A, char * input_A )
 {
     mbedtls_mpi X;
     unsigned char str[1000];
@@ -63,7 +62,7 @@ void mbedtls_mpi_read_binary( uint8_t * buf, uint32_t input_len, int radix_A,
     mbedtls_mpi_init( &X );
 
 
-    TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf, input_len ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
     TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, (char *) str, sizeof( str ), &len ) == 0 );
     TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
 
@@ -73,8 +72,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_write_binary( int radix_X, char * input_X, uint8_t * input_A,
-                               uint32_t input_A_len, int output_size,
+void mbedtls_mpi_write_binary( int radix_X, char * input_X,
+                               HexParam_t * input_A, int output_size,
                                int result )
 {
     mbedtls_mpi X;
@@ -95,7 +94,7 @@ void mbedtls_mpi_write_binary( int radix_X, char * input_X, uint8_t * input_A,
     if( result == 0)
     {
 
-        TEST_ASSERT( hexcmp( buf, input_A, buflen, input_A_len ) == 0 );
+        TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
     }
 
 exit:
@@ -104,8 +103,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_read_file( int radix_X, char * input_file, uint8_t * input_A,
-                            uint32_t input_A_len, int result )
+void mbedtls_mpi_read_file( int radix_X, char * input_file,
+                            HexParam_t * input_A, int result )
 {
     mbedtls_mpi X;
     unsigned char buf[1000];
@@ -129,7 +128,7 @@ void mbedtls_mpi_read_file( int radix_X, char * input_file, uint8_t * input_A,
         TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
 
 
-        TEST_ASSERT( hexcmp( buf, input_A, buflen, input_A_len ) == 0 );
+        TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
     }
 
 exit:
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 222d581c0..dcd53d653 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -6,21 +6,21 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void mbedtls_pem_write_buffer( char * start, char * end, uint8_t * buf,
-                               uint32_t buf_len, char * result_str )
+void mbedtls_pem_write_buffer( char * start, char * end, HexParam_t * buf,
+                               char * result_str )
 {
     unsigned char *check_buf = NULL;
     int ret;
     size_t olen = 0, olen2 = 0;
 
 
-    ret = mbedtls_pem_write_buffer( start, end, buf, buf_len, NULL, 0, &olen );
+    ret = mbedtls_pem_write_buffer( start, end, buf->x, buf->len, NULL, 0, &olen );
     TEST_ASSERT( ret == MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
 
     check_buf = (unsigned char *) mbedtls_calloc( 1, olen );
     TEST_ASSERT( check_buf != NULL );
 
-    ret = mbedtls_pem_write_buffer( start, end, buf, buf_len, check_buf, olen, &olen2 );
+    ret = mbedtls_pem_write_buffer( start, end, buf->x, buf->len, check_buf, olen, &olen2 );
 
     TEST_ASSERT( olen2 <= olen );
     TEST_ASSERT( olen > strlen( (char*) result_str ) );
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 4219c9d8d..23e3a69e2 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -121,10 +121,9 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_test_vec( uint8_t * message_str, uint32_t msg_len,
-                             int digest, int mod, int radix_N, char * input_N,
-                             int radix_E, char * input_E,
-                             uint8_t * result_str, uint32_t result_str_len,
+void pk_rsa_verify_test_vec( HexParam_t * message_str, int digest, int mod,
+                             int radix_N, char * input_N, int radix_E,
+                             char * input_E, HexParam_t * result_str,
                              int result )
 {
     unsigned char hash_result[1000];
@@ -144,10 +143,10 @@ void pk_rsa_verify_test_vec( uint8_t * message_str, uint32_t msg_len,
 
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
-        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
 
     TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0,
-                            result_str, mbedtls_pk_get_len( &pk ) ) == result );
+                            result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
 
 exit:
     mbedtls_pk_free( &pk );
@@ -155,11 +154,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_ext_test_vec( uint8_t * message_str, uint32_t msg_len,
-                                 int digest, int mod, int radix_N,
-                                 char * input_N, int radix_E, char * input_E,
-                                 uint8_t * result_str,
-                                 uint32_t result_str_len, int pk_type,
+void pk_rsa_verify_ext_test_vec( HexParam_t * message_str, int digest,
+                                 int mod, int radix_N, char * input_N,
+                                 int radix_E, char * input_E,
+                                 HexParam_t * result_str, int pk_type,
                                  int mgf1_hash_id, int salt_len, int result )
 {
     unsigned char hash_result[1000];
@@ -184,13 +182,13 @@ void pk_rsa_verify_ext_test_vec( uint8_t * message_str, uint32_t msg_len,
     if( digest != MBEDTLS_MD_NONE )
     {
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
-                     message_str, msg_len, hash_result ) == 0 );
+                     message_str->x, message_str->len, hash_result ) == 0 );
         hash_len = 0;
     }
     else
     {
-        memcpy( hash_result, message_str, msg_len );
-        hash_len = msg_len;
+        memcpy( hash_result, message_str->x, message_str->len );
+        hash_len = message_str->len;
     }
 
     if( mgf1_hash_id < 0 )
@@ -207,7 +205,7 @@ void pk_rsa_verify_ext_test_vec( uint8_t * message_str, uint32_t msg_len,
 
     TEST_ASSERT( mbedtls_pk_verify_ext( pk_type, options, &pk,
                                 digest, hash_result, hash_len,
-                                result_str, mbedtls_pk_get_len( &pk ) ) == result );
+                                result_str->x, mbedtls_pk_get_len( &pk ) ) == result );
 
 exit:
     mbedtls_pk_free( &pk );
@@ -215,9 +213,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
-void pk_ec_test_vec( int type, int id, uint8_t * key, uint32_t key_len,
-                     uint8_t * hash, uint32_t hash_len, uint8_t * sig,
-                     uint32_t sig_len, int ret )
+void pk_ec_test_vec( int type, int id, HexParam_t * key, HexParam_t * hash,
+                     HexParam_t * sig, int ret )
 {
     mbedtls_pk_context pk;
     mbedtls_ecp_keypair *eckey;
@@ -232,10 +229,10 @@ void pk_ec_test_vec( int type, int id, uint8_t * key, uint32_t key_len,
 
     TEST_ASSERT( mbedtls_ecp_group_load( &eckey->grp, id ) == 0 );
     TEST_ASSERT( mbedtls_ecp_point_read_binary( &eckey->grp, &eckey->Q,
-                                        key, key_len ) == 0 );
+                                        key->x, key->len ) == 0 );
 
     TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE,
-                            hash, hash_len, sig, sig_len ) == ret );
+                            hash->x, hash->len, sig->x, sig->len ) == ret );
 
 exit:
     mbedtls_pk_free( &pk );
@@ -269,10 +266,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_encrypt_test_vec( uint8_t * message, uint32_t msg_len, int mod,
-                              int radix_N, char * input_N, int radix_E,
-                              char * input_E, uint8_t * result,
-                              uint32_t res_len, int ret )
+void pk_rsa_encrypt_test_vec( HexParam_t * message, int mod, int radix_N,
+                              char * input_N, int radix_E, char * input_E,
+                              HexParam_t * result, int ret )
 {
     unsigned char output[1000];
     rnd_pseudo_info rnd_info;
@@ -292,11 +288,11 @@ void pk_rsa_encrypt_test_vec( uint8_t * message, uint32_t msg_len, int mod,
     TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
     TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
 
-    TEST_ASSERT( mbedtls_pk_encrypt( &pk, message, msg_len,
+    TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
                              output, &olen, sizeof( output ),
                              rnd_pseudo_rand, &rnd_info ) == ret );
-    TEST_ASSERT( olen == res_len );
-    TEST_ASSERT( memcmp( output, result, olen ) == 0 );
+    TEST_ASSERT( olen == result->len );
+    TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
 
 exit:
     mbedtls_pk_free( &pk );
@@ -304,11 +300,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_decrypt_test_vec( uint8_t * cipher, uint32_t cipher_len, int mod,
-                              int radix_P, char * input_P, int radix_Q,
-                              char * input_Q, int radix_N, char * input_N,
-                              int radix_E, char * input_E, uint8_t * clear,
-                              uint32_t clear_len, int ret )
+void pk_rsa_decrypt_test_vec( HexParam_t * cipher, int mod, int radix_P,
+                              char * input_P, int radix_Q, char * input_Q,
+                              int radix_N, char * input_N, int radix_E,
+                              char * input_E, HexParam_t * clear, int ret )
 {
     unsigned char output[1000];
     rnd_pseudo_info rnd_info;
@@ -342,13 +337,13 @@ void pk_rsa_decrypt_test_vec( uint8_t * cipher, uint32_t cipher_len, int mod,
     /* decryption test */
     memset( output, 0, sizeof( output ) );
     olen = 0;
-    TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher, cipher_len,
+    TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
                              output, &olen, sizeof( output ),
                              rnd_pseudo_rand, &rnd_info ) == ret );
     if( ret == 0 )
     {
-        TEST_ASSERT( olen == clear_len );
-        TEST_ASSERT( memcmp( output, clear, olen ) == 0 );
+        TEST_ASSERT( olen == clear->len );
+        TEST_ASSERT( memcmp( output, clear->x, olen ) == 0 );
     }
 
 exit:
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 7b57bee53..9cf3b1934 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -11,18 +11,16 @@
 /* BEGIN_CASE */
 void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
                               int radix_E, char * input_E, int hash,
-                              uint8_t * message_str, uint32_t msg_len,
-                              uint8_t * rnd_buf, uint32_t rnd_buf_len,
-                              uint8_t * result_hex_str,
-                              uint32_t result_hex_str_len, int result )
+                              HexParam_t * message_str, HexParam_t * rnd_buf,
+                              HexParam_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
     rnd_buf_info info;
     mbedtls_mpi N, E;
 
-    info.buf = rnd_buf;
-    info.length = rnd_buf_len;
+    info.buf = rnd_buf->x;
+    info.length = rnd_buf->len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
@@ -35,11 +33,11 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -52,8 +50,8 @@ exit:
 void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
                               int radix_Q, char * input_Q, int radix_N,
                               char * input_N, int radix_E, char * input_E,
-                              int hash, uint8_t * result_hex_str, uint32_t result_hex_str_len,
-                              char * seed, uint8_t * message_str, uint32_t message_str_len,
+                              int hash, HexParam_t * result_hex_str,
+                              char * seed, HexParam_t * message_str,
                               int result )
 {
     unsigned char output[1000];
@@ -81,11 +79,11 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, output_len, result_hex_str_len) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 );
     }
 
 exit:
@@ -99,10 +97,8 @@ exit:
 void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
                             char * input_Q, int radix_N, char * input_N,
                             int radix_E, char * input_E, int digest, int hash,
-                            uint8_t * message_str, uint32_t msg_len,
-                            uint8_t * rnd_buf, uint32_t rnd_buf_len,
-                            uint8_t * result_hex_str,
-                            uint32_t result_hex_str_len, int result )
+                            HexParam_t * message_str, HexParam_t * rnd_buf,
+                            HexParam_t * result_hex_str, int result )
 {
     unsigned char hash_result[1000];
     unsigned char output[1000];
@@ -110,8 +106,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
     mbedtls_mpi N, P, Q, E;
     rnd_buf_info info;
 
-    info.buf = rnd_buf;
-    info.length = rnd_buf_len;
+    info.buf = rnd_buf->x;
+    info.length = rnd_buf->len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
@@ -132,13 +128,13 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
 
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
-        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -151,10 +147,8 @@ exit:
 /* BEGIN_CASE */
 void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
                               int radix_E, char * input_E, int digest,
-                              int hash, uint8_t * message_str,
-                              uint32_t msg_len, char * salt,
-                              uint8_t * result_str, uint32_t result_str_len,
-                              int result )
+                              int hash, HexParam_t * message_str, char * salt,
+                              HexParam_t * result_str, int result )
 {
     unsigned char hash_result[1000];
     mbedtls_rsa_context ctx;
@@ -173,12 +167,9 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
 
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
-        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
-                                 message_str, msg_len, hash_result ) == 0 );
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
-                                           digest, 0, hash_result,
-                                           result_str ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
 
 exit:
     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 4ebeca927..dd408863f 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -11,18 +11,16 @@
 /* BEGIN_CASE */
 void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
                                int radix_E, char * input_E, int hash,
-                               uint8_t * message_str, uint32_t msg_len,
-                               uint8_t * rnd_buf, uint32_t rnd_buf_len,
-                               uint8_t * result_hex_str,
-                               uint32_t result_hex_str_len, int result )
+                               HexParam_t * message_str, HexParam_t * rnd_buf,
+                               HexParam_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
     rnd_buf_info info;
     mbedtls_mpi N, E;
 
-    info.buf = rnd_buf;
-    info.length = rnd_buf_len;
+    info.buf = rnd_buf->x;
+    info.length = rnd_buf->len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
     mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
@@ -35,11 +33,11 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -52,10 +50,9 @@ exit:
 void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
                                int radix_Q, char * input_Q, int radix_N,
                                char * input_N, int radix_E, char * input_E,
-                               int hash, uint8_t * result_hex_str,
-                               uint32_t result_hex_str_len, char * seed,
-                               uint8_t * message_str,
-                               uint32_t message_str_len, int result )
+                               int hash, HexParam_t * result_hex_str,
+                               char * seed, HexParam_t * message_str,
+                               int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -83,11 +80,11 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
     TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
 
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, output_len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -101,10 +98,8 @@ exit:
 void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
                             char * input_Q, int radix_N, char * input_N,
                             int radix_E, char * input_E, int digest, int hash,
-                            uint8_t * message_str, uint32_t msg_len,
-                            uint8_t * rnd_buf, uint32_t rnd_buf_len,
-                            uint8_t * result_hex_str,
-                            uint32_t result_hex_str_len, int result )
+                            HexParam_t * message_str, HexParam_t * rnd_buf,
+                            HexParam_t * result_hex_str, int result )
 {
     unsigned char hash_result[1000];
     unsigned char output[1000];
@@ -112,8 +107,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
     rnd_buf_info info;
     mbedtls_mpi N, P, Q, E;
 
-    info.buf = rnd_buf;
-    info.length = rnd_buf_len;
+    info.buf = rnd_buf->x;
+    info.length = rnd_buf->len;
 
     mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
     mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
@@ -134,15 +129,14 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
 
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
-        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str,
-                                 msg_len, hash_result ) == 0 );
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE,
                                          digest, 0, hash_result, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -155,10 +149,8 @@ exit:
 /* BEGIN_CASE */
 void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
                               int radix_E, char * input_E, int digest,
-                              int hash, uint8_t * message_str,
-                              uint32_t msg_len, char * salt,
-                              uint8_t * result_str, uint32_t result_str_len,
-                              int result )
+                              int hash, HexParam_t * message_str, char * salt,
+                              HexParam_t * result_str, int result )
 {
     unsigned char hash_result[1000];
     mbedtls_rsa_context ctx;
@@ -178,11 +170,9 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
 
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
-        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str,
-                                 msg_len, hash_result ) == 0 );
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
-                                           digest, 0, hash_result, result_str ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
 
 exit:
     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -195,9 +185,8 @@ void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
                                   int radix_E, char * input_E,
                                   int msg_digest_id, int ctx_hash,
                                   int mgf_hash, int salt_len,
-                                  uint8_t * message_str, uint32_t msg_len,
-                                  uint8_t * result_str,
-                                  uint32_t result_str_len, int result_simple,
+                                  HexParam_t * message_str,
+                                  HexParam_t * result_str, int result_simple,
                                   int result_full )
 {
     unsigned char hash_result[1000];
@@ -220,23 +209,23 @@ void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
     if( msg_digest_id != MBEDTLS_MD_NONE )
     {
         TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( msg_digest_id ),
-                     message_str, msg_len, hash_result ) == 0 );
+                     message_str->x, message_str->len, hash_result ) == 0 );
         hash_len = 0;
     }
     else
     {
-        memcpy( hash_result, message_str, msg_len );
-        hash_len = msg_len;
+        memcpy( hash_result, message_str->x, message_str->len );
+        hash_len = message_str->len;
     }
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
                                    msg_digest_id, hash_len, hash_result,
-                                   result_str ) == result_simple );
+                                   result_str->x ) == result_simple );
 
     TEST_ASSERT( mbedtls_rsa_rsassa_pss_verify_ext( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC,
                                         msg_digest_id, hash_len, hash_result,
                                         mgf_hash, salt_len,
-                                        result_str ) == result_full );
+                                        result_str->x ) == result_full );
 
 exit:
     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 29e87cbfe..0dcbb0a46 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -8,10 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void pbkdf2_hmac( int hash, uint8_t * pw_str, uint32_t pw_len,
-                  uint8_t * salt_str, uint32_t salt_len, int it_cnt,
-                  int key_len, uint8_t * result_key_string,
-                  uint32_t result_key_string_len )
+void pbkdf2_hmac( int hash, HexParam_t * pw_str, HexParam_t * salt_str,
+                  int it_cnt, int key_len, HexParam_t * result_key_string )
 {
     mbedtls_md_context_t ctx;
     const mbedtls_md_info_t *info;
@@ -23,10 +21,10 @@ void pbkdf2_hmac( int hash, uint8_t * pw_str, uint32_t pw_len,
     info = mbedtls_md_info_from_type( hash );
     TEST_ASSERT( info != NULL );
     TEST_ASSERT( mbedtls_md_setup( &ctx, info, 1 ) == 0 );
-    TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
+    TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len,
                                      it_cnt, key_len, key ) == 0 );
 
-    TEST_ASSERT( hexcmp( key, result_key_string, key_len, result_key_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 );
 
 exit:
     mbedtls_md_free( &ctx );
@@ -34,34 +32,27 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void mbedtls_pkcs5_pbes2( int params_tag, char *params_hex, char *pw_hex,
-                  char *data_hex, int ref_ret, char *ref_out_hex )
+void mbedtls_pkcs5_pbes2( int params_tag, HexParam_t *params_hex, HexParam_t *pw,
+                  HexParam_t *data, int ref_ret, HexParam_t *ref_out )
 {
     int my_ret;
     mbedtls_asn1_buf params;
-    unsigned char *my_out = NULL, *ref_out = NULL, *data = NULL, *pw = NULL;
-    size_t ref_out_len, data_len, pw_len;
+    unsigned char *my_out = NULL;
 
     params.tag = params_tag;
-    params.p = unhexify_alloc( params_hex, &params.len );
+    params.p = params_hex->x;
+    params.len = params_hex->len;
 
-    data = unhexify_alloc( data_hex, &data_len );
-    pw = unhexify_alloc( pw_hex, &pw_len );
-    ref_out = unhexify_alloc( ref_out_hex, &ref_out_len );
-    my_out = zero_alloc( ref_out_len );
+    my_out = zero_alloc( ref_out->len );
 
     my_ret = mbedtls_pkcs5_pbes2( &params, MBEDTLS_PKCS5_DECRYPT,
-                          pw, pw_len, data, data_len, my_out );
+                          pw->x, pw->len, data->x, data->len, my_out );
     TEST_ASSERT( my_ret == ref_ret );
 
     if( ref_ret == 0 )
-        TEST_ASSERT( memcmp( my_out, ref_out, ref_out_len ) == 0 );
+        TEST_ASSERT( memcmp( my_out, ref_out->x, ref_out->len ) == 0 );
 
 exit:
-    mbedtls_free( params.p );
-    mbedtls_free( data );
-    mbedtls_free( pw );
-    mbedtls_free( ref_out );
     mbedtls_free( my_out );
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 860730569..920f9369b 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -114,8 +114,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_parse_key( uint8_t * buf, uint32_t data_len, char * result_str,
-                   int result )
+void pk_parse_key( HexParam_t * buf, char * result_str, int result )
 {
     mbedtls_pk_context pk;
     unsigned char output[2000];
@@ -126,7 +125,7 @@ void pk_parse_key( uint8_t * buf, uint32_t data_len, char * result_str,
     memset( output, 0, 2000 );
 
 
-    TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf, data_len, NULL, 0 ) == ( result ) );
+    TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == ( result ) );
     if( ( result ) == 0 )
     {
         TEST_ASSERT( 1 );
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index bfaae6c65..e49515165 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -237,15 +237,15 @@ mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e9
 
 RSA PKCS1 Sign #8 (RAW, 2048 bits RSA)
 depends_on:MBEDTLS_PKCS1_V15
-rsa_pkcs1_sign_raw:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8"
+rsa_pkcs1_sign_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8"
 
 RSA PKCS1 Sign #8 Verify
 depends_on:MBEDTLS_PKCS1_V15
-rsa_pkcs1_verify_raw:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":0
+rsa_pkcs1_verify_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":0
 
 RSA PKCS1 Sign #8 Verify (Wrong raw hash)
 depends_on:MBEDTLS_PKCS1_V15
-rsa_pkcs1_verify_raw:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":"1234567890deadcafe":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_VERIFY_FAILED
+rsa_pkcs1_verify_raw:"1234567890deadcafe":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_VERIFY_FAILED
 
 RSA PKCS1 Sign #9 (Invalid Digest type)
 depends_on:MBEDTLS_PKCS1_V15
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 8c9e8fde6..83f735321 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -18,13 +18,11 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_sign( uint8_t * message_str, uint32_t msg_len,
-                             int padding_mode, int digest, int mod,
-                             int radix_P, char * input_P, int radix_Q,
-                             char * input_Q, int radix_N, char * input_N,
-                             int radix_E, char * input_E,
-                             uint8_t * result_hex_str,
-                             uint32_t result_hex_str_len, int result )
+void mbedtls_rsa_pkcs1_sign( HexParam_t * message_str, int padding_mode,
+                             int digest, int mod, int radix_P, char * input_P,
+                             int radix_Q, char * input_Q, int radix_N,
+                             char * input_N, int radix_E, char * input_E,
+                             HexParam_t * result_hex_str, int result )
 {
     unsigned char hash_result[1000];
     unsigned char output[1000];
@@ -52,8 +50,7 @@ void mbedtls_rsa_pkcs1_sign( uint8_t * message_str, uint32_t msg_len,
 
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
-        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ),
-                                 message_str, msg_len, hash_result ) == 0 );
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
                                          MBEDTLS_RSA_PRIVATE, digest, 0,
@@ -61,7 +58,7 @@ void mbedtls_rsa_pkcs1_sign( uint8_t * message_str, uint32_t msg_len,
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -72,11 +69,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_verify( uint8_t * message_str, uint32_t msg_len,
-                               int padding_mode, int digest, int mod,
-                               int radix_N, char * input_N, int radix_E,
-                               char * input_E, uint8_t * result_str,
-                               uint32_t result_str_len, int result )
+void mbedtls_rsa_pkcs1_verify( HexParam_t * message_str, int padding_mode,
+                               int digest, int mod, int radix_N,
+                               char * input_N, int radix_E, char * input_E,
+                               HexParam_t * result_str, int result )
 {
     unsigned char hash_result[1000];
     mbedtls_rsa_context ctx;
@@ -95,9 +91,9 @@ void mbedtls_rsa_pkcs1_verify( uint8_t * message_str, uint32_t msg_len,
 
 
     if( mbedtls_md_info_from_type( digest ) != NULL )
-        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 );
+        TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result );
 
 exit:
     mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
@@ -107,13 +103,11 @@ exit:
 
 
 /* BEGIN_CASE */
-void rsa_pkcs1_sign_raw( uint8_t * message_str, uint32_t message_str_len,
-                         uint8_t * hash_result, uint32_t hash_len,
+void rsa_pkcs1_sign_raw( HexParam_t * hash_result,
                          int padding_mode, int mod, int radix_P,
                          char * input_P, int radix_Q, char * input_Q,
                          int radix_N, char * input_N, int radix_E,
-                         char * input_E, uint8_t * result_hex_str,
-                         uint32_t result_hex_str_len )
+                         char * input_E, HexParam_t * result_hex_str )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -140,10 +134,11 @@ void rsa_pkcs1_sign_raw( uint8_t * message_str, uint32_t message_str_len,
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
                                          MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
-                                         hash_len, hash_result, output ) == 0 );
+                                         hash_result->len, hash_result->x,
+                                         output ) == 0 );
 
 
-    TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
 
 #if defined(MBEDTLS_PKCS1_V15)
     /* For PKCS#1 v1.5, there is an alternative way to generate signatures */
@@ -154,7 +149,7 @@ void rsa_pkcs1_sign_raw( uint8_t * message_str, uint32_t message_str_len,
 
         res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
                     &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
-                    hash_len, hash_result, output );
+                    hash_result->len, hash_result->x, output );
 
 #if !defined(MBEDTLS_RSA_ALT)
         TEST_ASSERT( res == 0 );
@@ -165,7 +160,7 @@ void rsa_pkcs1_sign_raw( uint8_t * message_str, uint32_t message_str_len,
 
         if( res == 0 )
         {
-            TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+            TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
         }
     }
 #endif /* MBEDTLS_PKCS1_V15 */
@@ -179,12 +174,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_pkcs1_verify_raw( uint8_t * message_str, uint32_t message_str_len,
-                           uint8_t * hash_result, uint32_t hash_len,
+void rsa_pkcs1_verify_raw( HexParam_t * hash_result,
                            int padding_mode, int mod, int radix_N,
                            char * input_N, int radix_E, char * input_E,
-                           uint8_t * result_str, uint32_t result_str_len,
-                           int correct )
+                           HexParam_t * result_str, int correct )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -203,10 +196,7 @@ void rsa_pkcs1_verify_raw( uint8_t * message_str, uint32_t message_str_len,
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL,
-                              MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE,
-                              hash_len, hash_result,
-                              result_str ) == correct );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct );
 
 #if defined(MBEDTLS_PKCS1_V15)
     /* For PKCS#1 v1.5, there is an alternative way to verify signatures */
@@ -218,7 +208,7 @@ void rsa_pkcs1_verify_raw( uint8_t * message_str, uint32_t message_str_len,
 
         res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx,
                     NULL, NULL, MBEDTLS_RSA_PUBLIC,
-                    &olen, result_str, output, sizeof( output ) );
+                    &olen, result_str->x, output, sizeof( output ) );
 
 #if !defined(MBEDTLS_RSA_ALT)
         TEST_ASSERT( res == 0 );
@@ -229,7 +219,7 @@ void rsa_pkcs1_verify_raw( uint8_t * message_str, uint32_t message_str_len,
 
         if( res == 0 )
         {
-            ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0;
+            ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0;
             if( correct == 0 )
                 TEST_ASSERT( ok == 1 );
             else
@@ -245,11 +235,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_encrypt( uint8_t * message_str, uint32_t msg_len,
-                                int padding_mode, int mod, int radix_N,
-                                char * input_N, int radix_E, char * input_E,
-                                uint8_t * result_hex_str,
-                                uint32_t result_hex_str_len, int result )
+void mbedtls_rsa_pkcs1_encrypt( HexParam_t * message_str, int padding_mode,
+                                int mod, int radix_N, char * input_N,
+                                int radix_E, char * input_E,
+                                HexParam_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -272,12 +261,12 @@ void mbedtls_rsa_pkcs1_encrypt( uint8_t * message_str, uint32_t msg_len,
 
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
-                                            MBEDTLS_RSA_PUBLIC, msg_len,
-                                            message_str, output ) == result );
+                                            MBEDTLS_RSA_PUBLIC, message_str->len,
+                                            message_str->x, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -287,11 +276,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_pkcs1_encrypt_bad_rng( uint8_t * message_str, uint32_t msg_len,
-                                int padding_mode, int mod, int radix_N,
-                                char * input_N, int radix_E, char * input_E,
-                                uint8_t * result_hex_str,
-                                uint32_t result_hex_str_len, int result )
+void rsa_pkcs1_encrypt_bad_rng( HexParam_t * message_str, int padding_mode,
+                                int mod, int radix_N, char * input_N,
+                                int radix_E, char * input_E,
+                                HexParam_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -311,12 +299,12 @@ void rsa_pkcs1_encrypt_bad_rng( uint8_t * message_str, uint32_t msg_len,
 
 
     TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
-                                            MBEDTLS_RSA_PUBLIC, msg_len,
-                                            message_str, output ) == result );
+                                            MBEDTLS_RSA_PUBLIC, message_str->len,
+                                            message_str->x, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, output_len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -326,13 +314,12 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_decrypt( uint8_t * message_str,
-                                uint32_t message_str_len, int padding_mode,
+void mbedtls_rsa_pkcs1_decrypt( HexParam_t * message_str, int padding_mode,
                                 int mod, int radix_P, char * input_P,
                                 int radix_Q, char * input_Q, int radix_N,
                                 char * input_N, int radix_E, char * input_E,
-                                int max_output, uint8_t * result_hex_str,
-                                uint32_t result_hex_str_len, int result )
+                                int max_output, HexParam_t * result_hex_str,
+                                int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -361,11 +348,11 @@ void mbedtls_rsa_pkcs1_decrypt( uint8_t * message_str,
 
     output_len = 0;
 
-    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, max_output ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -376,10 +363,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_public( uint8_t * message_str, uint32_t message_str_len,
-                         int mod, int radix_N, char * input_N, int radix_E,
-                         char * input_E, uint8_t * result_hex_str,
-                         uint32_t result_hex_str_len, int result )
+void mbedtls_rsa_public( HexParam_t * message_str, int mod, int radix_N,
+                         char * input_N, int radix_E, char * input_E,
+                         HexParam_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
@@ -399,11 +385,11 @@ void mbedtls_rsa_public( uint8_t * message_str, uint32_t message_str_len,
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
 
 
-    TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str, output ) == result );
+    TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
     /* And now with the copy */
@@ -414,11 +400,11 @@ void mbedtls_rsa_public( uint8_t * message_str, uint32_t message_str_len,
     TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
 
     memset( output, 0x00, 1000 );
-    TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
+    TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str->x, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -429,12 +415,11 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_private( uint8_t * message_str, uint32_t message_str_len,
-                          int mod, int radix_P, char * input_P, int radix_Q,
-                          char * input_Q, int radix_N, char * input_N,
-                          int radix_E, char * input_E,
-                          uint8_t * result_hex_str,
-                          uint32_t result_hex_str_len, int result )
+void mbedtls_rsa_private( HexParam_t * message_str, int mod, int radix_P,
+                          char * input_P, int radix_Q, char * input_Q,
+                          int radix_N, char * input_N, int radix_E,
+                          char * input_E, HexParam_t * result_hex_str,
+                          int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
@@ -465,11 +450,11 @@ void mbedtls_rsa_private( uint8_t * message_str, uint32_t message_str_len,
     {
         memset( output, 0x00, 1000 );
         TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
-                                  message_str, output ) == result );
+                                  message_str->x, output ) == result );
         if( result == 0 )
         {
 
-            TEST_ASSERT( hexcmp( output, result_hex_str, ctx.len, result_hex_str_len ) == 0 );
+            TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
         }
     }
 
@@ -482,11 +467,11 @@ void mbedtls_rsa_private( uint8_t * message_str, uint32_t message_str_len,
 
     memset( output, 0x00, 1000 );
     TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
-                              message_str, output ) == result );
+                              message_str->x, output ) == result );
     if( result == 0 )
     {
 
-        TEST_ASSERT( hexcmp( output, result_hex_str, ctx2.len, result_hex_str_len ) == 0 );
+        TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 );
     }
 
 exit:
@@ -1138,64 +1123,29 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
-void mbedtls_rsa_export_raw( char *input_N, char *input_P,
-                             char *input_Q, char *input_D,
-                             char *input_E, int is_priv,
+void mbedtls_rsa_export_raw( HexParam_t *input_N, HexParam_t *input_P,
+                             HexParam_t *input_Q, HexParam_t *input_D,
+                             HexParam_t *input_E, int is_priv,
                              int successive )
 {
-    /* Original raw buffers with which we set up the RSA context */
-    unsigned char bufN[1000];
-    unsigned char bufP[1000];
-    unsigned char bufQ[1000];
-    unsigned char bufD[1000];
-    unsigned char bufE[1000];
-
-    size_t lenN = 0;
-    size_t lenP = 0;
-    size_t lenQ = 0;
-    size_t lenD = 0;
-    size_t lenE = 0;
-
     /* Exported buffers */
-    unsigned char bufNe[ sizeof( bufN ) ];
-    unsigned char bufPe[ sizeof( bufP ) ];
-    unsigned char bufQe[ sizeof( bufQ ) ];
-    unsigned char bufDe[ sizeof( bufD ) ];
-    unsigned char bufEe[ sizeof( bufE ) ];
-
-    const int have_N = ( strlen( input_N ) > 0 );
-    const int have_P = ( strlen( input_P ) > 0 );
-    const int have_Q = ( strlen( input_Q ) > 0 );
-    const int have_D = ( strlen( input_D ) > 0 );
-    const int have_E = ( strlen( input_E ) > 0 );
+    unsigned char bufNe[1000];
+    unsigned char bufPe[1000];
+    unsigned char bufQe[1000];
+    unsigned char bufDe[1000];
+    unsigned char bufEe[1000];
 
     mbedtls_rsa_context ctx;
 
     mbedtls_rsa_init( &ctx, 0, 0 );
 
     /* Setup RSA context */
-
-    if( have_N )
-        lenN = unhexify( bufN, input_N );
-
-    if( have_P )
-        lenP = unhexify( bufP, input_P );
-
-    if( have_Q )
-        lenQ = unhexify( bufQ, input_Q );
-
-    if( have_D )
-        lenD = unhexify( bufD, input_D );
-
-    if( have_E )
-        lenE = unhexify( bufE, input_E );
-
     TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
-                               have_N ? bufN : NULL, lenN,
-                               have_P ? bufP : NULL, lenP,
-                               have_Q ? bufQ : NULL, lenQ,
-                               have_D ? bufD : NULL, lenD,
-                               have_E ? bufE : NULL, lenE ) == 0 );
+                               input_N->len ? input_N->x : NULL, input_N->len,
+                               input_P->len ? input_P->x : NULL, input_P->len,
+                               input_Q->len ? input_Q->x : NULL, input_Q->len,
+                               input_D->len ? input_D->x : NULL, input_D->len,
+                               input_E->len ? input_E->x : NULL, input_E->len ) == 0 );
 
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
 
@@ -1206,21 +1156,21 @@ void mbedtls_rsa_export_raw( char *input_N, char *input_P,
     /* N and E must always be present. */
     if( !successive )
     {
-        TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
+        TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
                                              NULL, 0, NULL, 0, NULL, 0,
-                                             bufEe, lenE ) == 0 );
+                                             bufEe, input_E->len ) == 0 );
     }
     else
     {
-        TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN,
+        TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, input_N->len,
                                              NULL, 0, NULL, 0, NULL, 0,
                                              NULL, 0 ) == 0 );
         TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
                                              NULL, 0, NULL, 0, NULL, 0,
-                                             bufEe, lenE ) == 0 );
+                                             bufEe, input_E->len ) == 0 );
     }
-    TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 );
-    TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 );
+    TEST_ASSERT( memcmp( input_N->x, bufNe, input_N->len ) == 0 );
+    TEST_ASSERT( memcmp( input_E->x, bufEe, input_E->len ) == 0 );
 
     /* If we were providing enough information to setup a complete private context,
      * we expect to be able to export all core parameters. */
@@ -1230,35 +1180,35 @@ void mbedtls_rsa_export_raw( char *input_N, char *input_P,
         if( !successive )
         {
             TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
-                                         bufPe, lenP ? lenP : sizeof( bufPe ),
-                                         bufQe, lenQ ? lenQ : sizeof( bufQe ),
-                                         bufDe, lenD ? lenD : sizeof( bufDe ),
+                                         bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
+                                         bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
+                                         bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
                                          NULL, 0 ) == 0 );
         }
         else
         {
             TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0,
-                                         bufPe, lenP ? lenP : sizeof( bufPe ),
+                                         bufPe, input_P->len ? input_P->len : sizeof( bufPe ),
                                          NULL, 0, NULL, 0,
                                          NULL, 0 ) == 0 );
 
             TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
-                                         bufQe, lenQ ? lenQ : sizeof( bufQe ),
+                                         bufQe, input_Q->len ? input_Q->len : sizeof( bufQe ),
                                          NULL, 0, NULL, 0 ) == 0 );
 
-            TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0,
-                                         NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ),
+            TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, NULL, 0,
+                                         bufDe, input_D->len ? input_D->len : sizeof( bufDe ),
                                          NULL, 0 ) == 0 );
         }
 
-        if( have_P )
-            TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 );
+        if( input_P->len )
+            TEST_ASSERT( memcmp( input_P->x, bufPe, input_P->len ) == 0 );
 
-        if( have_Q )
-            TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 );
+        if( input_Q->len )
+            TEST_ASSERT( memcmp( input_Q->x, bufQe, input_Q->len ) == 0 );
 
-        if( have_D )
-            TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 );
+        if( input_D->len )
+            TEST_ASSERT( memcmp( input_D->x, bufDe, input_D->len ) == 0 );
 
     }
 
@@ -1268,31 +1218,19 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
-void mbedtls_rsa_import_raw( char *input_N,
-                             char *input_P, char *input_Q,
-                             char *input_D, char *input_E,
+void mbedtls_rsa_import_raw( HexParam_t *input_N,
+                             HexParam_t *input_P, HexParam_t *input_Q,
+                             HexParam_t *input_D, HexParam_t *input_E,
                              int successive,
                              int is_priv,
                              int res_check,
                              int res_complete )
 {
-    unsigned char bufN[1000];
-    unsigned char bufP[1000];
-    unsigned char bufQ[1000];
-    unsigned char bufD[1000];
-    unsigned char bufE[1000];
-
     /* Buffers used for encryption-decryption test */
     unsigned char *buf_orig = NULL;
     unsigned char *buf_enc  = NULL;
     unsigned char *buf_dec  = NULL;
 
-    size_t lenN = 0;
-    size_t lenP = 0;
-    size_t lenQ = 0;
-    size_t lenD = 0;
-    size_t lenE = 0;
-
     mbedtls_rsa_context ctx;
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
@@ -1307,29 +1245,14 @@ void mbedtls_rsa_import_raw( char *input_N,
                                         &entropy, (const unsigned char *) pers,
                                         strlen( pers ) ) == 0 );
 
-    if( strlen( input_N ) )
-        lenN = unhexify( bufN, input_N );
-
-    if( strlen( input_P ) )
-        lenP = unhexify( bufP, input_P );
-
-    if( strlen( input_Q ) )
-        lenQ = unhexify( bufQ, input_Q );
-
-    if( strlen( input_D ) )
-        lenD = unhexify( bufD, input_D );
-
-    if( strlen( input_E ) )
-        lenE = unhexify( bufE, input_E );
-
     if( !successive )
     {
         TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
-                               ( lenN > 0 ) ? bufN : NULL, lenN,
-                               ( lenP > 0 ) ? bufP : NULL, lenP,
-                               ( lenQ > 0 ) ? bufQ : NULL, lenQ,
-                               ( lenD > 0 ) ? bufD : NULL, lenD,
-                               ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
+                               ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
+                               ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
+                               ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
+                               ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
+                               ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
     }
     else
     {
@@ -1337,27 +1260,27 @@ void mbedtls_rsa_import_raw( char *input_N,
          * This should make no functional difference. */
 
         TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
-                               ( lenN > 0 ) ? bufN : NULL, lenN,
+                               ( input_N->len > 0 ) ? input_N->x : NULL, input_N->len,
                                NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 );
 
         TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
                                NULL, 0,
-                               ( lenP > 0 ) ? bufP : NULL, lenP,
+                               ( input_P->len > 0 ) ? input_P->x : NULL, input_P->len,
                                NULL, 0, NULL, 0, NULL, 0 ) == 0 );
 
         TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
                                NULL, 0, NULL, 0,
-                               ( lenQ > 0 ) ? bufQ : NULL, lenQ,
+                               ( input_Q->len > 0 ) ? input_Q->x : NULL, input_Q->len,
                                NULL, 0, NULL, 0 ) == 0 );
 
         TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
                                NULL, 0, NULL, 0, NULL, 0,
-                               ( lenD > 0 ) ? bufD : NULL, lenD,
+                               ( input_D->len > 0 ) ? input_D->x : NULL, input_D->len,
                                NULL, 0 ) == 0 );
 
         TEST_ASSERT( mbedtls_rsa_import_raw( &ctx,
                                NULL, 0, NULL, 0, NULL, 0, NULL, 0,
-                               ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 );
+                               ( input_E->len > 0 ) ? input_E->x : NULL, input_E->len ) == 0 );
     }
 
     TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete );
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 02ac47378..186fb87c2 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,77 +5,72 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void mbedtls_sha1( uint8_t * src_str, uint32_t src_len,
-                   uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+void mbedtls_sha1( HexParam_t * src_str, HexParam_t * hex_hash_string )
 {
     unsigned char output[41];
 
     memset(output, 0x00, 41);
 
 
-    TEST_ASSERT( mbedtls_sha1_ret( src_str, src_len, output ) == 0 );
+    TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, 20, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha224( uint8_t * src_str, uint32_t src_len, uint8_t * hex_hash_string,
-             uint32_t hex_hash_string_len )
+void sha224( HexParam_t * src_str, HexParam_t * hex_hash_string )
 {
     unsigned char output[57];
 
     memset(output, 0x00, 57);
 
 
-    TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 1 ) == 0 );
+    TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, 28, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void mbedtls_sha256( uint8_t * src_str, uint32_t src_len,
-                     uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+void mbedtls_sha256( HexParam_t * src_str, HexParam_t * hex_hash_string )
 {
     unsigned char output[65];
 
     memset(output, 0x00, 65);
 
 
-    TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 0 ) == 0 );
+    TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, 32, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha384( uint8_t * src_str, uint32_t src_len, uint8_t * hex_hash_string,
-             uint32_t hex_hash_string_len )
+void sha384( HexParam_t * src_str, HexParam_t * hex_hash_string )
 {
     unsigned char output[97];
 
     memset(output, 0x00, 97);
 
 
-    TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 1 ) == 0 );
+    TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, 48, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void mbedtls_sha512( uint8_t * src_str, uint32_t src_len,
-                     uint8_t * hex_hash_string, uint32_t hex_hash_string_len )
+void mbedtls_sha512( HexParam_t * src_str, HexParam_t * hex_hash_string )
 {
     unsigned char output[129];
 
     memset(output, 0x00, 129);
 
 
-    TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 0 ) == 0 );
+    TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_hash_string, 64, hex_hash_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 );
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index b92c1fe8a..147350744 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -8,52 +8,52 @@ SSL DTLS replay: 0 seen, 0 replayed
 ssl_dtls_replay:"000000000000":"000000000000":-1
 
 SSL DTLS replay: 0-1 seen, 2 arriving
-ssl_dtls_replay:"000000000000,000000000001":"000000000002":0
+ssl_dtls_replay:"000000000000000000000001":"000000000002":0
 
 SSL DTLS replay: 0-1 seen, 1 replayed
-ssl_dtls_replay:"000000000000,000000000001":"000000000001":-1
+ssl_dtls_replay:"000000000000000000000001":"000000000001":-1
 
 SSL DTLS replay: 0-1 seen, 0 replayed
-ssl_dtls_replay:"000000000000,000000000001":"000000000000":-1
+ssl_dtls_replay:"000000000000000000000001":"000000000000":-1
 
 SSL DTLS replay: new
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340004":0
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0
 
 SSL DTLS replay: way new
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12350000":0
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0
 
 SSL DTLS replay: delayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340002":0
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
 
 SSL DTLS replay: lastest replayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340003":-1
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
 
 SSL DTLS replay: older replayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd12340003":"abcd12340001":-1
+ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1
 
 SSL DTLS replay: most recent in window, replayed
-ssl_dtls_replay:"abcd12340000,abcd12340002,abcd12340003":"abcd12340002":-1
+ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1
 
 SSL DTLS replay: oldest in window, replayed
-ssl_dtls_replay:"abcd12340000,abcd12340001,abcd1234003f":"abcd12340000":-1
+ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1
 
 SSL DTLS replay: oldest in window, not replayed
-ssl_dtls_replay:"abcd12340001,abcd12340002,abcd1234003f":"abcd12340000":0
+ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0
 
 SSL DTLS replay: just out of the window
-ssl_dtls_replay:"abcd12340001,abcd12340002,abcd1234003f":"abcd1233ffff":-1
+ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1
 
 SSL DTLS replay: way out of the window
-ssl_dtls_replay:"abcd12340001,abcd12340002,abcd1234003f":"abcd12330000":-1
+ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1
 
 SSL DTLS replay: big jump then replay
-ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340100":-1
+ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1
 
 SSL DTLS replay: big jump then new
-ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340101":0
+ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0
 
 SSL DTLS replay: big jump then just delayed
-ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd123400ff":0
+ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0
 
 SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
 ssl_set_hostname_twice:"server0":"server1"
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 5cc32ab91..eed518385 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -9,11 +9,11 @@
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-void ssl_dtls_replay( char *prevs, char *new, int ret )
+void ssl_dtls_replay( HexParam_t * prevs, HexParam_t * new, int ret )
 {
+    uint32_t len = 0;
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
-    char *end_prevs = prevs + strlen( prevs ) + 1;
 
     mbedtls_ssl_init( &ssl );
     mbedtls_ssl_config_init( &conf );
@@ -25,15 +25,14 @@ void ssl_dtls_replay( char *prevs, char *new, int ret )
     TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
 
     /* Read previous record numbers */
-    for( ; end_prevs - prevs >= 13; prevs += 13 )
+    for( len = 0; len < prevs->len; len += 6 )
     {
-        prevs[12] = '\0';
-        unhexify( ssl.in_ctr + 2, prevs );
+        memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
         mbedtls_ssl_dtls_replay_update( &ssl );
     }
 
     /* Check new number */
-    unhexify( ssl.in_ctr + 2, new );
+    memcpy( ssl.in_ctr + 2, new->x, 6 );
     TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
 
     mbedtls_ssl_free( &ssl );
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 4d36027f1..2e283087b 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1,4 +1,5 @@
 /* BEGIN_HEADER */
+#include "mbedtls/bignum.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
@@ -439,8 +440,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt( uint8_t * buf, uint32_t data_len, char * result_str,
-                    int result )
+void x509parse_crt( HexParam_t * buf, char * result_str, int result )
 {
     mbedtls_x509_crt   crt;
     unsigned char output[2000];
@@ -450,7 +450,7 @@ void x509parse_crt( uint8_t * buf, uint32_t data_len, char * result_str,
     memset( output, 0, 2000 );
 
 
-    TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf, data_len ) == ( result ) );
+    TEST_ASSERT( mbedtls_x509_crt_parse( &crt, buf->x, buf->len ) == ( result ) );
     if( ( result ) == 0 )
     {
         res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
@@ -467,8 +467,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
-void x509parse_crl( uint8_t * buf, uint32_t data_len, char * result_str,
-                    int result )
+void x509parse_crl( HexParam_t * buf, char * result_str, int result )
 {
     mbedtls_x509_crl   crl;
     unsigned char output[2000];
@@ -478,7 +477,7 @@ void x509parse_crl( uint8_t * buf, uint32_t data_len, char * result_str,
     memset( output, 0, 2000 );
 
 
-    TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf, data_len ) == ( result ) );
+    TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
     if( ( result ) == 0 )
     {
         res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
@@ -495,19 +494,16 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_parse( char * csr_der_hex, char * ref_out, int ref_ret )
+void mbedtls_x509_csr_parse( HexParam_t * csr_der, char * ref_out, int ref_ret )
 {
     mbedtls_x509_csr csr;
-    unsigned char *csr_der = NULL;
     char my_out[1000];
-    size_t csr_der_len;
     int my_ret;
 
     mbedtls_x509_csr_init( &csr );
     memset( my_out, 0, sizeof( my_out ) );
-    csr_der = unhexify_alloc( csr_der_hex, &csr_der_len );
 
-    my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der, csr_der_len );
+    my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
     TEST_ASSERT( my_ret == ref_ret );
 
     if( ref_ret == 0 )
@@ -519,7 +515,6 @@ void mbedtls_x509_csr_parse( char * csr_der_hex, char * ref_out, int ref_ret )
 
 exit:
     mbedtls_x509_csr_free( &csr );
-    mbedtls_free( csr_der );
 }
 /* END_CASE */
 
@@ -626,7 +621,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_desc( uint8_t * buf, uint32_t buf_len, char * ref_desc )
+void x509_oid_desc( HexParam_t * buf, char * ref_desc )
 {
     mbedtls_x509_buf oid;
     const char *desc = NULL;
@@ -634,8 +629,8 @@ void x509_oid_desc( uint8_t * buf, uint32_t buf_len, char * ref_desc )
 
 
     oid.tag = MBEDTLS_ASN1_OID;
-    oid.p   = buf;
-    oid.len   = buf_len;
+    oid.p   = buf->x;
+    oid.len   = buf->len;
 
     ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
 
@@ -654,8 +649,7 @@ void x509_oid_desc( uint8_t * buf, uint32_t buf_len, char * ref_desc )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_numstr( uint8_t * oid_buf, uint32_t oid_buf_len, char * numstr,
-                      int blen, int ret )
+void x509_oid_numstr( HexParam_t * oid_buf, char * numstr, int blen, int ret )
 {
     mbedtls_x509_buf oid;
     char num_buf[100];
@@ -663,8 +657,8 @@ void x509_oid_numstr( uint8_t * oid_buf, uint32_t oid_buf_len, char * numstr,
     memset( num_buf, 0x2a, sizeof num_buf );
 
     oid.tag = MBEDTLS_ASN1_OID;
-    oid.p   = oid_buf;
-    oid.len   = oid_buf_len;
+    oid.p   = oid_buf->x;
+    oid.len   = oid_buf->len;
 
     TEST_ASSERT( (size_t) blen <= sizeof num_buf );
 
@@ -695,8 +689,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-void x509_check_extended_key_usage( char * crt_file, uint8_t * oid,
-                                    uint32_t len, int ret )
+void x509_check_extended_key_usage( char * crt_file, HexParam_t * oid, int ret
+                                    )
 {
     mbedtls_x509_crt crt;
 
@@ -705,7 +699,7 @@ void x509_check_extended_key_usage( char * crt_file, uint8_t * oid,
 
     TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
 
-    TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, oid, len ) == ret );
+    TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
 
 exit:
     mbedtls_x509_crt_free( &crt );
@@ -743,7 +737,7 @@ void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( char * hex_params, int params_tag,
+void x509_parse_rsassa_pss_params( HexParam_t * hex_params, int params_tag,
                                    int ref_msg_md, int ref_mgf_md,
                                    int ref_salt_len, int ref_ret )
 {
@@ -752,7 +746,8 @@ void x509_parse_rsassa_pss_params( char * hex_params, int params_tag,
     mbedtls_md_type_t my_msg_md, my_mgf_md;
     int my_salt_len;
 
-    params.p = unhexify_alloc( hex_params, &params.len );
+    params.p = hex_params->x;
+    params.len = hex_params->len;
     params.tag = params_tag;
 
     my_ret = mbedtls_x509_get_rsassa_pss_params( &params, &my_msg_md, &my_mgf_md,
@@ -768,7 +763,7 @@ void x509_parse_rsassa_pss_params( char * hex_params, int params_tag,
     }
 
 exit:
-    mbedtls_free( params.p );
+    ;;
 }
 /* END_CASE */
 
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index 7da890acb..94c6ff5e1 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -8,9 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void xtea_encrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * src_str, uint32_t src_str_len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void xtea_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                       HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;
@@ -18,17 +17,16 @@ void xtea_encrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
     memset(output, 0x00, 100);
 
 
-    mbedtls_xtea_setup( &ctx, key_str );
-    TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str, output ) == 0 );
+    mbedtls_xtea_setup( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void xtea_decrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * src_str, uint32_t src_str_len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void xtea_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
+                       HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;
@@ -36,18 +34,16 @@ void xtea_decrypt_ecb( uint8_t * key_str, uint32_t key_str_len,
     memset(output, 0x00, 100);
 
 
-    mbedtls_xtea_setup( &ctx, key_str );
-    TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str, output ) == 0 );
+    mbedtls_xtea_setup( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, 8, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_encrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * iv_str, uint32_t iv_str_len,
-                       uint8_t * src_str, uint32_t len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void xtea_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                       HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;
@@ -55,19 +51,17 @@ void xtea_encrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
     memset(output, 0x00, 100);
 
 
-    mbedtls_xtea_setup( &ctx, key_str );
-    TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, len, iv_str,
-                                 src_str, output ) == 0 );
+    mbedtls_xtea_setup( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
+                                 src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 }
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_decrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
-                       uint8_t * iv_str, uint32_t iv_str_len,
-                       uint8_t * src_str, uint32_t len,
-                       uint8_t * hex_dst_string, uint32_t hex_dst_string_len )
+void xtea_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
+                       HexParam_t * src_str, HexParam_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;
@@ -75,11 +69,11 @@ void xtea_decrypt_cbc( uint8_t * key_str, uint32_t key_str_len,
     memset(output, 0x00, 100);
 
 
-    mbedtls_xtea_setup( &ctx, key_str );
-    TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, len, iv_str,
-                                 src_str, output ) == 0 );
+    mbedtls_xtea_setup( &ctx, key_str->x );
+    TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
+                                 src_str->x, output ) == 0 );
 
-    TEST_ASSERT( hexcmp( output, hex_dst_string, len, hex_dst_string_len ) == 0 );
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
 }
 /* END_CASE */
 

From 2397bbaa0137739646ae43256a96d6dc07b97b6b Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 9 Jun 2017 04:35:03 +0100
Subject: [PATCH 278/578] Update test generator for use of struct for hex
 parameters

---
 tests/scripts/gen_mbed_code.py | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/tests/scripts/gen_mbed_code.py b/tests/scripts/gen_mbed_code.py
index c63555de7..17f70d3cc 100644
--- a/tests/scripts/gen_mbed_code.py
+++ b/tests/scripts/gen_mbed_code.py
@@ -107,9 +107,12 @@ def gen_function_wrapper(name, args_dispatch):
 void {name}_wrapper( void ** params )
 {{
     {unused_params}
+{locals}
     {name}( {args} );
 }}
-'''.format(name=name, unused_params='(void)params;' if len(args_dispatch) == 0 else '', args=', '.join(args_dispatch))
+'''.format(name=name, unused_params='(void)params;' if len(args_dispatch[1]) == 0 else '',
+           args=', '.join(args_dispatch[1]),
+           locals=args_dispatch[0])
     return wrapper
 
 
@@ -204,6 +207,7 @@ def parse_function_signature(line):
     :return: 
     """
     args = []
+    locals = ''
     args_dispatch = []
     m = re.search('\s*void\s+(\w+)\s*\(', line, re.I)
     if not m:
@@ -211,7 +215,6 @@ def parse_function_signature(line):
     name = m.group(1)
     line = line[len(m.group(0)):]
     arg_idx = 0
-    last_was_hex = False
     for arg in line[:line.find(')')].split(','):
         arg = arg.strip()
         if arg == '':
@@ -222,18 +225,19 @@ def parse_function_signature(line):
         elif re.search('char\s*\*\s*.*', arg.strip()):
             args.append('char*')
             args_dispatch.append('(char *) params[%d]' % arg_idx)
-        elif re.search('uint8_t\s*\*\s*.*', arg.strip()):
+        elif re.search('HexParam_t\s*\*\s*.*', arg.strip()):
             args.append('hex')
-            args_dispatch.append('(uint8_t *) params[%d]' % arg_idx)
-            last_was_hex = True
-        elif re.search('uint32_t\s+.*', arg.strip()) and last_was_hex:
-            last_was_hex = False
-            args_dispatch.append('*( (uint32_t *) params[%d] )' % arg_idx)
+            # create a structure
+            locals += """    HexParam_t hex%d = {%s, %s};
+""" % (arg_idx, '(uint8_t *) params[%d]' % arg_idx, '*( (uint32_t *) params[%d] )' % (arg_idx + 1))
+
+            args_dispatch.append('&hex%d' % arg_idx)
+            arg_idx += 1
         else:
             raise ValueError("Test function arguments can only be 'int' or 'char *'\n%s" % line)
         arg_idx += 1
 
-    return name, args, args_dispatch
+    return name, args, (locals, args_dispatch)
 
 
 def parse_function_code(line_no, funcs_f, deps, suite_deps):

From 975d97eb8bcbe700d3cf8c6090a0eb57d4ebeca0 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 9 Jun 2017 12:27:39 +0100
Subject: [PATCH 279/578] Remove old test suite template and code generator
 script

---
 tests/scripts/generate_code.pl | 411 ---------------------------------
 1 file changed, 411 deletions(-)
 delete mode 100755 tests/scripts/generate_code.pl

diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
deleted file mode 100755
index e489a0055..000000000
--- a/tests/scripts/generate_code.pl
+++ /dev/null
@@ -1,411 +0,0 @@
-#!/usr/bin/env perl
-
-# generate_code.pl
-#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
-# Copyright (c) 2009-2016, ARM Limited, All Rights Reserved
-#
-# Purpose
-#
-# Generates the test suite code given inputs of the test suite directory that
-# contain the test suites, and the test suite file names for the test code and
-# test data.
-#
-# Usage: generate_code.pl <suite dir> <code file> <data file> [main code file]
-#
-# Structure of files
-#
-#   - main code file - 'main_test.function'
-#       Template file that contains the main() function for the test suite,
-#       test dispatch code as well as support functions. It contains the
-#       following symbols which are substituted by this script during
-#       processing:
-#           TESTCASE_FILENAME
-#           TESTCODE_FILENAME
-#           SUITE_PRE_DEP
-#           MAPPING_CODE
-#           FUNCTION CODE
-#           SUITE_POST_DEP
-#           DEP_CHECK_CODE
-#           DISPATCH_FUNCTION
-#           !LINE_NO!
-#
-#   - common helper code file - 'helpers.function'
-#       Common helper functions
-#
-#   - test suite code file - file name in the form 'test_suite_xxx.function'
-#       Code file that contains the actual test cases. The file contains a
-#       series of code sequences delimited by the following:
-#           BEGIN_HEADER / END_HEADER - list of headers files
-#           BEGIN_SUITE_HELPERS / END_SUITE_HELPERS - helper functions common to
-#               the test suite
-#           BEGIN_CASE / END_CASE - the test cases in the test suite. Each test
-#               case contains at least one function that is used to create the
-#               dispatch code.
-#
-#   - test data file - file name in the form 'test_suite_xxxx.data'
-#       The test case parameters to to be used in execution of the test. The
-#       file name is used to replace the symbol 'TESTCASE_FILENAME' in the main
-#       code file above.
-#
-#       A test data file consists of a sequence of paragraphs separated by
-#       a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF)
-#       format. Lines starting with the character '#' are ignored
-#       (the parser behaves as if they were not present).
-#
-#       Each paragraph describes one test case and must consist of: (1) one
-#       line which is the test case name; (2) an optional line starting with
-#       the 11-character prefix "depends_on:"; (3) a line containing the test
-#       function to execute and its parameters.
-#
-#       A depends_on: line consists of a list of compile-time options
-#       separated by the character ':', with no whitespace. The test case
-#       is executed only if this compilation option is enabled in config.h.
-#
-#       The last line of each paragraph contains a test function name and
-#       a list of parameters separated by the character ':'. Running the
-#       test case calls this function with the specified parameters. Each
-#       parameter may either be an integer written in decimal or hexadecimal,
-#       or a string surrounded by double quotes which may not contain the
-#       ':' character.
-#
-
-use strict;
-
-my $suite_dir = shift or die "Missing suite directory";
-my $suite_name = shift or die "Missing suite name";
-my $data_name = shift or die "Missing data name";
-my $test_main_file = do { my $arg = shift; defined($arg) ? $arg :  $suite_dir."/main_test.function" };
-my $test_file = $data_name.".c";
-my $test_common_helper_file = $suite_dir."/helpers.function";
-my $test_case_file = $suite_dir."/".$suite_name.".function";
-my $test_case_data = $suite_dir."/".$data_name.".data";
-
-my $line_separator = $/;
-undef $/;
-
-
-#
-# Open and read in the input files
-#
-
-open(TEST_HELPERS, "$test_common_helper_file") or die "Opening test helpers
-'$test_common_helper_file': $!";
-my $test_common_helpers = <TEST_HELPERS>;
-close(TEST_HELPERS);
-
-open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!";
-my @test_main_lines = split/^/,  <TEST_MAIN>;
-my $test_main;
-my $index = 2;
-for my $line (@test_main_lines) {
-    $line =~ s/!LINE_NO!/$index/;
-    $test_main = $test_main.$line;
-    $index++;
-}
-close(TEST_MAIN);
-
-open(TEST_CASES, "$test_case_file") or die "Opening test cases '$test_case_file': $!";
-my @test_cases_lines = split/^/,  <TEST_CASES>;
-my $test_cases;
-my $index = 2;
-for my $line (@test_cases_lines) {
-    if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//)
-    {
-        $line = $line."#line $index \"$test_case_file\"\n";
-    }
-
-    if ($line =~ /^\/\* BEGIN_CASE .*\*\//)
-    {
-        $line = $line."#line $index \"$test_case_file\"\n";
-    }
-
-    $line =~ s/!LINE_NO!/$index/;
-
-    $test_cases = $test_cases.$line;
-    $index++;
-}
-
-close(TEST_CASES);
-
-open(TEST_DATA, "$test_case_data") or die "Opening test data '$test_case_data': $!";
-my $test_data = <TEST_DATA>;
-close(TEST_DATA);
-
-
-#
-# Find the headers, dependencies, and suites in the test cases file
-#
-
-my ( $suite_header ) = $test_cases =~ /\/\* BEGIN_HEADER \*\/\n(.*?)\n\/\* END_HEADER \*\//s;
-my ( $suite_defines ) = $test_cases =~ /\/\* BEGIN_DEPENDENCIES\n \* (.*?)\n \* END_DEPENDENCIES/s;
-my ( $suite_helpers ) = $test_cases =~ /\/\* BEGIN_SUITE_HELPERS \*\/\n(.*?)\n\/\* END_SUITE_HELPERS \*\//s;
-
-my $requirements;
-if ($suite_defines =~ /^depends_on:/)
-{
-    ( $requirements ) = $suite_defines =~ /^depends_on:(.*)$/;
-}
-
-my @var_req_arr = split(/:/, $requirements);
-my $suite_pre_code;
-my $suite_post_code;
-my $dispatch_code;
-my $mapping_code;
-my %mapping_values;
-
-while (@var_req_arr)
-{
-    my $req = shift @var_req_arr;
-    $req =~ s/(!?)(.*)/$1defined($2)/;
-
-    $suite_pre_code .= "#if $req\n";
-    $suite_post_code .= "#endif /* $req */\n";
-}
-
-$/ = $line_separator;
-
-open(TEST_FILE, ">$test_file") or die "Opening destination file '$test_file': $!";
-print TEST_FILE << "END";
-/*
- * *** THIS FILE HAS BEEN MACHINE GENERATED ***
- *
- * This file has been machine generated using the script: $0
- *
- * Test file      : $test_file
- *
- * The following files were used to create this file.
- *
- *      Main code file  : $test_main_file
- *      Helper file     : $test_common_helper_file
- *      Test suite file : $test_case_file
- *      Test suite data : $test_case_data
- *
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include <mbedtls/config.h>
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-
-/*----------------------------------------------------------------------------*/
-/* Common helper code */
-
-$test_common_helpers
-
-
-/*----------------------------------------------------------------------------*/
-/* Test Suite Code */
-
-$suite_pre_code
-$suite_header
-$suite_helpers
-$suite_post_code
-
-END
-
-$test_main =~ s/SUITE_PRE_DEP/$suite_pre_code/;
-$test_main =~ s/SUITE_POST_DEP/$suite_post_code/;
-
-while($test_cases =~ /\/\* BEGIN_CASE *([\w:]*) \*\/\n(.*?)\n\/\* END_CASE \*\//msg)
-{
-    my $function_deps = $1;
-    my $function_decl = $2;
-
-    # Sanity checks of function
-    if ($function_decl !~ /^#line\s*.*\nvoid /)
-    {
-        die "Test function does not have 'void' as return type.\n" .
-            "Function declaration:\n" .
-            $function_decl;
-    }
-    if ($function_decl !~ /^(#line\s*.*)\nvoid (\w+)\(\s*(.*?)\s*\)\s*{(.*)}/ms)
-    {
-        die "Function declaration not in expected format\n";
-    }
-    my $line_directive = $1;
-    my $function_name = $2;
-    my $function_params = $3;
-    my $function_pre_code;
-    my $function_post_code;
-    my $param_defs;
-    my $param_checks;
-    my @dispatch_params;
-    my @var_def_arr = split(/,\s*/, $function_params);
-    my $i = 1;
-    my $mapping_regex = "".$function_name;
-    my $mapping_count = 0;
-
-    $function_decl =~ s/(^#line\s*.*)\nvoid /$1\nvoid test_suite_/;
-
-    # Add exit label if not present
-    if ($function_decl !~ /^exit:$/m)
-    {
-        $function_decl =~ s/}\s*$/\nexit:\n    return;\n}/;
-    }
-
-    if ($function_deps =~ /^depends_on:/)
-    {
-        ( $function_deps ) = $function_deps =~ /^depends_on:(.*)$/;
-    }
-
-    foreach my $req (split(/:/, $function_deps))
-    {
-        $function_pre_code .= "#ifdef $req\n";
-        $function_post_code .= "#endif /* $req */\n";
-    }
-
-    foreach my $def (@var_def_arr)
-    {
-        # Handle the different parameter types
-        if( substr($def, 0, 4) eq "int " )
-        {
-            $param_defs .= "    int param$i;\n";
-            $param_checks .= "    if( verify_int( params[$i], &param$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n";
-            push @dispatch_params, "param$i";
-
-            $mapping_regex .= ":([\\d\\w |\\+\\-\\(\\)]+)";
-            $mapping_count++;
-        }
-        elsif( substr($def, 0, 6) eq "char *" )
-        {
-            $param_defs .= "    char *param$i = params[$i];\n";
-            $param_checks .= "    if( verify_string( &param$i ) != 0 ) return( DISPATCH_INVALID_TEST_DATA );\n";
-            push @dispatch_params, "param$i";
-            $mapping_regex .= ":(?:\\\\.|[^:\n])+";
-        }
-        else
-        {
-            die "Parameter declaration not of supported type (int, char *)\n";
-        }
-        $i++;
-
-    }
-
-    # Find non-integer values we should map for this function
-    if( $mapping_count)
-    {
-        my @res = $test_data =~ /^$mapping_regex/msg;
-        foreach my $value (@res)
-        {
-            next unless ($value !~ /^\d+$/);
-            if ( $mapping_values{$value} ) {
-                ${ $mapping_values{$value} }{$function_pre_code} = 1;
-            } else {
-                $mapping_values{$value} = { $function_pre_code => 1 };
-            }
-        }
-    }
-
-    my $call_params = join ", ", @dispatch_params;
-    my $param_count = @var_def_arr + 1;
-    $dispatch_code .= << "END";
-if( strcmp( params[0], "$function_name" ) == 0 )
-{
-$function_pre_code
-$param_defs
-    if( cnt != $param_count )
-    {
-        mbedtls_fprintf( stderr, "\\nIncorrect argument count (%d != %d)\\n", cnt, $param_count );
-        return( DISPATCH_INVALID_TEST_DATA );
-    }
-
-$param_checks
-    test_suite_$function_name( $call_params );
-    return ( DISPATCH_TEST_SUCCESS );
-$function_post_code
-    return ( DISPATCH_UNSUPPORTED_SUITE );
-}
-else
-END
-
-    my $function_code = $function_pre_code . $function_decl . "\n" .
-                        $function_post_code;
-    $test_main =~ s/FUNCTION_CODE/$function_code\nFUNCTION_CODE/;
-}
-
-# Find specific case dependencies that we should be able to check
-# and make check code
-my $dep_check_code;
-
-my @res = $test_data =~ /^depends_on:([!:\w]+)/msg;
-my %case_deps;
-foreach my $deps (@res)
-{
-    foreach my $dep (split(/:/, $deps))
-    {
-        $case_deps{$dep} = 1;
-    }
-}
-while( my ($key, $value) = each(%case_deps) )
-{
-    if( substr($key, 0, 1) eq "!" )
-    {
-        my $key = substr($key, 1);
-        $dep_check_code .= << "END";
-    if( strcmp( str, "!$key" ) == 0 )
-    {
-#if !defined($key)
-        return( DEPENDENCY_SUPPORTED );
-#else
-        return( DEPENDENCY_NOT_SUPPORTED );
-#endif
-    }
-END
-    }
-    else
-    {
-        $dep_check_code .= << "END";
-    if( strcmp( str, "$key" ) == 0 )
-    {
-#if defined($key)
-        return( DEPENDENCY_SUPPORTED );
-#else
-        return( DEPENDENCY_NOT_SUPPORTED );
-#endif
-    }
-END
-    }
-}
-
-# Make mapping code
-while( my ($key, $value) = each(%mapping_values) )
-{
-    my $key_mapping_code = << "END";
-    if( strcmp( str, "$key" ) == 0 )
-    {
-        *value = ( $key );
-        return( KEY_VALUE_MAPPING_FOUND );
-    }
-END
-
-    # handle depenencies, unless used at least one without depends
-    if ($value->{""}) {
-        $mapping_code .= $key_mapping_code;
-        next;
-    }
-    for my $ifdef ( keys %$value ) {
-        (my $endif = $ifdef) =~ s!ifdef!endif //!g;
-        $mapping_code .= $ifdef . $key_mapping_code . $endif;
-    }
-}
-
-$dispatch_code =~ s/^(.+)/    $1/mg;
-
-$test_main =~ s/TESTCASE_FILENAME/$test_case_data/g;
-$test_main =~ s/TESTCODE_FILENAME/$test_case_file/g;
-$test_main =~ s/FUNCTION_CODE//;
-$test_main =~ s/DEP_CHECK_CODE/$dep_check_code/;
-$test_main =~ s/DISPATCH_FUNCTION/$dispatch_code/;
-$test_main =~ s/MAPPING_CODE/$mapping_code/;
-
-print TEST_FILE << "END";
-$test_main
-END
-
-close(TEST_FILE);

From 191e904bb2214a75dd3a734c3dcaa3327712965a Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 9 Jun 2017 12:39:00 +0100
Subject: [PATCH 280/578] Replace old template and code generator with new
 ones. Keep names

---
 .../{gen_mbed_code.py => generate_code.py}    |   0
 tests/suites/desktop_test.function            |  13 +-
 tests/suites/main_test.function               | 691 ++++--------------
 tests/suites/mbed_test.function               | 174 -----
 4 files changed, 164 insertions(+), 714 deletions(-)
 rename tests/scripts/{gen_mbed_code.py => generate_code.py} (100%)
 delete mode 100644 tests/suites/mbed_test.function

diff --git a/tests/scripts/gen_mbed_code.py b/tests/scripts/generate_code.py
similarity index 100%
rename from tests/scripts/gen_mbed_code.py
rename to tests/scripts/generate_code.py
diff --git a/tests/suites/desktop_test.function b/tests/suites/desktop_test.function
index b2906a8dc..9c9a0b2d4 100644
--- a/tests/suites/desktop_test.function
+++ b/tests/suites/desktop_test.function
@@ -316,12 +316,23 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store
 /**
  * \brief       Tests snprintf implementation with test input.
  *
+ * \note
+ * At high optimization levels (e.g. gcc -O3), this function may be
+ * inlined in run_test_snprintf. This can trigger a spurious warning about
+ * potential misuse of snprintf from gcc -Wformat-truncation (observed with
+ * gcc 7.2). This warning makes tests in run_test_snprintf redundant on gcc
+ * only. They are still valid for other compilers. Avoid this warning by
+ * forbidding inlining of this function by gcc.
+ *
  * \param n         Buffer test length.
  * \param ref_buf   Expected buffer.
  * \param ref_ret   Expected snprintf return value.
  *
  * \return      0 for success else 1
  */
+#if defined(__GNUC__)
+__attribute__((__noinline__))
+#endif
 static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
 {
     int ret;
@@ -417,7 +428,7 @@ int execute_tests( int argc , const char ** argv )
     if( run_test_snprintf() != 0 )
     {
         mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" );
-        return( 0 );
+        return( 1 );
     }
 
     while( arg_index < argc )
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index b6e310406..cd7f360d6 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -1,571 +1,184 @@
-#line 1 "main_test.function"
-SUITE_PRE_DEP
-#define TEST_SUITE_ACTIVE
+#line 2 "suites/mbed_test.function"
+/*
+ * *** THIS FILE HAS BEEN MACHINE GENERATED ***
+ *
+ * This file has been machine generated using the script:
+ * {generator_script}
+ *
+ * Test file      : {test_file}
+ *
+ * The following files were used to create this file.
+ *
+ *      Main code file      : {test_main_file}
+ *      Platform code file  : {test_platform_file}
+ *      Helper file         : {test_common_helper_file}
+ *      Test suite file     : {test_case_file}
+ *      Test suite data     : {test_case_data_file}
+ *
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
 
-int verify_string( char **str )
-{
-    if( (*str)[0] != '"' ||
-        (*str)[strlen( *str ) - 1] != '"' )
-    {
-        mbedtls_fprintf( stderr,
-            "Expected string (with \"\") for parameter and got: %s\n", *str );
-        return( -1 );
-    }
-
-    (*str)++;
-    (*str)[strlen( *str ) - 1] = '\0';
-
-    return( 0 );
-}
-
-int verify_int( char *str, int *value )
-{
-    size_t i;
-    int minus = 0;
-    int digits = 1;
-    int hex = 0;
-
-    for( i = 0; i < strlen( str ); i++ )
-    {
-        if( i == 0 && str[i] == '-' )
-        {
-            minus = 1;
-            continue;
-        }
-
-        if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
-            str[i - 1] == '0' && str[i] == 'x' )
-        {
-            hex = 1;
-            continue;
-        }
-
-        if( ! ( ( str[i] >= '0' && str[i] <= '9' ) ||
-                ( hex && ( ( str[i] >= 'a' && str[i] <= 'f' ) ||
-                           ( str[i] >= 'A' && str[i] <= 'F' ) ) ) ) )
-        {
-            digits = 0;
-            break;
-        }
-    }
-
-    if( digits )
-    {
-        if( hex )
-            *value = strtol( str, NULL, 16 );
-        else
-            *value = strtol( str, NULL, 10 );
-
-        return( 0 );
-    }
-
-MAPPING_CODE
-
-    mbedtls_fprintf( stderr,
-                    "Expected integer for parameter and got: %s\n", str );
-    return( KEY_VALUE_MAPPING_NOT_FOUND );
-}
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include <mbedtls/config.h>
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
 
 
 /*----------------------------------------------------------------------------*/
-/* Test Case code */
+/* Common helper code */
 
-FUNCTION_CODE
-SUITE_POST_DEP
+{test_common_helpers}
 
-#line !LINE_NO! "main_test.function"
+#line {line_no} "suites/mbed_test.function"
+
+
+/*----------------------------------------------------------------------------*/
+/* Test Suite Code */
+
+
+#define TEST_SUITE_ACTIVE
+
+{function_headers}
+
+{functions_code}
+
+#line {line_no} "suites/mbed_test.function"
 
 
 /*----------------------------------------------------------------------------*/
 /* Test dispatch code */
 
-int dep_check( char *str )
-{
-    if( str == NULL )
-        return( 1 );
 
-DEP_CHECK_CODE
-#line !LINE_NO! "main_test.function"
+/**
+ * \brief       Evaluates an expression/macro into its literal integer value.
+ *              For optimizing space for embedded targets each expression/macro
+ *              is identified by a unique identifier instead of string literals.
+ *              Identifiers and evaluation code is generated by script:
+ *              {generator_script}
+ *
+ * \param exp_id    Expression identifier.
+ * \param out_value Pointer to int to hold the integer.
+ *
+ * \return       0 if exp_id is found. 1 otherwise.
+ */
+int get_expression( int32_t exp_id, int32_t * out_value )
+{{
+{expression_code}
+#line {line_no} "suites/mbed_test.function"
+    {{
+        return( KEY_VALUE_MAPPING_NOT_FOUND );
+    }}
+    return( KEY_VALUE_MAPPING_FOUND );
+}}
 
-    return( DEPENDENCY_NOT_SUPPORTED );
-}
 
-int dispatch_test(int cnt, char *params[50])
-{
-    int ret;
-    ((void) cnt);
-    ((void) params);
+/**
+ * \brief       Checks if the dependency i.e. the compile flag is set.
+ *              For optimizing space for embedded targets each dependency
+ *              is identified by a unique identifier instead of string literals.
+ *              Identifiers and check code is generated by script:
+ *              {generator_script}
+ *
+ * \param exp_id    Dependency identifier.
+ *
+ * \return       DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED
+ */
+int dep_check( int dep_id )
+{{
+{dep_check_code}
+#line {line_no} "suites/mbed_test.function"
+    {{
+         return( DEPENDENCY_NOT_SUPPORTED );
+    }}
+}}
 
-#if defined(TEST_SUITE_ACTIVE)
-    ret = DISPATCH_TEST_SUCCESS;
 
-    // Cast to void to avoid compiler warnings
-    (void)ret;
+/**
+ * \brief       Function pointer type for test function wrappers.
+ *
+ *
+ * \param void **   Pointer to void pointers. Represents an array of test
+ *                  function parameters.
+ *
+ * \return       void
+ */
+typedef void (*TestWrapper_t)( void ** );
+
+
+/**
+ * \brief       Table of test function wrappers. Used by dispatch_test().
+ *              This table is populated by script:
+ *              {generator_script}
+ *
+ */
+TestWrapper_t test_funcs[] =
+{{
+{dispatch_code}
+#line {line_no} "suites/mbed_test.function"
+}};
+
+
+/**
+ * \brief       Dispatches test functions based on function index.
+ *
+ * \param exp_id    Test function index.
+ *
+ * \return       DISPATCH_TEST_SUCCESS if found
+ *               DISPATCH_TEST_FN_NOT_FOUND if not found
+ *               DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
+ */
+int dispatch_test( int func_idx, void ** params )
+{{
+    int ret = DISPATCH_TEST_SUCCESS;
+    TestWrapper_t fp = NULL;
+
+    if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
+    {{
+        fp = test_funcs[func_idx];
+        if ( fp )
+            fp( params );
+        else
+            ret = ( DISPATCH_UNSUPPORTED_SUITE );
+    }}
+    else
+    {{
+        ret = ( DISPATCH_TEST_FN_NOT_FOUND );
+    }}
 
-DISPATCH_FUNCTION
-    {
-#line !LINE_NO! "main_test.function"
-        mbedtls_fprintf( stdout,
-                         "FAILED\nSkipping unknown test function '%s'\n",
-                         params[0] );
-        fflush( stdout );
-        ret = DISPATCH_TEST_FN_NOT_FOUND;
-    }
-#else
-    ret = DISPATCH_UNSUPPORTED_SUITE;
-#endif
     return( ret );
-}
+}}
 
 
+{platform_code}
+
+#line {line_no} "suites/mbed_test.function"
+
 /*----------------------------------------------------------------------------*/
 /* Main Test code */
 
-#line !LINE_NO! "main_test.function"
 
-#define USAGE \
-    "Usage: %s [OPTIONS] files...\n\n" \
-    "   Command line arguments:\n" \
-    "     files...          One or more test data file. If no file is specified\n" \
-    "                       the followimg default test case is used:\n" \
-    "                           %s\n\n" \
-    "   Options:\n" \
-    "     -v | --verbose    Display full information about each test\n" \
-    "     -h | --help       Display this information\n\n", \
-    argv[0], \
-    "TESTCASE_FILENAME"
-
-
-/** Retrieve one input line into buf, which must have room for len
- * bytes. The trailing line break (if any) is stripped from the result.
- * Lines beginning with the character '#' are skipped. Lines that are
- * more than len-1 bytes long including the trailing line break are
- * truncated; note that the following bytes remain in the input stream.
+/**
+ * \brief       Program main. Invokes platform specific execute_tests().
  *
- * \return 0 on success, -1 on error or end of file
+ * \param argc      Command line arguments count.
+ * \param argv      Array of command line arguments.
+ *
+ * \return       Exit code.
  */
-int get_line( FILE *f, char *buf, size_t len )
-{
-    char *ret;
-
-    do
-    {
-        ret = fgets( buf, len, f );
-        if( ret == NULL )
-            return( -1 );
-    }
-    while( buf[0] == '#' );
-
-    ret = buf + strlen( buf );
-    if( ret-- > buf && *ret == '\n' )
-        *ret = '\0';
-    if( ret-- > buf && *ret == '\r' )
-        *ret = '\0';
-
-    return( 0 );
-}
-
-int parse_arguments( char *buf, size_t len, char *params[50] )
-{
-    int cnt = 0, i;
-    char *cur = buf;
-    char *p = buf, *q;
-
-    params[cnt++] = cur;
-
-    while( *p != '\0' && p < buf + len )
-    {
-        if( *p == '\\' )
-        {
-            p++;
-            p++;
-            continue;
-        }
-        if( *p == ':' )
-        {
-            if( p + 1 < buf + len )
-            {
-                cur = p + 1;
-                params[cnt++] = cur;
-            }
-            *p = '\0';
-        }
-
-        p++;
-    }
-
-    /* Replace newlines, question marks and colons in strings */
-    for( i = 0; i < cnt; i++ )
-    {
-        p = params[i];
-        q = params[i];
-
-        while( *p != '\0' )
-        {
-            if( *p == '\\' && *(p + 1) == 'n' )
-            {
-                p += 2;
-                *(q++) = '\n';
-            }
-            else if( *p == '\\' && *(p + 1) == ':' )
-            {
-                p += 2;
-                *(q++) = ':';
-            }
-            else if( *p == '\\' && *(p + 1) == '?' )
-            {
-                p += 2;
-                *(q++) = '?';
-            }
-            else
-                *(q++) = *(p++);
-        }
-        *q = '\0';
-    }
-
-    return( cnt );
-}
-
-#if defined(__GNUC__)
-/* At high optimization levels (e.g. gcc -O3), this function may be
- * inlined in run_test_snprintf. This can trigger a spurious warning about
- * potential misuse of snprintf from gcc -Wformat-truncation (observed with
- * gcc 7.2). This warning makes tests in run_test_snprintf redundant on gcc
- * only. They are still valid for other compilers. Avoid this warning by
- * forbidding inlining of this function by gcc. */
-__attribute__((__noinline__))
-#endif
-static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
-{
-    int ret;
-    char buf[10] = "xxxxxxxxx";
-    const char ref[10] = "xxxxxxxxx";
-
-    if( n >= sizeof( buf ) )
-        return( -1 );
-    ret = mbedtls_snprintf( buf, n, "%s", "123" );
-    if( ret < 0 || (size_t) ret >= n )
-        ret = -1;
-
-    if( strncmp( ref_buf, buf, sizeof( buf ) ) != 0 ||
-        ref_ret != ret ||
-        memcmp( buf + n, ref + n, sizeof( buf ) - n ) != 0 )
-    {
-        return( 1 );
-    }
-
-    return( 0 );
-}
-
-static int run_test_snprintf( void )
-{
-    return( test_snprintf( 0, "xxxxxxxxx",  -1 ) != 0 ||
-            test_snprintf( 1, "",           -1 ) != 0 ||
-            test_snprintf( 2, "1",          -1 ) != 0 ||
-            test_snprintf( 3, "12",         -1 ) != 0 ||
-            test_snprintf( 4, "123",         3 ) != 0 ||
-            test_snprintf( 5, "123",         3 ) != 0 );
-}
-
-int main(int argc, const char *argv[])
-{
-    /* Local Configurations and options */
-    const char *default_filename = "TESTCASE_FILENAME";
-    const char *test_filename = NULL;
-    const char **test_files = NULL;
-    int testfile_count = 0;
-    int option_verbose = 0;
-
-    /* Other Local variables */
-    int arg_index = 1;
-    const char *next_arg;
-    int testfile_index, ret, i, cnt;
-    int total_errors = 0, total_tests = 0, total_skipped = 0;
-    FILE *file;
-    char buf[5000];
-    char *params[50];
-    void *pointer;
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
-    int stdout_fd = -1;
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
-    !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
-    unsigned char alloc_buf[1000000];
-#endif
-    /* Platform setup should be called in the beginning */
-    ret = platform_setup();
+int main( int argc, const char *argv[] )
+{{
+    int ret = platform_setup();
     if( ret != 0 )
-    {
+    {{
         mbedtls_fprintf( stderr,
                          "FATAL: Failed to initialize platform - error %d\n",
                          ret );
         return( -1 );
-    }
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
-    !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
-    mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
-#endif
-
-    /*
-     * The C standard doesn't guarantee that all-bits-0 is the representation
-     * of a NULL pointer. We do however use that in our code for initializing
-     * structures, which should work on every modern platform. Let's be sure.
-     */
-    memset( &pointer, 0, sizeof( void * ) );
-    if( pointer != NULL )
-    {
-        mbedtls_fprintf( stderr, "all-bits-zero is not a NULL pointer\n" );
-        platform_teardown();
-        return( 1 );
-    }
-
-    /*
-     * Make sure we have a snprintf that correctly zero-terminates
-     */
-    if( run_test_snprintf() != 0 )
-    {
-        mbedtls_fprintf( stderr, "the snprintf implementation is broken\n" );
-        platform_teardown();
-        return( 1 );
-    }
-
-    while( arg_index < argc)
-    {
-        next_arg = argv[ arg_index ];
-
-        if( strcmp(next_arg, "--verbose" ) == 0 ||
-                 strcmp(next_arg, "-v" ) == 0 )
-        {
-            option_verbose = 1;
-        }
-        else if( strcmp(next_arg, "--help" ) == 0 ||
-                 strcmp(next_arg, "-h" ) == 0 )
-        {
-            mbedtls_fprintf( stdout, USAGE );
-            platform_teardown();
-            mbedtls_exit( EXIT_SUCCESS );
-        }
-        else
-        {
-            /* Not an option, therefore treat all further arguments as the file
-             * list.
-             */
-            test_files = &argv[ arg_index ];
-            testfile_count = argc - arg_index;
-        }
-
-        arg_index++;
-    }
-
-    /* If no files were specified, assume a default */
-    if ( test_files == NULL || testfile_count == 0 )
-    {
-        test_files = &default_filename;
-        testfile_count = 1;
-    }
-
-    /* Initialize the struct that holds information about the last test */
-    memset( &test_info, 0, sizeof( test_info ) );
-
-    /* Now begin to execute the tests in the testfiles */
-    for ( testfile_index = 0;
-          testfile_index < testfile_count;
-          testfile_index++ )
-    {
-        int unmet_dep_count = 0;
-        char *unmet_dependencies[20];
-
-        test_filename = test_files[ testfile_index ];
-
-        file = fopen( test_filename, "r" );
-        if( file == NULL )
-        {
-            mbedtls_fprintf( stderr, "Failed to open test file: %s\n",
-                             test_filename );
-            platform_teardown();
-            return( 1 );
-        }
-
-        while( !feof( file ) )
-        {
-            if( unmet_dep_count > 0 )
-            {
-                mbedtls_fprintf( stderr,
-                    "FATAL: Dep count larger than zero at start of loop\n" );
-                platform_teardown();
-                mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-            }
-            unmet_dep_count = 0;
-
-            if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
-                break;
-            mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf );
-            mbedtls_fprintf( stdout, " " );
-            for( i = strlen( buf ) + 1; i < 67; i++ )
-                mbedtls_fprintf( stdout, "." );
-            mbedtls_fprintf( stdout, " " );
-            fflush( stdout );
-
-            total_tests++;
-
-            if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
-                break;
-            cnt = parse_arguments( buf, strlen(buf), params );
-
-            if( strcmp( params[0], "depends_on" ) == 0 )
-            {
-                for( i = 1; i < cnt; i++ )
-                {
-                    if( dep_check( params[i] ) != DEPENDENCY_SUPPORTED )
-                    {
-                        if( 0 == option_verbose )
-                        {
-                            /* Only one count is needed if not verbose */
-                            unmet_dep_count++;
-                            break;
-                        }
-
-                        unmet_dependencies[ unmet_dep_count ] = strdup(params[i]);
-                        if(  unmet_dependencies[ unmet_dep_count ] == NULL )
-                        {
-                            mbedtls_fprintf( stderr, "FATAL: Out of memory\n" );
-                            platform_teardown();
-                            mbedtls_exit( MBEDTLS_EXIT_FAILURE );
-                        }
-                        unmet_dep_count++;
-                    }
-                }
-
-                if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 )
-                    break;
-                cnt = parse_arguments( buf, strlen(buf), params );
-            }
-
-            // If there are no unmet dependencies execute the test
-            if( unmet_dep_count == 0 )
-            {
-                test_info.failed = 0;
-
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
-                /* Suppress all output from the library unless we're verbose
-                 * mode
-                 */
-                if( !option_verbose )
-                {
-                    stdout_fd = redirect_output( &stdout, "/dev/null" );
-                    if( stdout_fd == -1 )
-                    {
-                        platform_teardown();
-                        /* Redirection has failed with no stdout so exit */
-                        exit( 1 );
-                    }
-                }
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
-                ret = dispatch_test( cnt, params );
-
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
-                if( !option_verbose && restore_output( &stdout, stdout_fd ) )
-                {
-                        /* Redirection has failed with no stdout so exit */
-                        platform_teardown();
-                        exit( 1 );
-                }
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
-            }
-
-            if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE )
-            {
-                total_skipped++;
-                mbedtls_fprintf( stdout, "----" );
-
-                if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE )
-                {
-                    mbedtls_fprintf( stdout, "\n   Test Suite not enabled" );
-                }
-
-                if( 1 == option_verbose && unmet_dep_count > 0 )
-                {
-                    mbedtls_fprintf( stdout, "\n   Unmet dependencies: " );
-                    for( i = 0; i < unmet_dep_count; i++ )
-                    {
-                        mbedtls_fprintf(stdout, "%s  ",
-                                        unmet_dependencies[i]);
-                        free(unmet_dependencies[i]);
-                    }
-                }
-                mbedtls_fprintf( stdout, "\n" );
-                fflush( stdout );
-
-                unmet_dep_count = 0;
-            }
-            else if( ret == DISPATCH_TEST_SUCCESS )
-            {
-                if( test_info.failed == 0 )
-                {
-                    mbedtls_fprintf( stdout, "PASS\n" );
-                }
-                else
-                {
-                    total_errors++;
-                    mbedtls_fprintf( stdout, "FAILED\n" );
-                    mbedtls_fprintf( stdout, "  %s\n  at line %d, %s\n",
-                                     test_info.test, test_info.line_no,
-                                     test_info.filename );
-                }
-                fflush( stdout );
-            }
-            else if( ret == DISPATCH_INVALID_TEST_DATA )
-            {
-                mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" );
-                fclose( file );
-                platform_teardown();
-                mbedtls_exit( 2 );
-            }
-            else
-                total_errors++;
-
-            if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 )
-                break;
-            if( strlen( buf ) != 0 )
-            {
-                mbedtls_fprintf( stderr, "Should be empty %d\n",
-                                 (int) strlen( buf ) );
-                platform_teardown();
-                return( 1 );
-            }
-        }
-        fclose( file );
-
-        /* In case we encounter early end of file */
-        for( i = 0; i < unmet_dep_count; i++ )
-            free( unmet_dependencies[i] );
-    }
-
-    mbedtls_fprintf( stdout, "\n----------------------------------------------------------------------------\n\n");
-    if( total_errors == 0 )
-        mbedtls_fprintf( stdout, "PASSED" );
-    else
-        mbedtls_fprintf( stdout, "FAILED" );
-
-    mbedtls_fprintf( stdout, " (%d / %d tests (%d skipped))\n",
-             total_tests - total_errors, total_tests, total_skipped );
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
-    !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC)
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    mbedtls_memory_buffer_alloc_status();
-#endif
-    mbedtls_memory_buffer_alloc_free();
-#endif
-
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
-    if( stdout_fd != -1 )
-        close_output( stdout );
-#endif /* __unix__ || __APPLE__ __MACH__ */
-
+    }}
+    ret = execute_tests( argc, argv );
     platform_teardown();
-    return( total_errors != 0 );
-}
+    return( ret );
+}}
+
diff --git a/tests/suites/mbed_test.function b/tests/suites/mbed_test.function
deleted file mode 100644
index ab56dec54..000000000
--- a/tests/suites/mbed_test.function
+++ /dev/null
@@ -1,174 +0,0 @@
-#line 2 "suites/mbed_test.function"
-/*
- * *** THIS FILE HAS BEEN MACHINE GENERATED ***
- *
- * This file has been machine generated using the script:
- * {generator_script}
- *
- * Test file      : {test_file}
- *
- * The following files were used to create this file.
- *
- *      Main code file      : {test_main_file}
- *      Platform code file  : {test_platform_file}
- *      Helper file         : {test_common_helper_file}
- *      Test suite file     : {test_case_file}
- *      Test suite data     : {test_case_data_file}
- *
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include <mbedtls/config.h>
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-
-/*----------------------------------------------------------------------------*/
-/* Common helper code */
-
-{test_common_helpers}
-
-#line {line_no} "suites/mbed_test.function"
-
-
-/*----------------------------------------------------------------------------*/
-/* Test Suite Code */
-
-
-#define TEST_SUITE_ACTIVE
-
-{function_headers}
-
-{functions_code}
-
-#line {line_no} "suites/mbed_test.function"
-
-
-/*----------------------------------------------------------------------------*/
-/* Test dispatch code */
-
-
-/**
- * \brief       Evaluates an expression/macro into its literal integer value.
- *              For optimizing space for embedded targets each expression/macro
- *              is identified by a unique identifier instead of string literals.
- *              Identifiers and evaluation code is generated by script:
- *              {generator_script}
- *
- * \param exp_id    Expression identifier.
- * \param out_value Pointer to int to hold the integer.
- *
- * \return       0 if exp_id is found. 1 otherwise.
- */
-int get_expression( int32_t exp_id, int32_t * out_value )
-{{
-{expression_code}
-#line {line_no} "suites/mbed_test.function"
-    {{
-        return( KEY_VALUE_MAPPING_NOT_FOUND );
-    }}
-    return( KEY_VALUE_MAPPING_FOUND );
-}}
-
-
-/**
- * \brief       Checks if the dependency i.e. the compile flag is set.
- *              For optimizing space for embedded targets each dependency
- *              is identified by a unique identifier instead of string literals.
- *              Identifiers and check code is generated by script:
- *              {generator_script}
- *
- * \param exp_id    Dependency identifier.
- *
- * \return       DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED
- */
-int dep_check( int dep_id )
-{{
-{dep_check_code}
-#line {line_no} "suites/mbed_test.function"
-    {{
-         return( DEPENDENCY_NOT_SUPPORTED );
-    }}
-}}
-
-
-/**
- * \brief       Function pointer type for test function wrappers.
- *
- *
- * \param void **   Pointer to void pointers. Represents an array of test
- *                  function parameters.
- *
- * \return       void
- */
-typedef void (*TestWrapper_t)( void ** );
-
-
-/**
- * \brief       Table of test function wrappers. Used by dispatch_test().
- *              This table is populated by script:
- *              {generator_script}
- *
- */
-TestWrapper_t test_funcs[] =
-{{
-{dispatch_code} 
-#line {line_no} "suites/mbed_test.function"
-}};
-
-
-/**
- * \brief       Dispatches test functions based on function index.
- *
- * \param exp_id    Test function index.
- *
- * \return       DISPATCH_TEST_SUCCESS if found
- *               DISPATCH_TEST_FN_NOT_FOUND if not found
- *               DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
- */
-int dispatch_test( int func_idx, void ** params )
-{{
-    int ret = DISPATCH_TEST_SUCCESS;
-    TestWrapper_t fp = NULL;
-
-    if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
-    {{
-        fp = test_funcs[func_idx];
-        if ( fp )
-            fp( params );
-        else
-            ret = ( DISPATCH_UNSUPPORTED_SUITE );
-    }}
-    else
-    {{
-        ret = ( DISPATCH_TEST_FN_NOT_FOUND );
-    }}
-
-    return( ret );
-}}
-
-
-{platform_code}
-
-#line {line_no} "suites/mbed_test.function"
-
-/*----------------------------------------------------------------------------*/
-/* Main Test code */
-
-
-/**
- * \brief       Program main. Invokes platform specific execute_tests().
- *
- * \param argc      Command line arguments count.
- * \param argv      Array of command line arguments.
- *
- * \return       Exit code.
- */
-int main( int argc, const char *argv[] )
-{{
-    return execute_tests( argc, argv );
-}}
-

From 1de892b85fb1e5f439ad54c98fa11d60f25badf0 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 9 Jun 2017 15:02:36 +0100
Subject: [PATCH 281/578] Update code as old template and generator is replaced
 with new one

---
 tests/Makefile                  | 24 +++++++++++-------------
 tests/scripts/generate_code.py  |  8 ++++----
 tests/suites/main_test.function | 16 ++++++++--------
 3 files changed, 23 insertions(+), 25 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index f0da1cf24..c544c8e0b 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -176,6 +176,8 @@ func.test_suite_version := test_suite_version
 
 .PHONY: all check test clean
 
+all: $(BINARIES)
+
 $(DEP):
 	$(MAKE) -C ../library
 
@@ -184,12 +186,11 @@ $(DEP):
 C_FILES := $(addsuffix .c,$(APPS))
 
 .SECONDEXPANSION:
-$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/gen_mbed_code.py suites/helpers.function suites/mbed_test.function suites/desktop_test.function
+$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/desktop_test.function
 	echo "  Gen   $@"
-#	perl scripts/generate_code.pl suites $(func.$*) $*
-	python scripts/gen_mbed_code.py -f suites/$(func.$*).function \
+	python scripts/generate_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
-		-t suites/mbed_test.function \
+		-t suites/main_test.function \
 		-p suites/desktop_test.function \
 		-s suites  \
 		--help-file suites/helpers.function \
@@ -201,9 +202,6 @@ $(BINARIES): %$(EXEXT): %.c $(DEP)
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) $<	$(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
 
-all: $(BINARIES)
-
-
 clean:
 ifndef WINDOWS
 	rm -rf $(APPS) *.c *.data TESTS
@@ -217,8 +215,8 @@ check: $(BINARIES)
 
 test: check
 
-# Create separate targets for generating mbed-os tests.
-MBED_APPS := $(addprefix mbed_,$(APPS))
+# Create separate targets for generating embedded tests.
+EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
 
 # FIXME: description needs change
 # Each test suite name is stripped off of prefix test_suite_. mbed-os test dir
@@ -228,15 +226,15 @@ MBED_APPS := $(addprefix mbed_,$(APPS))
 # name is used as the test group dir.
 
 .SECONDEXPANSION:
-$(MBED_APPS): mbed_%: suites/$$(func.$$*).function suites/%.data scripts/gen_mbed_code.py suites/helpers.function suites/mbed_test.function suites/embedded_test.function
+$(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/embedded_test.function
 	echo "  Gen  ./TESTS/mbedtls/$*/$*.c"
-	python scripts/gen_mbed_code.py -f suites/$(func.$*).function \
+	python scripts/generate_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
-		-t suites/mbed_test.function \
+		-t suites/main_test.function \
 		-p suites/embedded_test.function \
 		-s suites  \
 		--help-file suites/helpers.function \
 		-o ./TESTS/mbedtls/$*
 
-gen-mbed-test: $(MBED_APPS)
+gen-embedded-test: $(EMBEDDED_TESTS)
 
diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index 17f70d3cc..f59eb7683 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -27,14 +27,14 @@ Generates code in following structure.
 <output dir>/
 |-- host_tests/
 |   |-- mbedtls_test.py
-|   |-- suites/
-|   |   |-- *.data files
 |   |-- mbedtls/
 |   |   |-- <test suite #1>/
 |   |   |    |-- main.c
+|   |   |    |-- *.data files
 |   |   ...
 |   |   |-- <test suite #n>/
 |   |   |    |-- main.c
+|   |   |    |-- *.data files
 |   |   |
 """
 
@@ -504,7 +504,7 @@ def gen_from_test_data(data_f, out_data_f, func_info):
     return dep_check_code, expression_code
 
 
-def gen_mbed_code(funcs_file, data_file, template_file, platform_file, help_file, suites_dir, c_file, out_data_file):
+def generate_code(funcs_file, data_file, template_file, platform_file, help_file, suites_dir, c_file, out_data_file):
     """
     Generate mbed-os test code.
 
@@ -627,7 +627,7 @@ def check_cmd():
         if not os.path.exists(d):
             os.makedirs(d)
 
-    gen_mbed_code(args.funcs_file, args.data_file, args.template_file, args.platform_file,
+    generate_code(args.funcs_file, args.data_file, args.template_file, args.platform_file,
                   args.help_file, args.suites_dir, out_c_file, out_data_file)
 
 
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index cd7f360d6..0dcab7d69 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -1,4 +1,4 @@
-#line 2 "suites/mbed_test.function"
+#line 2 "suites/main_test.function"
 /*
  * *** THIS FILE HAS BEEN MACHINE GENERATED ***
  *
@@ -31,7 +31,7 @@
 
 {test_common_helpers}
 
-#line {line_no} "suites/mbed_test.function"
+#line {line_no} "suites/main_test.function"
 
 
 /*----------------------------------------------------------------------------*/
@@ -44,7 +44,7 @@
 
 {functions_code}
 
-#line {line_no} "suites/mbed_test.function"
+#line {line_no} "suites/main_test.function"
 
 
 /*----------------------------------------------------------------------------*/
@@ -66,7 +66,7 @@
 int get_expression( int32_t exp_id, int32_t * out_value )
 {{
 {expression_code}
-#line {line_no} "suites/mbed_test.function"
+#line {line_no} "suites/main_test.function"
     {{
         return( KEY_VALUE_MAPPING_NOT_FOUND );
     }}
@@ -88,7 +88,7 @@ int get_expression( int32_t exp_id, int32_t * out_value )
 int dep_check( int dep_id )
 {{
 {dep_check_code}
-#line {line_no} "suites/mbed_test.function"
+#line {line_no} "suites/main_test.function"
     {{
          return( DEPENDENCY_NOT_SUPPORTED );
     }}
@@ -115,8 +115,8 @@ typedef void (*TestWrapper_t)( void ** );
  */
 TestWrapper_t test_funcs[] =
 {{
-{dispatch_code}
-#line {line_no} "suites/mbed_test.function"
+{dispatch_code} 
+#line {line_no} "suites/main_test.function"
 }};
 
 
@@ -153,7 +153,7 @@ int dispatch_test( int func_idx, void ** params )
 
 {platform_code}
 
-#line {line_no} "suites/mbed_test.function"
+#line {line_no} "suites/main_test.function"
 
 /*----------------------------------------------------------------------------*/
 /* Main Test code */

From cf32c45bfd3371b15a72c8ba699176ea7545ef83 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@ARM.com>
Date: Tue, 13 Jun 2017 14:55:58 +0100
Subject: [PATCH 282/578] Add missing headers and fix name change issues

---
 tests/suites/test_suite_cipher.function    | 4 ++--
 tests/suites/test_suite_x509write.function | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 767e44102..ddb9576e3 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -485,8 +485,8 @@ void decrypt_test_vec( int cipher_id, int pad_mode, HexParam_t * key,
     memset( output, 0x00, sizeof( output ) );
 
 #if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
-    ((void) hex_ad);
-    ((void) hex_tag);
+    ((void) ad);
+    ((void) tag);
 #endif
 
     /* Prepare context */
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index f9ba57623..c00b1aca8 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -1,4 +1,5 @@
 /* BEGIN_HEADER */
+#include "mbedtls/bignum.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_csr.h"
 #include "mbedtls/pem.h"

From 8c4d5ba763e52fb0bb55a07e5ad9b6d85d0e9b25 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@ARM.com>
Date: Tue, 13 Jun 2017 17:27:52 +0100
Subject: [PATCH 283/578] Update CMakeList.txt with new test suites code
 generator

---
 tests/CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 52632f87c..ab3f78fc8 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -29,8 +29,8 @@ function(add_test_suite suite_name)
 
     add_custom_command(
         OUTPUT test_suite_${data_name}.c
-        COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl ${CMAKE_CURRENT_SOURCE_DIR}/suites test_suite_${suite_name} test_suite_${data_name}
-        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.pl mbedtls suites/helpers.function suites/main_test.function suites/test_suite_${suite_name}.function suites/test_suite_${data_name}.data
+        COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/desktop_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --help-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/desktop_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
     )
 
     include_directories(${CMAKE_CURRENT_SOURCE_DIR})

From 13c6bfbc2a318656d2aafb79a7730a73674a0261 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 15 Jun 2017 14:45:56 +0100
Subject: [PATCH 284/578] Gaurd test suite headers with suite dependency

Test suite header code was not gaurded with test suite dependency.
But some test suites have additional code in the headers section.
Variables in that section become unused if suite functions are
gaurded. Hence gaurded the headers section.
But this changed cuased missing types in get_expression() function
that was originally accessing types defined through suite headers.
Hence had to gaurd expressions code as well.
Gaurding expressions does not allow parsing the parameters when
some types or hash defs are gaurded. Hence added function
check_test() to check if test is allowed or not before parsing the
parameters.
---
 tests/scripts/generate_code.py      | 30 +++++++++++++++++++++-------
 tests/suites/desktop_test.function  | 12 +++++++----
 tests/suites/embedded_test.function |  2 ++
 tests/suites/main_test.function     | 31 +++++++++++++++++++++++++++--
 4 files changed, 62 insertions(+), 13 deletions(-)

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index f59eb7683..c6fc03f53 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -328,8 +328,8 @@ def parse_functions(funcs_f):
             function_idx += 1
 
     ifdef, endif = gen_deps(suite_deps)
-    func_code = ifdef + suite_functions + endif
-    return dispatch_code, suite_headers, func_code, func_info
+    func_code = ifdef + suite_headers + suite_functions + endif
+    return suite_deps, dispatch_code, func_code, func_info
 
 
 def escaped_split(str, ch):
@@ -443,13 +443,14 @@ else
     return exp_code
 
 
-def gen_from_test_data(data_f, out_data_f, func_info):
+def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     """
     Generates dependency checks, expression code and intermediate data file from test data file.
     
     :param data_f: 
     :param out_data_f:
     :param func_info: 
+    :param suite_deps:
     :return: 
     """
     unique_deps = []
@@ -500,7 +501,23 @@ def gen_from_test_data(data_f, out_data_f, func_info):
     if len(expression_code) == 0:
         expression_code = '(void) exp_id;\n'
         expression_code += '(void) out_value;\n'
-
+    ifdef = gen_deps_one_line(suite_deps)
+    if len(suite_deps):
+        dep_check_code = '''
+{ifdef}
+{code}
+#else
+(void) dep_id;
+#endif
+'''.format(ifdef=ifdef, code=dep_check_code)
+        expression_code = '''
+{ifdef}
+{code}
+#else
+(void) exp_id;
+(void) out_value;
+#endif
+'''.format(ifdef=ifdef, code=expression_code)
     return dep_check_code, expression_code
 
 
@@ -539,11 +556,10 @@ def generate_code(funcs_file, data_file, template_file, platform_file, help_file
 
     # Function code
     with open(funcs_file, 'r') as funcs_f, open(data_file, 'r') as data_f, open(out_data_file, 'w') as out_data_f:
-        dispatch_code, func_headers, func_code, func_info = parse_functions(funcs_f)
-        snippets['function_headers'] = func_headers
+        suite_deps, dispatch_code, func_code, func_info = parse_functions(funcs_f)
         snippets['functions_code'] = func_code
         snippets['dispatch_code'] = dispatch_code
-        dep_check_code, expression_code = gen_from_test_data(data_f, out_data_f, func_info)
+        dep_check_code, expression_code = gen_from_test_data(data_f, out_data_f, func_info, suite_deps)
         snippets['dep_check_code'] = dep_check_code
         snippets['expression_code'] = expression_code
 
diff --git a/tests/suites/desktop_test.function b/tests/suites/desktop_test.function
index 9c9a0b2d4..4c790a85e 100644
--- a/tests/suites/desktop_test.function
+++ b/tests/suites/desktop_test.function
@@ -389,6 +389,7 @@ int execute_tests( int argc , const char ** argv )
     const char **test_files = NULL;
     int testfile_count = 0;
     int option_verbose = 0;
+    int function_id = 0;
 
     /* Other Local variables */
     int arg_index = 1;
@@ -562,11 +563,14 @@ int execute_tests( int argc , const char ** argv )
                 }
 #endif /* __unix__ || __APPLE__ __MACH__ */
 
-                ret = convert_params( cnt - 1, params + 1, int_params );
-                if ( DISPATCH_TEST_SUCCESS == ret )
+                function_id = strtol( params[0], NULL, 10 );
+                if ( (ret = check_test( function_id )) == DISPATCH_TEST_SUCCESS )
                 {
-                    int function_id = strtol( params[0], NULL, 10 );
-                    ret = dispatch_test( function_id, (void **)( params + 1 ) );
+                    ret = convert_params( cnt - 1, params + 1, int_params );
+                    if ( DISPATCH_TEST_SUCCESS == ret )
+                    {
+                        ret = dispatch_test( function_id, (void **)( params + 1 ) );
+                    }
                 }
 
 #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
diff --git a/tests/suites/embedded_test.function b/tests/suites/embedded_test.function
index 4436ccbdd..312cf9125 100644
--- a/tests/suites/embedded_test.function
+++ b/tests/suites/embedded_test.function
@@ -371,6 +371,8 @@ int execute_tests( int args, const char ** argv )
             /* Read function id */
             function_id = *p;
             INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
+            if ( ( ret = check_test( function_id ) ) != DISPATCH_TEST_SUCCESS )
+                break;
 
             /* Read number of parameters */
             count = *p;
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 0dcab7d69..e294e3621 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -40,8 +40,6 @@
 
 #define TEST_SUITE_ACTIVE
 
-{function_headers}
-
 {functions_code}
 
 #line {line_no} "suites/main_test.function"
@@ -151,6 +149,35 @@ int dispatch_test( int func_idx, void ** params )
 }}
 
 
+/**
+ * \brief       Checks if test function is supported
+ *
+ * \param exp_id    Test function index.
+ *
+ * \return       DISPATCH_TEST_SUCCESS if found
+ *               DISPATCH_TEST_FN_NOT_FOUND if not found
+ *               DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
+ */
+int check_test( int func_idx )
+{{
+    int ret = DISPATCH_TEST_SUCCESS;
+    TestWrapper_t fp = NULL;
+
+    if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
+    {{
+        fp = test_funcs[func_idx];
+        if ( fp == NULL )
+            ret = ( DISPATCH_UNSUPPORTED_SUITE );
+    }}
+    else
+    {{
+        ret = ( DISPATCH_TEST_FN_NOT_FOUND );
+    }}
+
+    return( ret );
+}}
+
+
 {platform_code}
 
 #line {line_no} "suites/main_test.function"

From 4b54323bcb3b5ea91cec21067146cb702c7d9ec7 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 30 Jun 2017 09:35:21 +0100
Subject: [PATCH 285/578] Unit test generate_copy.py

---
 tests/scripts/generate_code.py    | 144 ++---
 tests/scripts/generate_code_ut.py | 842 ++++++++++++++++++++++++++++++
 2 files changed, 920 insertions(+), 66 deletions(-)
 create mode 100644 tests/scripts/generate_code_ut.py

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index c6fc03f53..b0b368650 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -1,6 +1,6 @@
 """
-mbed SDK
-Copyright (c) 2017-2018 ARM Limited
+mbed TLS
+Copyright (c) 2017 ARM Limited
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -25,17 +25,15 @@ import shutil
 Generates code in following structure.
 
 <output dir>/
-|-- host_tests/
-|   |-- mbedtls_test.py
-|   |-- mbedtls/
-|   |   |-- <test suite #1>/
-|   |   |    |-- main.c
-|   |   |    |-- *.data files
-|   |   ...
-|   |   |-- <test suite #n>/
-|   |   |    |-- main.c
-|   |   |    |-- *.data files
-|   |   |
+ |-- mbedtls/
+ |   |-- <test suite #1>/
+ |   |    |-- main.c
+ |   |    |-- *.data files
+ |   ...
+ |   |-- <test suite #n>/
+ |   |    |-- main.c
+ |   |    |-- *.data files
+ |   |
 """
 
 
@@ -56,6 +54,44 @@ class InvalidFileFormat(Exception):
     pass
 
 
+class FileWrapper(file):
+    """
+    File wrapper class. Provides reading with line no. tracking. 
+    """
+
+    def __init__(self, file_name):
+        """
+        Init file handle.
+        
+        :param file_name: 
+        """
+        super(FileWrapper, self).__init__(file_name, 'r')
+        self.line_no = 0
+
+    def next(self):
+        """
+        Iterator return impl.
+        :return: 
+        """
+        line = super(FileWrapper, self).next()
+        if line:
+            self.line_no += 1
+        return line
+
+    def readline(self, limit=0):
+        """
+        Wrap the base class readline.
+        
+        :param limit: 
+        :return: 
+        """
+        return self.next()
+
+
+def split_dep(dep):
+    return ('!', dep[1:]) if dep[0] == '!' else ('', dep)
+
+
 def gen_deps(deps):
     """
     Generates dependency i.e. if def and endif code
@@ -63,16 +99,9 @@ def gen_deps(deps):
     :param deps:
     :return:
     """
-    dep_start = ''
-    dep_end = ''
-    for dep in deps:
-        if dep[0] == '!':
-            noT = '!'
-            dep = dep[1:]
-        else:
-            noT = ''
-        dep_start += '#if %sdefined(%s)\n' % (noT, dep)
-        dep_end = '#endif /* %s%s */\n' % (noT, dep) + dep_end
+    dep_start = ''.join(['#if %sdefined(%s)\n' % split_dep(x) for x in deps])
+    dep_end = ''.join(['#endif /* %s */\n' % x for x in reversed(deps)])
+
     return dep_start, dep_end
 
 
@@ -83,22 +112,16 @@ def gen_deps_one_line(deps):
     :param deps:
     :return:
     """
-    defines = []
-    for dep in deps:
-        if dep[0] == '!':
-            noT = '!'
-            dep = dep[1:]
-        else:
-            noT = ''
-        defines.append('%sdefined(%s)' % (noT, dep))
-    return '#if ' + ' && '.join(defines)
+    defines = ('#if ' if len(deps) else '') + ' && '.join(['%sdefined(%s)' % split_dep(x) for x in deps])
+    return defines
 
 
-def gen_function_wrapper(name, args_dispatch):
+def gen_function_wrapper(name, locals, args_dispatch):
     """
     Creates test function code
 
     :param name:
+    :param locals:
     :param args_dispatch:
     :return:
     """
@@ -110,9 +133,9 @@ void {name}_wrapper( void ** params )
 {locals}
     {name}( {args} );
 }}
-'''.format(name=name, unused_params='(void)params;' if len(args_dispatch[1]) == 0 else '',
-           args=', '.join(args_dispatch[1]),
-           locals=args_dispatch[0])
+'''.format(name=name, unused_params='(void)params;' if len(args_dispatch) == 0 else '',
+           args=', '.join(args_dispatch),
+           locals=locals)
     return wrapper
 
 
@@ -141,37 +164,33 @@ def gen_dispatch(name, deps):
     return dispatch_code
 
 
-def parse_suite_headers(line_no, funcs_f):
+def parse_suite_headers(funcs_f):
     """
     Parses function headers.
     
-    :param line_no:
     :param funcs_f: 
     :return: 
     """
-    headers = '#line %d "%s"\n' % (line_no + 1, funcs_f.name)
+    headers = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
     for line in funcs_f:
-        line_no += 1
         if re.search(END_HEADER_REGEX, line):
             break
         headers += line
     else:
         raise InvalidFileFormat("file: %s - end header pattern [%s] not found!" % (funcs_f.name, END_HEADER_REGEX))
 
-    return line_no, headers
+    return headers
 
 
-def parse_suite_deps(line_no, funcs_f):
+def parse_suite_deps(funcs_f):
     """
     Parses function dependencies.
     
-    :param line_no:
     :param funcs_f: 
     :return: 
     """
     deps = []
     for line in funcs_f:
-        line_no += 1
         m = re.search('depends_on\:(.*)', line.strip())
         if m:
             deps += [x.strip() for x in m.group(1).split(':')]
@@ -180,7 +199,7 @@ def parse_suite_deps(line_no, funcs_f):
     else:
         raise InvalidFileFormat("file: %s - end dependency pattern [%s] not found!" % (funcs_f.name, END_DEP_REGEX))
 
-    return line_no, deps
+    return deps
 
 
 def parse_function_deps(line):
@@ -195,7 +214,7 @@ def parse_function_deps(line):
     if len(dep_str):
         m = re.search('depends_on:(.*)', dep_str)
         if m:
-            deps = m.group(1).strip().split(':')
+            deps = [x.strip() for x in m.group(1).strip().split(':')]
     return deps
 
 
@@ -234,13 +253,13 @@ def parse_function_signature(line):
             args_dispatch.append('&hex%d' % arg_idx)
             arg_idx += 1
         else:
-            raise ValueError("Test function arguments can only be 'int' or 'char *'\n%s" % line)
+            raise ValueError("Test function arguments can only be 'int', 'char *' or 'HexParam_t'\n%s" % line)
         arg_idx += 1
 
-    return name, args, (locals, args_dispatch)
+    return name, args, locals, args_dispatch
 
 
-def parse_function_code(line_no, funcs_f, deps, suite_deps):
+def parse_function_code(funcs_f, deps, suite_deps):
     """
     
     :param line_no: 
@@ -249,9 +268,8 @@ def parse_function_code(line_no, funcs_f, deps, suite_deps):
     :param suite_deps:
     :return: 
     """
-    code = '#line %d "%s"\n' % (line_no + 1, funcs_f.name)
+    code = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
     for line in funcs_f:
-        line_no += 1
         # Check function signature
         m = re.match('.*?\s+(\w+)\s*\(', line, re.I)
         if m:
@@ -259,10 +277,9 @@ def parse_function_code(line_no, funcs_f, deps, suite_deps):
             if not re.match('.*\)', line):
                 for lin in funcs_f:
                     line += lin
-                    line_no += 1
                     if re.search('.*?\)', line):
                         break
-            name, args, args_dispatch = parse_function_signature(line)
+            name, args, locals, args_dispatch = parse_function_signature(line)
             code += line.replace(name, 'test_' + name)
             name = 'test_' + name
             break
@@ -270,7 +287,6 @@ def parse_function_code(line_no, funcs_f, deps, suite_deps):
         raise InvalidFileFormat("file: %s - Test functions not found!" % funcs_f.name)
 
     for line in funcs_f:
-        line_no += 1
         if re.search(END_CASE_REGEX, line):
             break
         code += line
@@ -281,16 +297,14 @@ def parse_function_code(line_no, funcs_f, deps, suite_deps):
     if code.find('exit:') == -1:
         s = code.rsplit('}', 1)
         if len(s) == 2:
-            code = """
-exit:
+            code = """exit:
     ;;
-}
-""".join(s)
+}""".join(s)
 
-    code += gen_function_wrapper(name, args_dispatch)
+    code += gen_function_wrapper(name, locals, args_dispatch)
     ifdef, endif = gen_deps(deps)
     dispatch_code = gen_dispatch(name, suite_deps + deps)
-    return line_no, name, args, ifdef + code + endif, dispatch_code
+    return name, args, ifdef + code + endif, dispatch_code
 
 
 def parse_functions(funcs_f):
@@ -300,7 +314,6 @@ def parse_functions(funcs_f):
     :param funcs_f: 
     :return:
     """
-    line_no = 0
     suite_headers = ''
     suite_deps = []
     suite_functions = ''
@@ -308,20 +321,19 @@ def parse_functions(funcs_f):
     function_idx = 0
     dispatch_code = ''
     for line in funcs_f:
-        line_no += 1
         if re.search(BEGIN_HEADER_REGEX, line):
-            line_no, headers = parse_suite_headers(line_no, funcs_f)
+            headers = parse_suite_headers(funcs_f)
             suite_headers += headers
         elif re.search(BEGIN_DEP_REGEX, line):
-            line_no, deps = parse_suite_deps(line_no, funcs_f)
+            deps = parse_suite_deps(funcs_f)
             suite_deps += deps
         elif re.search(BEGIN_CASE_REGEX, line):
             deps = parse_function_deps(line)
-            line_no, func_name, args, func_code, func_dispatch = parse_function_code(line_no, funcs_f, deps, suite_deps)
+            func_name, args, func_code, func_dispatch = parse_function_code(funcs_f, deps, suite_deps)
             suite_functions += func_code
             # Generate dispatch code and enumeration info
             assert func_name not in func_info, "file: %s - function %s re-declared at line %d" % \
-                                               (funcs_f.name, func_name, line_no)
+                                               (funcs_f.name, func_name, funcs_f.line_no)
             func_info[func_name] = (function_idx, args)
             dispatch_code += '/* Function Id: %d */\n' % function_idx
             dispatch_code += func_dispatch
diff --git a/tests/scripts/generate_code_ut.py b/tests/scripts/generate_code_ut.py
new file mode 100644
index 000000000..f941316ef
--- /dev/null
+++ b/tests/scripts/generate_code_ut.py
@@ -0,0 +1,842 @@
+"""
+mbed TLS
+Copyright (c) 2017 ARM Limited
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+from StringIO import StringIO
+from unittest import TestCase, main as unittest_main
+from mock import patch
+from generate_code import *
+
+
+"""
+Unit tests for generate_code.py
+"""
+
+
+class GenDep(TestCase):
+    """
+    Test suite for function gen_dep()
+    """
+
+    def test_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return: 
+        """
+        deps = ['DEP1', 'DEP2']
+        dep_start, dep_end = gen_deps(deps)
+        ifdef1, ifdef2 = dep_start.splitlines()
+        endif1, endif2 = dep_end.splitlines()
+        self.assertEqual(ifdef1, '#if defined(DEP1)', 'ifdef generated incorrectly')
+        self.assertEqual(ifdef2, '#if defined(DEP2)', 'ifdef generated incorrectly')
+        self.assertEqual(endif1, '#endif /* DEP2 */', 'endif generated incorrectly')
+        self.assertEqual(endif2, '#endif /* DEP1 */', 'endif generated incorrectly')
+
+    def test_disabled_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return: 
+        """
+        deps = ['!DEP1', '!DEP2']
+        dep_start, dep_end = gen_deps(deps)
+        ifdef1, ifdef2 = dep_start.splitlines()
+        endif1, endif2 = dep_end.splitlines()
+        self.assertEqual(ifdef1, '#if !defined(DEP1)', 'ifdef generated incorrectly')
+        self.assertEqual(ifdef2, '#if !defined(DEP2)', 'ifdef generated incorrectly')
+        self.assertEqual(endif1, '#endif /* !DEP2 */', 'endif generated incorrectly')
+        self.assertEqual(endif2, '#endif /* !DEP1 */', 'endif generated incorrectly')
+
+    def test_mixed_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return: 
+        """
+        deps = ['!DEP1', 'DEP2']
+        dep_start, dep_end = gen_deps(deps)
+        ifdef1, ifdef2 = dep_start.splitlines()
+        endif1, endif2 = dep_end.splitlines()
+        self.assertEqual(ifdef1, '#if !defined(DEP1)', 'ifdef generated incorrectly')
+        self.assertEqual(ifdef2, '#if defined(DEP2)', 'ifdef generated incorrectly')
+        self.assertEqual(endif1, '#endif /* DEP2 */', 'endif generated incorrectly')
+        self.assertEqual(endif2, '#endif /* !DEP1 */', 'endif generated incorrectly')
+
+    def test_empty_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return: 
+        """
+        deps = []
+        dep_start, dep_end = gen_deps(deps)
+        self.assertEqual(dep_start, '', 'ifdef generated incorrectly')
+        self.assertEqual(dep_end, '', 'ifdef generated incorrectly')
+
+    def test_large_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return: 
+        """
+        deps = []
+        count = 10
+        for i in range(count):
+            deps.append('DEP%d' % i)
+        dep_start, dep_end = gen_deps(deps)
+        self.assertEqual(len(dep_start.splitlines()), count, 'ifdef generated incorrectly')
+        self.assertEqual(len(dep_end.splitlines()), count, 'ifdef generated incorrectly')
+
+
+class GenDepOneLine(TestCase):
+    """
+    Test Suite for testing gen_deps_one_line()
+    """
+
+    def test_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return: 
+        """
+        deps = ['DEP1', 'DEP2']
+        dep_str = gen_deps_one_line(deps)
+        self.assertEqual(dep_str, '#if defined(DEP1) && defined(DEP2)', 'ifdef generated incorrectly')
+
+    def test_disabled_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return:
+        """
+        deps = ['!DEP1', '!DEP2']
+        dep_str = gen_deps_one_line(deps)
+        self.assertEqual(dep_str, '#if !defined(DEP1) && !defined(DEP2)', 'ifdef generated incorrectly')
+
+    def test_mixed_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return:
+        """
+        deps = ['!DEP1', 'DEP2']
+        dep_str = gen_deps_one_line(deps)
+        self.assertEqual(dep_str, '#if !defined(DEP1) && defined(DEP2)', 'ifdef generated incorrectly')
+
+    def test_empty_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return:
+        """
+        deps = []
+        dep_str = gen_deps_one_line(deps)
+        self.assertEqual(dep_str, '', 'ifdef generated incorrectly')
+
+    def test_large_deps_list(self):
+        """
+        Test that gen_dep() correctly creates deps for given dependency list.
+        :return:
+        """
+        deps = []
+        count = 10
+        for i in range(count):
+            deps.append('DEP%d' % i)
+        dep_str = gen_deps_one_line(deps)
+        expected = '#if ' + ' && '.join(['defined(%s)' % x for x in deps])
+        self.assertEqual(dep_str, expected, 'ifdef generated incorrectly')
+
+
+class GenFunctionWrapper(TestCase):
+    """
+    Test Suite for testing gen_function_wrapper()
+    """
+
+    def test_params_unpack(self):
+        """
+        Test that params are properly unpacked in the function call.
+        
+        :return: 
+        """
+        code = gen_function_wrapper('test_a', '', ('a', 'b', 'c', 'd'))
+        expected = '''
+void test_a_wrapper( void ** params )
+{
+    
+
+    test_a( a, b, c, d );
+}
+'''
+        self.assertEqual(code, expected)
+
+    def test_local(self):
+        """
+        Test that params are properly unpacked in the function call.
+        
+        :return: 
+        """
+        code = gen_function_wrapper('test_a', 'int x = 1;', ('x', 'b', 'c', 'd'))
+        expected = '''
+void test_a_wrapper( void ** params )
+{
+    
+int x = 1;
+    test_a( x, b, c, d );
+}
+'''
+        self.assertEqual(code, expected)
+
+    def test_empty_params(self):
+        """
+        Test that params are properly unpacked in the function call.
+        
+        :return: 
+        """
+        code = gen_function_wrapper('test_a', '', ())
+        expected = '''
+void test_a_wrapper( void ** params )
+{
+    (void)params;
+
+    test_a(  );
+}
+'''
+        self.assertEqual(code, expected)
+
+
+class GenDispatch(TestCase):
+    """
+    Test suite for testing gen_dispatch()
+    """
+
+    def test_dispatch(self):
+        """
+        Test that dispatch table entry is generated correctly.
+        :return: 
+        """
+        code = gen_dispatch('test_a', ['DEP1', 'DEP2'])
+        expected = '''
+#if defined(DEP1) && defined(DEP2)
+    test_a_wrapper,
+#else
+    NULL,
+#endif
+'''
+        self.assertEqual(code, expected)
+
+    def test_empty_deps(self):
+        """
+        Test empty dependency list.
+        :return: 
+        """
+        code = gen_dispatch('test_a', [])
+        expected = '''
+    test_a_wrapper,
+'''
+        self.assertEqual(code, expected)
+
+
+class StringIOWrapper(StringIO, object):
+    """
+    file like class to mock file object in tests.
+    """
+    def __init__(self, file_name, data, line_no = 1):
+        """
+        Init file handle.
+        
+        :param file_name: 
+        :param data:
+        :param line_no:
+        """
+        super(StringIOWrapper, self).__init__(data)
+        self.line_no = line_no
+        self.name = file_name
+
+    def next(self):
+        """
+        Iterator return impl.
+        :return: 
+        """
+        line = super(StringIOWrapper, self).next()
+        return line
+
+    def readline(self, limit=0):
+        """
+        Wrap the base class readline.
+        
+        :param limit: 
+        :return: 
+        """
+        line = super(StringIOWrapper, self).readline()
+        if line:
+            self.line_no += 1
+        return line
+
+
+class ParseSuiteHeaders(TestCase):
+    """
+    Test Suite for testing parse_suite_headers().
+    """
+
+    def test_suite_headers(self):
+        """
+        Test that suite headers are parsed correctly.
+        
+        :return: 
+        """
+        data = '''#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+/* END_HEADER */
+'''
+        expected = '''#line 1 "test_suite_ut.function"
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+'''
+        s = StringIOWrapper('test_suite_ut.function', data, line_no=0)
+        headers = parse_suite_headers(s)
+        self.assertEqual(headers, expected)
+
+    def test_line_no(self):
+        """
+        Test that #line is set to correct line no. in source .function file. 
+        
+        :return: 
+        """
+        data = '''#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+/* END_HEADER */
+'''
+        offset_line_no = 5
+        expected = '''#line %d "test_suite_ut.function"
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+''' % (offset_line_no + 1)
+        s = StringIOWrapper('test_suite_ut.function', data, offset_line_no)
+        headers = parse_suite_headers(s)
+        self.assertEqual(headers, expected)
+
+    def test_no_end_header_comment(self):
+        """
+        Test that InvalidFileFormat is raised when end header comment is missing.
+        :return: 
+        """
+        data = '''#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(InvalidFileFormat, parse_suite_headers, s)
+
+
+class ParseSuiteDeps(TestCase):
+    """
+    Test Suite for testing parse_suite_deps().
+    """
+
+    def test_suite_deps(self):
+        """
+        
+        :return: 
+        """
+        data = '''
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+'''
+        expected = ['MBEDTLS_ECP_C']
+        s = StringIOWrapper('test_suite_ut.function', data)
+        deps = parse_suite_deps(s)
+        self.assertEqual(deps, expected)
+
+    def test_no_end_dep_comment(self):
+        """
+        Test that InvalidFileFormat is raised when end dep comment is missing.
+        :return: 
+        """
+        data = '''
+* depends_on:MBEDTLS_ECP_C
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(InvalidFileFormat, parse_suite_deps, s)
+
+    def test_deps_split(self):
+        """
+        Test that InvalidFileFormat is raised when end dep comment is missing.
+        :return: 
+        """
+        data = '''
+ * depends_on:MBEDTLS_ECP_C:A:B:   C  : D :F : G: !H 
+ * END_DEPENDENCIES
+ */
+'''
+        expected = ['MBEDTLS_ECP_C', 'A', 'B', 'C', 'D', 'F', 'G', '!H']
+        s = StringIOWrapper('test_suite_ut.function', data)
+        deps = parse_suite_deps(s)
+        self.assertEqual(deps, expected)
+
+
+class ParseFuncDeps(TestCase):
+    """
+    Test Suite for testing parse_function_deps() 
+    """
+
+    def test_function_deps(self):
+        """
+        Test that parse_function_deps() correctly parses function dependencies.
+        :return: 
+        """
+        line = '/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */'
+        expected = ['MBEDTLS_ENTROPY_NV_SEED', 'MBEDTLS_FS_IO']
+        deps = parse_function_deps(line)
+        self.assertEqual(deps, expected)
+
+    def test_no_deps(self):
+        """
+        Test that parse_function_deps() correctly parses function dependencies.
+        :return: 
+        """
+        line = '/* BEGIN_CASE */'
+        deps = parse_function_deps(line)
+        self.assertEqual(deps, [])
+
+    def test_poorly_defined_deps(self):
+        """
+        Test that parse_function_deps() correctly parses function dependencies.
+        :return: 
+        """
+        line = '/* BEGIN_CASE depends_on:MBEDTLS_FS_IO: A : !B:C : F*/'
+        deps = parse_function_deps(line)
+        self.assertEqual(deps, ['MBEDTLS_FS_IO', 'A', '!B', 'C', 'F'])
+
+
+class ParseFuncSignature(TestCase):
+    """
+    Test Suite for parse_function_signature(). 
+    """
+
+    def test_int_and_char_params(self):
+        """
+        
+        :return: 
+        """
+        line = 'void entropy_threshold( char * a, int b, int result )'
+        name, args, local, arg_dispatch = parse_function_signature(line)
+        self.assertEqual(name, 'entropy_threshold')
+        self.assertEqual(args, ['char*', 'int', 'int'])
+        self.assertEqual(local, '')
+        self.assertEqual(arg_dispatch, ['(char *) params[0]', '*( (int *) params[1] )', '*( (int *) params[2] )'])
+
+    def test_hex_params(self):
+        """
+        
+        :return: 
+        """
+        line = 'void entropy_threshold( char * a, HexParam_t * h, int result )'
+        name, args, local, arg_dispatch = parse_function_signature(line)
+        self.assertEqual(name, 'entropy_threshold')
+        self.assertEqual(args, ['char*', 'hex', 'int'])
+        self.assertEqual(local, '    HexParam_t hex1 = {(uint8_t *) params[1], *( (uint32_t *) params[2] )};\n')
+        self.assertEqual(arg_dispatch, ['(char *) params[0]', '&hex1', '*( (int *) params[3] )'])
+
+    def test_non_void_function(self):
+        """
+        
+        :return: 
+        """
+        line = 'int entropy_threshold( char * a, HexParam_t * h, int result )'
+        self.assertRaises(ValueError, parse_function_signature, line)
+
+    def test_unsupported_arg(self):
+        """
+        
+        :return: 
+        """
+        line = 'int entropy_threshold( char * a, HexParam_t * h, int * result )'
+        self.assertRaises(ValueError, parse_function_signature, line)
+
+    def test_no_params(self):
+        """
+        
+        :return: 
+        """
+        line = 'void entropy_threshold()'
+        name, args, local, arg_dispatch = parse_function_signature(line)
+        self.assertEqual(name, 'entropy_threshold')
+        self.assertEqual(args, [])
+        self.assertEqual(local, '')
+        self.assertEqual(arg_dispatch, [])
+
+
+class ParseFunctionCode(TestCase):
+    """
+    Test suite for testing parse_function_code()
+    """
+
+    def test_no_function(self):
+        """
+        
+        :return: 
+        """
+        data = '''
+No
+test
+function
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
+
+    def test_no_end_case_comment(self):
+        """
+        
+        :return: 
+        """
+        data = '''
+void test_func()
+{
+}
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
+
+    @patch("generate_code.parse_function_signature")
+    def test_parse_function_signature_called(self, parse_function_signature_mock):
+        """
+        
+        :return: 
+        """
+        parse_function_signature_mock.return_value = ('test_func', [], '', [])
+        data = '''
+void test_func()
+{
+}
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
+        self.assertTrue(parse_function_signature_mock.called)
+        parse_function_signature_mock.assert_called_with('void test_func()\n')
+
+    @patch("generate_code.gen_dispatch")
+    @patch("generate_code.gen_deps")
+    @patch("generate_code.gen_function_wrapper")
+    @patch("generate_code.parse_function_signature")
+    def test_return(self, parse_function_signature_mock,
+                                             gen_function_wrapper_mock,
+                                             gen_deps_mock,
+                                             gen_dispatch_mock):
+        """
+        
+        :return: 
+        """
+        parse_function_signature_mock.return_value = ('func', [], '', [])
+        gen_function_wrapper_mock.return_value = ''
+        gen_deps_mock.side_effect = gen_deps
+        gen_dispatch_mock.side_effect = gen_dispatch
+        data = '''
+void func()
+{
+    ba ba black sheep
+    have you any wool
+}
+/* END_CASE */
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        name, arg, code, dispatch_code = parse_function_code(s, [], [])
+
+        #self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
+        self.assertTrue(parse_function_signature_mock.called)
+        parse_function_signature_mock.assert_called_with('void func()\n')
+        gen_function_wrapper_mock.assert_called_with('test_func', '', [])
+        self.assertEqual(name, 'test_func')
+        self.assertEqual(arg, [])
+        expected = '''#line 2 "test_suite_ut.function"
+void test_func()
+{
+    ba ba black sheep
+    have you any wool
+exit:
+    ;;
+}
+'''
+        self.assertEqual(code, expected)
+        self.assertEqual(dispatch_code, "\n    test_func_wrapper,\n")
+
+    @patch("generate_code.gen_dispatch")
+    @patch("generate_code.gen_deps")
+    @patch("generate_code.gen_function_wrapper")
+    @patch("generate_code.parse_function_signature")
+    def test_with_exit_label(self, parse_function_signature_mock,
+                           gen_function_wrapper_mock,
+                           gen_deps_mock,
+                           gen_dispatch_mock):
+        """
+        
+        :return: 
+        """
+        parse_function_signature_mock.return_value = ('func', [], '', [])
+        gen_function_wrapper_mock.return_value = ''
+        gen_deps_mock.side_effect = gen_deps
+        gen_dispatch_mock.side_effect = gen_dispatch
+        data = '''
+void func()
+{
+    ba ba black sheep
+    have you any wool
+exit:
+    yes sir yes sir
+    3 bags full
+}
+/* END_CASE */
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        name, arg, code, dispatch_code = parse_function_code(s, [], [])
+
+        expected = '''#line 2 "test_suite_ut.function"
+void test_func()
+{
+    ba ba black sheep
+    have you any wool
+exit:
+    yes sir yes sir
+    3 bags full
+}
+'''
+        self.assertEqual(code, expected)
+
+
+class ParseFunction(TestCase):
+    """
+    Test Suite for testing parse_functions()
+    """
+
+    @patch("generate_code.parse_suite_headers")
+    def test_begin_header(self, parse_suite_headers_mock):
+        """
+        Test that begin header is checked and parse_suite_headers() is called.
+        :return: 
+        """
+        def stop(this):
+            raise Exception
+        parse_suite_headers_mock.side_effect = stop
+        data = '''/* BEGIN_HEADER */
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+/* END_HEADER */
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, s)
+        parse_suite_headers_mock.assert_called_with(s)
+        self.assertEqual(s.line_no, 2)
+
+    @patch("generate_code.parse_suite_deps")
+    def test_begin_dep(self, parse_suite_deps_mock):
+        """
+        Test that begin header is checked and parse_suite_headers() is called.
+        :return: 
+        """
+        def stop(this):
+            raise Exception
+        parse_suite_deps_mock.side_effect = stop
+        data = '''/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, s)
+        parse_suite_deps_mock.assert_called_with(s)
+        self.assertEqual(s.line_no, 2)
+
+    @patch("generate_code.parse_function_deps")
+    def test_begin_function_dep(self, parse_function_deps_mock):
+        """
+        Test that begin header is checked and parse_suite_headers() is called.
+        :return: 
+        """
+        def stop(this):
+            raise Exception
+        parse_function_deps_mock.side_effect = stop
+
+        deps_str = '/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
+        data = '''%svoid test_func()
+{
+}
+''' % deps_str
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, s)
+        parse_function_deps_mock.assert_called_with(deps_str)
+        self.assertEqual(s.line_no, 2)
+
+    @patch("generate_code.parse_function_code")
+    @patch("generate_code.parse_function_deps")
+    def test_return(self, parse_function_deps_mock, parse_function_code_mock):
+        """
+        Test that begin header is checked and parse_suite_headers() is called.
+        :return: 
+        """
+        def stop(this):
+            raise Exception
+        parse_function_deps_mock.return_value = []
+        in_func_code= '''void test_func()
+{
+}
+'''
+        func_dispatch = '''
+    test_func_wrapper,
+'''
+        parse_function_code_mock.return_value = 'test_func', [], in_func_code, func_dispatch
+        deps_str = '/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
+        data = '''%svoid test_func()
+{
+}
+''' % deps_str
+        s = StringIOWrapper('test_suite_ut.function', data)
+        suite_deps, dispatch_code, func_code, func_info = parse_functions(s)
+        parse_function_deps_mock.assert_called_with(deps_str)
+        parse_function_code_mock.assert_called_with(s, [], [])
+        self.assertEqual(s.line_no, 5)
+        self.assertEqual(suite_deps, [])
+        expected_dispatch_code = '''/* Function Id: 0 */
+
+    test_func_wrapper,
+'''
+        self.assertEqual(dispatch_code, expected_dispatch_code)
+        self.assertEqual(func_code, in_func_code)
+        self.assertEqual(func_info, {'test_func': (0, [])})
+
+    def test_parsing(self):
+        """
+        Test that begin header is checked and parse_suite_headers() is called.
+        :return: 
+        """
+        data = '''/* BEGIN_HEADER */
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func1()
+{
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func2()
+{
+}
+/* END_CASE */
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        suite_deps, dispatch_code, func_code, func_info = parse_functions(s)
+        self.assertEqual(s.line_no, 23)
+        self.assertEqual(suite_deps, ['MBEDTLS_ECP_C'])
+
+        expected_dispatch_code = '''/* Function Id: 0 */
+
+#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO)
+    test_func1_wrapper,
+#else
+    NULL,
+#endif
+/* Function Id: 1 */
+
+#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO)
+    test_func2_wrapper,
+#else
+    NULL,
+#endif
+'''
+        self.assertEqual(dispatch_code, expected_dispatch_code)
+        expected_func_code = '''#if defined(MBEDTLS_ECP_C)
+#line 3 "test_suite_ut.function"
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+#if defined(MBEDTLS_FS_IO)
+#line 14 "test_suite_ut.function"
+void test_func1()
+{
+exit:
+    ;;
+}
+
+void test_func1_wrapper( void ** params )
+{
+    (void)params;
+
+    test_func1(  );
+}
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+#if defined(MBEDTLS_FS_IO)
+#line 20 "test_suite_ut.function"
+void test_func2()
+{
+exit:
+    ;;
+}
+
+void test_func2_wrapper( void ** params )
+{
+    (void)params;
+
+    test_func2(  );
+}
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+#endif /* MBEDTLS_ECP_C */
+'''
+        self.assertEqual(func_code, expected_func_code)
+        self.assertEqual(func_info, {'test_func1': (0, []), 'test_func2': (1, [])})
+
+    def test_same_function_name(self):
+        """
+        Test that begin header is checked and parse_suite_headers() is called.
+        :return: 
+        """
+        data = '''/* BEGIN_HEADER */
+#include "mbedtls/ecp.h"
+
+#define ECP_PF_UNKNOWN     -1
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_ECP_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func()
+{
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
+void func()
+{
+}
+/* END_CASE */
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(AssertionError, parse_functions, s)
+
+
+if __name__=='__main__':
+    unittest_main()
\ No newline at end of file

From 5e2ac1fb2934e531d28bb015ca5e053cb83397cc Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Mon, 3 Jul 2017 13:58:20 +0100
Subject: [PATCH 286/578] Updated generate_code.py unit tests

---
 tests/scripts/generate_code.py    |  37 ++--
 tests/scripts/generate_code_ut.py | 274 +++++++++++++++++++++++++++++-
 2 files changed, 299 insertions(+), 12 deletions(-)

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index b0b368650..b344f8ce7 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -362,14 +362,15 @@ def escaped_split(str, ch):
             out.append(part)
             part = ''
         else:
-            part += str[i]
             escape = not escape and str[i] == '\\'
+            if not escape:
+                part += str[i]
     if len(part):
         out.append(part)
     return out
 
 
-def parse_test_data(data_f):
+def parse_test_data(data_f, debug=False):
     """
     Parses .data file
     
@@ -380,14 +381,16 @@ def parse_test_data(data_f):
     STATE_READ_ARGS = 1
     state = STATE_READ_NAME
     deps = []
-
+    name = ''
     for line in data_f:
         line = line.strip()
         if len(line) and line[0] == '#': # Skip comments
             continue
 
-        # skip blank lines
+        # Blank line indicates end of test
         if len(line) == 0:
+            assert state != STATE_READ_ARGS, "Newline before arguments. " \
+                                                 "Test function and arguments missing for %s" % name
             continue
 
         if state == STATE_READ_NAME:
@@ -398,7 +401,7 @@ def parse_test_data(data_f):
             # Check dependencies
             m = re.search('depends_on\:(.*)', line)
             if m:
-                deps = m.group(1).split(':')
+                deps = [x.strip() for x in m.group(1).split(':') if len(x.strip())]
             else:
                 # Read test vectors
                 parts = escaped_split(line, ':')
@@ -407,6 +410,8 @@ def parse_test_data(data_f):
                 yield name, function, deps, args
                 deps = []
                 state = STATE_READ_NAME
+    assert state != STATE_READ_ARGS, "Newline before arguments. " \
+                                     "Test function and arguments missing for %s" % name
 
 
 def gen_dep_check(dep_id, dep):
@@ -417,11 +422,9 @@ def gen_dep_check(dep_id, dep):
     :param dep: 
     :return: 
     """
-    if dep[0] == '!':
-        noT = '!'
-        dep = dep[1:]
-    else:
-        noT = ''
+    assert dep_id > -1, "Dependency Id should be a positive integer."
+    noT, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
+    assert len(dep) > 0, "Dependency should not be an empty string."
     dep_check = '''
 if ( dep_id == {id} )
 {{
@@ -433,7 +436,6 @@ if ( dep_id == {id} )
 }}
 else
 '''.format(noT=noT, macro=dep, id=dep_id)
-
     return dep_check
 
 
@@ -445,6 +447,8 @@ def gen_expression_check(exp_id, exp):
     :param exp: 
     :return: 
     """
+    assert exp_id > -1, "Expression Id should be a positive integer."
+    assert len(exp) > 0, "Expression should not be an empty string."
     exp_code = '''
 if ( exp_id == {exp_id} )
 {{
@@ -455,6 +459,17 @@ else
     return exp_code
 
 
+def find_unique_id(val, vals):
+    """
+    Check if val already in vals. Gives a unique Identifier for the val.
+    :param val: 
+    :param vals: 
+    :return: 
+    """
+    if val not in vals:
+        vals.append(val)
+
+
 def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     """
     Generates dependency checks, expression code and intermediate data file from test data file.
diff --git a/tests/scripts/generate_code_ut.py b/tests/scripts/generate_code_ut.py
index f941316ef..c261b2742 100644
--- a/tests/scripts/generate_code_ut.py
+++ b/tests/scripts/generate_code_ut.py
@@ -838,5 +838,277 @@ void func()
         self.assertRaises(AssertionError, parse_functions, s)
 
 
+class ExcapedSplit(TestCase):
+    """
+    Test suite for testing escaped_split()
+    """
+
+    def test_invalid_input(self):
+        """
+        Test when input split character is not a character.
+        :return: 
+        """
+        self.assertRaises(ValueError, escaped_split, '', 'string')
+
+    def test_empty_string(self):
+        """
+        Test empty strig input.
+        :return: 
+        """
+        splits = escaped_split('', ':')
+        self.assertEqual(splits, [])
+
+    def test_no_escape(self):
+        """
+        Test with no escape character. The behaviour should be same as str.split()
+        :return: 
+        """
+        s = 'yahoo:google'
+        splits = escaped_split(s, ':')
+        self.assertEqual(splits, s.split(':'))
+
+    def test_escaped_input(self):
+        """
+        Test imput that has escaped delimiter.
+        :return: 
+        """
+        s = 'yahoo\:google:facebook'
+        splits = escaped_split(s, ':')
+        self.assertEqual(splits, ['yahoo:google', 'facebook'])
+
+    def test_escaped_escape(self):
+        """
+        Test imput that has escaped delimiter.
+        :return: 
+        """
+        s = 'yahoo\\\:google:facebook'
+        splits = escaped_split(s, ':')
+        self.assertEqual(splits, ['yahoo\\', 'google', 'facebook'])
+
+    def test_all_at_once(self):
+        """
+        Test imput that has escaped delimiter.
+        :return: 
+        """
+        s = 'yahoo\\\:google:facebook\:instagram\\\:bbc\\\\:wikipedia'
+        splits = escaped_split(s, ':')
+        self.assertEqual(splits, ['yahoo\\', 'google', 'facebook:instagram\\', 'bbc\\', 'wikipedia'])
+
+class ParseTestData(TestCase):
+    """
+    Test suite for parse test data.
+    """
+
+    def test_parser(self):
+        """
+        Test that tests are parsed correctly from data file.
+        :return: 
+        """
+        data = """
+Diffie-Hellman full exchange #1
+dhm_do_dhm:10:"23":10:"5"
+
+Diffie-Hellman full exchange #2
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+
+Diffie-Hellman full exchange #3
+dhm_do_dhm:10:"9345098382739712938719287391879381271":10:"9345098792137312973297123912791271"
+
+Diffie-Hellman selftest
+dhm_selftest:
+"""
+        s = StringIOWrapper('test_suite_ut.function', data)
+        tests = [(name, function, deps, args) for name, function, deps, args in parse_test_data(s)]
+        t1, t2, t3, t4 = tests
+        self.assertEqual(t1[0], 'Diffie-Hellman full exchange #1')
+        self.assertEqual(t1[1], 'dhm_do_dhm')
+        self.assertEqual(t1[2], [])
+        self.assertEqual(t1[3], ['10', '"23"', '10', '"5"'])
+
+        self.assertEqual(t2[0], 'Diffie-Hellman full exchange #2')
+        self.assertEqual(t2[1], 'dhm_do_dhm')
+        self.assertEqual(t2[2], [])
+        self.assertEqual(t2[3], ['10', '"93450983094850938450983409623"', '10', '"9345098304850938450983409622"'])
+
+        self.assertEqual(t3[0], 'Diffie-Hellman full exchange #3')
+        self.assertEqual(t3[1], 'dhm_do_dhm')
+        self.assertEqual(t3[2], [])
+        self.assertEqual(t3[3], ['10', '"9345098382739712938719287391879381271"', '10', '"9345098792137312973297123912791271"'])
+
+        self.assertEqual(t4[0], 'Diffie-Hellman selftest')
+        self.assertEqual(t4[1], 'dhm_selftest')
+        self.assertEqual(t4[2], [])
+        self.assertEqual(t4[3], [])
+
+    def test_with_dependencies(self):
+        """
+        Test that tests with dependencies are parsed.
+        :return: 
+        """
+        data = """
+Diffie-Hellman full exchange #1
+depends_on:YAHOO
+dhm_do_dhm:10:"23":10:"5"
+
+Diffie-Hellman full exchange #2
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+
+"""
+        s = StringIOWrapper('test_suite_ut.function', data)
+        tests = [(name, function, deps, args) for name, function, deps, args in parse_test_data(s)]
+        t1, t2 = tests
+        self.assertEqual(t1[0], 'Diffie-Hellman full exchange #1')
+        self.assertEqual(t1[1], 'dhm_do_dhm')
+        self.assertEqual(t1[2], ['YAHOO'])
+        self.assertEqual(t1[3], ['10', '"23"', '10', '"5"'])
+
+        self.assertEqual(t2[0], 'Diffie-Hellman full exchange #2')
+        self.assertEqual(t2[1], 'dhm_do_dhm')
+        self.assertEqual(t2[2], [])
+        self.assertEqual(t2[3], ['10', '"93450983094850938450983409623"', '10', '"9345098304850938450983409622"'])
+
+    def test_no_args(self):
+        """
+        Test AssertionError is raised when test function name and args line is missing.
+        :return: 
+        """
+        data = """
+Diffie-Hellman full exchange #1
+depends_on:YAHOO
+
+
+Diffie-Hellman full exchange #2
+dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
+
+"""
+        s = StringIOWrapper('test_suite_ut.function', data)
+        e = None
+        try:
+            for x, y, z, a in parse_test_data(s):
+                pass
+        except AssertionError, e:
+            pass
+        self.assertEqual(type(e), AssertionError)
+
+    def test_incomplete_data(self):
+        """
+        Test AssertionError is raised when test function name and args line is missing.
+        :return: 
+        """
+        data = """
+Diffie-Hellman full exchange #1
+depends_on:YAHOO
+"""
+        s = StringIOWrapper('test_suite_ut.function', data)
+        e = None
+        try:
+            for x, y, z, a in parse_test_data(s):
+                pass
+        except AssertionError, e:
+            pass
+        self.assertEqual(type(e), AssertionError)
+
+
+class GenDepCheck(TestCase):
+    """
+    Test suite for gen_dep_check(). It is assumed this function is called with valid inputs. 
+    """
+
+    def test_gen_dep_check(self):
+        """
+        Test that dependency check code generated correctly.
+        :return: 
+        """
+        expected = """
+if ( dep_id == 5 )
+{
+#if defined(YAHOO)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+"""
+        out = gen_dep_check(5, 'YAHOO')
+        self.assertEqual(out, expected)
+
+    def test_noT(self):
+        """
+        Test dependency with !.
+        :return: 
+        """
+        expected = """
+if ( dep_id == 5 )
+{
+#if !defined(YAHOO)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+"""
+        out = gen_dep_check(5, '!YAHOO')
+        self.assertEqual(out, expected)
+
+    def test_empty_dependency(self):
+        """
+        Test invalid dependency input.
+        :return: 
+        """
+        self.assertRaises(AssertionError, gen_dep_check, 5, '!')
+
+    def test_negative_dep_id(self):
+        """
+        Test invalid dependency input.
+        :return: 
+        """
+        self.assertRaises(AssertionError, gen_dep_check, -1, 'YAHOO')
+
+
+class GenExpCheck(TestCase):
+    """
+    Test suite for gen_expression_check(). It is assumed this function is called with valid inputs. 
+    """
+
+    def test_gen_exp_check(self):
+        """
+        Test that expression check code generated correctly.
+        :return: 
+        """
+        expected = """
+if ( exp_id == 5 )
+{
+    *out_value = YAHOO;
+}
+else
+"""
+        out = gen_expression_check(5, 'YAHOO')
+        self.assertEqual(out, expected)
+
+    def test_invalid_expression(self):
+        """
+        Test invalid expression input.
+        :return: 
+        """
+        self.assertRaises(AssertionError, gen_expression_check, 5, '')
+
+    def test_negative_exp_id(self):
+        """
+        Test invalid expression id.
+        :return: 
+        """
+        self.assertRaises(AssertionError, gen_expression_check, -1, 'YAHOO')
+
+
+class GenFromTestData(TestCase):
+    """
+    Test suite for gen_from_test_data()
+    """
+
+    pass
+
+
 if __name__=='__main__':
-    unittest_main()
\ No newline at end of file
+    unittest_main()

From acc5473ac956e8951b4a4911cd994eab0971ced6 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Mon, 3 Jul 2017 14:06:45 +0100
Subject: [PATCH 287/578] Use FileWrapper class in place of file where line
 number is required

---
 tests/scripts/generate_code.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index b344f8ce7..bc44b8cc0 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -362,9 +362,8 @@ def escaped_split(str, ch):
             out.append(part)
             part = ''
         else:
+            part += str[i]
             escape = not escape and str[i] == '\\'
-            if not escape:
-                part += str[i]
     if len(part):
         out.append(part)
     return out
@@ -582,7 +581,7 @@ def generate_code(funcs_file, data_file, template_file, platform_file, help_file
                                                               out_data_file.replace('\\', '\\\\')) # escape '\'
 
     # Function code
-    with open(funcs_file, 'r') as funcs_f, open(data_file, 'r') as data_f, open(out_data_file, 'w') as out_data_f:
+    with FileWrapper(funcs_file) as funcs_f, open(data_file, 'r') as data_f, open(out_data_file, 'w') as out_data_f:
         suite_deps, dispatch_code, func_code, func_info = parse_functions(funcs_f)
         snippets['functions_code'] = func_code
         snippets['dispatch_code'] = dispatch_code

From 599cd247e6120d9279022e1e369b637479390703 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 6 Jul 2017 17:34:27 +0100
Subject: [PATCH 288/578] Update unit tests for code generator and make code
 generator more testable.

---
 tests/scripts/generate_code.py    | 163 +++++++-----
 tests/scripts/generate_code_ut.py | 421 +++++++++++++++++++++++++++++-
 2 files changed, 520 insertions(+), 64 deletions(-)

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index bc44b8cc0..7af6fdf29 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -347,6 +347,8 @@ def parse_functions(funcs_f):
 def escaped_split(str, ch):
     """
     Split str on character ch but ignore escaped \{ch}
+    Since return value is used to write back to the intermediate data file. 
+    Any escape characters in the input are retained in the output.
 
     :param str:
     :param ch:
@@ -458,15 +460,98 @@ else
     return exp_code
 
 
-def find_unique_id(val, vals):
+def write_deps(out_data_f, test_deps, unique_deps):
     """
-    Check if val already in vals. Gives a unique Identifier for the val.
-    :param val: 
-    :param vals: 
+    Write dependencies to intermediate test data file.
+    It also returns dependency check code.
+      
+    :param out_data_f:
+    :param dep: 
+    :param unique_deps: 
     :return: 
     """
-    if val not in vals:
-        vals.append(val)
+    dep_check_code = ''
+    if len(test_deps):
+        out_data_f.write('depends_on')
+        for dep in test_deps:
+            if dep not in unique_deps:
+                unique_deps.append(dep)
+                dep_id = unique_deps.index(dep)
+                dep_check_code += gen_dep_check(dep_id, dep)
+            else:
+                dep_id = unique_deps.index(dep)
+            out_data_f.write(':' + str(dep_id))
+        out_data_f.write('\n')
+    return dep_check_code
+
+
+def write_parameters(out_data_f, test_args, func_args, unique_expressions):
+    """
+    Writes test parameters to the intermediate data file.
+    Also generates expression code.
+     
+    :param out_data_f: 
+    :param test_args: 
+    :param func_args:
+    :param unique_expressions: 
+    :return: 
+    """
+    expression_code = ''
+    for i in xrange(len(test_args)):
+        typ = func_args[i]
+        val = test_args[i]
+
+        # check if val is a non literal int val
+        if typ == 'int' and not re.match('(\d+$)|((0x)?[0-9a-fA-F]+$)', val):  # its an expression
+            typ = 'exp'
+            if val not in unique_expressions:
+                unique_expressions.append(val)
+                # exp_id can be derived from len(). But for readability and consistency with case of existing let's
+                # use index().
+                exp_id = unique_expressions.index(val)
+                expression_code += gen_expression_check(exp_id, val)
+                val = exp_id
+            else:
+                val = unique_expressions.index(val)
+        out_data_f.write(':' + typ + ':' + str(val))
+    out_data_f.write('\n')
+    return expression_code
+
+
+def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
+    """
+    Adds preprocessor checks for test suite dependencies.
+    
+    :param suite_deps: 
+    :param dep_check_code: 
+    :param expression_code: 
+    :return: 
+    """
+    # void unused params
+    if len(dep_check_code) == 0:
+        dep_check_code = '(void) dep_id;\n'
+    if len(expression_code) == 0:
+        expression_code = '(void) exp_id;\n'
+        expression_code += '(void) out_value;\n'
+
+    if len(suite_deps):
+        ifdef = gen_deps_one_line(suite_deps)
+        dep_check_code = '''
+{ifdef}
+{code}
+#else
+(void) dep_id;
+#endif
+'''.format(ifdef=ifdef, code=dep_check_code)
+        expression_code = '''
+{ifdef}
+{code}
+#else
+(void) exp_id;
+(void) out_value;
+#endif
+'''.format(ifdef=ifdef, code=expression_code)
+    return dep_check_code, expression_code
 
 
 def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
@@ -486,64 +571,24 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     for test_name, function_name, test_deps, test_args in parse_test_data(data_f):
         out_data_f.write(test_name + '\n')
 
-        func_id, func_args = func_info['test_' + function_name]
-        if len(test_deps):
-            out_data_f.write('depends_on')
-            for dep in test_deps:
-                if dep not in unique_deps:
-                    unique_deps.append(dep)
-                    dep_id = unique_deps.index(dep)
-                    dep_check_code += gen_dep_check(dep_id, dep)
-                else:
-                    dep_id = unique_deps.index(dep)
-                out_data_f.write(':' + str(dep_id))
-            out_data_f.write('\n')
+        # Write deps
+        dep_check_code += write_deps(out_data_f, test_deps, unique_deps)
 
+        # Write test function name
+        test_function_name = 'test_' + function_name
+        assert test_function_name in func_info, "Function %s not found!" % test_function_name
+        func_id, func_args = func_info[test_function_name]
+        out_data_f.write(str(func_id))
+
+        # Write parameters
         assert len(test_args) == len(func_args), \
             "Invalid number of arguments in test %s. See function %s signature." % (test_name, function_name)
-        out_data_f.write(str(func_id))
-        for i in xrange(len(test_args)):
-            typ = func_args[i]
-            val = test_args[i]
+        expression_code += write_parameters(out_data_f, test_args, func_args, unique_expressions)
 
-            # check if val is a non literal int val
-            if typ == 'int' and not re.match('\d+', val):  # its an expression # FIXME: Handle hex format. Tip: instead try converting int(str, 10) and int(str, 16)
-                typ = 'exp'
-                if val not in unique_expressions:
-                    unique_expressions.append(val)
-                    # exp_id can be derived from len(). But for readability and consistency with case of existing let's
-                    # use index().
-                    exp_id = unique_expressions.index(val)
-                    expression_code += gen_expression_check(exp_id, val)
-                    val = exp_id
-                else:
-                    val = unique_expressions.index(val)
-            out_data_f.write(':' + typ + ':' + str(val))
-        out_data_f.write('\n\n')
+        # Write a newline as test case separator
+        out_data_f.write('\n')
 
-    # void unused params
-    if len(dep_check_code) == 0:
-        dep_check_code = '(void) dep_id;\n'
-    if len(expression_code) == 0:
-        expression_code = '(void) exp_id;\n'
-        expression_code += '(void) out_value;\n'
-    ifdef = gen_deps_one_line(suite_deps)
-    if len(suite_deps):
-        dep_check_code = '''
-{ifdef}
-{code}
-#else
-(void) dep_id;
-#endif
-'''.format(ifdef=ifdef, code=dep_check_code)
-        expression_code = '''
-{ifdef}
-{code}
-#else
-(void) exp_id;
-(void) out_value;
-#endif
-'''.format(ifdef=ifdef, code=expression_code)
+    dep_check_code, expression_code = gen_suite_deps_checks(suite_deps, dep_check_code, expression_code)
     return dep_check_code, expression_code
 
 
diff --git a/tests/scripts/generate_code_ut.py b/tests/scripts/generate_code_ut.py
index c261b2742..8545b4a0c 100644
--- a/tests/scripts/generate_code_ut.py
+++ b/tests/scripts/generate_code_ut.py
@@ -840,7 +840,9 @@ void func()
 
 class ExcapedSplit(TestCase):
     """
-    Test suite for testing escaped_split()
+    Test suite for testing escaped_split().
+    Note: Since escaped_split() output is used to write back to the intermediate data file. Any escape characters
+     in the input are retained in the output.
     """
 
     def test_invalid_input(self):
@@ -874,7 +876,7 @@ class ExcapedSplit(TestCase):
         """
         s = 'yahoo\:google:facebook'
         splits = escaped_split(s, ':')
-        self.assertEqual(splits, ['yahoo:google', 'facebook'])
+        self.assertEqual(splits, ['yahoo\:google', 'facebook'])
 
     def test_escaped_escape(self):
         """
@@ -883,7 +885,7 @@ class ExcapedSplit(TestCase):
         """
         s = 'yahoo\\\:google:facebook'
         splits = escaped_split(s, ':')
-        self.assertEqual(splits, ['yahoo\\', 'google', 'facebook'])
+        self.assertEqual(splits, ['yahoo\\\\', 'google', 'facebook'])
 
     def test_all_at_once(self):
         """
@@ -892,7 +894,8 @@ class ExcapedSplit(TestCase):
         """
         s = 'yahoo\\\:google:facebook\:instagram\\\:bbc\\\\:wikipedia'
         splits = escaped_split(s, ':')
-        self.assertEqual(splits, ['yahoo\\', 'google', 'facebook:instagram\\', 'bbc\\', 'wikipedia'])
+        self.assertEqual(splits, ['yahoo\\\\', 'google', 'facebook\:instagram\\\\', 'bbc\\\\', 'wikipedia'])
+
 
 class ParseTestData(TestCase):
     """
@@ -1102,12 +1105,420 @@ else
         self.assertRaises(AssertionError, gen_expression_check, -1, 'YAHOO')
 
 
+class WriteDeps(TestCase):
+    """
+    Test suite for testing write_deps.
+    """
+
+    def test_no_test_deps(self):
+        """
+        Test when test_deps is empty.
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_deps = []
+        dep_check_code = write_deps(s, [], unique_deps)
+        self.assertEqual(dep_check_code, '')
+        self.assertEqual(len(unique_deps), 0)
+        self.assertEqual(s.getvalue(), '')
+
+    def test_unique_dep_ids(self):
+        """
+        
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_deps = []
+        dep_check_code = write_deps(s, ['DEP3', 'DEP2', 'DEP1'], unique_deps)
+        expect_dep_check_code = '''
+if ( dep_id == 0 )
+{
+#if defined(DEP3)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+
+if ( dep_id == 1 )
+{
+#if defined(DEP2)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+
+if ( dep_id == 2 )
+{
+#if defined(DEP1)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+'''
+        self.assertEqual(dep_check_code, expect_dep_check_code)
+        self.assertEqual(len(unique_deps), 3)
+        self.assertEqual(s.getvalue(), 'depends_on:0:1:2\n')
+
+    def test_dep_id_repeat(self):
+        """
+        
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_deps = []
+        dep_check_code = ''
+        dep_check_code += write_deps(s, ['DEP3', 'DEP2'], unique_deps)
+        dep_check_code += write_deps(s, ['DEP2', 'DEP1'], unique_deps)
+        dep_check_code += write_deps(s, ['DEP1', 'DEP3'], unique_deps)
+        expect_dep_check_code = '''
+if ( dep_id == 0 )
+{
+#if defined(DEP3)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+
+if ( dep_id == 1 )
+{
+#if defined(DEP2)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+
+if ( dep_id == 2 )
+{
+#if defined(DEP1)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+'''
+        self.assertEqual(dep_check_code, expect_dep_check_code)
+        self.assertEqual(len(unique_deps), 3)
+        self.assertEqual(s.getvalue(), 'depends_on:0:1\ndepends_on:1:2\ndepends_on:2:0\n')
+
+
+class WriteParams(TestCase):
+    """
+    Test Suite for testing write_parameters().
+    """
+
+    def test_no_params(self):
+        """
+        Test with empty test_args
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_expressions = []
+        expression_code = write_parameters(s, [], [], unique_expressions)
+        self.assertEqual(len(unique_expressions), 0)
+        self.assertEqual(expression_code, '')
+        self.assertEqual(s.getvalue(), '\n')
+
+    def test_no_exp_param(self):
+        """
+        Test when there is no macro or expression in the params.
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_expressions = []
+        expression_code = write_parameters(s, ['"Yahoo"', '"abcdef00"', '0'], ['char*', 'hex', 'int'],
+                                           unique_expressions)
+        self.assertEqual(len(unique_expressions), 0)
+        self.assertEqual(expression_code, '')
+        self.assertEqual(s.getvalue(), ':char*:"Yahoo":hex:"abcdef00":int:0\n')
+
+    def test_hex_format_int_param(self):
+        """
+        Test int parameter in hex format.
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_expressions = []
+        expression_code = write_parameters(s, ['"Yahoo"', '"abcdef00"', '0xAA'], ['char*', 'hex', 'int'],
+                                           unique_expressions)
+        self.assertEqual(len(unique_expressions), 0)
+        self.assertEqual(expression_code, '')
+        self.assertEqual(s.getvalue(), ':char*:"Yahoo":hex:"abcdef00":int:0xAA\n')
+
+    def test_with_exp_param(self):
+        """
+        Test when there is macro or expression in the params.
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_expressions = []
+        expression_code = write_parameters(s, ['"Yahoo"', '"abcdef00"', '0', 'MACRO1', 'MACRO2', 'MACRO3'],
+                                           ['char*', 'hex', 'int', 'int', 'int', 'int'],
+                                           unique_expressions)
+        self.assertEqual(len(unique_expressions), 3)
+        self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
+        expected_expression_code = '''
+if ( exp_id == 0 )
+{
+    *out_value = MACRO1;
+}
+else
+
+if ( exp_id == 1 )
+{
+    *out_value = MACRO2;
+}
+else
+
+if ( exp_id == 2 )
+{
+    *out_value = MACRO3;
+}
+else
+'''
+        self.assertEqual(expression_code, expected_expression_code)
+        self.assertEqual(s.getvalue(), ':char*:"Yahoo":hex:"abcdef00":int:0:exp:0:exp:1:exp:2\n')
+
+    def test_with_repeate_calls(self):
+        """
+        Test when write_parameter() is called with same macro or expression.
+        :return: 
+        """
+        s = StringIOWrapper('test_suite_ut.data', '')
+        unique_expressions = []
+        expression_code = ''
+        expression_code += write_parameters(s, ['"Yahoo"', 'MACRO1', 'MACRO2'], ['char*', 'int', 'int'],
+                                            unique_expressions)
+        expression_code += write_parameters(s, ['"abcdef00"', 'MACRO2', 'MACRO3'], ['hex', 'int', 'int'],
+                                            unique_expressions)
+        expression_code += write_parameters(s, ['0', 'MACRO3', 'MACRO1'], ['int', 'int', 'int'],
+                                            unique_expressions)
+        self.assertEqual(len(unique_expressions), 3)
+        self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
+        expected_expression_code = '''
+if ( exp_id == 0 )
+{
+    *out_value = MACRO1;
+}
+else
+
+if ( exp_id == 1 )
+{
+    *out_value = MACRO2;
+}
+else
+
+if ( exp_id == 2 )
+{
+    *out_value = MACRO3;
+}
+else
+'''
+        self.assertEqual(expression_code, expected_expression_code)
+        expected_data_file = ''':char*:"Yahoo":exp:0:exp:1
+:hex:"abcdef00":exp:1:exp:2
+:int:0:exp:2:exp:0
+'''
+        self.assertEqual(s.getvalue(), expected_data_file)
+
+
+class GenTestSuiteDepsChecks(TestCase):
+    """
+    
+    """
+    def test_empty_suite_deps(self):
+        """
+        Test with empty suite_deps list.
+        
+        :return: 
+        """
+        dep_check_code, expression_code = gen_suite_deps_checks([], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
+        self.assertEqual(dep_check_code, 'DEP_CHECK_CODE')
+        self.assertEqual(expression_code, 'EXPRESSION_CODE')
+
+    def test_suite_deps(self):
+        """
+        Test with suite_deps list.
+        
+        :return: 
+        """
+        dep_check_code, expression_code = gen_suite_deps_checks(['SUITE_DEP'], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
+        exprectd_dep_check_code = '''
+#if defined(SUITE_DEP)
+DEP_CHECK_CODE
+#else
+(void) dep_id;
+#endif
+'''
+        expected_expression_code = '''
+#if defined(SUITE_DEP)
+EXPRESSION_CODE
+#else
+(void) exp_id;
+(void) out_value;
+#endif
+'''
+        self.assertEqual(dep_check_code, exprectd_dep_check_code)
+        self.assertEqual(expression_code, expected_expression_code)
+
+    def test_no_dep_no_exp(self):
+        """
+        Test when there are no dependency and expression code. 
+        :return: 
+        """
+        dep_check_code, expression_code = gen_suite_deps_checks([], '', '')
+        self.assertEqual(dep_check_code, '(void) dep_id;\n')
+        self.assertEqual(expression_code, '(void) exp_id;\n(void) out_value;\n')
+
+
 class GenFromTestData(TestCase):
     """
     Test suite for gen_from_test_data()
     """
 
-    pass
+    @patch("generate_code.write_deps")
+    @patch("generate_code.write_parameters")
+    @patch("generate_code.gen_suite_deps_checks")
+    def test_intermediate_data_file(self, gen_suite_deps_checks_mock, write_parameters_mock, write_deps_mock):
+        """
+        Test that intermediate data file is written with expected data.
+        :return: 
+        """
+        data = '''
+My test
+depends_on:DEP1
+func1:0
+'''
+        data_f = StringIOWrapper('test_suite_ut.data', data)
+        out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+        func_info = {'test_func1': (1, ('int',))}
+        suite_deps = []
+        write_parameters_mock.side_effect = write_parameters
+        write_deps_mock.side_effect = write_deps
+        gen_suite_deps_checks_mock.side_effect = gen_suite_deps_checks
+        gen_from_test_data(data_f, out_data_f, func_info, suite_deps)
+        write_deps_mock.assert_called_with(out_data_f, ['DEP1'], ['DEP1'])
+        write_parameters_mock.assert_called_with(out_data_f, ['0'], ('int',), [])
+        expected_dep_check_code = '''
+if ( dep_id == 0 )
+{
+#if defined(DEP1)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+'''
+        gen_suite_deps_checks_mock.assert_called_with(suite_deps, expected_dep_check_code, '')
+
+    def test_function_not_found(self):
+        """
+        Test that AssertError is raised when function info in not found.
+        :return: 
+        """
+        data = '''
+My test
+depends_on:DEP1
+func1:0
+'''
+        data_f = StringIOWrapper('test_suite_ut.data', data)
+        out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+        func_info = {'test_func2': (1, ('int',))}
+        suite_deps = []
+        self.assertRaises(AssertionError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
+
+    def test_different_func_args(self):
+        """
+        Test that AssertError is raised when no. of parameters and function args differ.
+        :return: 
+        """
+        data = '''
+My test
+depends_on:DEP1
+func1:0
+'''
+        data_f = StringIOWrapper('test_suite_ut.data', data)
+        out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+        func_info = {'test_func2': (1, ('int','hex'))}
+        suite_deps = []
+        self.assertRaises(AssertionError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
+
+    def test_output(self):
+        """
+        Test that intermediate data file is written with expected data.
+        :return: 
+        """
+        data = '''
+My test 1
+depends_on:DEP1
+func1:0:0xfa:MACRO1:MACRO2
+
+My test 2
+depends_on:DEP1:DEP2
+func2:"yahoo":88:MACRO1
+'''
+        data_f = StringIOWrapper('test_suite_ut.data', data)
+        out_data_f = StringIOWrapper('test_suite_ut.datax', '')
+        func_info = {'test_func1': (0, ('int', 'int', 'int', 'int')), 'test_func2': (1, ('char*', 'int', 'int'))}
+        suite_deps = []
+        dep_check_code, expression_code = gen_from_test_data(data_f, out_data_f, func_info, suite_deps)
+        expected_dep_check_code = '''
+if ( dep_id == 0 )
+{
+#if defined(DEP1)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+
+if ( dep_id == 1 )
+{
+#if defined(DEP2)
+    return( DEPENDENCY_SUPPORTED );
+#else
+    return( DEPENDENCY_NOT_SUPPORTED );
+#endif
+}
+else
+'''
+        expecrted_data = '''My test 1
+depends_on:0
+0:int:0:int:0xfa:exp:0:exp:1
+
+My test 2
+depends_on:0:1
+1:char*:"yahoo":int:88:exp:0
+
+'''
+        expected_expression_code = '''
+if ( exp_id == 0 )
+{
+    *out_value = MACRO1;
+}
+else
+
+if ( exp_id == 1 )
+{
+    *out_value = MACRO2;
+}
+else
+'''
+        self.assertEqual(dep_check_code, expected_dep_check_code)
+        self.assertEqual(out_data_f.getvalue(), expecrted_data)
+        self.assertEqual(expression_code, expected_expression_code)
 
 
 if __name__=='__main__':

From 663d4702c5e61782b3b88fdc469a91440d2c5a32 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 7 Jul 2017 15:40:26 +0100
Subject: [PATCH 289/578] Incorporate code review suggestions in
 mbedtls_test.py

---
 tests/scripts/mbedtls_test.py | 87 ++++++++++++++++++++++-------------
 1 file changed, 55 insertions(+), 32 deletions(-)

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index fa5b50706..b43e613ef 100644
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -1,6 +1,6 @@
 """
 mbed SDK
-Copyright (c) 2011-2013 ARM Limited
+Copyright (c) 2017 ARM Limited
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -17,7 +17,7 @@ limitations under the License.
 
 import re
 import os
-import time
+import binascii
 from mbed_host_tests import BaseHostTest, event_callback
 
 
@@ -62,25 +62,23 @@ class TestDataParser(object):
     def __parse(self, file):
         """
         """
-        line = file.readline().strip()
-        while line:
+        for line in file:
             line = line.strip()
             if len(line) == 0:
-                line = file.readline()
                 continue
             # Read test name
             name = line
 
             # Check dependencies
             deps = []
-            line = file.readline().strip()
+            line = file.next().strip()
             m = re.search('depends_on\:(.*)', line)
             if m:
                 deps = [int(x) for x in m.group(1).split(':')]
-                line = file.readline().strip()
+                line = file.next().strip()
 
             # Read test vectors
-            line = line.replace('\\n', '\n#')
+            line = line.replace('\\n', '\n')
             parts = self.__escaped_split(line, ':')
             function = int(parts[0])
             x = parts[1:]
@@ -88,7 +86,6 @@ class TestDataParser(object):
             assert l % 2 == 0, "Number of test arguments should be even: %s" % line
             args = [(x[i * 2], x[(i * 2) + 1]) for i in range(len(x)/2)]
             self.tests.append((name, function, deps, args))
-            line = file.readline()
 
     def get_test_data(self):
         """
@@ -98,7 +95,8 @@ class TestDataParser(object):
 
 class MbedTlsTest(BaseHostTest):
     """
-    Host test for mbed-tls target tests.
+    Event handler for mbedtls unit tests. This script is loaded at run time
+    by htrun while executing mbedtls unit tests.
     """
     # From suites/helpers.function
     DEPENDENCY_SUPPORTED = 0
@@ -172,29 +170,46 @@ class MbedTlsTest(BaseHostTest):
             "HEX test parameter missing '\"': %s" % hex_str
         hex_str = hex_str.strip('"')
         assert len(hex_str) % 2 == 0, "HEX parameter len should be mod of 2: %s" % hex_str
-        b = bytearray()
 
-        for i in xrange(len(hex_str) / 2):
-            h = hex_str[i * 2] + hex_str[(i * 2) + 1]
-            try:
-                b += bytearray([int(h, 16)])
-            except ValueError:
-                raise ValueError("Invalid HEX value: %s" % hex_str)
+        b = binascii.unhexlify(hex_str)
         return b
 
-    def parameters_to_bytes(self, b, parameters):
+    @staticmethod
+    def int32_to_bigendian_bytes(i):
+        """
+        Coverts i to bytearray in big endian format.
+
+        :param i:
+        :return:
+        """
+        b = bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+        return b
+
+    def test_vector_to_bytes(self, function_id, deps, parameters):
+        """
+        Converts test vector into a byte array that can be sent to the target.
+
+        :param function_id:
+        :param deps:
+        :param parameters:
+        :return:
+        """
+        b = bytearray([len(deps)])
+        if len(deps):
+            b += bytearray(deps)
+        b += bytearray([function_id, len(parameters)])
         for typ, param in parameters:
             if typ == 'int' or typ == 'exp':
                 i = int(param)
                 b += 'I' if typ == 'int' else 'E'
                 self.align_32bit(b)
-                b += bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+                b += self.int32_to_bigendian_bytes(i)
             elif typ == 'char*':
                 param = param.strip('"')
                 i = len(param) + 1  # + 1 for null termination
                 b += 'S'
                 self.align_32bit(b)
-                b += bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+                b += self.int32_to_bigendian_bytes(i)
                 b += bytearray(list(param))
                 b += '\0'   # Null terminate
             elif typ == 'hex':
@@ -202,9 +217,10 @@ class MbedTlsTest(BaseHostTest):
                 b += 'H'
                 self.align_32bit(b)
                 i = len(hb)
-                b += bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+                b += self.int32_to_bigendian_bytes(i)
                 b += hb
-        return b
+        length = self.int32_to_bigendian_bytes(len(b))
+        return b, length
 
     def run_next_test(self):
         """
@@ -214,19 +230,26 @@ class MbedTlsTest(BaseHostTest):
         self.test_index += 1
         self.dep_index = 0
         if self.test_index < len(self.tests):
-            name, function, deps, args = self.tests[self.test_index]
-            self.log("Running: %s" % name)
-            bytes = bytearray([len(deps)])
-            if len(deps):
-                bytes += bytearray(deps)
-            bytes += bytearray([function, len(args)])
-            self.parameters_to_bytes(bytes, args)
-            key = bytearray([((len(bytes) >> x) & 0xff) for x in [24, 16, 8, 0]])
-            #self.log("Bytes: " + " ".join(["%x '%c'" % (x, x) for x in bytes]))
-            self.send_kv(key, bytes)
+            name, function_id, deps, args = self.tests[self.test_index]
+            self.run_test(name, function_id, deps, args)
         else:
             self.notify_complete(True)
 
+    def run_test(self, name, function_id, deps, args):
+        """
+        Runs the test.
+
+        :param name:
+        :param function_id:
+        :param deps:
+        :param args:
+        :return:
+        """
+        self.log("Running: %s" % name)
+
+        bytes, length = self.test_vector_to_bytes(function_id, deps, args)
+        self.send_kv(length, bytes)
+
     @staticmethod
     def get_result(value):
         try:

From d61a4384d84a0b82e17dbe209d1788b04ff8a647 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 7 Jul 2017 16:17:27 +0100
Subject: [PATCH 290/578] incorporate code review comment in
 embedded_test.function

---
 tests/suites/embedded_test.function | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/suites/embedded_test.function b/tests/suites/embedded_test.function
index 312cf9125..3f1e77add 100644
--- a/tests/suites/embedded_test.function
+++ b/tests/suites/embedded_test.function
@@ -13,12 +13,12 @@
  */
 #define INCR_ASSERT(p, start, len, step) do                     \
 {                                                               \
-    assert( p >= start );                                       \
-    assert( sizeof( *p ) == sizeof( *start ) );                 \
+    assert( ( p ) >= ( start ) );                               \
+    assert( sizeof( *( p ) ) == sizeof( *( start ) ) );         \
     /* <= is checked to support use inside a loop where         \
        pointer is incremented after reading data.       */      \
-    assert( (uint32_t)( (p - start) + step ) <= len );          \
-    p += step;                                                  \
+    assert( (uint32_t)( ( ( p ) - ( start ) ) + step ) <= len );\
+    ( p ) += step;                                              \
 }                                                               \
 while( 0 )
 
@@ -33,7 +33,7 @@ while( 0 )
  */
 #define ALIGN_32BIT(p, start, len) do           \
 {                                               \
-    uint32_t align = ( - (uintptr_t)p ) % 4;    \
+    uint32_t align = ( - (uintptr_t)( p ) ) % 4;\
     INCR_ASSERT(p, start, len, align);          \
 }                                               \
 while( 0 )

From b1c2d0f9468bfcddc0622a19372c43c921532f90 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 7 Jul 2017 17:14:02 +0100
Subject: [PATCH 291/578] Use switch instead if if-else for dependency and
 expression checks.

---
 tests/scripts/generate_code.py  | 42 +++++++++++----------------------
 tests/suites/main_test.function | 27 +++++++++++++++++----
 2 files changed, 36 insertions(+), 33 deletions(-)

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index 7af6fdf29..f81ec91cb 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -427,16 +427,15 @@ def gen_dep_check(dep_id, dep):
     noT, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
     assert len(dep) > 0, "Dependency should not be an empty string."
     dep_check = '''
-if ( dep_id == {id} )
-{{
-#if {noT}defined({macro})
-    return( DEPENDENCY_SUPPORTED );
-#else
-    return( DEPENDENCY_NOT_SUPPORTED );
-#endif
-}}
-else
-'''.format(noT=noT, macro=dep, id=dep_id)
+        case {id}:
+            {{
+            #if {noT}defined({macro})
+                ret = DEPENDENCY_SUPPORTED;
+            #else
+                ret = DEPENDENCY_NOT_SUPPORTED;
+            #endif
+            }}
+            break;'''.format(noT=noT, macro=dep, id=dep_id)
     return dep_check
 
 
@@ -451,12 +450,11 @@ def gen_expression_check(exp_id, exp):
     assert exp_id > -1, "Expression Id should be a positive integer."
     assert len(exp) > 0, "Expression should not be an empty string."
     exp_code = '''
-if ( exp_id == {exp_id} )
-{{
-    *out_value = {expression};
-}}
-else
-'''.format(exp_id=exp_id, expression=exp)
+        case {exp_id}:
+            {{
+                *out_value = {expression};
+            }}
+            break;'''.format(exp_id=exp_id, expression=exp)
     return exp_code
 
 
@@ -527,28 +525,16 @@ def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
     :param expression_code: 
     :return: 
     """
-    # void unused params
-    if len(dep_check_code) == 0:
-        dep_check_code = '(void) dep_id;\n'
-    if len(expression_code) == 0:
-        expression_code = '(void) exp_id;\n'
-        expression_code += '(void) out_value;\n'
-
     if len(suite_deps):
         ifdef = gen_deps_one_line(suite_deps)
         dep_check_code = '''
 {ifdef}
 {code}
-#else
-(void) dep_id;
 #endif
 '''.format(ifdef=ifdef, code=dep_check_code)
         expression_code = '''
 {ifdef}
 {code}
-#else
-(void) exp_id;
-(void) out_value;
 #endif
 '''.format(ifdef=ifdef, code=expression_code)
     return dep_check_code, expression_code
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index e294e3621..93b32cc31 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -63,12 +63,22 @@
  */
 int get_expression( int32_t exp_id, int32_t * out_value )
 {{
+    int ret = KEY_VALUE_MAPPING_FOUND;
+
+    (void) exp_id;
+    (void) out_value;
+
+    switch( exp_id )
+    {{
 {expression_code}
 #line {line_no} "suites/main_test.function"
-    {{
-        return( KEY_VALUE_MAPPING_NOT_FOUND );
+        default:
+           {{
+                ret = KEY_VALUE_MAPPING_NOT_FOUND;
+           }}
+           break;
     }}
-    return( KEY_VALUE_MAPPING_FOUND );
+    return( ret );
 }}
 
 
@@ -85,11 +95,18 @@ int get_expression( int32_t exp_id, int32_t * out_value )
  */
 int dep_check( int dep_id )
 {{
+    int ret = DEPENDENCY_NOT_SUPPORTED;
+
+    (void) dep_id;
+
+    switch( dep_id )
+    {{
 {dep_check_code}
 #line {line_no} "suites/main_test.function"
-    {{
-         return( DEPENDENCY_NOT_SUPPORTED );
+        default:
+            break;
     }}
+    return( ret );
 }}
 
 

From d61b837fac711f53e7eb20bf1a27f71eb37867f4 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Mon, 10 Jul 2017 11:54:01 +0100
Subject: [PATCH 292/578] Update unit tests for change in test suites code
 generator

Code generator has been modified to generate case statements for dependency checks and expression checks.
This commit updates the unit tests accordingly.
---
 tests/scripts/generate_code.py    |   6 +-
 tests/scripts/generate_code_ut.py | 251 ++++++++++++++----------------
 2 files changed, 116 insertions(+), 141 deletions(-)

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index f81ec91cb..6554937ab 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -429,11 +429,11 @@ def gen_dep_check(dep_id, dep):
     dep_check = '''
         case {id}:
             {{
-            #if {noT}defined({macro})
+#if {noT}defined({macro})
                 ret = DEPENDENCY_SUPPORTED;
-            #else
+#else
                 ret = DEPENDENCY_NOT_SUPPORTED;
-            #endif
+#endif
             }}
             break;'''.format(noT=noT, macro=dep, id=dep_id)
     return dep_check
diff --git a/tests/scripts/generate_code_ut.py b/tests/scripts/generate_code_ut.py
index 8545b4a0c..4baeeafad 100644
--- a/tests/scripts/generate_code_ut.py
+++ b/tests/scripts/generate_code_ut.py
@@ -1023,16 +1023,15 @@ class GenDepCheck(TestCase):
         :return: 
         """
         expected = """
-if ( dep_id == 5 )
-{
+        case 5:
+            {
 #if defined(YAHOO)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-"""
+            }
+            break;"""
         out = gen_dep_check(5, 'YAHOO')
         self.assertEqual(out, expected)
 
@@ -1042,16 +1041,15 @@ else
         :return: 
         """
         expected = """
-if ( dep_id == 5 )
-{
+        case 5:
+            {
 #if !defined(YAHOO)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-"""
+            }
+            break;"""
         out = gen_dep_check(5, '!YAHOO')
         self.assertEqual(out, expected)
 
@@ -1081,12 +1079,11 @@ class GenExpCheck(TestCase):
         :return: 
         """
         expected = """
-if ( exp_id == 5 )
-{
-    *out_value = YAHOO;
-}
-else
-"""
+        case 5:
+            {
+                *out_value = YAHOO;
+            }
+            break;"""
         out = gen_expression_check(5, 'YAHOO')
         self.assertEqual(out, expected)
 
@@ -1131,36 +1128,33 @@ class WriteDeps(TestCase):
         unique_deps = []
         dep_check_code = write_deps(s, ['DEP3', 'DEP2', 'DEP1'], unique_deps)
         expect_dep_check_code = '''
-if ( dep_id == 0 )
-{
+        case 0:
+            {
 #if defined(DEP3)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-
-if ( dep_id == 1 )
-{
+            }
+            break;
+        case 1:
+            {
 #if defined(DEP2)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-
-if ( dep_id == 2 )
-{
+            }
+            break;
+        case 2:
+            {
 #if defined(DEP1)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-'''
+            }
+            break;'''
         self.assertEqual(dep_check_code, expect_dep_check_code)
         self.assertEqual(len(unique_deps), 3)
         self.assertEqual(s.getvalue(), 'depends_on:0:1:2\n')
@@ -1177,36 +1171,33 @@ else
         dep_check_code += write_deps(s, ['DEP2', 'DEP1'], unique_deps)
         dep_check_code += write_deps(s, ['DEP1', 'DEP3'], unique_deps)
         expect_dep_check_code = '''
-if ( dep_id == 0 )
-{
+        case 0:
+            {
 #if defined(DEP3)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-
-if ( dep_id == 1 )
-{
+            }
+            break;
+        case 1:
+            {
 #if defined(DEP2)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-
-if ( dep_id == 2 )
-{
+            }
+            break;
+        case 2:
+            {
 #if defined(DEP1)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-'''
+            }
+            break;'''
         self.assertEqual(dep_check_code, expect_dep_check_code)
         self.assertEqual(len(unique_deps), 3)
         self.assertEqual(s.getvalue(), 'depends_on:0:1\ndepends_on:1:2\ndepends_on:2:0\n')
@@ -1268,24 +1259,21 @@ class WriteParams(TestCase):
         self.assertEqual(len(unique_expressions), 3)
         self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
         expected_expression_code = '''
-if ( exp_id == 0 )
-{
-    *out_value = MACRO1;
-}
-else
-
-if ( exp_id == 1 )
-{
-    *out_value = MACRO2;
-}
-else
-
-if ( exp_id == 2 )
-{
-    *out_value = MACRO3;
-}
-else
-'''
+        case 0:
+            {
+                *out_value = MACRO1;
+            }
+            break;
+        case 1:
+            {
+                *out_value = MACRO2;
+            }
+            break;
+        case 2:
+            {
+                *out_value = MACRO3;
+            }
+            break;'''
         self.assertEqual(expression_code, expected_expression_code)
         self.assertEqual(s.getvalue(), ':char*:"Yahoo":hex:"abcdef00":int:0:exp:0:exp:1:exp:2\n')
 
@@ -1306,24 +1294,21 @@ else
         self.assertEqual(len(unique_expressions), 3)
         self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
         expected_expression_code = '''
-if ( exp_id == 0 )
-{
-    *out_value = MACRO1;
-}
-else
-
-if ( exp_id == 1 )
-{
-    *out_value = MACRO2;
-}
-else
-
-if ( exp_id == 2 )
-{
-    *out_value = MACRO3;
-}
-else
-'''
+        case 0:
+            {
+                *out_value = MACRO1;
+            }
+            break;
+        case 1:
+            {
+                *out_value = MACRO2;
+            }
+            break;
+        case 2:
+            {
+                *out_value = MACRO3;
+            }
+            break;'''
         self.assertEqual(expression_code, expected_expression_code)
         expected_data_file = ''':char*:"Yahoo":exp:0:exp:1
 :hex:"abcdef00":exp:1:exp:2
@@ -1356,16 +1341,11 @@ class GenTestSuiteDepsChecks(TestCase):
         exprectd_dep_check_code = '''
 #if defined(SUITE_DEP)
 DEP_CHECK_CODE
-#else
-(void) dep_id;
 #endif
 '''
         expected_expression_code = '''
 #if defined(SUITE_DEP)
 EXPRESSION_CODE
-#else
-(void) exp_id;
-(void) out_value;
 #endif
 '''
         self.assertEqual(dep_check_code, exprectd_dep_check_code)
@@ -1377,8 +1357,8 @@ EXPRESSION_CODE
         :return: 
         """
         dep_check_code, expression_code = gen_suite_deps_checks([], '', '')
-        self.assertEqual(dep_check_code, '(void) dep_id;\n')
-        self.assertEqual(expression_code, '(void) exp_id;\n(void) out_value;\n')
+        self.assertEqual(dep_check_code, '')
+        self.assertEqual(expression_code, '')
 
 
 class GenFromTestData(TestCase):
@@ -1410,16 +1390,15 @@ func1:0
         write_deps_mock.assert_called_with(out_data_f, ['DEP1'], ['DEP1'])
         write_parameters_mock.assert_called_with(out_data_f, ['0'], ('int',), [])
         expected_dep_check_code = '''
-if ( dep_id == 0 )
-{
+        case 0:
+            {
 #if defined(DEP1)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-'''
+            }
+            break;'''
         gen_suite_deps_checks_mock.assert_called_with(suite_deps, expected_dep_check_code, '')
 
     def test_function_not_found(self):
@@ -1474,26 +1453,24 @@ func2:"yahoo":88:MACRO1
         suite_deps = []
         dep_check_code, expression_code = gen_from_test_data(data_f, out_data_f, func_info, suite_deps)
         expected_dep_check_code = '''
-if ( dep_id == 0 )
-{
+        case 0:
+            {
 #if defined(DEP1)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-
-if ( dep_id == 1 )
-{
+            }
+            break;
+        case 1:
+            {
 #if defined(DEP2)
-    return( DEPENDENCY_SUPPORTED );
+                ret = DEPENDENCY_SUPPORTED;
 #else
-    return( DEPENDENCY_NOT_SUPPORTED );
+                ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
-}
-else
-'''
+            }
+            break;'''
         expecrted_data = '''My test 1
 depends_on:0
 0:int:0:int:0xfa:exp:0:exp:1
@@ -1504,18 +1481,16 @@ depends_on:0:1
 
 '''
         expected_expression_code = '''
-if ( exp_id == 0 )
-{
-    *out_value = MACRO1;
-}
-else
-
-if ( exp_id == 1 )
-{
-    *out_value = MACRO2;
-}
-else
-'''
+        case 0:
+            {
+                *out_value = MACRO1;
+            }
+            break;
+        case 1:
+            {
+                *out_value = MACRO2;
+            }
+            break;'''
         self.assertEqual(dep_check_code, expected_dep_check_code)
         self.assertEqual(out_data_f.getvalue(), expecrted_data)
         self.assertEqual(expression_code, expected_expression_code)

From 9540261a7660ab997410c527e7d442df17a07781 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@ARM.com>
Date: Wed, 19 Jul 2017 10:15:54 +0100
Subject: [PATCH 293/578] Incorporated code review comments

---
 CMakeLists.txt                                |  1 +
 tests/CMakeLists.txt                          |  4 +--
 tests/Makefile                                | 17 +++++-------
 tests/scripts/generate_code.py                | 26 +++++++++++--------
 tests/scripts/mbedtls_test.py                 | 26 +++++++++++--------
 ...sktop_test.function => host_test.function} |  2 +-
 ...ded_test.function => target_test.function} |  2 +-
 7 files changed, 41 insertions(+), 37 deletions(-)
 rename tests/suites/{desktop_test.function => host_test.function} (99%)
 rename tests/suites/{embedded_test.function => target_test.function} (99%)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4dbe76ecc..157eebab8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,6 +36,7 @@ set(NULL_ENTROPY_WARNING "${WARNING_BORDER}"
                          "${NULL_ENTROPY_WARN_L3}"
                          "${WARNING_BORDER}")
 
+find_package(PythonInterp)
 find_package(Perl)
 if(PERL_FOUND)
 
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ab3f78fc8..e24bf4e6e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -29,8 +29,8 @@ function(add_test_suite suite_name)
 
     add_custom_command(
         OUTPUT test_suite_${data_name}.c
-        COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/desktop_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --help-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
-        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/desktop_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
+        COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --help-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
     )
 
     include_directories(${CMAKE_CURRENT_SOURCE_DIR})
diff --git a/tests/Makefile b/tests/Makefile
index c544c8e0b..5e1458a0e 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -2,7 +2,7 @@
 # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
 # To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
 
-CFLAGS	?= -g3 #-O2
+CFLAGS	?= -O2
 WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
 LDFLAGS ?=
 
@@ -186,12 +186,12 @@ $(DEP):
 C_FILES := $(addsuffix .c,$(APPS))
 
 .SECONDEXPANSION:
-$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/desktop_test.function
+$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/host_test.function
 	echo "  Gen   $@"
 	python scripts/generate_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
-		-p suites/desktop_test.function \
+		-p suites/host_test.function \
 		-s suites  \
 		--help-file suites/helpers.function \
 		-o .
@@ -218,20 +218,15 @@ test: check
 # Create separate targets for generating embedded tests.
 EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
 
-# FIXME: description needs change
-# Each test suite name is stripped off of prefix test_suite_. mbed-os test dir
-# structure requires format TESTS/<testgroup>[/<sub testgroups..>]/<test case>
-# Test app names are split on "." and end part is used as the test dir name.
-# Prevous parts are used as the test group dirs. For tests without "." same
-# name is used as the test group dir.
+# Generate test code for target.
 
 .SECONDEXPANSION:
-$(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/embedded_test.function
+$(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/target_test.function
 	echo "  Gen  ./TESTS/mbedtls/$*/$*.c"
 	python scripts/generate_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
-		-p suites/embedded_test.function \
+		-p suites/target_test.function \
 		-s suites  \
 		--help-file suites/helpers.function \
 		-o ./TESTS/mbedtls/$*
diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index 6554937ab..58020f100 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -1,18 +1,22 @@
 """
-mbed TLS
-Copyright (c) 2017 ARM Limited
+  Test suites code generator.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+  SPDX-License-Identifier: Apache-2.0
 
-    http://www.apache.org/licenses/LICENSE-2.0
+  Licensed under the Apache License, Version 2.0 (the "License"); you may
+  not use this file except in compliance with the License.
+  You may obtain a copy of the License at
 
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+  This file is part of mbed TLS (https://tls.mbed.org)
 """
 
 import os
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index b43e613ef..b8f8a3752 100644
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -1,18 +1,22 @@
 """
-mbed SDK
-Copyright (c) 2017 ARM Limited
+  Greentea host test script for on-target tests.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+  SPDX-License-Identifier: Apache-2.0
 
-    http://www.apache.org/licenses/LICENSE-2.0
+  Licensed under the Apache License, Version 2.0 (the "License"); you may
+  not use this file except in compliance with the License.
+  You may obtain a copy of the License at
 
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+  This file is part of mbed TLS (https://tls.mbed.org)
 """
 
 import re
diff --git a/tests/suites/desktop_test.function b/tests/suites/host_test.function
similarity index 99%
rename from tests/suites/desktop_test.function
rename to tests/suites/host_test.function
index 4c790a85e..a4a5a8265 100644
--- a/tests/suites/desktop_test.function
+++ b/tests/suites/host_test.function
@@ -1,4 +1,4 @@
-#line 2 "suites/desktop_test.function"
+#line 2 "suites/host_test.function"
 
 /**
  * \brief       Varifies that string is in string parameter format i.e. "<str>"
diff --git a/tests/suites/embedded_test.function b/tests/suites/target_test.function
similarity index 99%
rename from tests/suites/embedded_test.function
rename to tests/suites/target_test.function
index 3f1e77add..0bafe454f 100644
--- a/tests/suites/embedded_test.function
+++ b/tests/suites/target_test.function
@@ -1,4 +1,4 @@
-#line 2 "embedded_test.function"
+#line 2 "suites/target_test.function"
 
 #include "greentea-client/test_env.h"
 

From f0e42fbd1f96163be0c8113f34437a8bbbd38819 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Wed, 2 Aug 2017 14:47:13 +0100
Subject: [PATCH 294/578] Add missing documentation and fix file doc strings

---
 tests/scripts/generate_code.py    | 210 +++++++++++++++---------------
 tests/scripts/generate_code_ut.py |  53 ++++----
 tests/scripts/mbedtls_test.py     | 112 +++++++++++-----
 3 files changed, 213 insertions(+), 162 deletions(-)

diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index 58020f100..6b373159c 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -1,46 +1,44 @@
+# Test suites code generator.
+#
+# Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+
 """
-  Test suites code generator.
+Test Suite code generator.
 
-  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
-  SPDX-License-Identifier: Apache-2.0
+Generates a test source file using following input files:
 
-  Licensed under the Apache License, Version 2.0 (the "License"); you may
-  not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-
-  This file is part of mbed TLS (https://tls.mbed.org)
+test_suite_xyz.function - Read test functions from test suite functions file.
+test_suite_xyz.data - Read test functions and their dependencies to generate
+                      dispatch and dependency check code.
+main template - Substitute generated test function dispatch code, dependency
+                checking code.
+platform .function - Read host or target platform implementation for
+                     dispatching test cases from .data file.
+helper .function - Read common reusable functions.
 """
 
+
 import os
 import re
 import argparse
 import shutil
 
 
-"""
-Generates code in following structure.
-
-<output dir>/
- |-- mbedtls/
- |   |-- <test suite #1>/
- |   |    |-- main.c
- |   |    |-- *.data files
- |   ...
- |   |-- <test suite #n>/
- |   |    |-- main.c
- |   |    |-- *.data files
- |   |
-"""
-
-
 BEGIN_HEADER_REGEX = '/\*\s*BEGIN_HEADER\s*\*/'
 END_HEADER_REGEX = '/\*\s*END_HEADER\s*\*/'
 
@@ -67,7 +65,7 @@ class FileWrapper(file):
         """
         Init file handle.
         
-        :param file_name: 
+        :param file_name: File path to open.
         """
         super(FileWrapper, self).__init__(file_name, 'r')
         self.line_no = 0
@@ -75,7 +73,7 @@ class FileWrapper(file):
     def next(self):
         """
         Iterator return impl.
-        :return: 
+        :return: Line read from file.
         """
         line = super(FileWrapper, self).next()
         if line:
@@ -86,13 +84,19 @@ class FileWrapper(file):
         """
         Wrap the base class readline.
         
-        :param limit: 
-        :return: 
+        :param limit: limit to match file.readline([limit])
+        :return: Line read from file.
         """
         return self.next()
 
 
 def split_dep(dep):
+    """
+    Split NOT character '!' from dependency. Used by gen_deps()
+
+    :param dep: Dependency list
+    :return: list of tuples where index 0 has '!' if there was a '!' before the dependency string
+    """
     return ('!', dep[1:]) if dep[0] == '!' else ('', dep)
 
 
@@ -100,8 +104,8 @@ def gen_deps(deps):
     """
     Generates dependency i.e. if def and endif code
 
-    :param deps:
-    :return:
+    :param deps: List of dependencies.
+    :return: if defined and endif code with macro annotations for readability.
     """
     dep_start = ''.join(['#if %sdefined(%s)\n' % split_dep(x) for x in deps])
     dep_end = ''.join(['#endif /* %s */\n' % x for x in reversed(deps)])
@@ -113,8 +117,8 @@ def gen_deps_one_line(deps):
     """
     Generates dependency checks in one line. Useful for writing code in #else case.
 
-    :param deps:
-    :return:
+    :param deps: List of dependencies.
+    :return: ifdef code
     """
     defines = ('#if ' if len(deps) else '') + ' && '.join(['%sdefined(%s)' % split_dep(x) for x in deps])
     return defines
@@ -122,12 +126,12 @@ def gen_deps_one_line(deps):
 
 def gen_function_wrapper(name, locals, args_dispatch):
     """
-    Creates test function code
+    Creates test function wrapper code. A wrapper has the code to unpack parameters from parameters[] array.
 
-    :param name:
-    :param locals:
-    :param args_dispatch:
-    :return:
+    :param name: Test function name
+    :param locals: Local variables declaration code
+    :param args_dispatch: List of dispatch arguments. Ex: ['(char *)params[0]', '*((int *)params[1])']
+    :return: Test function wrapper.
     """
     # Then create the wrapper
     wrapper = '''
@@ -145,11 +149,11 @@ void {name}_wrapper( void ** params )
 
 def gen_dispatch(name, deps):
     """
-    Generates dispatch condition for the functions.
+    Generates dispatch code for the test function table.
 
-    :param name:
-    :param deps:
-    :return:
+    :param name: Test function name
+    :param deps: List of dependencies
+    :return: Dispatch code.
     """
     if len(deps):
         ifdef = gen_deps_one_line(deps)
@@ -172,8 +176,8 @@ def parse_suite_headers(funcs_f):
     """
     Parses function headers.
     
-    :param funcs_f: 
-    :return: 
+    :param funcs_f: file object for .functions file
+    :return: Test suite headers code
     """
     headers = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
     for line in funcs_f:
@@ -188,10 +192,10 @@ def parse_suite_headers(funcs_f):
 
 def parse_suite_deps(funcs_f):
     """
-    Parses function dependencies.
+    Parses test suite dependencies.
     
-    :param funcs_f: 
-    :return: 
+    :param funcs_f: file object for .functions file
+    :return: List of test suite dependencies.
     """
     deps = []
     for line in funcs_f:
@@ -208,9 +212,10 @@ def parse_suite_deps(funcs_f):
 
 def parse_function_deps(line):
     """
+    Parses function dependencies.
     
-    :param line: 
-    :return: 
+    :param line: Line from .functions file that has dependencies.
+    :return: List of dependencies.
     """
     deps = []
     m = re.search(BEGIN_CASE_REGEX, line)
@@ -226,8 +231,8 @@ def parse_function_signature(line):
     """
     Parsing function signature
     
-    :param line: 
-    :return: 
+    :param line: Line from .functions file that has a function signature.
+    :return: function name, argument list, local variables for wrapper function and argument dispatch code.
     """
     args = []
     locals = ''
@@ -265,12 +270,12 @@ def parse_function_signature(line):
 
 def parse_function_code(funcs_f, deps, suite_deps):
     """
+    Parses out a function from function file object and generates function and dispatch code.
     
-    :param line_no: 
-    :param funcs_f: 
-    :param deps:
-    :param suite_deps:
-    :return: 
+    :param funcs_f: file object of the functions file.
+    :param deps: List of dependencies
+    :param suite_deps: List of test suite dependencies
+    :return: Function name, arguments, function code and dispatch code.
     """
     code = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
     for line in funcs_f:
@@ -315,8 +320,9 @@ def parse_functions(funcs_f):
     """
     Returns functions code pieces
     
-    :param funcs_f: 
-    :return:
+    :param funcs_f: file object of the functions file.
+    :return: List of test suite dependencies, test function dispatch code, function code and
+             a dict with function identifiers and arguments info.
     """
     suite_headers = ''
     suite_deps = []
@@ -354,9 +360,9 @@ def escaped_split(str, ch):
     Since return value is used to write back to the intermediate data file. 
     Any escape characters in the input are retained in the output.
 
-    :param str:
-    :param ch:
-    :return:
+    :param str: String to split
+    :param ch: split character
+    :return: List of splits
     """
     if len(ch) > 1:
         raise ValueError('Expected split character. Found string!')
@@ -379,8 +385,8 @@ def parse_test_data(data_f, debug=False):
     """
     Parses .data file
     
-    :param data_f: 
-    :return: 
+    :param data_f: file object of the data file.
+    :return: Generator that yields test name, function name, dependency list and function argument list.
     """
     STATE_READ_NAME = 0
     STATE_READ_ARGS = 1
@@ -423,9 +429,9 @@ def gen_dep_check(dep_id, dep):
     """
     Generate code for the dependency.
     
-    :param dep_id: 
-    :param dep: 
-    :return: 
+    :param dep_id: Dependency identifier
+    :param dep: Dependency macro
+    :return: Dependency check code
     """
     assert dep_id > -1, "Dependency Id should be a positive integer."
     noT, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
@@ -447,9 +453,9 @@ def gen_expression_check(exp_id, exp):
     """
     Generates code for expression check
     
-    :param exp_id: 
-    :param exp: 
-    :return: 
+    :param exp_id: Expression Identifier
+    :param exp: Expression/Macro
+    :return: Expression check code
     """
     assert exp_id > -1, "Expression Id should be a positive integer."
     assert len(exp) > 0, "Expression should not be an empty string."
@@ -467,10 +473,10 @@ def write_deps(out_data_f, test_deps, unique_deps):
     Write dependencies to intermediate test data file.
     It also returns dependency check code.
       
-    :param out_data_f:
-    :param dep: 
-    :param unique_deps: 
-    :return: 
+    :param out_data_f: Output intermediate data file
+    :param test_deps: Dependencies
+    :param unique_deps: Mutable list to track unique dependencies that are global to this re-entrant function.
+    :return: returns dependency check code.
     """
     dep_check_code = ''
     if len(test_deps):
@@ -492,11 +498,11 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
     Writes test parameters to the intermediate data file.
     Also generates expression code.
      
-    :param out_data_f: 
-    :param test_args: 
-    :param func_args:
-    :param unique_expressions: 
-    :return: 
+    :param out_data_f: Output intermediate data file
+    :param test_args: Test parameters
+    :param func_args: Function arguments
+    :param unique_expressions: Mutable list to track unique expressions that are global to this re-entrant function.
+    :return: Returns expression check code.
     """
     expression_code = ''
     for i in xrange(len(test_args)):
@@ -524,10 +530,10 @@ def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
     """
     Adds preprocessor checks for test suite dependencies.
     
-    :param suite_deps: 
-    :param dep_check_code: 
-    :param expression_code: 
-    :return: 
+    :param suite_deps: Test suite dependencies read from the .functions file.
+    :param dep_check_code: Dependency check code
+    :param expression_code: Expression check code
+    :return: Dependency and expression code guarded by test suite dependencies.
     """
     if len(suite_deps):
         ifdef = gen_deps_one_line(suite_deps)
@@ -548,11 +554,11 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     """
     Generates dependency checks, expression code and intermediate data file from test data file.
     
-    :param data_f: 
-    :param out_data_f:
-    :param func_info: 
-    :param suite_deps:
-    :return: 
+    :param data_f: Data file object
+    :param out_data_f:Output intermediate data file
+    :param func_info: Dict keyed by function and with function id and arguments info
+    :param suite_deps: Test suite deps
+    :return: Returns dependency and expression check code
     """
     unique_deps = []
     unique_expressions = []
@@ -586,14 +592,14 @@ def generate_code(funcs_file, data_file, template_file, platform_file, help_file
     """
     Generate mbed-os test code.
 
-    :param funcs_file:
-    :param dat  a_file:
-    :param template_file:
-    :param platform_file:
-    :param help_file:
-    :param suites_dir:
-    :param c_file:
-    :param out_data_file:
+    :param funcs_file: Functions file object
+    :param data_file: Data file object
+    :param template_file: Template file object
+    :param platform_file: Platform file object
+    :param help_file: Helper functions file object
+    :param suites_dir: Test suites dir
+    :param c_file: Output C file object
+    :param out_data_file: Output intermediate data file object
     :return:
     """
     for name, path in [('Functions file', funcs_file),
diff --git a/tests/scripts/generate_code_ut.py b/tests/scripts/generate_code_ut.py
index 4baeeafad..bc9f6b6a5 100644
--- a/tests/scripts/generate_code_ut.py
+++ b/tests/scripts/generate_code_ut.py
@@ -1,19 +1,22 @@
-"""
-mbed TLS
-Copyright (c) 2017 ARM Limited
+# Unit test for generate_code.py
+#
+# Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
 from StringIO import StringIO
 from unittest import TestCase, main as unittest_main
 from mock import patch
@@ -425,7 +428,7 @@ class ParseFuncSignature(TestCase):
 
     def test_int_and_char_params(self):
         """
-        
+        Test int and char parameters parsing
         :return: 
         """
         line = 'void entropy_threshold( char * a, int b, int result )'
@@ -437,7 +440,7 @@ class ParseFuncSignature(TestCase):
 
     def test_hex_params(self):
         """
-        
+        Test hex parameters parsing
         :return: 
         """
         line = 'void entropy_threshold( char * a, HexParam_t * h, int result )'
@@ -449,7 +452,7 @@ class ParseFuncSignature(TestCase):
 
     def test_non_void_function(self):
         """
-        
+        Test invalid signature (non void).
         :return: 
         """
         line = 'int entropy_threshold( char * a, HexParam_t * h, int result )'
@@ -457,7 +460,7 @@ class ParseFuncSignature(TestCase):
 
     def test_unsupported_arg(self):
         """
-        
+        Test unsupported arguments (not among int, char * and HexParam_t)
         :return: 
         """
         line = 'int entropy_threshold( char * a, HexParam_t * h, int * result )'
@@ -465,7 +468,7 @@ class ParseFuncSignature(TestCase):
 
     def test_no_params(self):
         """
-        
+        Test no parameters.
         :return: 
         """
         line = 'void entropy_threshold()'
@@ -483,7 +486,7 @@ class ParseFunctionCode(TestCase):
 
     def test_no_function(self):
         """
-        
+        Test no test function found.
         :return: 
         """
         data = '''
@@ -496,7 +499,7 @@ function
 
     def test_no_end_case_comment(self):
         """
-        
+        Test missing end case.
         :return: 
         """
         data = '''
@@ -510,7 +513,7 @@ void test_func()
     @patch("generate_code.parse_function_signature")
     def test_parse_function_signature_called(self, parse_function_signature_mock):
         """
-        
+        Test parse_function_code()
         :return: 
         """
         parse_function_signature_mock.return_value = ('test_func', [], '', [])
@@ -533,7 +536,7 @@ void test_func()
                                              gen_deps_mock,
                                              gen_dispatch_mock):
         """
-        
+        Test generated code.
         :return: 
         """
         parse_function_signature_mock.return_value = ('func', [], '', [])
@@ -578,7 +581,7 @@ exit:
                            gen_deps_mock,
                            gen_dispatch_mock):
         """
-        
+        Test when exit label is present.
         :return: 
         """
         parse_function_signature_mock.return_value = ('func', [], '', [])
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index b8f8a3752..7dba1b2fb 100644
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -1,24 +1,33 @@
+# Greentea host test script for on-target tests.
+#
+# Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+
+
 """
-  Greentea host test script for on-target tests.
+Greentea host test script for on-target tests.
 
-  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
-  SPDX-License-Identifier: Apache-2.0
-
-  Licensed under the Apache License, Version 2.0 (the "License"); you may
-  not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-
-  This file is part of mbed TLS (https://tls.mbed.org)
+Host test script for testing mbed TLS test suites on target. Implements
+BaseHostTest to handle key,value pairs (events) coming from mbed TLS
+tests. Reads data file corresponding to the executing binary and dispatches
+test cases.
 """
 
+
 import re
 import os
 import binascii
@@ -38,7 +47,9 @@ class TestDataParser(object):
 
     def parse(self, data_file):
         """
+        Data file parser.
 
+        :param data_file: Data file path
         """
         with open(data_file, 'r') as f:
             self.__parse(f)
@@ -46,6 +57,11 @@ class TestDataParser(object):
     @staticmethod
     def __escaped_split(str, ch):
         """
+        Splits str on ch except when escaped.
+
+        :param str: String to split
+        :param ch: Split character
+        :return: List of splits
         """
         if len(ch) > 1:
             raise ValueError('Expected split character. Found string!')
@@ -65,6 +81,10 @@ class TestDataParser(object):
 
     def __parse(self, file):
         """
+        Parses data file using supplied file object.
+
+        :param file: Data file object
+        :return:
         """
         for line in file:
             line = line.strip()
@@ -93,6 +113,7 @@ class TestDataParser(object):
 
     def get_test_data(self):
         """
+        Returns test data.
         """
         return self.tests
 
@@ -115,6 +136,7 @@ class MbedTlsTest(BaseHostTest):
 
     def __init__(self):
         """
+        Constructor initialises test index to 0.
         """
         super(MbedTlsTest, self).__init__()
         self.tests = []
@@ -130,6 +152,7 @@ class MbedTlsTest(BaseHostTest):
 
     def setup(self):
         """
+        Setup hook implementation. Reads test suite data file and parses out tests.
         """
         binary_path = self.get_config_item('image_path')
         script_dir = os.path.split(os.path.abspath(__file__))[0]
@@ -148,6 +171,7 @@ class MbedTlsTest(BaseHostTest):
 
     def print_test_info(self):
         """
+        Prints test summary read by Greentea to detect test cases.
         """
         self.log('{{__testcase_count;%d}}' % len(self.tests))
         for name, _, _, _ in self.tests:
@@ -156,7 +180,7 @@ class MbedTlsTest(BaseHostTest):
     @staticmethod
     def align_32bit(b):
         """
-        4 byte aligns byte array.
+        4 byte aligns input byte array.
 
         :return:
         """
@@ -167,8 +191,8 @@ class MbedTlsTest(BaseHostTest):
         """
         Converts Hex string representation to byte array
 
-        :param hex_str:
-        :return:
+        :param hex_str: Hex in string format.
+        :return: Output Byte array
         """
         assert hex_str[0] == '"' and hex_str[len(hex_str) - 1] == '"', \
             "HEX test parameter missing '\"': %s" % hex_str
@@ -183,8 +207,8 @@ class MbedTlsTest(BaseHostTest):
         """
         Coverts i to bytearray in big endian format.
 
-        :param i:
-        :return:
+        :param i: Input integer
+        :return: Output bytes array in big endian or network order
         """
         b = bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
         return b
@@ -193,10 +217,10 @@ class MbedTlsTest(BaseHostTest):
         """
         Converts test vector into a byte array that can be sent to the target.
 
-        :param function_id:
-        :param deps:
-        :param parameters:
-        :return:
+        :param function_id: Test Function Identifier
+        :param deps: Dependency list
+        :param parameters: Test function input parameters
+        :return: Byte array and its length
         """
         b = bytearray([len(deps)])
         if len(deps):
@@ -243,10 +267,10 @@ class MbedTlsTest(BaseHostTest):
         """
         Runs the test.
 
-        :param name:
-        :param function_id:
-        :param deps:
-        :param args:
+        :param name: Test name
+        :param function_id: function identifier
+        :param deps: Dependencies list
+        :param args: test parameters
         :return:
         """
         self.log("Running: %s" % name)
@@ -256,6 +280,11 @@ class MbedTlsTest(BaseHostTest):
 
     @staticmethod
     def get_result(value):
+        """
+        Converts result from string type to integer
+        :param value: Result code in string
+        :return: Integer result code
+        """
         try:
             return int(value)
         except ValueError:
@@ -264,13 +293,25 @@ class MbedTlsTest(BaseHostTest):
 
     @event_callback('GO')
     def on_go(self, key, value, timestamp):
+        """
+        Called on key "GO". Kicks off test execution.
+
+        :param key: Event key
+        :param value: Value. ignored
+        :param timestamp: Timestamp ignored.
+        :return:
+        """
         self.run_next_test()
 
     @event_callback("R")
     def on_result(self, key, value, timestamp):
         """
-        Handle result.
+        Handle result. Prints test start, finish prints required by Greentea to detect test execution.
 
+        :param key: Event key
+        :param value: Value. ignored
+        :param timestamp: Timestamp ignored.
+        :return:
         """
         int_val = self.get_result(value)
         name, function, deps, args = self.tests[self.test_index]
@@ -282,11 +323,12 @@ class MbedTlsTest(BaseHostTest):
     @event_callback("F")
     def on_failure(self, key, value, timestamp):
         """
-        Handles test execution failure. Hence marking test as skipped.
+        Handles test execution failure. That means dependency not supported or
+        Test function not supported. Hence marking test as skipped.
 
-        :param key:
-        :param value:
-        :param timestamp:
+        :param key: Event key
+        :param value: Value. ignored
+        :param timestamp: Timestamp ignored.
         :return:
         """
         int_val = self.get_result(value)

From 317efe85e180d71127b3b68862d1e63fcf303bb6 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Wed, 2 Aug 2017 17:33:54 +0100
Subject: [PATCH 295/578] Adapt new test gcm_bad_parameters() to on target
 testing changes

---
 tests/suites/test_suite_gcm.function | 30 ++++++----------------------
 1 file changed, 6 insertions(+), 24 deletions(-)

diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index c0e799c19..b3d212a50 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -9,41 +9,23 @@
 
 /* BEGIN_CASE */
 void gcm_bad_parameters( int cipher_id, int direction,
-                         char *hex_key_string, char *hex_src_string,
-                         char *hex_iv_string, char *hex_add_string,
+                         HexParam_t *key_str, HexParam_t *src_str,
+                         HexParam_t *iv_str, HexParam_t *add_str,
                          int tag_len_bits, int gcm_result )
 {
-    unsigned char key_str[128];
-    unsigned char src_str[128];
-    unsigned char dst_str[257];
-    unsigned char iv_str[128];
-    unsigned char add_str[128];
-    unsigned char tag_str[128];
     unsigned char output[128];
     unsigned char tag_output[16];
     mbedtls_gcm_context ctx;
-    unsigned int key_len;
-    size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8;
+    size_t tag_len = tag_len_bits / 8;
 
     mbedtls_gcm_init( &ctx );
 
-    memset( key_str, 0x00, sizeof( key_str ) );
-    memset( src_str, 0x00, sizeof( src_str ) );
-    memset( dst_str, 0x00, sizeof( dst_str ) );
-    memset( iv_str, 0x00, sizeof( iv_str ) );
-    memset( add_str, 0x00, sizeof( add_str ) );
-    memset( tag_str, 0x00, sizeof( tag_str ) );
     memset( output, 0x00, sizeof( output ) );
     memset( tag_output, 0x00, sizeof( tag_output ) );
 
-    key_len = unhexify( key_str, hex_key_string );
-    pt_len = unhexify( src_str, hex_src_string );
-    iv_len = unhexify( iv_str, hex_iv_string );
-    add_len = unhexify( add_str, hex_add_string );
-
-    TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 );
-    TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len,
-                 add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result );
+    TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
+    TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, src_str->len, iv_str->x, iv_str->len,
+                 add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == gcm_result );
 
 exit:
     mbedtls_gcm_free( &ctx );

From 36e5fac0fbf67625016220fd0ff5f0affe5852c9 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 8 Sep 2017 17:23:23 +0100
Subject: [PATCH 296/578] Rephrase confusing function description

---
 tests/suites/target_test.function | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
index 0bafe454f..596194707 100644
--- a/tests/suites/target_test.function
+++ b/tests/suites/target_test.function
@@ -17,7 +17,7 @@
     assert( sizeof( *( p ) ) == sizeof( *( start ) ) );         \
     /* <= is checked to support use inside a loop where         \
        pointer is incremented after reading data.       */      \
-    assert( (uint32_t)( ( ( p ) - ( start ) ) + step ) <= len );\
+    assert( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
     ( p ) += step;                                              \
 }                                                               \
 while( 0 )
@@ -156,7 +156,8 @@ uint8_t * receive_data( uint32_t * data_len )
 }
 
 /**
- * \brief       Parses received byte array and finds number of hex parameters.
+ * \brief       Find count of hex arguments(test function arguments) in the
+ *              received binary data.
  *
  * \param count     Parameter count
  * \param data      Received Byte array

From 05d83fa40669a8aa29569074b061fc1a73a6b74b Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Sun, 10 Sep 2017 22:57:19 +0100
Subject: [PATCH 297/578] Put parentheses around macro arguments

---
 tests/suites/target_test.function | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
index 596194707..f662eee86 100644
--- a/tests/suites/target_test.function
+++ b/tests/suites/target_test.function
@@ -18,7 +18,7 @@
     /* <= is checked to support use inside a loop where         \
        pointer is incremented after reading data.       */      \
     assert( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
-    ( p ) += step;                                              \
+    ( p ) += ( step );                                          \
 }                                                               \
 while( 0 )
 
@@ -34,7 +34,7 @@ while( 0 )
 #define ALIGN_32BIT(p, start, len) do           \
 {                                               \
     uint32_t align = ( - (uintptr_t)( p ) ) % 4;\
-    INCR_ASSERT(p, start, len, align);          \
+    INCR_ASSERT( ( p ), ( start ), ( len ), align);\
 }                                               \
 while( 0 )
 
@@ -156,8 +156,8 @@ uint8_t * receive_data( uint32_t * data_len )
 }
 
 /**
- * \brief       Find count of hex arguments(test function arguments) in the
- *              received binary data.
+ * \brief       Parse the received byte array and count the number of arguments
+ *              to the test function passed as type hex.
  *
  * \param count     Parameter count
  * \param data      Received Byte array

From b522929666ed4dcc4f6dce9827c828642d7a5b72 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 6 Feb 2018 13:08:01 +0000
Subject: [PATCH 298/578] Add support for per test suite helper functions

---
 .gitignore                        |  3 ++
 tests/scripts/generate_code.py    | 20 ++++++++----
 tests/scripts/generate_code_ut.py | 51 ++++++++++++++++++++++---------
 3 files changed, 53 insertions(+), 21 deletions(-)

diff --git a/.gitignore b/.gitignore
index fee2a31cd..f40064d5b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,5 +21,8 @@ massif-*
 *.ilk
 *.lib
 
+# Python build artifacts:
+*.pyc
+
 # CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
 *.dir/
diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_code.py
index 6b373159c..b6ee968cf 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_code.py
@@ -42,6 +42,9 @@ import shutil
 BEGIN_HEADER_REGEX = '/\*\s*BEGIN_HEADER\s*\*/'
 END_HEADER_REGEX = '/\*\s*END_HEADER\s*\*/'
 
+BEGIN_SUITE_HELPERS_REGEX = '/\*\s*BEGIN_SUITE_HELPERS\s*\*/'
+END_SUITE_HELPERS_REGEX = '/\*\s*END_SUITE_HELPERS\s*\*/'
+
 BEGIN_DEP_REGEX = 'BEGIN_DEPENDENCIES'
 END_DEP_REGEX = 'END_DEPENDENCIES'
 
@@ -172,20 +175,21 @@ def gen_dispatch(name, deps):
     return dispatch_code
 
 
-def parse_suite_headers(funcs_f):
+def parse_until_pattern(funcs_f, end_regex):
     """
-    Parses function headers.
+    Parses function headers or helper code until end pattern.
     
     :param funcs_f: file object for .functions file
+    :param end_regex: Pattern to stop parsing
     :return: Test suite headers code
     """
     headers = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
     for line in funcs_f:
-        if re.search(END_HEADER_REGEX, line):
+        if re.search(end_regex, line):
             break
         headers += line
     else:
-        raise InvalidFileFormat("file: %s - end header pattern [%s] not found!" % (funcs_f.name, END_HEADER_REGEX))
+        raise InvalidFileFormat("file: %s - end pattern [%s] not found!" % (funcs_f.name, end_regex))
 
     return headers
 
@@ -325,6 +329,7 @@ def parse_functions(funcs_f):
              a dict with function identifiers and arguments info.
     """
     suite_headers = ''
+    suite_helpers = ''
     suite_deps = []
     suite_functions = ''
     func_info = {}
@@ -332,8 +337,11 @@ def parse_functions(funcs_f):
     dispatch_code = ''
     for line in funcs_f:
         if re.search(BEGIN_HEADER_REGEX, line):
-            headers = parse_suite_headers(funcs_f)
+            headers = parse_until_pattern(funcs_f, END_HEADER_REGEX)
             suite_headers += headers
+        elif re.search(BEGIN_SUITE_HELPERS_REGEX, line):
+            helpers = parse_until_pattern(funcs_f, END_SUITE_HELPERS_REGEX)
+            suite_helpers += helpers
         elif re.search(BEGIN_DEP_REGEX, line):
             deps = parse_suite_deps(funcs_f)
             suite_deps += deps
@@ -350,7 +358,7 @@ def parse_functions(funcs_f):
             function_idx += 1
 
     ifdef, endif = gen_deps(suite_deps)
-    func_code = ifdef + suite_headers + suite_functions + endif
+    func_code = ifdef + suite_headers + suite_helpers + suite_functions + endif
     return suite_deps, dispatch_code, func_code, func_info
 
 
diff --git a/tests/scripts/generate_code_ut.py b/tests/scripts/generate_code_ut.py
index bc9f6b6a5..383f029ab 100644
--- a/tests/scripts/generate_code_ut.py
+++ b/tests/scripts/generate_code_ut.py
@@ -280,9 +280,9 @@ class StringIOWrapper(StringIO, object):
         return line
 
 
-class ParseSuiteHeaders(TestCase):
+class ParseUntilPattern(TestCase):
     """
-    Test Suite for testing parse_suite_headers().
+    Test Suite for testing parse_until_pattern().
     """
 
     def test_suite_headers(self):
@@ -302,7 +302,7 @@ class ParseSuiteHeaders(TestCase):
 #define ECP_PF_UNKNOWN     -1
 '''
         s = StringIOWrapper('test_suite_ut.function', data, line_no=0)
-        headers = parse_suite_headers(s)
+        headers = parse_until_pattern(s, END_HEADER_REGEX)
         self.assertEqual(headers, expected)
 
     def test_line_no(self):
@@ -323,7 +323,7 @@ class ParseSuiteHeaders(TestCase):
 #define ECP_PF_UNKNOWN     -1
 ''' % (offset_line_no + 1)
         s = StringIOWrapper('test_suite_ut.function', data, offset_line_no)
-        headers = parse_suite_headers(s)
+        headers = parse_until_pattern(s, END_HEADER_REGEX)
         self.assertEqual(headers, expected)
 
     def test_no_end_header_comment(self):
@@ -337,7 +337,7 @@ class ParseSuiteHeaders(TestCase):
 
 '''
         s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(InvalidFileFormat, parse_suite_headers, s)
+        self.assertRaises(InvalidFileFormat, parse_until_pattern, s, END_HEADER_REGEX)
 
 
 class ParseSuiteDeps(TestCase):
@@ -620,15 +620,15 @@ class ParseFunction(TestCase):
     Test Suite for testing parse_functions()
     """
 
-    @patch("generate_code.parse_suite_headers")
-    def test_begin_header(self, parse_suite_headers_mock):
+    @patch("generate_code.parse_until_pattern")
+    def test_begin_header(self, parse_until_pattern_mock):
         """
-        Test that begin header is checked and parse_suite_headers() is called.
+        Test that begin header is checked and parse_until_pattern() is called.
         :return: 
         """
         def stop(this):
             raise Exception
-        parse_suite_headers_mock.side_effect = stop
+        parse_until_pattern_mock.side_effect = stop
         data = '''/* BEGIN_HEADER */
 #include "mbedtls/ecp.h"
 
@@ -637,13 +637,34 @@ class ParseFunction(TestCase):
 '''
         s = StringIOWrapper('test_suite_ut.function', data)
         self.assertRaises(Exception, parse_functions, s)
-        parse_suite_headers_mock.assert_called_with(s)
+        parse_until_pattern_mock.assert_called_with(s, END_HEADER_REGEX)
+        self.assertEqual(s.line_no, 2)
+
+    @patch("generate_code.parse_until_pattern")
+    def test_begin_helper(self, parse_until_pattern_mock):
+        """
+        Test that begin helper is checked and parse_until_pattern() is called.
+        :return: 
+        """
+        def stop(this):
+            raise Exception
+        parse_until_pattern_mock.side_effect = stop
+        data = '''/* BEGIN_SUITE_HELPERS */
+void print_helloworld()
+{
+    printf ("Hello World!\n");
+}
+/* END_SUITE_HELPERS */
+'''
+        s = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, s)
+        parse_until_pattern_mock.assert_called_with(s, END_SUITE_HELPERS_REGEX)
         self.assertEqual(s.line_no, 2)
 
     @patch("generate_code.parse_suite_deps")
     def test_begin_dep(self, parse_suite_deps_mock):
         """
-        Test that begin header is checked and parse_suite_headers() is called.
+        Test that begin dep is checked and parse_suite_deps() is called.
         :return: 
         """
         def stop(this):
@@ -662,7 +683,7 @@ class ParseFunction(TestCase):
     @patch("generate_code.parse_function_deps")
     def test_begin_function_dep(self, parse_function_deps_mock):
         """
-        Test that begin header is checked and parse_suite_headers() is called.
+        Test that begin dep is checked and parse_function_deps() is called.
         :return: 
         """
         def stop(this):
@@ -683,7 +704,7 @@ class ParseFunction(TestCase):
     @patch("generate_code.parse_function_deps")
     def test_return(self, parse_function_deps_mock, parse_function_code_mock):
         """
-        Test that begin header is checked and parse_suite_headers() is called.
+        Test that begin case is checked and parse_function_code() is called.
         :return: 
         """
         def stop(this):
@@ -718,7 +739,7 @@ class ParseFunction(TestCase):
 
     def test_parsing(self):
         """
-        Test that begin header is checked and parse_suite_headers() is called.
+        Test case parsing.
         :return: 
         """
         data = '''/* BEGIN_HEADER */
@@ -811,7 +832,7 @@ void test_func2_wrapper( void ** params )
 
     def test_same_function_name(self):
         """
-        Test that begin header is checked and parse_suite_headers() is called.
+        Test name conflict.
         :return: 
         """
         data = '''/* BEGIN_HEADER */

From 7eb55687c4d33117f8428c692312dce0a3a9e913 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 6 Feb 2018 22:23:45 +0000
Subject: [PATCH 299/578] Set OS specific python executable name

---
 tests/Makefile | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 5e1458a0e..8b2af476b 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -50,6 +50,15 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
+# Python executable
+ifndef PYTHON
+ifdef WINDOWS
+PYTHON=python
+else
+PYTHON=python2
+endif
+endif
+
 APPS =	test_suite_aes.ecb	test_suite_aes.cbc		\
 	test_suite_aes.cfb	test_suite_aes.ofb		\
 	test_suite_aes.xts					\
@@ -188,7 +197,7 @@ C_FILES := $(addsuffix .c,$(APPS))
 .SECONDEXPANSION:
 $(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/host_test.function
 	echo "  Gen   $@"
-	python scripts/generate_code.py -f suites/$(func.$*).function \
+	$(PYTHON) scripts/generate_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
 		-p suites/host_test.function \
@@ -223,7 +232,7 @@ EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
 .SECONDEXPANSION:
 $(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/target_test.function
 	echo "  Gen  ./TESTS/mbedtls/$*/$*.c"
-	python scripts/generate_code.py -f suites/$(func.$*).function \
+	$(PYTHON) scripts/generate_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
 		-p suites/target_test.function \

From 78befd90191f535110356998618e1afd295d32d1 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 6 Mar 2018 11:49:41 +0000
Subject: [PATCH 300/578] Rename generate_code.py -> generate_test_code.py

---
 tests/CMakeLists.txt                          |  4 +-
 tests/Makefile                                |  8 ++--
 ...generate_code.py => generate_test_code.py} |  2 +-
 tests/scripts/mbedtls_test.py                 |  2 +-
 ..._code_ut.py => test_generate_test_code.py} | 44 +++++++++----------
 5 files changed, 30 insertions(+), 30 deletions(-)
 rename tests/scripts/{generate_code.py => generate_test_code.py} (99%)
 rename tests/scripts/{generate_code_ut.py => test_generate_test_code.py} (97%)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index e24bf4e6e..7b66dcfe4 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -29,8 +29,8 @@ function(add_test_suite suite_name)
 
     add_custom_command(
         OUTPUT test_suite_${data_name}.c
-        COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --help-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
-        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
+        COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --help-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
     )
 
     include_directories(${CMAKE_CURRENT_SOURCE_DIR})
diff --git a/tests/Makefile b/tests/Makefile
index 8b2af476b..b3ab03665 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -195,9 +195,9 @@ $(DEP):
 C_FILES := $(addsuffix .c,$(APPS))
 
 .SECONDEXPANSION:
-$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/host_test.function
+$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function
 	echo "  Gen   $@"
-	$(PYTHON) scripts/generate_code.py -f suites/$(func.$*).function \
+	$(PYTHON) scripts/generate_test_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
 		-p suites/host_test.function \
@@ -230,9 +230,9 @@ EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
 # Generate test code for target.
 
 .SECONDEXPANSION:
-$(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_code.py suites/helpers.function suites/main_test.function suites/target_test.function
+$(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function
 	echo "  Gen  ./TESTS/mbedtls/$*/$*.c"
-	$(PYTHON) scripts/generate_code.py -f suites/$(func.$*).function \
+	$(PYTHON) scripts/generate_test_code.py -f suites/$(func.$*).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
 		-p suites/target_test.function \
diff --git a/tests/scripts/generate_code.py b/tests/scripts/generate_test_code.py
similarity index 99%
rename from tests/scripts/generate_code.py
rename to tests/scripts/generate_test_code.py
index b6ee968cf..38b0d7547 100644
--- a/tests/scripts/generate_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -1,6 +1,6 @@
 # Test suites code generator.
 #
-# Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+# Copyright (C) 2018, ARM Limited, All Rights Reserved
 # SPDX-License-Identifier: Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 7dba1b2fb..b825f1359 100644
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -1,6 +1,6 @@
 # Greentea host test script for on-target tests.
 #
-# Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+# Copyright (C) 2018, ARM Limited, All Rights Reserved
 # SPDX-License-Identifier: Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/tests/scripts/generate_code_ut.py b/tests/scripts/test_generate_test_code.py
similarity index 97%
rename from tests/scripts/generate_code_ut.py
rename to tests/scripts/test_generate_test_code.py
index 383f029ab..08b6fb3a6 100644
--- a/tests/scripts/generate_code_ut.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -1,6 +1,6 @@
-# Unit test for generate_code.py
+# Unit test for generate_test_code.py
 #
-# Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+# Copyright (C) 2018, ARM Limited, All Rights Reserved
 # SPDX-License-Identifier: Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -20,11 +20,11 @@
 from StringIO import StringIO
 from unittest import TestCase, main as unittest_main
 from mock import patch
-from generate_code import *
+from generate_test_code import *
 
 
 """
-Unit tests for generate_code.py
+Unit tests for generate_test_code.py
 """
 
 
@@ -510,7 +510,7 @@ void test_func()
         s = StringIOWrapper('test_suite_ut.function', data)
         self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
 
-    @patch("generate_code.parse_function_signature")
+    @patch("generate_test_code.parse_function_signature")
     def test_parse_function_signature_called(self, parse_function_signature_mock):
         """
         Test parse_function_code()
@@ -527,10 +527,10 @@ void test_func()
         self.assertTrue(parse_function_signature_mock.called)
         parse_function_signature_mock.assert_called_with('void test_func()\n')
 
-    @patch("generate_code.gen_dispatch")
-    @patch("generate_code.gen_deps")
-    @patch("generate_code.gen_function_wrapper")
-    @patch("generate_code.parse_function_signature")
+    @patch("generate_test_code.gen_dispatch")
+    @patch("generate_test_code.gen_deps")
+    @patch("generate_test_code.gen_function_wrapper")
+    @patch("generate_test_code.parse_function_signature")
     def test_return(self, parse_function_signature_mock,
                                              gen_function_wrapper_mock,
                                              gen_deps_mock,
@@ -572,10 +572,10 @@ exit:
         self.assertEqual(code, expected)
         self.assertEqual(dispatch_code, "\n    test_func_wrapper,\n")
 
-    @patch("generate_code.gen_dispatch")
-    @patch("generate_code.gen_deps")
-    @patch("generate_code.gen_function_wrapper")
-    @patch("generate_code.parse_function_signature")
+    @patch("generate_test_code.gen_dispatch")
+    @patch("generate_test_code.gen_deps")
+    @patch("generate_test_code.gen_function_wrapper")
+    @patch("generate_test_code.parse_function_signature")
     def test_with_exit_label(self, parse_function_signature_mock,
                            gen_function_wrapper_mock,
                            gen_deps_mock,
@@ -620,7 +620,7 @@ class ParseFunction(TestCase):
     Test Suite for testing parse_functions()
     """
 
-    @patch("generate_code.parse_until_pattern")
+    @patch("generate_test_code.parse_until_pattern")
     def test_begin_header(self, parse_until_pattern_mock):
         """
         Test that begin header is checked and parse_until_pattern() is called.
@@ -640,7 +640,7 @@ class ParseFunction(TestCase):
         parse_until_pattern_mock.assert_called_with(s, END_HEADER_REGEX)
         self.assertEqual(s.line_no, 2)
 
-    @patch("generate_code.parse_until_pattern")
+    @patch("generate_test_code.parse_until_pattern")
     def test_begin_helper(self, parse_until_pattern_mock):
         """
         Test that begin helper is checked and parse_until_pattern() is called.
@@ -661,7 +661,7 @@ void print_helloworld()
         parse_until_pattern_mock.assert_called_with(s, END_SUITE_HELPERS_REGEX)
         self.assertEqual(s.line_no, 2)
 
-    @patch("generate_code.parse_suite_deps")
+    @patch("generate_test_code.parse_suite_deps")
     def test_begin_dep(self, parse_suite_deps_mock):
         """
         Test that begin dep is checked and parse_suite_deps() is called.
@@ -680,7 +680,7 @@ void print_helloworld()
         parse_suite_deps_mock.assert_called_with(s)
         self.assertEqual(s.line_no, 2)
 
-    @patch("generate_code.parse_function_deps")
+    @patch("generate_test_code.parse_function_deps")
     def test_begin_function_dep(self, parse_function_deps_mock):
         """
         Test that begin dep is checked and parse_function_deps() is called.
@@ -700,8 +700,8 @@ void print_helloworld()
         parse_function_deps_mock.assert_called_with(deps_str)
         self.assertEqual(s.line_no, 2)
 
-    @patch("generate_code.parse_function_code")
-    @patch("generate_code.parse_function_deps")
+    @patch("generate_test_code.parse_function_code")
+    @patch("generate_test_code.parse_function_deps")
     def test_return(self, parse_function_deps_mock, parse_function_code_mock):
         """
         Test that begin case is checked and parse_function_code() is called.
@@ -1390,9 +1390,9 @@ class GenFromTestData(TestCase):
     Test suite for gen_from_test_data()
     """
 
-    @patch("generate_code.write_deps")
-    @patch("generate_code.write_parameters")
-    @patch("generate_code.gen_suite_deps_checks")
+    @patch("generate_test_code.write_deps")
+    @patch("generate_test_code.write_parameters")
+    @patch("generate_test_code.gen_suite_deps_checks")
     def test_intermediate_data_file(self, gen_suite_deps_checks_mock, write_parameters_mock, write_deps_mock):
         """
         Test that intermediate data file is written with expected data.

From 1ec7e6f3d9dfc7c513f798fcae9b668d46c578e5 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Wed, 11 Apr 2018 23:46:37 +0100
Subject: [PATCH 301/578] Python3 compatible generate_test_code.py

---
 tests/scripts/generate_test_code.py | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)
 mode change 100644 => 100755 tests/scripts/generate_test_code.py

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
old mode 100644
new mode 100755
index 38b0d7547..bf4ddb82c
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -1,3 +1,4 @@
+#!/usr/bin/env python3
 # Test suites code generator.
 #
 # Copyright (C) 2018, ARM Limited, All Rights Reserved
@@ -33,8 +34,10 @@ helper .function - Read common reusable functions.
 """
 
 
+import io
 import os
 import re
+import sys
 import argparse
 import shutil
 
@@ -59,7 +62,7 @@ class InvalidFileFormat(Exception):
     pass
 
 
-class FileWrapper(file):
+class FileWrapper(io.FileIO):
     """
     File wrapper class. Provides reading with line no. tracking. 
     """
@@ -73,24 +76,17 @@ class FileWrapper(file):
         super(FileWrapper, self).__init__(file_name, 'r')
         self.line_no = 0
 
-    def next(self):
+    def __next__(self):
         """
         Iterator return impl.
         :return: Line read from file.
         """
-        line = super(FileWrapper, self).next()
+        line = super(FileWrapper, self).__next__()
         if line:
             self.line_no += 1
-        return line
-
-    def readline(self, limit=0):
-        """
-        Wrap the base class readline.
-        
-        :param limit: limit to match file.readline([limit])
-        :return: Line read from file.
-        """
-        return self.next()
+            # Convert byte array to string with correct encoding
+            return line.decode(sys.getdefaultencoding())
+        return None
 
 
 def split_dep(dep):
@@ -513,7 +509,7 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
     :return: Returns expression check code.
     """
     expression_code = ''
-    for i in xrange(len(test_args)):
+    for i in range(len(test_args)):
         typ = func_args[i]
         val = test_args[i]
 

From 76135345c82a87fb9e76bbdaa110f3ca441c6033 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Thu, 12 Apr 2018 13:23:01 +0100
Subject: [PATCH 302/578] Fix gcc-7 -Wformat-truncation warning

Function test_snprintf() is called by run_test_snprintf() with constant test
data. It gets inlined and is subjected to snprintf format truncation checks
introduced by -Wformat-truncation in gcc-7. -Wformat-truncation is turned
On by -Wall and other similar options. It results in error with -Werror.

-Wformat-truncation makes tests performed by run_test_snprintf() redundant
on gcc. But they are still relevant for other compilers. This commit prevents
inlining of test_snprintf() to avoid gcc compile time checks.
---
 tests/suites/host_test.function | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index a4a5a8265..12431805f 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -339,6 +339,8 @@ static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
     char buf[10] = "xxxxxxxxx";
     const char ref[10] = "xxxxxxxxx";
 
+    if( n >= sizeof( buf ) )
+        return( -1 );
     ret = mbedtls_snprintf( buf, n, "%s", "123" );
     if( ret < 0 || (size_t) ret >= n )
         ret = -1;

From ddde34c698ad9302d024eed20c68813fbb4277fa Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Thu, 17 May 2018 11:41:32 +0100
Subject: [PATCH 303/578] Remove git conflict marker from
 test_suite_timing.function

---
 tests/suites/test_suite_timing.function | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 6e949c86b..1610155fb 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -53,7 +53,6 @@ static int timers_are_badly_broken = 0;
  * END_DEPENDENCIES
  */
 
-<<<<<<< HEAD
 /* BEGIN_CASE */
 void timing_timer_simple( )
 {

From b73159d6396f1e32980976e73155cc48b6d384c6 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Wed, 13 Jun 2018 16:31:26 +0100
Subject: [PATCH 304/578] Remove white spaces caught by check-files.py

---
 tests/scripts/generate_test_code.py      |  34 ++--
 tests/scripts/test_generate_test_code.py | 190 +++++++++++------------
 tests/suites/main_test.function          |   2 +-
 3 files changed, 113 insertions(+), 113 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index bf4ddb82c..3ff7a41d9 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -57,20 +57,20 @@ END_CASE_REGEX = '/\*\s*END_CASE\s*\*/'
 
 class InvalidFileFormat(Exception):
     """
-    Exception to indicate invalid file format. 
+    Exception to indicate invalid file format.
     """
     pass
 
 
 class FileWrapper(io.FileIO):
     """
-    File wrapper class. Provides reading with line no. tracking. 
+    File wrapper class. Provides reading with line no. tracking.
     """
 
     def __init__(self, file_name):
         """
         Init file handle.
-        
+
         :param file_name: File path to open.
         """
         super(FileWrapper, self).__init__(file_name, 'r')
@@ -174,7 +174,7 @@ def gen_dispatch(name, deps):
 def parse_until_pattern(funcs_f, end_regex):
     """
     Parses function headers or helper code until end pattern.
-    
+
     :param funcs_f: file object for .functions file
     :param end_regex: Pattern to stop parsing
     :return: Test suite headers code
@@ -193,7 +193,7 @@ def parse_until_pattern(funcs_f, end_regex):
 def parse_suite_deps(funcs_f):
     """
     Parses test suite dependencies.
-    
+
     :param funcs_f: file object for .functions file
     :return: List of test suite dependencies.
     """
@@ -213,7 +213,7 @@ def parse_suite_deps(funcs_f):
 def parse_function_deps(line):
     """
     Parses function dependencies.
-    
+
     :param line: Line from .functions file that has dependencies.
     :return: List of dependencies.
     """
@@ -230,7 +230,7 @@ def parse_function_deps(line):
 def parse_function_signature(line):
     """
     Parsing function signature
-    
+
     :param line: Line from .functions file that has a function signature.
     :return: function name, argument list, local variables for wrapper function and argument dispatch code.
     """
@@ -271,7 +271,7 @@ def parse_function_signature(line):
 def parse_function_code(funcs_f, deps, suite_deps):
     """
     Parses out a function from function file object and generates function and dispatch code.
-    
+
     :param funcs_f: file object of the functions file.
     :param deps: List of dependencies
     :param suite_deps: List of test suite dependencies
@@ -319,7 +319,7 @@ def parse_function_code(funcs_f, deps, suite_deps):
 def parse_functions(funcs_f):
     """
     Returns functions code pieces
-    
+
     :param funcs_f: file object of the functions file.
     :return: List of test suite dependencies, test function dispatch code, function code and
              a dict with function identifiers and arguments info.
@@ -361,7 +361,7 @@ def parse_functions(funcs_f):
 def escaped_split(str, ch):
     """
     Split str on character ch but ignore escaped \{ch}
-    Since return value is used to write back to the intermediate data file. 
+    Since return value is used to write back to the intermediate data file.
     Any escape characters in the input are retained in the output.
 
     :param str: String to split
@@ -388,7 +388,7 @@ def escaped_split(str, ch):
 def parse_test_data(data_f, debug=False):
     """
     Parses .data file
-    
+
     :param data_f: file object of the data file.
     :return: Generator that yields test name, function name, dependency list and function argument list.
     """
@@ -432,7 +432,7 @@ def parse_test_data(data_f, debug=False):
 def gen_dep_check(dep_id, dep):
     """
     Generate code for the dependency.
-    
+
     :param dep_id: Dependency identifier
     :param dep: Dependency macro
     :return: Dependency check code
@@ -456,7 +456,7 @@ def gen_dep_check(dep_id, dep):
 def gen_expression_check(exp_id, exp):
     """
     Generates code for expression check
-    
+
     :param exp_id: Expression Identifier
     :param exp: Expression/Macro
     :return: Expression check code
@@ -476,7 +476,7 @@ def write_deps(out_data_f, test_deps, unique_deps):
     """
     Write dependencies to intermediate test data file.
     It also returns dependency check code.
-      
+
     :param out_data_f: Output intermediate data file
     :param test_deps: Dependencies
     :param unique_deps: Mutable list to track unique dependencies that are global to this re-entrant function.
@@ -501,7 +501,7 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
     """
     Writes test parameters to the intermediate data file.
     Also generates expression code.
-     
+
     :param out_data_f: Output intermediate data file
     :param test_args: Test parameters
     :param func_args: Function arguments
@@ -533,7 +533,7 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
 def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
     """
     Adds preprocessor checks for test suite dependencies.
-    
+
     :param suite_deps: Test suite dependencies read from the .functions file.
     :param dep_check_code: Dependency check code
     :param expression_code: Expression check code
@@ -557,7 +557,7 @@ def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
 def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     """
     Generates dependency checks, expression code and intermediate data file from test data file.
-    
+
     :param data_f: Data file object
     :param out_data_f:Output intermediate data file
     :param func_info: Dict keyed by function and with function id and arguments info
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index 08b6fb3a6..4e225dc56 100644
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -36,7 +36,7 @@ class GenDep(TestCase):
     def test_deps_list(self):
         """
         Test that gen_dep() correctly creates deps for given dependency list.
-        :return: 
+        :return:
         """
         deps = ['DEP1', 'DEP2']
         dep_start, dep_end = gen_deps(deps)
@@ -50,7 +50,7 @@ class GenDep(TestCase):
     def test_disabled_deps_list(self):
         """
         Test that gen_dep() correctly creates deps for given dependency list.
-        :return: 
+        :return:
         """
         deps = ['!DEP1', '!DEP2']
         dep_start, dep_end = gen_deps(deps)
@@ -64,7 +64,7 @@ class GenDep(TestCase):
     def test_mixed_deps_list(self):
         """
         Test that gen_dep() correctly creates deps for given dependency list.
-        :return: 
+        :return:
         """
         deps = ['!DEP1', 'DEP2']
         dep_start, dep_end = gen_deps(deps)
@@ -78,7 +78,7 @@ class GenDep(TestCase):
     def test_empty_deps_list(self):
         """
         Test that gen_dep() correctly creates deps for given dependency list.
-        :return: 
+        :return:
         """
         deps = []
         dep_start, dep_end = gen_deps(deps)
@@ -88,7 +88,7 @@ class GenDep(TestCase):
     def test_large_deps_list(self):
         """
         Test that gen_dep() correctly creates deps for given dependency list.
-        :return: 
+        :return:
         """
         deps = []
         count = 10
@@ -107,7 +107,7 @@ class GenDepOneLine(TestCase):
     def test_deps_list(self):
         """
         Test that gen_dep() correctly creates deps for given dependency list.
-        :return: 
+        :return:
         """
         deps = ['DEP1', 'DEP2']
         dep_str = gen_deps_one_line(deps)
@@ -162,14 +162,14 @@ class GenFunctionWrapper(TestCase):
     def test_params_unpack(self):
         """
         Test that params are properly unpacked in the function call.
-        
-        :return: 
+
+        :return:
         """
         code = gen_function_wrapper('test_a', '', ('a', 'b', 'c', 'd'))
         expected = '''
 void test_a_wrapper( void ** params )
 {
-    
+
 
     test_a( a, b, c, d );
 }
@@ -179,14 +179,14 @@ void test_a_wrapper( void ** params )
     def test_local(self):
         """
         Test that params are properly unpacked in the function call.
-        
-        :return: 
+
+        :return:
         """
         code = gen_function_wrapper('test_a', 'int x = 1;', ('x', 'b', 'c', 'd'))
         expected = '''
 void test_a_wrapper( void ** params )
 {
-    
+
 int x = 1;
     test_a( x, b, c, d );
 }
@@ -196,8 +196,8 @@ int x = 1;
     def test_empty_params(self):
         """
         Test that params are properly unpacked in the function call.
-        
-        :return: 
+
+        :return:
         """
         code = gen_function_wrapper('test_a', '', ())
         expected = '''
@@ -219,7 +219,7 @@ class GenDispatch(TestCase):
     def test_dispatch(self):
         """
         Test that dispatch table entry is generated correctly.
-        :return: 
+        :return:
         """
         code = gen_dispatch('test_a', ['DEP1', 'DEP2'])
         expected = '''
@@ -234,7 +234,7 @@ class GenDispatch(TestCase):
     def test_empty_deps(self):
         """
         Test empty dependency list.
-        :return: 
+        :return:
         """
         code = gen_dispatch('test_a', [])
         expected = '''
@@ -250,8 +250,8 @@ class StringIOWrapper(StringIO, object):
     def __init__(self, file_name, data, line_no = 1):
         """
         Init file handle.
-        
-        :param file_name: 
+
+        :param file_name:
         :param data:
         :param line_no:
         """
@@ -262,7 +262,7 @@ class StringIOWrapper(StringIO, object):
     def next(self):
         """
         Iterator return impl.
-        :return: 
+        :return:
         """
         line = super(StringIOWrapper, self).next()
         return line
@@ -270,9 +270,9 @@ class StringIOWrapper(StringIO, object):
     def readline(self, limit=0):
         """
         Wrap the base class readline.
-        
-        :param limit: 
-        :return: 
+
+        :param limit:
+        :return:
         """
         line = super(StringIOWrapper, self).readline()
         if line:
@@ -288,8 +288,8 @@ class ParseUntilPattern(TestCase):
     def test_suite_headers(self):
         """
         Test that suite headers are parsed correctly.
-        
-        :return: 
+
+        :return:
         """
         data = '''#include "mbedtls/ecp.h"
 
@@ -307,9 +307,9 @@ class ParseUntilPattern(TestCase):
 
     def test_line_no(self):
         """
-        Test that #line is set to correct line no. in source .function file. 
-        
-        :return: 
+        Test that #line is set to correct line no. in source .function file.
+
+        :return:
         """
         data = '''#include "mbedtls/ecp.h"
 
@@ -329,7 +329,7 @@ class ParseUntilPattern(TestCase):
     def test_no_end_header_comment(self):
         """
         Test that InvalidFileFormat is raised when end header comment is missing.
-        :return: 
+        :return:
         """
         data = '''#include "mbedtls/ecp.h"
 
@@ -347,8 +347,8 @@ class ParseSuiteDeps(TestCase):
 
     def test_suite_deps(self):
         """
-        
-        :return: 
+
+        :return:
         """
         data = '''
  * depends_on:MBEDTLS_ECP_C
@@ -363,7 +363,7 @@ class ParseSuiteDeps(TestCase):
     def test_no_end_dep_comment(self):
         """
         Test that InvalidFileFormat is raised when end dep comment is missing.
-        :return: 
+        :return:
         """
         data = '''
 * depends_on:MBEDTLS_ECP_C
@@ -374,10 +374,10 @@ class ParseSuiteDeps(TestCase):
     def test_deps_split(self):
         """
         Test that InvalidFileFormat is raised when end dep comment is missing.
-        :return: 
+        :return:
         """
         data = '''
- * depends_on:MBEDTLS_ECP_C:A:B:   C  : D :F : G: !H 
+ * depends_on:MBEDTLS_ECP_C:A:B:   C  : D :F : G: !H
  * END_DEPENDENCIES
  */
 '''
@@ -389,13 +389,13 @@ class ParseSuiteDeps(TestCase):
 
 class ParseFuncDeps(TestCase):
     """
-    Test Suite for testing parse_function_deps() 
+    Test Suite for testing parse_function_deps()
     """
 
     def test_function_deps(self):
         """
         Test that parse_function_deps() correctly parses function dependencies.
-        :return: 
+        :return:
         """
         line = '/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */'
         expected = ['MBEDTLS_ENTROPY_NV_SEED', 'MBEDTLS_FS_IO']
@@ -405,7 +405,7 @@ class ParseFuncDeps(TestCase):
     def test_no_deps(self):
         """
         Test that parse_function_deps() correctly parses function dependencies.
-        :return: 
+        :return:
         """
         line = '/* BEGIN_CASE */'
         deps = parse_function_deps(line)
@@ -414,7 +414,7 @@ class ParseFuncDeps(TestCase):
     def test_poorly_defined_deps(self):
         """
         Test that parse_function_deps() correctly parses function dependencies.
-        :return: 
+        :return:
         """
         line = '/* BEGIN_CASE depends_on:MBEDTLS_FS_IO: A : !B:C : F*/'
         deps = parse_function_deps(line)
@@ -423,13 +423,13 @@ class ParseFuncDeps(TestCase):
 
 class ParseFuncSignature(TestCase):
     """
-    Test Suite for parse_function_signature(). 
+    Test Suite for parse_function_signature().
     """
 
     def test_int_and_char_params(self):
         """
         Test int and char parameters parsing
-        :return: 
+        :return:
         """
         line = 'void entropy_threshold( char * a, int b, int result )'
         name, args, local, arg_dispatch = parse_function_signature(line)
@@ -441,7 +441,7 @@ class ParseFuncSignature(TestCase):
     def test_hex_params(self):
         """
         Test hex parameters parsing
-        :return: 
+        :return:
         """
         line = 'void entropy_threshold( char * a, HexParam_t * h, int result )'
         name, args, local, arg_dispatch = parse_function_signature(line)
@@ -453,7 +453,7 @@ class ParseFuncSignature(TestCase):
     def test_non_void_function(self):
         """
         Test invalid signature (non void).
-        :return: 
+        :return:
         """
         line = 'int entropy_threshold( char * a, HexParam_t * h, int result )'
         self.assertRaises(ValueError, parse_function_signature, line)
@@ -461,7 +461,7 @@ class ParseFuncSignature(TestCase):
     def test_unsupported_arg(self):
         """
         Test unsupported arguments (not among int, char * and HexParam_t)
-        :return: 
+        :return:
         """
         line = 'int entropy_threshold( char * a, HexParam_t * h, int * result )'
         self.assertRaises(ValueError, parse_function_signature, line)
@@ -469,7 +469,7 @@ class ParseFuncSignature(TestCase):
     def test_no_params(self):
         """
         Test no parameters.
-        :return: 
+        :return:
         """
         line = 'void entropy_threshold()'
         name, args, local, arg_dispatch = parse_function_signature(line)
@@ -487,7 +487,7 @@ class ParseFunctionCode(TestCase):
     def test_no_function(self):
         """
         Test no test function found.
-        :return: 
+        :return:
         """
         data = '''
 No
@@ -500,7 +500,7 @@ function
     def test_no_end_case_comment(self):
         """
         Test missing end case.
-        :return: 
+        :return:
         """
         data = '''
 void test_func()
@@ -514,7 +514,7 @@ void test_func()
     def test_parse_function_signature_called(self, parse_function_signature_mock):
         """
         Test parse_function_code()
-        :return: 
+        :return:
         """
         parse_function_signature_mock.return_value = ('test_func', [], '', [])
         data = '''
@@ -537,7 +537,7 @@ void test_func()
                                              gen_dispatch_mock):
         """
         Test generated code.
-        :return: 
+        :return:
         """
         parse_function_signature_mock.return_value = ('func', [], '', [])
         gen_function_wrapper_mock.return_value = ''
@@ -582,7 +582,7 @@ exit:
                            gen_dispatch_mock):
         """
         Test when exit label is present.
-        :return: 
+        :return:
         """
         parse_function_signature_mock.return_value = ('func', [], '', [])
         gen_function_wrapper_mock.return_value = ''
@@ -624,7 +624,7 @@ class ParseFunction(TestCase):
     def test_begin_header(self, parse_until_pattern_mock):
         """
         Test that begin header is checked and parse_until_pattern() is called.
-        :return: 
+        :return:
         """
         def stop(this):
             raise Exception
@@ -644,7 +644,7 @@ class ParseFunction(TestCase):
     def test_begin_helper(self, parse_until_pattern_mock):
         """
         Test that begin helper is checked and parse_until_pattern() is called.
-        :return: 
+        :return:
         """
         def stop(this):
             raise Exception
@@ -665,7 +665,7 @@ void print_helloworld()
     def test_begin_dep(self, parse_suite_deps_mock):
         """
         Test that begin dep is checked and parse_suite_deps() is called.
-        :return: 
+        :return:
         """
         def stop(this):
             raise Exception
@@ -684,7 +684,7 @@ void print_helloworld()
     def test_begin_function_dep(self, parse_function_deps_mock):
         """
         Test that begin dep is checked and parse_function_deps() is called.
-        :return: 
+        :return:
         """
         def stop(this):
             raise Exception
@@ -705,7 +705,7 @@ void print_helloworld()
     def test_return(self, parse_function_deps_mock, parse_function_code_mock):
         """
         Test that begin case is checked and parse_function_code() is called.
-        :return: 
+        :return:
         """
         def stop(this):
             raise Exception
@@ -740,7 +740,7 @@ void print_helloworld()
     def test_parsing(self):
         """
         Test case parsing.
-        :return: 
+        :return:
         """
         data = '''/* BEGIN_HEADER */
 #include "mbedtls/ecp.h"
@@ -833,7 +833,7 @@ void test_func2_wrapper( void ** params )
     def test_same_function_name(self):
         """
         Test name conflict.
-        :return: 
+        :return:
         """
         data = '''/* BEGIN_HEADER */
 #include "mbedtls/ecp.h"
@@ -872,14 +872,14 @@ class ExcapedSplit(TestCase):
     def test_invalid_input(self):
         """
         Test when input split character is not a character.
-        :return: 
+        :return:
         """
         self.assertRaises(ValueError, escaped_split, '', 'string')
 
     def test_empty_string(self):
         """
         Test empty strig input.
-        :return: 
+        :return:
         """
         splits = escaped_split('', ':')
         self.assertEqual(splits, [])
@@ -887,7 +887,7 @@ class ExcapedSplit(TestCase):
     def test_no_escape(self):
         """
         Test with no escape character. The behaviour should be same as str.split()
-        :return: 
+        :return:
         """
         s = 'yahoo:google'
         splits = escaped_split(s, ':')
@@ -896,7 +896,7 @@ class ExcapedSplit(TestCase):
     def test_escaped_input(self):
         """
         Test imput that has escaped delimiter.
-        :return: 
+        :return:
         """
         s = 'yahoo\:google:facebook'
         splits = escaped_split(s, ':')
@@ -905,7 +905,7 @@ class ExcapedSplit(TestCase):
     def test_escaped_escape(self):
         """
         Test imput that has escaped delimiter.
-        :return: 
+        :return:
         """
         s = 'yahoo\\\:google:facebook'
         splits = escaped_split(s, ':')
@@ -914,7 +914,7 @@ class ExcapedSplit(TestCase):
     def test_all_at_once(self):
         """
         Test imput that has escaped delimiter.
-        :return: 
+        :return:
         """
         s = 'yahoo\\\:google:facebook\:instagram\\\:bbc\\\\:wikipedia'
         splits = escaped_split(s, ':')
@@ -929,7 +929,7 @@ class ParseTestData(TestCase):
     def test_parser(self):
         """
         Test that tests are parsed correctly from data file.
-        :return: 
+        :return:
         """
         data = """
 Diffie-Hellman full exchange #1
@@ -970,7 +970,7 @@ dhm_selftest:
     def test_with_dependencies(self):
         """
         Test that tests with dependencies are parsed.
-        :return: 
+        :return:
         """
         data = """
 Diffie-Hellman full exchange #1
@@ -997,7 +997,7 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
     def test_no_args(self):
         """
         Test AssertionError is raised when test function name and args line is missing.
-        :return: 
+        :return:
         """
         data = """
 Diffie-Hellman full exchange #1
@@ -1020,7 +1020,7 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
     def test_incomplete_data(self):
         """
         Test AssertionError is raised when test function name and args line is missing.
-        :return: 
+        :return:
         """
         data = """
 Diffie-Hellman full exchange #1
@@ -1038,13 +1038,13 @@ depends_on:YAHOO
 
 class GenDepCheck(TestCase):
     """
-    Test suite for gen_dep_check(). It is assumed this function is called with valid inputs. 
+    Test suite for gen_dep_check(). It is assumed this function is called with valid inputs.
     """
 
     def test_gen_dep_check(self):
         """
         Test that dependency check code generated correctly.
-        :return: 
+        :return:
         """
         expected = """
         case 5:
@@ -1062,7 +1062,7 @@ class GenDepCheck(TestCase):
     def test_noT(self):
         """
         Test dependency with !.
-        :return: 
+        :return:
         """
         expected = """
         case 5:
@@ -1080,27 +1080,27 @@ class GenDepCheck(TestCase):
     def test_empty_dependency(self):
         """
         Test invalid dependency input.
-        :return: 
+        :return:
         """
         self.assertRaises(AssertionError, gen_dep_check, 5, '!')
 
     def test_negative_dep_id(self):
         """
         Test invalid dependency input.
-        :return: 
+        :return:
         """
         self.assertRaises(AssertionError, gen_dep_check, -1, 'YAHOO')
 
 
 class GenExpCheck(TestCase):
     """
-    Test suite for gen_expression_check(). It is assumed this function is called with valid inputs. 
+    Test suite for gen_expression_check(). It is assumed this function is called with valid inputs.
     """
 
     def test_gen_exp_check(self):
         """
         Test that expression check code generated correctly.
-        :return: 
+        :return:
         """
         expected = """
         case 5:
@@ -1114,14 +1114,14 @@ class GenExpCheck(TestCase):
     def test_invalid_expression(self):
         """
         Test invalid expression input.
-        :return: 
+        :return:
         """
         self.assertRaises(AssertionError, gen_expression_check, 5, '')
 
     def test_negative_exp_id(self):
         """
         Test invalid expression id.
-        :return: 
+        :return:
         """
         self.assertRaises(AssertionError, gen_expression_check, -1, 'YAHOO')
 
@@ -1134,7 +1134,7 @@ class WriteDeps(TestCase):
     def test_no_test_deps(self):
         """
         Test when test_deps is empty.
-        :return: 
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_deps = []
@@ -1145,8 +1145,8 @@ class WriteDeps(TestCase):
 
     def test_unique_dep_ids(self):
         """
-        
-        :return: 
+
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_deps = []
@@ -1185,8 +1185,8 @@ class WriteDeps(TestCase):
 
     def test_dep_id_repeat(self):
         """
-        
-        :return: 
+
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_deps = []
@@ -1235,7 +1235,7 @@ class WriteParams(TestCase):
     def test_no_params(self):
         """
         Test with empty test_args
-        :return: 
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
@@ -1247,7 +1247,7 @@ class WriteParams(TestCase):
     def test_no_exp_param(self):
         """
         Test when there is no macro or expression in the params.
-        :return: 
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
@@ -1260,7 +1260,7 @@ class WriteParams(TestCase):
     def test_hex_format_int_param(self):
         """
         Test int parameter in hex format.
-        :return: 
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
@@ -1273,7 +1273,7 @@ class WriteParams(TestCase):
     def test_with_exp_param(self):
         """
         Test when there is macro or expression in the params.
-        :return: 
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
@@ -1304,7 +1304,7 @@ class WriteParams(TestCase):
     def test_with_repeate_calls(self):
         """
         Test when write_parameter() is called with same macro or expression.
-        :return: 
+        :return:
         """
         s = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
@@ -1343,13 +1343,13 @@ class WriteParams(TestCase):
 
 class GenTestSuiteDepsChecks(TestCase):
     """
-    
+
     """
     def test_empty_suite_deps(self):
         """
         Test with empty suite_deps list.
-        
-        :return: 
+
+        :return:
         """
         dep_check_code, expression_code = gen_suite_deps_checks([], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
         self.assertEqual(dep_check_code, 'DEP_CHECK_CODE')
@@ -1358,8 +1358,8 @@ class GenTestSuiteDepsChecks(TestCase):
     def test_suite_deps(self):
         """
         Test with suite_deps list.
-        
-        :return: 
+
+        :return:
         """
         dep_check_code, expression_code = gen_suite_deps_checks(['SUITE_DEP'], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
         exprectd_dep_check_code = '''
@@ -1377,8 +1377,8 @@ EXPRESSION_CODE
 
     def test_no_dep_no_exp(self):
         """
-        Test when there are no dependency and expression code. 
-        :return: 
+        Test when there are no dependency and expression code.
+        :return:
         """
         dep_check_code, expression_code = gen_suite_deps_checks([], '', '')
         self.assertEqual(dep_check_code, '')
@@ -1396,7 +1396,7 @@ class GenFromTestData(TestCase):
     def test_intermediate_data_file(self, gen_suite_deps_checks_mock, write_parameters_mock, write_deps_mock):
         """
         Test that intermediate data file is written with expected data.
-        :return: 
+        :return:
         """
         data = '''
 My test
@@ -1428,7 +1428,7 @@ func1:0
     def test_function_not_found(self):
         """
         Test that AssertError is raised when function info in not found.
-        :return: 
+        :return:
         """
         data = '''
 My test
@@ -1444,7 +1444,7 @@ func1:0
     def test_different_func_args(self):
         """
         Test that AssertError is raised when no. of parameters and function args differ.
-        :return: 
+        :return:
         """
         data = '''
 My test
@@ -1460,7 +1460,7 @@ func1:0
     def test_output(self):
         """
         Test that intermediate data file is written with expected data.
-        :return: 
+        :return:
         """
         data = '''
 My test 1
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 93b32cc31..fa8a0afee 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -130,7 +130,7 @@ typedef void (*TestWrapper_t)( void ** );
  */
 TestWrapper_t test_funcs[] =
 {{
-{dispatch_code} 
+{dispatch_code}
 #line {line_no} "suites/main_test.function"
 }};
 

From 9b06f37601bfbd69422308c163b6bb4d5d21f036 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Thu, 14 Jun 2018 10:21:42 +0100
Subject: [PATCH 305/578] Give execute permissions to Python scripts

---
 tests/scripts/mbedtls_test.py            | 0
 tests/scripts/test_generate_test_code.py | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 tests/scripts/mbedtls_test.py
 mode change 100644 => 100755 tests/scripts/test_generate_test_code.py

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
old mode 100644
new mode 100755
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
old mode 100644
new mode 100755

From 7776141a16b49ef9131d6352e0f957019e4cdfdd Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 18 Jun 2018 17:51:40 +0200
Subject: [PATCH 306/578] Don't generate lines with only whitespace

---
 tests/scripts/generate_test_code.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 3ff7a41d9..45fb1f574 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -136,11 +136,11 @@ def gen_function_wrapper(name, locals, args_dispatch):
     wrapper = '''
 void {name}_wrapper( void ** params )
 {{
-    {unused_params}
-{locals}
+{unused_params}{locals}
     {name}( {args} );
 }}
-'''.format(name=name, unused_params='(void)params;' if len(args_dispatch) == 0 else '',
+'''.format(name=name,
+           unused_params='' if args_dispatch else '    (void) params;\n',
            args=', '.join(args_dispatch),
            locals=locals)
     return wrapper

From 667f7f8369fc29aef4c14c132cdcfc1667d72e67 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 18 Jun 2018 17:51:56 +0200
Subject: [PATCH 307/578] Fix generation of #line directives in Python 2

When using Python 2 (which is done in the Makefile), all #line
directives from the test code were generated with the line number 1.
This traces back to the change in the method name for generators in
Python 2 (next) vs Python 3 (__next__). Override both methods so that
the script remains compatible with both Python 2 and Python 3.
---
 tests/scripts/generate_test_code.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 45fb1f574..78bbaa399 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -76,17 +76,24 @@ class FileWrapper(io.FileIO):
         super(FileWrapper, self).__init__(file_name, 'r')
         self.line_no = 0
 
+    # Override the generator function in a way that works in both Python 2
+    # and Python 3.
     def __next__(self):
         """
         Iterator return impl.
         :return: Line read from file.
         """
-        line = super(FileWrapper, self).__next__()
+        parent = super(FileWrapper, self)
+        if hasattr(parent, '__next__'):
+            line = parent.__next__() # Python 3
+        else:
+            line = parent.next() # Python 2
         if line:
             self.line_no += 1
             # Convert byte array to string with correct encoding
             return line.decode(sys.getdefaultencoding())
         return None
+    next = __next__
 
 
 def split_dep(dep):

From 0fa3504a77233403cb78ac1fd16a0af93b938c36 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 22 Jun 2018 11:34:33 +0100
Subject: [PATCH 308/578] Add missing MSVC typedefs

---
 tests/suites/helpers.function | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index c772af9a5..7f5a6f29a 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -25,6 +25,8 @@
 
 #ifdef _MSC_VER
 #include <basetsd.h>
+typedef UINT8 uint8_t;
+typedef INT32 int32_t;
 typedef UINT32 uint32_t;
 #define strncasecmp _strnicmp
 #define strcasecmp _stricmp

From c3521dfdd6ea34b0d5d4ae3e040953e9c4ca64b8 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 26 Jun 2018 14:06:52 +0100
Subject: [PATCH 309/578] Fix generate_test_code.py unit tests

---
 tests/scripts/generate_test_code.py      | 2 +-
 tests/scripts/test_generate_test_code.py | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 78bbaa399..f668128e6 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -147,7 +147,7 @@ void {name}_wrapper( void ** params )
     {name}( {args} );
 }}
 '''.format(name=name,
-           unused_params='' if args_dispatch else '    (void) params;\n',
+           unused_params='' if args_dispatch else '    (void)params;\n',
            args=', '.join(args_dispatch),
            locals=locals)
     return wrapper
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index 4e225dc56..a4debbae4 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -170,7 +170,6 @@ class GenFunctionWrapper(TestCase):
 void test_a_wrapper( void ** params )
 {
 
-
     test_a( a, b, c, d );
 }
 '''
@@ -186,7 +185,6 @@ void test_a_wrapper( void ** params )
         expected = '''
 void test_a_wrapper( void ** params )
 {
-
 int x = 1;
     test_a( x, b, c, d );
 }

From 3b06f226e91a2b1f41f59bd371a58b94f45f7050 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 26 Jun 2018 14:35:25 +0100
Subject: [PATCH 310/578] Replace asserts with exceptions in
 generate_test_code.py

---
 tests/scripts/generate_test_code.py      | 49 +++++++++++++++++-------
 tests/scripts/test_generate_test_code.py | 27 ++++++-------
 2 files changed, 49 insertions(+), 27 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f668128e6..22066f7e6 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -62,6 +62,13 @@ class InvalidFileFormat(Exception):
     pass
 
 
+class GeneratorInputError(Exception):
+    """
+    Exception to indicate error in the input to the generator.
+    """
+    pass
+
+
 class FileWrapper(io.FileIO):
     """
     File wrapper class. Provides reading with line no. tracking.
@@ -353,8 +360,10 @@ def parse_functions(funcs_f):
             func_name, args, func_code, func_dispatch = parse_function_code(funcs_f, deps, suite_deps)
             suite_functions += func_code
             # Generate dispatch code and enumeration info
-            assert func_name not in func_info, "file: %s - function %s re-declared at line %d" % \
-                                               (funcs_f.name, func_name, funcs_f.line_no)
+            if func_name in func_info:
+                raise GeneratorInputError(
+                    "file: %s - function %s re-declared at line %d" % \
+                    (funcs_f.name, func_name, funcs_f.line_no))
             func_info[func_name] = (function_idx, args)
             dispatch_code += '/* Function Id: %d */\n' % function_idx
             dispatch_code += func_dispatch
@@ -411,8 +420,9 @@ def parse_test_data(data_f, debug=False):
 
         # Blank line indicates end of test
         if len(line) == 0:
-            assert state != STATE_READ_ARGS, "Newline before arguments. " \
-                                                 "Test function and arguments missing for %s" % name
+            if state == STATE_READ_ARGS:
+                raise GeneratorInputError("Newline before arguments. " \
+                        "Test function and arguments missing for %s" % name)
             continue
 
         if state == STATE_READ_NAME:
@@ -432,8 +442,9 @@ def parse_test_data(data_f, debug=False):
                 yield name, function, deps, args
                 deps = []
                 state = STATE_READ_NAME
-    assert state != STATE_READ_ARGS, "Newline before arguments. " \
-                                     "Test function and arguments missing for %s" % name
+    if state == STATE_READ_ARGS:
+        raise GeneratorInputError("Newline before arguments. " \
+                "Test function and arguments missing for %s" % name)
 
 
 def gen_dep_check(dep_id, dep):
@@ -444,9 +455,11 @@ def gen_dep_check(dep_id, dep):
     :param dep: Dependency macro
     :return: Dependency check code
     """
-    assert dep_id > -1, "Dependency Id should be a positive integer."
+    if dep_id < 0:
+        raise GeneratorInputError("Dependency Id should be a positive integer.")
     noT, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
-    assert len(dep) > 0, "Dependency should not be an empty string."
+    if len(dep) == 0:
+        raise GeneratorInputError("Dependency should not be an empty string.")
     dep_check = '''
         case {id}:
             {{
@@ -468,8 +481,10 @@ def gen_expression_check(exp_id, exp):
     :param exp: Expression/Macro
     :return: Expression check code
     """
-    assert exp_id > -1, "Expression Id should be a positive integer."
-    assert len(exp) > 0, "Expression should not be an empty string."
+    if exp_id < 0:
+        raise GeneratorInputError("Expression Id should be a positive integer.")
+    if len(exp) == 0:
+        raise GeneratorInputError("Expression should not be an empty string.")
     exp_code = '''
         case {exp_id}:
             {{
@@ -583,13 +598,15 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
 
         # Write test function name
         test_function_name = 'test_' + function_name
-        assert test_function_name in func_info, "Function %s not found!" % test_function_name
+        if test_function_name not in func_info:
+            raise GeneratorInputError("Function %s not found!" % test_function_name)
         func_id, func_args = func_info[test_function_name]
         out_data_f.write(str(func_id))
 
         # Write parameters
-        assert len(test_args) == len(func_args), \
-            "Invalid number of arguments in test %s. See function %s signature." % (test_name, function_name)
+        if len(test_args) != len(func_args):
+            raise GeneratorInputError("Invalid number of arguments in test %s. See function %s signature." % (test_name,
+                        function_name))
         expression_code += write_parameters(out_data_f, test_args, func_args, unique_expressions)
 
         # Write a newline as test case separator
@@ -726,4 +743,8 @@ def check_cmd():
 
 
 if __name__ == "__main__":
-    check_cmd()
+    try:
+        check_cmd()
+    except GeneratorInputError as e:
+        script_name = os.path.basename(sys.argv[0])
+        print("%s: input error: %s" % (script_name, str(e)))
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index a4debbae4..9964ab9f6 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -1,3 +1,4 @@
+#!/usr/bin/env python
 # Unit test for generate_test_code.py
 #
 # Copyright (C) 2018, ARM Limited, All Rights Reserved
@@ -857,7 +858,7 @@ void func()
 /* END_CASE */
 '''
         s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(AssertionError, parse_functions, s)
+        self.assertRaises(GeneratorInputError, parse_functions, s)
 
 
 class ExcapedSplit(TestCase):
@@ -994,7 +995,7 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
 
     def test_no_args(self):
         """
-        Test AssertionError is raised when test function name and args line is missing.
+        Test GeneratorInputError is raised when test function name and args line is missing.
         :return:
         """
         data = """
@@ -1011,13 +1012,13 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
         try:
             for x, y, z, a in parse_test_data(s):
                 pass
-        except AssertionError, e:
+        except GeneratorInputError as e:
             pass
-        self.assertEqual(type(e), AssertionError)
+        self.assertEqual(type(e), GeneratorInputError)
 
     def test_incomplete_data(self):
         """
-        Test AssertionError is raised when test function name and args line is missing.
+        Test GeneratorInputError is raised when test function name and args line is missing.
         :return:
         """
         data = """
@@ -1029,9 +1030,9 @@ depends_on:YAHOO
         try:
             for x, y, z, a in parse_test_data(s):
                 pass
-        except AssertionError, e:
+        except GeneratorInputError as e:
             pass
-        self.assertEqual(type(e), AssertionError)
+        self.assertEqual(type(e), GeneratorInputError)
 
 
 class GenDepCheck(TestCase):
@@ -1080,14 +1081,14 @@ class GenDepCheck(TestCase):
         Test invalid dependency input.
         :return:
         """
-        self.assertRaises(AssertionError, gen_dep_check, 5, '!')
+        self.assertRaises(GeneratorInputError, gen_dep_check, 5, '!')
 
     def test_negative_dep_id(self):
         """
         Test invalid dependency input.
         :return:
         """
-        self.assertRaises(AssertionError, gen_dep_check, -1, 'YAHOO')
+        self.assertRaises(GeneratorInputError, gen_dep_check, -1, 'YAHOO')
 
 
 class GenExpCheck(TestCase):
@@ -1114,14 +1115,14 @@ class GenExpCheck(TestCase):
         Test invalid expression input.
         :return:
         """
-        self.assertRaises(AssertionError, gen_expression_check, 5, '')
+        self.assertRaises(GeneratorInputError, gen_expression_check, 5, '')
 
     def test_negative_exp_id(self):
         """
         Test invalid expression id.
         :return:
         """
-        self.assertRaises(AssertionError, gen_expression_check, -1, 'YAHOO')
+        self.assertRaises(GeneratorInputError, gen_expression_check, -1, 'YAHOO')
 
 
 class WriteDeps(TestCase):
@@ -1437,7 +1438,7 @@ func1:0
         out_data_f = StringIOWrapper('test_suite_ut.datax', '')
         func_info = {'test_func2': (1, ('int',))}
         suite_deps = []
-        self.assertRaises(AssertionError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
+        self.assertRaises(GeneratorInputError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
 
     def test_different_func_args(self):
         """
@@ -1453,7 +1454,7 @@ func1:0
         out_data_f = StringIOWrapper('test_suite_ut.datax', '')
         func_info = {'test_func2': (1, ('int','hex'))}
         suite_deps = []
-        self.assertRaises(AssertionError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
+        self.assertRaises(GeneratorInputError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
 
     def test_output(self):
         """

From 8f6e8cfcc71d91a0676378bd1d859f7193b95da2 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 26 Jun 2018 16:57:37 +0100
Subject: [PATCH 311/578] Print line number with data file error

---
 tests/scripts/generate_test_code.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 22066f7e6..c62b5b9a8 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -421,8 +421,9 @@ def parse_test_data(data_f, debug=False):
         # Blank line indicates end of test
         if len(line) == 0:
             if state == STATE_READ_ARGS:
-                raise GeneratorInputError("Newline before arguments. " \
-                        "Test function and arguments missing for %s" % name)
+                raise GeneratorInputError("[%s:%d] Newline before arguments. " \
+                        "Test function and arguments missing for %s" % \
+                        (data_f.name, data_f.line_no, name))
             continue
 
         if state == STATE_READ_NAME:
@@ -443,8 +444,9 @@ def parse_test_data(data_f, debug=False):
                 deps = []
                 state = STATE_READ_NAME
     if state == STATE_READ_ARGS:
-        raise GeneratorInputError("Newline before arguments. " \
-                "Test function and arguments missing for %s" % name)
+        raise GeneratorInputError("[%s:%d] Newline before arguments. " \
+                "Test function and arguments missing for %s" % \
+                (data_f.name, data_f.line_no, name))
 
 
 def gen_dep_check(dep_id, dep):
@@ -650,7 +652,7 @@ def generate_code(funcs_file, data_file, template_file, platform_file, help_file
                                                               out_data_file.replace('\\', '\\\\')) # escape '\'
 
     # Function code
-    with FileWrapper(funcs_file) as funcs_f, open(data_file, 'r') as data_f, open(out_data_file, 'w') as out_data_f:
+    with FileWrapper(funcs_file) as funcs_f, FileWrapper(data_file) as data_f, open(out_data_file, 'w') as out_data_f:
         suite_deps, dispatch_code, func_code, func_info = parse_functions(funcs_f)
         snippets['functions_code'] = func_code
         snippets['dispatch_code'] = dispatch_code

From 8a3628fc86f82f2cc72a6bc9cc4ac9729f5ff8fa Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 26 Jun 2018 17:30:16 +0100
Subject: [PATCH 312/578] Set PYTHON using ?= syntax

---
 tests/Makefile | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index b3ab03665..88d91ef26 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -39,10 +39,13 @@ LOCAL_LDFLAGS += -lws2_32
 ifdef SHARED
 SHARED_SUFFIX=.$(DLEXT)
 endif
+PYTHON ?= python
 else
 DLEXT ?= so
 EXEXT=
 SHARED_SUFFIX=
+# python2 for POSIX since FreeBSD has only python2 as default.
+PYTHON ?= python2
 endif
 
 # Zlib shared library extensions:
@@ -50,15 +53,6 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
-# Python executable
-ifndef PYTHON
-ifdef WINDOWS
-PYTHON=python
-else
-PYTHON=python2
-endif
-endif
-
 APPS =	test_suite_aes.ecb	test_suite_aes.cbc		\
 	test_suite_aes.cfb	test_suite_aes.ofb		\
 	test_suite_aes.xts					\

From 53faf5c96407f353e96f9891fc74637c12f7d687 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 26 Jun 2018 17:34:48 +0100
Subject: [PATCH 313/578] Widen the test app columns

---
 tests/Makefile | 94 ++++++++++++++++++++++++--------------------------
 1 file changed, 46 insertions(+), 48 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 88d91ef26..0fe8a0f25 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -53,54 +53,52 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
-APPS =	test_suite_aes.ecb	test_suite_aes.cbc		\
-	test_suite_aes.cfb	test_suite_aes.ofb		\
-	test_suite_aes.xts					\
-	test_suite_aes.rest	test_suite_arc4			\
-	test_suite_aria		test_suite_asn1write		\
-	test_suite_base64	test_suite_blowfish		\
-	test_suite_camellia	test_suite_ccm			\
-	test_suite_chacha20	test_suite_chachapoly		\
-	test_suite_cmac						\
-	test_suite_cipher.chachapoly				\
-	test_suite_cipher.aes					\
-	test_suite_cipher.arc4	test_suite_cipher.ccm		\
-	test_suite_cipher.chacha20				\
-	test_suite_cipher.gcm					\
-	test_suite_cipher.blowfish				\
-	test_suite_cipher.camellia				\
-	test_suite_cipher.des	test_suite_cipher.null		\
-	test_suite_cipher.padding				\
-	test_suite_ctr_drbg	test_suite_debug		\
-	test_suite_des		test_suite_dhm			\
-	test_suite_ecdh		test_suite_ecdsa		\
-	test_suite_ecjpake	test_suite_ecp			\
-	test_suite_error	test_suite_entropy		\
-	test_suite_gcm.aes128_de				\
-	test_suite_gcm.aes192_de				\
-	test_suite_gcm.aes256_de				\
-	test_suite_gcm.aes128_en				\
-	test_suite_gcm.aes192_en				\
-	test_suite_gcm.aes256_en				\
-	test_suite_gcm.camellia					\
-	test_suite_hkdf						\
-	test_suite_hmac_drbg.misc				\
-	test_suite_hmac_drbg.no_reseed				\
-	test_suite_hmac_drbg.nopr				\
-	test_suite_hmac_drbg.pr					\
-	test_suite_md		test_suite_mdx			\
-	test_suite_memory_buffer_alloc				\
-	test_suite_mpi						\
-	test_suite_nist_kw					\
-	test_suite_pem		test_suite_pkcs1_v15		\
-	test_suite_pkcs1_v21	test_suite_pkcs5		\
-	test_suite_pkparse	test_suite_pkwrite		\
-	test_suite_pk						\
-	test_suite_poly1305					\
-	test_suite_rsa		test_suite_shax			\
-	test_suite_ssl		test_suite_timing		\
-	test_suite_x509parse	test_suite_x509write		\
-	test_suite_xtea		test_suite_version
+APPS =	test_suite_aes.ecb		test_suite_aes.cbc		\
+	test_suite_aes.cfb		test_suite_aes.ofb		\
+	test_suite_aes.xts						\
+	test_suite_aes.rest		test_suite_arc4			\
+	test_suite_aria			test_suite_asn1write		\
+	test_suite_base64		test_suite_blowfish		\
+	test_suite_camellia		test_suite_ccm			\
+	test_suite_chacha20		test_suite_chachapoly		\
+	test_suite_aria							\
+	test_suite_cmac							\
+	test_suite_cipher.aes						\
+	test_suite_cipher.arc4		test_suite_cipher.ccm		\
+	test_suite_cipher.chacha20					\
+	test_suite_cipher.gcm						\
+	test_suite_cipher.blowfish					\
+	test_suite_cipher.camellia					\
+	test_suite_cipher.des		test_suite_cipher.null		\
+	test_suite_cipher.padding					\
+	test_suite_ctr_drbg		test_suite_debug		\
+	test_suite_des			test_suite_dhm			\
+	test_suite_ecdh			test_suite_ecdsa		\
+	test_suite_ecjpake		test_suite_ecp			\
+	test_suite_error		test_suite_entropy		\
+	test_suite_gcm.aes128_de					\
+	test_suite_gcm.aes192_de					\
+	test_suite_gcm.aes256_de					\
+	test_suite_gcm.aes128_en					\
+	test_suite_gcm.aes192_en					\
+	test_suite_gcm.aes256_en					\
+	test_suite_gcm.camellia						\
+	test_suite_hkdf							\
+	test_suite_hmac_drbg.misc					\
+	test_suite_hmac_drbg.no_reseed					\
+	test_suite_hmac_drbg.nopr					\
+	test_suite_hmac_drbg.pr						\
+	test_suite_md			test_suite_mdx			\
+	test_suite_memory_buffer_alloc					\
+	test_suite_mpi							\
+	test_suite_pem			test_suite_pkcs1_v15		\
+	test_suite_pkcs1_v21		test_suite_pkcs5		\
+	test_suite_pkparse		test_suite_pkwrite		\
+	test_suite_pk							\
+	test_suite_rsa			test_suite_shax			\
+	test_suite_ssl			test_suite_timing		\
+	test_suite_x509parse		test_suite_x509write		\
+	test_suite_xtea			test_suite_version
 
 BINARIES := $(addsuffix $(EXEXT),$(APPS))
 

From cfd834274bc03259e4209931f65ae732c539b0b1 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Tue, 26 Jun 2018 18:15:18 +0100
Subject: [PATCH 314/578] Use integer instead of string as test result

---
 tests/suites/test_suite_ccm.data     | 192 +++++++++++++--------------
 tests/suites/test_suite_ccm.function |  16 +--
 2 files changed, 99 insertions(+), 109 deletions(-)

diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 85bc3db41..a2d877841 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -1036,387 +1036,387 @@ mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"2e6e34070caf1b8820ed39edfa834
 
 CCM auth decrypt tag NIST DVPT AES-128 #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"02209f55":"5a8aa485c316e9":"":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"02209f55":"5a8aa485c316e9":"":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"9a04c241":"3796cf51b87266":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4ae701103c63deca5b5a3939d7d05992":"9a04c241":"3796cf51b87266":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"75d582db43ce9b13ab4b6f7f14341330":"5a8aa485c316e9":"":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"75d582db43ce9b13ab4b6f7f14341330":"5a8aa485c316e9":"":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3a65e03af37b81d05acc7ec1bc39deb0":"3796cf51b87266":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"3a65e03af37b81d05acc7ec1bc39deb0":"3796cf51b87266":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"90156f3f":"5a8aa485c316e9403aff859fbb":"":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"90156f3f":"5a8aa485c316e9403aff859fbb":"":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"88909016":"a16a2e741f1cd9717285b6d882":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3":"88909016":"a16a2e741f1cd9717285b6d882":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"fb04dc5a44c6bb000f2440f5154364b4":"5a8aa485c316e9403aff859fbb":"":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"fb04dc5a44c6bb000f2440f5154364b4":"5a8aa485c316e9403aff859fbb":"":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5447075bf42a59b91f08064738b015ab":"a16a2e741f1cd9717285b6d882":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5447075bf42a59b91f08064738b015ab":"a16a2e741f1cd9717285b6d882":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb703e1fa6b":"5a8aa485c316e9":"":4:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"a90e8ea44085ced791b2fdb7fd44b5cf0bd7d27718029bb703e1fa6b":"5a8aa485c316e9":"":4:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-128 #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f23e5d81c":"31f8fa25827d48":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd":"50aafe0578c115c4a8e126ff7b3ccb64dce8ccaa8ceda69f23e5d81c":"31f8fa25827d48":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f2d9a3fbc210595b7b8b1b41523111a8e":"5a8aa485c316e9":"":16:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"24ab9eeb0e5508cae80074f1070ee188a637171860881f1f2d9a3fbc210595b7b8b1b41523111a8e":"5a8aa485c316e9":"":16:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-128 #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd2463af747cc88a001fa94e060290f209c4":"31f8fa25827d48":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"7ebfda6fa5da1dbffd82dc29b875798fbcef8ba0084fbd2463af747cc88a001fa94e060290f209c4":"31f8fa25827d48":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134a3e138b9":"5a8aa485c316e9403aff859fbb":"":4:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134a3e138b9":"5a8aa485c316e9403aff859fbb":"":4:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-128 #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654091a5ae9":"49004912fdd7269279b1f06a89":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d5243":"118ec53dd1bfbe52d5b9fe5dfebecf2ee674ec983eada654091a5ae9":"49004912fdd7269279b1f06a89":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb6a9a970b9beb2ac1bd4fd62168f8378a":"5a8aa485c316e9403aff859fbb":"":16:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb6a9a970b9beb2ac1bd4fd62168f8378a":"5a8aa485c316e9403aff859fbb":"":16:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-128 #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065a65666144994bad0c8195bcb4ade1337":"49004912fdd7269279b1f06a89":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"0c56a503aa2c12e87450d45a7b714db980fd348f327c0065a65666144994bad0c8195bcb4ade1337":"49004912fdd7269279b1f06a89":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"782e4318":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"782e4318":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"a04f270a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe4829":"a04f270a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"41b476013f45e4a781f253a6f3b1e530":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"41b476013f45e4a781f253a6f3b1e530":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"f9f018fcd125822616083fffebc4c8e6":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"f9f018fcd125822616083fffebc4c8e6":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"9f69f24f":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"9f69f24f":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"e17afaa4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b":"e17afaa4":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"1859ac36a40a6b28b34266253627797a":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"1859ac36a40a6b28b34266253627797a":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"edf8b46eb69ac0044116019dec183072":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"edf8b46eb69ac0044116019dec183072":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b338f125fa":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"6be31860ca271ef448de8f8d8b39346daf4b81d7e92d65b338f125fa":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-128 #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c728a66b69":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c7571":"4cc57a9927a6bc401441870d3193bf89ebd163f5c01501c728a66b69":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b512cf3a20b7fd7c49e6e79bef475c2906f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"b351ab96b2e45515254558d5212673ee6c776d42dbca3b512cf3a20b7fd7c49e6e79bef475c2906f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-128 #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a3081d18ca149d6766bfaccec88f194eb5b":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"df1a5285caa41b4bb47f6e5ceceba4e82721828d68427a3081d18ca149d6766bfaccec88f194eb5b":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"934f893824e880f743d196b22d1f340a52608155087bd28ac25e5329":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"934f893824e880f743d196b22d1f340a52608155087bd28ac25e5329":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-128 #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a6559b3b3ee":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728c":"f43ba9d834ad85dfab3f1c0c27c3441fe4e411a38a261a6559b3b3ee":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-128 #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375c0a458bfcafa3b2609afe0f825cbf503":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"50038b5fdd364ee747b70d00bd36840ece4ea19998123375c0a458bfcafa3b2609afe0f825cbf503":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-128 #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c390042ba8bb5f6798dab01c5afad7306":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0e":"78ed8ff6b5a1255d0fbd0a719a9c27b059ff5f83d0c4962c390042ba8bb5f6798dab01c5afad7306":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"9d4b7f3b":"5a8aa485c316e9":"":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"9d4b7f3b":"5a8aa485c316e9":"":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"80745de9":"3796cf51b87266":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"c98ad7f38b2c7e970c9b965ec87a08208384718f78206c6c":"80745de9":"3796cf51b87266":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"17223038fa99d53681ca1beabe78d1b4":"5a8aa485c316e9":"":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"17223038fa99d53681ca1beabe78d1b4":"5a8aa485c316e9":"":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"d0e1eeef4d2a264536bb1c2c1bde7c35":"3796cf51b87266":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"d0e1eeef4d2a264536bb1c2c1bde7c35":"3796cf51b87266":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"fe69ed84":"5a8aa485c316e9403aff859fbb":"":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"fe69ed84":"5a8aa485c316e9403aff859fbb":"":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"db7ffc82":"a16a2e741f1cd9717285b6d882":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"4bb3c4a4f893ad8c9bdc833c325d62b3d3ad1bccf9282a65":"db7ffc82":"a16a2e741f1cd9717285b6d882":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"5a8aa485c316e9403aff859fbb":"":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"0c66a8e547ed4f8c2c9a9a1eb5d455b9":"5a8aa485c316e9403aff859fbb":"":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"38757b3a61a4dc97ca3ab88bf1240695":"a16a2e741f1cd9717285b6d882":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"38757b3a61a4dc97ca3ab88bf1240695":"a16a2e741f1cd9717285b6d882":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138cddc93a54":"5a8aa485c316e9":"":4:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"411986d04d6463100bff03f7d0bde7ea2c3488784378138cddc93a54":"5a8aa485c316e9":"":4:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-192 #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"32b649ab56162e55d4148a1292d6a225a988eb1308298273b6889036":"31f8fa25827d48":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"19ebfde2d5468ba0a3031bde629b11fd4094afcb205393fa":"32b649ab56162e55d4148a1292d6a225a988eb1308298273b6889036":"31f8fa25827d48":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8c5a5ebecf7ac8607fe412189e83d9d20":"5a8aa485c316e9":"":16:"":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"cba4b4aeb85f0492fd8d905c4a6d8233139833373ef188a8c5a5ebecf7ac8607fe412189e83d9d20":"5a8aa485c316e9":"":16:0:"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22"
 
 CCM auth decrypt tag NIST DVPT AES-192 #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6e699f15f14d34dcaf9ba8ed4b877c97d":"31f8fa25827d48":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"ca62713728b5c9d652504b0ae8fd4fee5d297ee6a8d19cb6e699f15f14d34dcaf9ba8ed4b877c97d":"31f8fa25827d48":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a34fad277":"5a8aa485c316e9403aff859fbb":"":4:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"042653c674ef2a90f7fb11d30848e530ae59478f1051633a34fad277":"5a8aa485c316e9403aff859fbb":"":4:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-192 #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5a35df775":"49004912fdd7269279b1f06a89":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"197afb02ffbd8f699dacae87094d524324576b99844f75e1":"1902d9769a7ba3d3268e1257395c8c2e5f98eef295dcbfa5a35df775":"49004912fdd7269279b1f06a89":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671ea7ade30a07d185692ab0ebdf4c78cf7a":"5a8aa485c316e9403aff859fbb":"":16:"":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"a5b7d8cca2069908d1ed88e6a9fe2c9bede3131dad54671ea7ade30a07d185692ab0ebdf4c78cf7a":"5a8aa485c316e9403aff859fbb":"":16:0:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
 
 CCM auth decrypt tag NIST DVPT AES-192 #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312ef042c86363cc05afb98c66e16be8a445":"49004912fdd7269279b1f06a89":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"9a98617fb97a0dfe466be692272dcdaec1c5443a3b51312ef042c86363cc05afb98c66e16be8a445":"49004912fdd7269279b1f06a89":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"1d089a5f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"1d089a5f":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"2f46022a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"90929a4b0ac65b350ad1591611fe48297e03956f6083e451":"2f46022a":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5280a2137fee3deefcfe9b63a1199fb3":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5280a2137fee3deefcfe9b63a1199fb3":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"d40a7318c5f2d82f838c0beeefe0d598":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"d40a7318c5f2d82f838c0beeefe0d598":"a265480ca88d5f":"a2248a882ecbf850daf91933a389e78e81623d233dfd47bf8321361a38f138fe":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5e0eaebd":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"5e0eaebd":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"71b7fc33":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"6a798d7c5e1a72b43e20ad5c7b08567b12ab744b61c070e2":"71b7fc33":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"d07ccf9fdc3d33aa94cda3d230da707c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"d07ccf9fdc3d33aa94cda3d230da707c":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"65fe32b649dc328c9f531584897e85b3":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"65fe32b649dc328c9f531584897e85b3":"8739b4bea1a099fe547499cbc6":"f6107696edb332b2ea059d8860fee26be42e5e12e1a4f79a8d0eafce1b2278a7":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"9f6ca4af9b159148c889a6584d1183ea26e2614874b0504575dea8d1":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"9f6ca4af9b159148c889a6584d1183ea26e2614874b0504575dea8d1":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":4:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-192 #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1ebd7965825":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f9fdca4ac64fe7f014de0f43039c757194d544ce5d15eed4":"84d8212e9cfc2121252baa3b065b1edcf50497b9594db1ebd7965825":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd14d1d980d6fe0fb44b421992662b97975":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:"":"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"6aab64c4787599d8f213446beadb16e08dba60e97f56dbd14d1d980d6fe0fb44b421992662b97975":"5a8aa485c316e9":"3796cf51b8726652a4204733b8fbb047cf00fb91a9837e22ec22b1a268f88e2c":16:0:"a265480ca88d5f536db0dc6abc40faf0d05be7a966977768"
 
 CCM auth decrypt tag NIST DVPT AES-192 #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa206603c51d36c826f01384100886198a7f6a3":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"4980b2ee49b1aaf393175f5ab9bae95ec7904557dfa206603c51d36c826f01384100886198a7f6a3":"fdd2d6f503c915":"5b92394f21ddc3ad49d9b0881b829a5935cb3a4d23e292a62fb66b5e7ab7020e":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854cccc25e9fce":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"16e543d0e20615ff0df15acd9927ddfe40668a54bb854cccc25e9fce":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":4:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-192 #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae98ecedb3e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a7aa635ea51b0bb20a092bd5573e728ccd4b3e8cdd2ab33d":"df35b109caf690656ae278bbd8f8bba687a2ce11b105dae98ecedb3e":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-192 #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f3178464a6f7fa2b76744e8e8d95691cecb8":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:"":"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"c5b0b2ef17498c5570eb335df4588032958ba3d69bf6f3178464a6f7fa2b76744e8e8d95691cecb8":"5a8aa485c316e9403aff859fbb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697a7ee6410184c7982":16:0:"8739b4bea1a099fe547499cbc6d1b13d849b8084c9b6acc5"
 
 CCM auth decrypt tag NIST DVPT AES-192 #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c06bd6dc2e6bcc3436cffb969ae900388":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"26511fb51fcfa75cb4b44da75a6e5a0eb8d9c8f3b906f886":"d1f0518929f4ae2f0543de2a7dfe4bb0110bb3057e524a1c06bd6dc2e6bcc3436cffb969ae900388":"0812757ad0cc4d17c4cfe7a642":"ec6c44a7e94e51a3ca6dee229098391575ec7213c85267fbf7492fdbeee61b10":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #1 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"469c90bb":"a544218dadd3c1":"":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"469c90bb":"a544218dadd3c1":"":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #2 (P=0, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"46a908ed":"d3d5424e20fbec":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"eda32f751456e33195f1f499cf2dc7c97ea127b6d488f211ccc5126fbb24afa6":"46a908ed":"d3d5424e20fbec":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #3 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8207eb14d33855a52acceed17dbcbf6e":"a544218dadd3c1":"":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8207eb14d33855a52acceed17dbcbf6e":"a544218dadd3c1":"":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #4 (P=0, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"60f8e127cb4d30db6df0622158cd931d":"d3d5424e20fbec":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"60f8e127cb4d30db6df0622158cd931d":"d3d5424e20fbec":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #5 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8a19a133":"a544218dadd3c10583db49cf39":"":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"8a19a133":"a544218dadd3c10583db49cf39":"":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #6 (P=0, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"2e317f1b":"3c0e2815d37d844f7ac240ba9d":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"e1b8a927a95efe94656677b692662000278b441c79e879dd5c0ddc758bdc9ee8":"2e317f1b":"3c0e2815d37d844f7ac240ba9d":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #7 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"97e1a8dd4259ccd2e431e057b0397fcf":"a544218dadd3c10583db49cf39":"":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"97e1a8dd4259ccd2e431e057b0397fcf":"a544218dadd3c10583db49cf39":"":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #8 (P=0, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"5a9596c511ea6a8671adefc4f2157d8b":"3c0e2815d37d844f7ac240ba9d":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"5a9596c511ea6a8671adefc4f2157d8b":"3c0e2815d37d844f7ac240ba9d":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #9 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b722aa8d59":"a544218dadd3c1":"":4:"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"64a1341679972dc5869fcf69b19d5c5ea50aa0b5e985f5b722aa8d59":"a544218dadd3c1":"":4:0:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
 
 CCM auth decrypt tag NIST DVPT AES-256 #10 (P=24, N=7, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a20277d00a75":"bfcda8b5a2d0d2":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"af063639e66c284083c5cf72b70d8bc277f5978e80d9322d99f2fdc718cda569":"c5b7f802bffc498c1626e3774f1d9f94045dfd8e1a10a20277d00a75":"bfcda8b5a2d0d2":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #11 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd374f3bb6db8377ebfc79674858c4f305":"a544218dadd3c1":"":16:"":"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bc51c3925a960e7732533e4ef3a4f69ee6826de952bcb0fd374f3bb6db8377ebfc79674858c4f305":"a544218dadd3c1":"":16:0:"d3d5424e20fbec43ae495353ed830271515ab104f8860c98"
 
 CCM auth decrypt tag NIST DVPT AES-256 #12 (P=24, N=7, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"afa1fa8e8a70e26b02161150556d604101fdf423f332c3363275f2a4907d51b734fe7238cebbd48f":"bfcda8b5a2d0d2":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"afa1fa8e8a70e26b02161150556d604101fdf423f332c3363275f2a4907d51b734fe7238cebbd48f":"bfcda8b5a2d0d2":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #13 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f4123d14fb3f":"a544218dadd3c10583db49cf39":"":4:"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"63e00d30e4b08fd2a1cc8d70fab327b2368e77a93be4f4123d14fb3f":"a544218dadd3c10583db49cf39":"":4:0:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
 
 CCM auth decrypt tag NIST DVPT AES-256 #14 (P=24, N=13, A=0, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d8d0c0099":"894dcaa61008eb8fb052c60d41":"":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"f7079dfa3b5c7b056347d7e437bcded683abd6e2c9e069d333284082cbb5d453":"bb5425b3869b76856ec58e39886fb6f6f2ac13fe44cb132d8d0c0099":"894dcaa61008eb8fb052c60d41":"":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #15 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c423a578d179902f912f9ea1afbce1120b3":"a544218dadd3c10583db49cf39":"":16:"":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"f0050ad16392021a3f40207bed3521fb1e9f808f49830c423a578d179902f912f9ea1afbce1120b3":"a544218dadd3c10583db49cf39":"":16:0:"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e"
 
 CCM auth decrypt tag NIST DVPT AES-256 #16 (P=24, N=13, A=0, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae769084607b83bd06e6442eac8dacf583cc":"894dcaa61008eb8fb052c60d41":"":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"c408190d0fbf5034f83b24a8ed9657331a7ce141de4fae769084607b83bd06e6442eac8dacf583cc":"894dcaa61008eb8fb052c60d41":"":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #17 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"92d00fbe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"92d00fbe":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #18 (P=0, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"9143e5c4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"1b0e8df63c57f05d9ac457575ea764524b8610ae5164e6215f426f5a7ae6ede4":"9143e5c4":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #19 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"93af11a08379eb37a16aa2837f09d69d":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"93af11a08379eb37a16aa2837f09d69d":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #20 (P=0, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"d19b0c14ec686a7961ca7c386d125a65":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"d19b0c14ec686a7961ca7c386d125a65":"78c46e3249ca28":"232e957c65ffa11988e830d4617d500f1c4a35c1221f396c41ab214f074ca2dc":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #21 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"866d4227":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"866d4227":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #22 (P=0, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"94cb1127":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"a4bc10b1a62c96d459fbaf3a5aa3face7313bb9e1253e696f96a7a8e36801088":"94cb1127":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #23 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"867b0d87cf6e0f718200a97b4f6d5ad5":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:"":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"867b0d87cf6e0f718200a97b4f6d5ad5":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:0:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #24 (P=0, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"677a040d46ee3f2b7838273bdad14f16":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"677a040d46ee3f2b7838273bdad14f16":"e8de970f6ee8e80ede933581b5":"89f8b068d34f56bc49d839d8e47b347e6dae737b903b278632447e6c0485d26a":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #25 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc56083ebc7720":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"c2fe12658139f5d0dd22cadf2e901695b579302a72fc56083ebc7720":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":4:0:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #26 (P=24, N=7, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81c44db2c9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"8c5cf3457ff22228c39c051c4e05ed4093657eb303f859a9d4b0f8be0127d88a":"94748ba81229e53c38583a8564b23ebbafc6f6efdf4c2a81c44db2c9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #27 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce1ac68bd42f5ec7fa7e068cc0ecd79c2a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:"":"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"3341168eb8c48468c414347fb08f71d2086f7c2d1bd581ce1ac68bd42f5ec7fa7e068cc0ecd79c2a":"a544218dadd3c1":"d3d5424e20fbec43ae495353ed830271515ab104f8860c988d15b6d36c038eab":16:0:"78c46e3249ca28e1ef0531d80fd37c124d9aecb7be6668e3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #28 (P=24, N=7, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"d543acda712b898cbb27b8f598b2e4438ce587a836e2785147c3338a2400809e739b63ba8227d2f9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"d543acda712b898cbb27b8f598b2e4438ce587a836e2785147c3338a2400809e739b63ba8227d2f9":"6ba004fd176791":"5a053b2a1bb87e85d56527bfcdcd3ecafb991bb10e4c862bb0751c700a29f54b":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #29 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69ef891339":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"c0ea400b599561e7905b99262b4565d5c3dc49fad84d7c69ef891339":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":4:0:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #30 (P=24, N=13, A=32, T=4)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f63d488623":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":4:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"705334e30f53dd2f92d190d2c1437c8772f940c55aa35e562214ed45bd458ffe":"60871e03ea0eb968536c99f926ea24ef43d41272ad9fb7f63d488623":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":4:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM auth decrypt tag NIST DVPT AES-256 #31 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781367f30f2eaad8c063ca50795acd90203":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:"":"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"8d34cdca37ce77be68f65baf3382e31efa693e63f914a781367f30f2eaad8c063ca50795acd90203":"a544218dadd3c10583db49cf39":"3c0e2815d37d844f7ac240ba9d6e3a0b2a86f706e885959e09a1005e024f6907":16:0:"e8de970f6ee8e80ede933581b5bcf4d837e2b72baa8b00c3"
 
 CCM auth decrypt tag NIST DVPT AES-256 #32 (P=24, N=13, A=32, T=16)
 depends_on:MBEDTLS_AES_C
-mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc4b41096dfdbe9cc1ab610f8f3e038d16":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":16:"FAIL":""
+mbedtls_ccm_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"314a202f836f9f257e22d8c11757832ae5131d357a72df88f3eff0ffcee0da4e":"516c0095cc3d85fd55e48da17c592e0c7014b9daafb82bdc4b41096dfdbe9cc1ab610f8f3e038d16":"8fa501c5dd9ac9b868144c9fa5":"5bb40e3bb72b4509324a7edc852f72535f1f6283156e63f6959ffaf39dcde800":16:MBEDTLS_ERR_CCM_AUTH_FAILED:""
 
 CCM-Camellia encrypt and tag RFC 5528 #1
 depends_on:MBEDTLS_CAMELLIA_C
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index b9df023a7..79ee0ff8f 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -151,12 +151,11 @@ exit:
 /* BEGIN_CASE */
 void mbedtls_ccm_auth_decrypt( int cipher_id, HexParam_t * key,
                                HexParam_t * msg, HexParam_t * iv,
-                               HexParam_t * add, int tag_len, char * result,
+                               HexParam_t * add, int tag_len, int result,
                                HexParam_t * hex_msg )
 {
     unsigned char tag[16];
     mbedtls_ccm_context ctx;
-    int ret;
 
     mbedtls_ccm_init( &ctx );
 
@@ -165,22 +164,13 @@ void mbedtls_ccm_auth_decrypt( int cipher_id, HexParam_t * key,
     msg->len -= tag_len;
     memcpy( tag, msg->x + msg->len, tag_len );
 
-    if( strcmp( "FAIL", result ) == 0 )
-    {
-        ret = MBEDTLS_ERR_CCM_AUTH_FAILED;
-    }
-    else
-    {
-        ret = 0;
-    }
-
     TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
 
     /* Test with input == output */
     TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
-                 msg->x, msg->x, msg->x + msg->len, tag_len ) == ret );
+                 msg->x, msg->x, msg->x + msg->len, tag_len ) == result );
 
-    if( ret == 0 )
+    if( result == 0 )
     {
         TEST_ASSERT( memcmp( msg->x, hex_msg->x, hex_msg->len ) == 0 );
     }

From ff560f2239acf116475ed81067663b6926f4739e Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Thu, 28 Jun 2018 11:43:17 +0100
Subject: [PATCH 315/578] Rename makefile target gen-embedded-test -
 generate-target-tests

---
 tests/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/Makefile b/tests/Makefile
index 0fe8a0f25..e8091cc77 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -232,5 +232,5 @@ $(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data script
 		--help-file suites/helpers.function \
 		-o ./TESTS/mbedtls/$*
 
-gen-embedded-test: $(EMBEDDED_TESTS)
+generate-target-tests: $(EMBEDDED_TESTS)
 

From 00c4b090c17012c29c83126e802dced85e383923 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Thu, 28 Jun 2018 13:10:19 +0100
Subject: [PATCH 316/578] Change intermediate data file extension to .datax

---
 tests/Makefile                      | 4 ++--
 tests/scripts/generate_test_code.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index e8091cc77..e344635f9 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -205,9 +205,9 @@ $(BINARIES): %$(EXEXT): %.c $(DEP)
 
 clean:
 ifndef WINDOWS
-	rm -rf $(APPS) *.c *.data TESTS
+	rm -rf $(APPS) *.c *.datax TESTS
 else
-	del /Q /F *.c *.exe *.data
+	del /Q /F *.c *.exe *.datax
 	rmdir /Q /S TESTS
 endif
 
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index c62b5b9a8..ccb2d5fe1 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -732,7 +732,7 @@ def check_cmd():
     data_name = os.path.splitext(data_file_name)[0]
 
     out_c_file = os.path.join(args.out_dir, data_name + '.c')
-    out_data_file = os.path.join(args.out_dir, data_file_name)
+    out_data_file = os.path.join(args.out_dir, data_name + '.datax')
 
     out_c_file_dir = os.path.dirname(out_c_file)
     out_data_file_dir = os.path.dirname(out_data_file)

From 936ea9302ae72ebbca0f0669c705c9a1d747de65 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 28 Jun 2018 16:47:12 +0100
Subject: [PATCH 317/578] Strip whitespaces added by decode() function

---
 tests/scripts/generate_test_code.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index ccb2d5fe1..33da990df 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -97,8 +97,9 @@ class FileWrapper(io.FileIO):
             line = parent.next() # Python 2
         if line:
             self.line_no += 1
-            # Convert byte array to string with correct encoding
-            return line.decode(sys.getdefaultencoding())
+            # Convert byte array to string with correct encoding and
+            # strip any whitespaces added in the decoding process.
+            return line.decode(sys.getdefaultencoding()).strip() + "\n"
         return None
     next = __next__
 

From 040b6a228192d052aecf619ea23242ffb7744dc4 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 28 Jun 2018 16:49:13 +0100
Subject: [PATCH 318/578] Wrap code to 79 character limit

---
 tests/scripts/generate_test_code.py | 182 ++++++++++++++++++----------
 1 file changed, 115 insertions(+), 67 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 33da990df..b2d49129e 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -23,14 +23,18 @@ Test Suite code generator.
 
 Generates a test source file using following input files:
 
-test_suite_xyz.function - Read test functions from test suite functions file.
-test_suite_xyz.data - Read test functions and their dependencies to generate
-                      dispatch and dependency check code.
-main template - Substitute generated test function dispatch code, dependency
-                checking code.
-platform .function - Read host or target platform implementation for
-                     dispatching test cases from .data file.
-helper .function - Read common reusable functions.
+test_suite_xyz.function     -   Read test functions from test suite
+                                functions file.
+test_suite_xyz.data         -   Read test functions and their
+                                dependencies to generate dispatch and
+                                dependency check code.
+main_test.function          -   Template to substitute generated test
+                                function dispatch code, dependency
+                                checking code.
+platform .function          -   Read host or target platform
+                                implementation for dispatching test
+                                cases from .data file.
+helpers.function -              Read common reusable functions.
 """
 
 
@@ -83,8 +87,8 @@ class FileWrapper(io.FileIO):
         super(FileWrapper, self).__init__(file_name, 'r')
         self.line_no = 0
 
-    # Override the generator function in a way that works in both Python 2
-    # and Python 3.
+    # Override the generator function in a way that works in both
+    # Python 2 and Python 3.
     def __next__(self):
         """
         Iterator return impl.
@@ -109,7 +113,8 @@ def split_dep(dep):
     Split NOT character '!' from dependency. Used by gen_deps()
 
     :param dep: Dependency list
-    :return: list of tuples where index 0 has '!' if there was a '!' before the dependency string
+    :return: list of tuples where index 0 has '!' if there was a '!'
+             before the dependency string
     """
     return ('!', dep[1:]) if dep[0] == '!' else ('', dep)
 
@@ -119,7 +124,8 @@ def gen_deps(deps):
     Generates dependency i.e. if def and endif code
 
     :param deps: List of dependencies.
-    :return: if defined and endif code with macro annotations for readability.
+    :return: if defined and endif code with macro annotations for
+             readability.
     """
     dep_start = ''.join(['#if %sdefined(%s)\n' % split_dep(x) for x in deps])
     dep_end = ''.join(['#endif /* %s */\n' % x for x in reversed(deps)])
@@ -129,22 +135,26 @@ def gen_deps(deps):
 
 def gen_deps_one_line(deps):
     """
-    Generates dependency checks in one line. Useful for writing code in #else case.
+    Generates dependency checks in one line. Useful for writing code
+    in #else case.
 
     :param deps: List of dependencies.
     :return: ifdef code
     """
-    defines = ('#if ' if len(deps) else '') + ' && '.join(['%sdefined(%s)' % split_dep(x) for x in deps])
+    defines = '#if ' if len(deps) else ''
+    defines += ' && '.join(['%sdefined(%s)' % split_dep(x) for x in deps])
     return defines
 
 
 def gen_function_wrapper(name, locals, args_dispatch):
     """
-    Creates test function wrapper code. A wrapper has the code to unpack parameters from parameters[] array.
+    Creates test function wrapper code. A wrapper has the code to
+    unpack parameters from parameters[] array.
 
     :param name: Test function name
     :param locals: Local variables declaration code
-    :param args_dispatch: List of dispatch arguments. Ex: ['(char *)params[0]', '*((int *)params[1])']
+    :param args_dispatch: List of dispatch arguments.
+           Ex: ['(char *)params[0]', '*((int *)params[1])']
     :return: Test function wrapper.
     """
     # Then create the wrapper
@@ -200,7 +210,8 @@ def parse_until_pattern(funcs_f, end_regex):
             break
         headers += line
     else:
-        raise InvalidFileFormat("file: %s - end pattern [%s] not found!" % (funcs_f.name, end_regex))
+        raise InvalidFileFormat("file: %s - end pattern [%s] not found!" %
+                                (funcs_f.name, end_regex))
 
     return headers
 
@@ -220,7 +231,8 @@ def parse_suite_deps(funcs_f):
         if re.search(END_DEP_REGEX, line):
             break
     else:
-        raise InvalidFileFormat("file: %s - end dependency pattern [%s] not found!" % (funcs_f.name, END_DEP_REGEX))
+        raise InvalidFileFormat("file: %s - end dependency pattern [%s]"
+                                " not found!" % (funcs_f.name, END_DEP_REGEX))
 
     return deps
 
@@ -246,8 +258,10 @@ def parse_function_signature(line):
     """
     Parsing function signature
 
-    :param line: Line from .functions file that has a function signature.
-    :return: function name, argument list, local variables for wrapper function and argument dispatch code.
+    :param line: Line from .functions file that has a function
+                 signature.
+    :return: function name, argument list, local variables for
+             wrapper function and argument dispatch code.
     """
     args = []
     locals = ''
@@ -271,13 +285,16 @@ def parse_function_signature(line):
         elif re.search('HexParam_t\s*\*\s*.*', arg.strip()):
             args.append('hex')
             # create a structure
+            pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
+            len_initializer = '*( (uint32_t *) params[%d] )' % (arg_idx+1)
             locals += """    HexParam_t hex%d = {%s, %s};
-""" % (arg_idx, '(uint8_t *) params[%d]' % arg_idx, '*( (uint32_t *) params[%d] )' % (arg_idx + 1))
+""" % (arg_idx, pointer_initializer, len_initializer)
 
             args_dispatch.append('&hex%d' % arg_idx)
             arg_idx += 1
         else:
-            raise ValueError("Test function arguments can only be 'int', 'char *' or 'HexParam_t'\n%s" % line)
+            raise ValueError("Test function arguments can only be 'int', "
+                             "'char *' or 'HexParam_t'\n%s" % line)
         arg_idx += 1
 
     return name, args, locals, args_dispatch
@@ -285,7 +302,8 @@ def parse_function_signature(line):
 
 def parse_function_code(funcs_f, deps, suite_deps):
     """
-    Parses out a function from function file object and generates function and dispatch code.
+    Parses out a function from function file object and generates
+    function and dispatch code.
 
     :param funcs_f: file object of the functions file.
     :param deps: List of dependencies
@@ -308,14 +326,16 @@ def parse_function_code(funcs_f, deps, suite_deps):
             name = 'test_' + name
             break
     else:
-        raise InvalidFileFormat("file: %s - Test functions not found!" % funcs_f.name)
+        raise InvalidFileFormat("file: %s - Test functions not found!" %
+                                funcs_f.name)
 
     for line in funcs_f:
         if re.search(END_CASE_REGEX, line):
             break
         code += line
     else:
-        raise InvalidFileFormat("file: %s - end case pattern [%s] not found!" % (funcs_f.name, END_CASE_REGEX))
+        raise InvalidFileFormat("file: %s - end case pattern [%s] not "
+                                "found!" % (funcs_f.name, END_CASE_REGEX))
 
     # Add exit label if not present
     if code.find('exit:') == -1:
@@ -336,8 +356,9 @@ def parse_functions(funcs_f):
     Returns functions code pieces
 
     :param funcs_f: file object of the functions file.
-    :return: List of test suite dependencies, test function dispatch code, function code and
-             a dict with function identifiers and arguments info.
+    :return: List of test suite dependencies, test function dispatch
+             code, function code and a dict with function identifiers
+             and arguments info.
     """
     suite_headers = ''
     suite_helpers = ''
@@ -358,7 +379,8 @@ def parse_functions(funcs_f):
             suite_deps += deps
         elif re.search(BEGIN_CASE_REGEX, line):
             deps = parse_function_deps(line)
-            func_name, args, func_code, func_dispatch = parse_function_code(funcs_f, deps, suite_deps)
+            func_name, args, func_code, func_dispatch =\
+                parse_function_code(funcs_f, deps, suite_deps)
             suite_functions += func_code
             # Generate dispatch code and enumeration info
             if func_name in func_info:
@@ -378,8 +400,9 @@ def parse_functions(funcs_f):
 def escaped_split(str, ch):
     """
     Split str on character ch but ignore escaped \{ch}
-    Since return value is used to write back to the intermediate data file.
-    Any escape characters in the input are retained in the output.
+    Since, return value is used to write back to the intermediate
+    data file, any escape characters in the input are retained in the
+    output.
 
     :param str: String to split
     :param ch: split character
@@ -407,7 +430,8 @@ def parse_test_data(data_f, debug=False):
     Parses .data file
 
     :param data_f: file object of the data file.
-    :return: Generator that yields test name, function name, dependency list and function argument list.
+    :return: Generator that yields test name, function name,
+             dependency list and function argument list.
     """
     STATE_READ_NAME = 0
     STATE_READ_ARGS = 1
@@ -422,9 +446,10 @@ def parse_test_data(data_f, debug=False):
         # Blank line indicates end of test
         if len(line) == 0:
             if state == STATE_READ_ARGS:
-                raise GeneratorInputError("[%s:%d] Newline before arguments. " \
-                        "Test function and arguments missing for %s" % \
-                        (data_f.name, data_f.line_no, name))
+                raise GeneratorInputError("[%s:%d] Newline before arguments. "
+                                          "Test function and arguments "
+                                          "missing for %s" %
+                                          (data_f.name, data_f.line_no, name))
             continue
 
         if state == STATE_READ_NAME:
@@ -435,7 +460,8 @@ def parse_test_data(data_f, debug=False):
             # Check dependencies
             m = re.search('depends_on\:(.*)', line)
             if m:
-                deps = [x.strip() for x in m.group(1).split(':') if len(x.strip())]
+                deps = [x.strip() for x in m.group(1).split(':') if len(
+                    x.strip())]
             else:
                 # Read test vectors
                 parts = escaped_split(line, ':')
@@ -445,9 +471,9 @@ def parse_test_data(data_f, debug=False):
                 deps = []
                 state = STATE_READ_NAME
     if state == STATE_READ_ARGS:
-        raise GeneratorInputError("[%s:%d] Newline before arguments. " \
-                "Test function and arguments missing for %s" % \
-                (data_f.name, data_f.line_no, name))
+        raise GeneratorInputError("[%s:%d] Newline before arguments. "
+                                  "Test function and arguments missing for "
+                                  "%s" % (data_f.name, data_f.line_no, name))
 
 
 def gen_dep_check(dep_id, dep):
@@ -459,7 +485,8 @@ def gen_dep_check(dep_id, dep):
     :return: Dependency check code
     """
     if dep_id < 0:
-        raise GeneratorInputError("Dependency Id should be a positive integer.")
+        raise GeneratorInputError("Dependency Id should be a positive "
+                                  "integer.")
     noT, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
     if len(dep) == 0:
         raise GeneratorInputError("Dependency should not be an empty string.")
@@ -485,7 +512,8 @@ def gen_expression_check(exp_id, exp):
     :return: Expression check code
     """
     if exp_id < 0:
-        raise GeneratorInputError("Expression Id should be a positive integer.")
+        raise GeneratorInputError("Expression Id should be a positive "
+                                  "integer.")
     if len(exp) == 0:
         raise GeneratorInputError("Expression should not be an empty string.")
     exp_code = '''
@@ -504,7 +532,8 @@ def write_deps(out_data_f, test_deps, unique_deps):
 
     :param out_data_f: Output intermediate data file
     :param test_deps: Dependencies
-    :param unique_deps: Mutable list to track unique dependencies that are global to this re-entrant function.
+    :param unique_deps: Mutable list to track unique dependencies
+           that are global to this re-entrant function.
     :return: returns dependency check code.
     """
     dep_check_code = ''
@@ -530,7 +559,8 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
     :param out_data_f: Output intermediate data file
     :param test_args: Test parameters
     :param func_args: Function arguments
-    :param unique_expressions: Mutable list to track unique expressions that are global to this re-entrant function.
+    :param unique_expressions: Mutable list to track unique
+           expressions that are global to this re-entrant function.
     :return: Returns expression check code.
     """
     expression_code = ''
@@ -538,13 +568,14 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
         typ = func_args[i]
         val = test_args[i]
 
-        # check if val is a non literal int val
-        if typ == 'int' and not re.match('(\d+$)|((0x)?[0-9a-fA-F]+$)', val):  # its an expression
+        # check if val is a non literal int val (i.e. an expression)
+        if typ == 'int' and not re.match('(\d+$)|((0x)?[0-9a-fA-F]+$)', val):
             typ = 'exp'
             if val not in unique_expressions:
                 unique_expressions.append(val)
-                # exp_id can be derived from len(). But for readability and consistency with case of existing let's
-                # use index().
+                # exp_id can be derived from len(). But for
+                # readability and consistency with case of existing
+                # let's use index().
                 exp_id = unique_expressions.index(val)
                 expression_code += gen_expression_check(exp_id, val)
                 val = exp_id
@@ -559,10 +590,12 @@ def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
     """
     Adds preprocessor checks for test suite dependencies.
 
-    :param suite_deps: Test suite dependencies read from the .functions file.
+    :param suite_deps: Test suite dependencies read from the
+            .functions file.
     :param dep_check_code: Dependency check code
     :param expression_code: Expression check code
-    :return: Dependency and expression code guarded by test suite dependencies.
+    :return: Dependency and expression code guarded by test suite
+             dependencies.
     """
     if len(suite_deps):
         ifdef = gen_deps_one_line(suite_deps)
@@ -581,11 +614,13 @@ def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
 
 def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     """
-    Generates dependency checks, expression code and intermediate data file from test data file.
+    Generates dependency checks, expression code and intermediate
+    data file from test data file.
 
     :param data_f: Data file object
     :param out_data_f:Output intermediate data file
-    :param func_info: Dict keyed by function and with function id and arguments info
+    :param func_info: Dict keyed by function and with function id
+           and arguments info
     :param suite_deps: Test suite deps
     :return: Returns dependency and expression check code
     """
@@ -593,7 +628,8 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     unique_expressions = []
     dep_check_code = ''
     expression_code = ''
-    for test_name, function_name, test_deps, test_args in parse_test_data(data_f):
+    for test_name, function_name, test_deps, test_args in parse_test_data(
+            data_f):
         out_data_f.write(test_name + '\n')
 
         # Write deps
@@ -602,24 +638,29 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
         # Write test function name
         test_function_name = 'test_' + function_name
         if test_function_name not in func_info:
-            raise GeneratorInputError("Function %s not found!" % test_function_name)
+            raise GeneratorInputError("Function %s not found!" %
+                                      test_function_name)
         func_id, func_args = func_info[test_function_name]
         out_data_f.write(str(func_id))
 
         # Write parameters
         if len(test_args) != len(func_args):
-            raise GeneratorInputError("Invalid number of arguments in test %s. See function %s signature." % (test_name,
-                        function_name))
-        expression_code += write_parameters(out_data_f, test_args, func_args, unique_expressions)
+            raise GeneratorInputError("Invalid number of arguments in test "
+                                      "%s. See function %s signature." % (
+                                      test_name, function_name))
+        expression_code += write_parameters(out_data_f, test_args, func_args,
+                                            unique_expressions)
 
         # Write a newline as test case separator
         out_data_f.write('\n')
 
-    dep_check_code, expression_code = gen_suite_deps_checks(suite_deps, dep_check_code, expression_code)
+    dep_check_code, expression_code = gen_suite_deps_checks(
+        suite_deps, dep_check_code, expression_code)
     return dep_check_code, expression_code
 
 
-def generate_code(funcs_file, data_file, template_file, platform_file, help_file, suites_dir, c_file, out_data_file):
+def generate_code(funcs_file, data_file, template_file, platform_file,
+                  help_file, suites_dir, c_file, out_data_file):
     """
     Generate mbed-os test code.
 
@@ -645,19 +686,23 @@ def generate_code(funcs_file, data_file, template_file, platform_file, help_file
     snippets = {'generator_script' : os.path.basename(__file__)}
 
     # Read helpers
-    with open(help_file, 'r') as help_f, open(platform_file, 'r') as platform_f:
+    with open(help_file, 'r') as help_f, open(platform_file, 'r') as \
+            platform_f:
         snippets['test_common_helper_file'] = help_file
         snippets['test_common_helpers'] = help_f.read()
         snippets['test_platform_file'] = platform_file
-        snippets['platform_code'] = platform_f.read().replace('DATA_FILE',
-                                                              out_data_file.replace('\\', '\\\\')) # escape '\'
+        snippets['platform_code'] = platform_f.read().replace(
+            'DATA_FILE', out_data_file.replace('\\', '\\\\')) # escape '\'
 
     # Function code
-    with FileWrapper(funcs_file) as funcs_f, FileWrapper(data_file) as data_f, open(out_data_file, 'w') as out_data_f:
-        suite_deps, dispatch_code, func_code, func_info = parse_functions(funcs_f)
+    with FileWrapper(funcs_file) as funcs_f, FileWrapper(data_file) as \
+            data_f, open(out_data_file, 'w') as out_data_f:
+        suite_deps, dispatch_code, func_code, func_info = parse_functions(
+            funcs_f)
         snippets['functions_code'] = func_code
         snippets['dispatch_code'] = dispatch_code
-        dep_check_code, expression_code = gen_from_test_data(data_f, out_data_f, func_info, suite_deps)
+        dep_check_code, expression_code = gen_from_test_data(
+            data_f, out_data_f, func_info, suite_deps)
         snippets['dep_check_code'] = dep_check_code
         snippets['expression_code'] = expression_code
 
@@ -671,7 +716,8 @@ def generate_code(funcs_file, data_file, template_file, platform_file, help_file
     with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
         line_no = 1
         for line in template_f.readlines():
-            snippets['line_no'] = line_no + 1 # Increment as it sets next line number
+            # Update line number. +1 as #line directive sets next line number
+            snippets['line_no'] = line_no + 1
             code = line.format(**snippets)
             c_f.write(code)
             line_no += 1
@@ -683,7 +729,8 @@ def check_cmd():
 
     :return:
     """
-    parser = argparse.ArgumentParser(description='Generate code for mbed-os tests.')
+    parser = argparse.ArgumentParser(
+        description='Generate code for mbed-os tests.')
 
     parser.add_argument("-f", "--functions-file",
                         dest="funcs_file",
@@ -741,8 +788,9 @@ def check_cmd():
         if not os.path.exists(d):
             os.makedirs(d)
 
-    generate_code(args.funcs_file, args.data_file, args.template_file, args.platform_file,
-                  args.help_file, args.suites_dir, out_c_file, out_data_file)
+    generate_code(args.funcs_file, args.data_file, args.template_file,
+                  args.platform_file, args.help_file, args.suites_dir,
+                  out_c_file, out_data_file)
 
 
 if __name__ == "__main__":

From b98e6eec58f645c152425808c06756ca83bbf0f7 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 28 Jun 2018 17:11:33 +0100
Subject: [PATCH 319/578] Replace asserts with exceptions in mbedtls_test.py

---
 tests/scripts/mbedtls_test.py | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index b825f1359..52fd0a9c2 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -34,6 +34,11 @@ import binascii
 from mbed_host_tests import BaseHostTest, event_callback
 
 
+class TestDataParserError(Exception):
+    """Indicates error in test data, read from .data file."""
+    pass
+
+
 class TestDataParser(object):
     """
     parser for mbedtls test data files.
@@ -107,7 +112,9 @@ class TestDataParser(object):
             function = int(parts[0])
             x = parts[1:]
             l = len(x)
-            assert l % 2 == 0, "Number of test arguments should be even: %s" % line
+            if l % 2 != 0:
+                raise TestDataParserError("Number of test arguments should "
+                                          "be even: %s" % line)
             args = [(x[i * 2], x[(i * 2) + 1]) for i in range(len(x)/2)]
             self.tests.append((name, function, deps, args))
 
@@ -194,10 +201,13 @@ class MbedTlsTest(BaseHostTest):
         :param hex_str: Hex in string format.
         :return: Output Byte array
         """
-        assert hex_str[0] == '"' and hex_str[len(hex_str) - 1] == '"', \
-            "HEX test parameter missing '\"': %s" % hex_str
+        if hex_str[0] != '"' or hex_str[len(hex_str) - 1] != '"':
+            raise TestDataParserError("HEX test parameter missing '\"':"
+                                      " %s" % hex_str)
         hex_str = hex_str.strip('"')
-        assert len(hex_str) % 2 == 0, "HEX parameter len should be mod of 2: %s" % hex_str
+        if len(hex_str) % 2 != 0:
+            raise TestDataParserError("HEX parameter len should be mod of "
+                                      "2: %s" % hex_str)
 
         b = binascii.unhexlify(hex_str)
         return b

From e3b26af7c0f2ab84ae7e32723e58d459df453d86 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 29 Jun 2018 02:36:57 +0100
Subject: [PATCH 320/578] Improve documentation in generate_test_code.py

---
 tests/Makefile                      |   4 +-
 tests/scripts/generate_test_code.py | 176 +++++++++++++++++-----------
 2 files changed, 108 insertions(+), 72 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index e344635f9..003d71c51 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -194,7 +194,7 @@ $(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_tes
 		-t suites/main_test.function \
 		-p suites/host_test.function \
 		-s suites  \
-		--help-file suites/helpers.function \
+		--helpers-file suites/helpers.function \
 		-o .
 
 
@@ -229,7 +229,7 @@ $(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data script
 		-t suites/main_test.function \
 		-p suites/target_test.function \
 		-s suites  \
-		--help-file suites/helpers.function \
+		--helpers-file suites/helpers.function \
 		-o ./TESTS/mbedtls/$*
 
 generate-target-tests: $(EMBEDDED_TESTS)
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index b2d49129e..047b13001 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -19,22 +19,18 @@
 # This file is part of mbed TLS (https://tls.mbed.org)
 
 """
-Test Suite code generator.
+This script dynamically generates test suite code for Mbed TLS, by
+taking following input files.
 
-Generates a test source file using following input files:
-
-test_suite_xyz.function     -   Read test functions from test suite
-                                functions file.
-test_suite_xyz.data         -   Read test functions and their
-                                dependencies to generate dispatch and
-                                dependency check code.
+test_suite_xyz.function     -   Test suite functions file contains test
+                                functions.
+test_suite_xyz.data         -   Contains test case vectors.
 main_test.function          -   Template to substitute generated test
-                                function dispatch code, dependency
-                                checking code.
-platform .function          -   Read host or target platform
-                                implementation for dispatching test
-                                cases from .data file.
-helpers.function -              Read common reusable functions.
+                                functions, dispatch code, dependency
+                                checking code etc.
+platform .function          -   Platform specific initialization and
+                                platform code.
+helpers.function -              Common/reusable data and functions.
 """
 
 
@@ -43,7 +39,6 @@ import os
 import re
 import sys
 import argparse
-import shutil
 
 
 BEGIN_HEADER_REGEX = '/\*\s*BEGIN_HEADER\s*\*/'
@@ -59,39 +54,39 @@ BEGIN_CASE_REGEX = '/\*\s*BEGIN_CASE\s*(.*?)\s*\*/'
 END_CASE_REGEX = '/\*\s*END_CASE\s*\*/'
 
 
-class InvalidFileFormat(Exception):
-    """
-    Exception to indicate invalid file format.
-    """
-    pass
-
-
 class GeneratorInputError(Exception):
     """
-    Exception to indicate error in the input to the generator.
+    Exception to indicate error in the input files to this script.
+    This includes missing patterns, test function names and other
+    parsing errors.
     """
     pass
 
 
 class FileWrapper(io.FileIO):
     """
-    File wrapper class. Provides reading with line no. tracking.
+    This class extends built-in io.FileIO class with attribute line_no,
+    that indicates line number for the line that is read.
     """
 
     def __init__(self, file_name):
         """
-        Init file handle.
+        Instantiate the base class and initialize the line number to 0.
 
         :param file_name: File path to open.
         """
         super(FileWrapper, self).__init__(file_name, 'r')
         self.line_no = 0
 
-    # Override the generator function in a way that works in both
-    # Python 2 and Python 3.
     def __next__(self):
         """
-        Iterator return impl.
+        Python 2 iterator method. This method overrides base class's
+        next method and extends the next method to count the line
+        numbers as each line is read.
+
+        It works for both Python 2 and Python 3 by checking iterator
+        method name in the base iterator object.
+
         :return: Line read from file.
         """
         parent = super(FileWrapper, self)
@@ -105,6 +100,8 @@ class FileWrapper(io.FileIO):
             # strip any whitespaces added in the decoding process.
             return line.decode(sys.getdefaultencoding()).strip() + "\n"
         return None
+
+    # Python 3 iterator method
     next = __next__
 
 
@@ -113,15 +110,22 @@ def split_dep(dep):
     Split NOT character '!' from dependency. Used by gen_deps()
 
     :param dep: Dependency list
-    :return: list of tuples where index 0 has '!' if there was a '!'
-             before the dependency string
+    :return: string tuple. Ex: ('!', MACRO) for !MACRO and ('', MACRO) for
+             MACRO.
     """
     return ('!', dep[1:]) if dep[0] == '!' else ('', dep)
 
 
 def gen_deps(deps):
     """
-    Generates dependency i.e. if def and endif code
+    Test suite data and functions specifies compile time dependencies.
+    This function generates C preprocessor code from the input
+    dependency list. Caller uses the generated preprocessor code to
+    wrap dependent code.
+    A dependency in the input list can have a leading '!' character
+    to negate a condition. '!' is separated from the dependency using
+    function split_dep() and proper preprocessor check is generated
+    accordingly.
 
     :param deps: List of dependencies.
     :return: if defined and endif code with macro annotations for
@@ -135,8 +139,8 @@ def gen_deps(deps):
 
 def gen_deps_one_line(deps):
     """
-    Generates dependency checks in one line. Useful for writing code
-    in #else case.
+    Similar to gen_deps() but generates dependency checks in one line.
+    Useful for generating code with #else block.
 
     :param deps: List of dependencies.
     :return: ifdef code
@@ -173,7 +177,12 @@ void {name}_wrapper( void ** params )
 
 def gen_dispatch(name, deps):
     """
-    Generates dispatch code for the test function table.
+    Test suite code template main_test.function defines a C function
+    array to contain test case functions. This function generates an
+    initializer entry for a function in that array. The entry is
+    composed of a compile time check for the test function
+    dependencies. At compile time the test function is assigned when
+    dependencies are met, else NULL is assigned.
 
     :param name: Test function name
     :param deps: List of dependencies
@@ -198,11 +207,12 @@ def gen_dispatch(name, deps):
 
 def parse_until_pattern(funcs_f, end_regex):
     """
-    Parses function headers or helper code until end pattern.
+    Matches pattern end_regex to the lines read from the file object.
+    Returns the lines read until end pattern is matched.
 
     :param funcs_f: file object for .functions file
     :param end_regex: Pattern to stop parsing
-    :return: Test suite headers code
+    :return: Lines read before the end pattern
     """
     headers = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
     for line in funcs_f:
@@ -210,7 +220,7 @@ def parse_until_pattern(funcs_f, end_regex):
             break
         headers += line
     else:
-        raise InvalidFileFormat("file: %s - end pattern [%s] not found!" %
+        raise GeneratorInputError("file: %s - end pattern [%s] not found!" %
                                 (funcs_f.name, end_regex))
 
     return headers
@@ -218,7 +228,10 @@ def parse_until_pattern(funcs_f, end_regex):
 
 def parse_suite_deps(funcs_f):
     """
-    Parses test suite dependencies.
+    Parses test suite dependencies specified at the top of a
+    .function file, that starts with pattern BEGIN_DEPENDENCIES
+    and end with END_DEPENDENCIES. Dependencies are specified
+    after pattern 'depends_on:' and are delimited by ':'.
 
     :param funcs_f: file object for .functions file
     :return: List of test suite dependencies.
@@ -231,7 +244,7 @@ def parse_suite_deps(funcs_f):
         if re.search(END_DEP_REGEX, line):
             break
     else:
-        raise InvalidFileFormat("file: %s - end dependency pattern [%s]"
+        raise GeneratorInputError("file: %s - end dependency pattern [%s]"
                                 " not found!" % (funcs_f.name, END_DEP_REGEX))
 
     return deps
@@ -239,7 +252,9 @@ def parse_suite_deps(funcs_f):
 
 def parse_function_deps(line):
     """
-    Parses function dependencies.
+    Parses function dependencies, that are in the same line as
+    comment BEGIN_CASE. Dependencies are specified after pattern
+    'depends_on:' and are delimited by ':'.
 
     :param line: Line from .functions file that has dependencies.
     :return: List of dependencies.
@@ -256,7 +271,9 @@ def parse_function_deps(line):
 
 def parse_function_signature(line):
     """
-    Parsing function signature
+    Parses test function signature for validation and generates
+    a dispatch wrapper function that translates input test vectors
+    read from the data file into test function arguments.
 
     :param line: Line from .functions file that has a function
                  signature.
@@ -266,6 +283,7 @@ def parse_function_signature(line):
     args = []
     locals = ''
     args_dispatch = []
+    # Check if the test function returns void.
     m = re.search('\s*void\s+(\w+)\s*\(', line, re.I)
     if not m:
         raise ValueError("Test function should return 'void'\n%s" % line)
@@ -326,7 +344,7 @@ def parse_function_code(funcs_f, deps, suite_deps):
             name = 'test_' + name
             break
     else:
-        raise InvalidFileFormat("file: %s - Test functions not found!" %
+        raise GeneratorInputError("file: %s - Test functions not found!" %
                                 funcs_f.name)
 
     for line in funcs_f:
@@ -334,7 +352,7 @@ def parse_function_code(funcs_f, deps, suite_deps):
             break
         code += line
     else:
-        raise InvalidFileFormat("file: %s - end case pattern [%s] not "
+        raise GeneratorInputError("file: %s - end case pattern [%s] not "
                                 "found!" % (funcs_f.name, END_CASE_REGEX))
 
     # Add exit label if not present
@@ -353,7 +371,8 @@ def parse_function_code(funcs_f, deps, suite_deps):
 
 def parse_functions(funcs_f):
     """
-    Returns functions code pieces
+    Parses a test_suite_xxx.function file and returns information
+    for generating a C source file for the test suite.
 
     :param funcs_f: file object of the functions file.
     :return: List of test suite dependencies, test function dispatch
@@ -427,7 +446,13 @@ def escaped_split(str, ch):
 
 def parse_test_data(data_f, debug=False):
     """
-    Parses .data file
+    Parses .data file for each test case name, test function name,
+    test dependencies and test arguments. This information is
+    correlated with the test functions file for generating an
+    intermediate data file replacing the strings for test function
+    names, dependencies and integer constant expressions with
+    identifiers. Mainly for optimising space for on-target
+    execution.
 
     :param data_f: file object of the data file.
     :return: Generator that yields test name, function name,
@@ -478,7 +503,8 @@ def parse_test_data(data_f, debug=False):
 
 def gen_dep_check(dep_id, dep):
     """
-    Generate code for the dependency.
+    Generate code for checking dependency with the associated
+    identifier.
 
     :param dep_id: Dependency identifier
     :param dep: Dependency macro
@@ -505,7 +531,8 @@ def gen_dep_check(dep_id, dep):
 
 def gen_expression_check(exp_id, exp):
     """
-    Generates code for expression check
+    Generates code for evaluating an integer expression using
+    associated expression Id.
 
     :param exp_id: Expression Identifier
     :param exp: Expression/Macro
@@ -527,8 +554,9 @@ def gen_expression_check(exp_id, exp):
 
 def write_deps(out_data_f, test_deps, unique_deps):
     """
-    Write dependencies to intermediate test data file.
-    It also returns dependency check code.
+    Write dependencies to intermediate test data file, replacing
+    the string form with identifiers. Also, generates dependency
+    check code.
 
     :param out_data_f: Output intermediate data file
     :param test_deps: Dependencies
@@ -553,8 +581,9 @@ def write_deps(out_data_f, test_deps, unique_deps):
 
 def write_parameters(out_data_f, test_args, func_args, unique_expressions):
     """
-    Writes test parameters to the intermediate data file.
-    Also generates expression code.
+    Writes test parameters to the intermediate data file, replacing
+    the string form with identifiers. Also, generates expression
+    check code.
 
     :param out_data_f: Output intermediate data file
     :param test_args: Test parameters
@@ -588,7 +617,7 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
 
 def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
     """
-    Adds preprocessor checks for test suite dependencies.
+    Generates preprocessor checks for test suite dependencies.
 
     :param suite_deps: Test suite dependencies read from the
             .functions file.
@@ -614,8 +643,14 @@ def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
 
 def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     """
-    Generates dependency checks, expression code and intermediate
-    data file from test data file.
+    This function reads test case name, dependencies and test vectors
+    from the .data file. This information is correlated with the test
+    functions file for generating an intermediate data file replacing
+    the strings for test function names, dependencies and integer
+    constant expressions with identifiers. Mainly for optimising
+    space for on-target execution.
+    It also generates test case dependency check code and expression
+    evaluation code.
 
     :param data_f: Data file object
     :param out_data_f:Output intermediate data file
@@ -660,15 +695,16 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
 
 
 def generate_code(funcs_file, data_file, template_file, platform_file,
-                  help_file, suites_dir, c_file, out_data_file):
+                  helpers_file, suites_dir, c_file, out_data_file):
     """
-    Generate mbed-os test code.
+    Generates C source code from test suite file, data file, common
+    helpers file and platform file.
 
     :param funcs_file: Functions file object
     :param data_file: Data file object
     :param template_file: Template file object
     :param platform_file: Platform file object
-    :param help_file: Helper functions file object
+    :param helpers_file: Helper functions file object
     :param suites_dir: Test suites dir
     :param c_file: Output C file object
     :param out_data_file: Output intermediate data file object
@@ -678,7 +714,7 @@ def generate_code(funcs_file, data_file, template_file, platform_file,
                        ('Data file', data_file),
                        ('Template file', template_file),
                        ('Platform file', platform_file),
-                       ('Help code file', help_file),
+                       ('Helpers code file', helpers_file),
                        ('Suites dir', suites_dir)]:
         if not os.path.exists(path):
             raise IOError("ERROR: %s [%s] not found!" % (name, path))
@@ -686,9 +722,9 @@ def generate_code(funcs_file, data_file, template_file, platform_file,
     snippets = {'generator_script' : os.path.basename(__file__)}
 
     # Read helpers
-    with open(help_file, 'r') as help_f, open(platform_file, 'r') as \
+    with open(helpers_file, 'r') as help_f, open(platform_file, 'r') as \
             platform_f:
-        snippets['test_common_helper_file'] = help_file
+        snippets['test_common_helper_file'] = helpers_file
         snippets['test_common_helpers'] = help_f.read()
         snippets['test_platform_file'] = platform_file
         snippets['platform_code'] = platform_f.read().replace(
@@ -730,36 +766,36 @@ def check_cmd():
     :return:
     """
     parser = argparse.ArgumentParser(
-        description='Generate code for mbed-os tests.')
+        description='Dynamically generate test suite code.')
 
     parser.add_argument("-f", "--functions-file",
                         dest="funcs_file",
                         help="Functions file",
-                        metavar="FUNCTIONS",
+                        metavar="FUNCTIONS_FILE",
                         required=True)
 
     parser.add_argument("-d", "--data-file",
                         dest="data_file",
                         help="Data file",
-                        metavar="DATA",
+                        metavar="DATA_FILE",
                         required=True)
 
     parser.add_argument("-t", "--template-file",
                         dest="template_file",
                         help="Template file",
-                        metavar="TEMPLATE",
+                        metavar="TEMPLATE_FILE",
                         required=True)
 
     parser.add_argument("-s", "--suites-dir",
                         dest="suites_dir",
                         help="Suites dir",
-                        metavar="SUITES",
+                        metavar="SUITES_DIR",
                         required=True)
 
-    parser.add_argument("--help-file",
-                        dest="help_file",
-                        help="Help file",
-                        metavar="HELPER",
+    parser.add_argument("--helpers-file",
+                        dest="helpers_file",
+                        help="Helpers file",
+                        metavar="HELPERS_FILE",
                         required=True)
 
     parser.add_argument("-p", "--platform-file",
@@ -789,7 +825,7 @@ def check_cmd():
             os.makedirs(d)
 
     generate_code(args.funcs_file, args.data_file, args.template_file,
-                  args.platform_file, args.help_file, args.suites_dir,
+                  args.platform_file, args.helpers_file, args.suites_dir,
                   out_c_file, out_data_file)
 
 

From 951a2c8898f8e2caf210d05aac8595c5aff0b906 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 29 Jun 2018 03:47:08 +0100
Subject: [PATCH 321/578] Improve documentation in mbedtls_test.py

---
 tests/scripts/mbedtls_test.py | 64 +++++++++++++++++++++++------------
 1 file changed, 43 insertions(+), 21 deletions(-)

diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 52fd0a9c2..c3b1b7a3f 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -1,4 +1,4 @@
-# Greentea host test script for on-target tests.
+# Greentea host test script for Mbed TLS on-target test suite testing.
 #
 # Copyright (C) 2018, ARM Limited, All Rights Reserved
 # SPDX-License-Identifier: Apache-2.0
@@ -19,12 +19,19 @@
 
 
 """
-Greentea host test script for on-target tests.
+Mbed TLS on-target test suite tests are implemented as mbed-os greentea
+tests. Greentea tests are implemented in two parts: target test and
+host test. Target test is a C application that is built for the
+target platform and executes on the target. Host test is a Python
+class derived from mbed_host_tests.BaseHostTest. Target communicates
+with the host over serial for the test data.
 
-Host test script for testing mbed TLS test suites on target. Implements
-BaseHostTest to handle key,value pairs (events) coming from mbed TLS
-tests. Reads data file corresponding to the executing binary and dispatches
-test cases.
+Python tool mbedgt (greentea) is responsible for flashing the test
+binary on to the target and dynamically loading the host test.
+
+This script contains the host test for handling target test's
+requests for test vectors. It also reports the test results
+in format understood by Greentea.
 """
 
 
@@ -41,7 +48,8 @@ class TestDataParserError(Exception):
 
 class TestDataParser(object):
     """
-    parser for mbedtls test data files.
+    Parses test name, dependencies, test function name and test parameters
+    from the data file.
     """
 
     def __init__(self):
@@ -127,19 +135,30 @@ class TestDataParser(object):
 
 class MbedTlsTest(BaseHostTest):
     """
-    Event handler for mbedtls unit tests. This script is loaded at run time
-    by htrun while executing mbedtls unit tests.
+    Host test for mbedtls unit tests. This script is loaded at
+    run time by Greentea for executing mbedtls test suites. Each
+    communication from the target is received in this object as
+    an event, which is then handled by the event handler method
+    decorated by the associated event. Ex: @event_callback('GO').
+
+    Target test sends requests for dispatching next test. It reads
+    tests from the intermediate data file and sends test function
+    identifier, dependency identifiers, expression identifiers and
+    the test data in binary form. Target test checks dependecnies
+    , evaluate integer constant expressions and dispatches the test
+    function with received test parameters.
+
     """
-    # From suites/helpers.function
+    # status/error codes from suites/helpers.function
     DEPENDENCY_SUPPORTED = 0
     KEY_VALUE_MAPPING_FOUND = DEPENDENCY_SUPPORTED
     DISPATCH_TEST_SUCCESS = DEPENDENCY_SUPPORTED
 
-    KEY_VALUE_MAPPING_NOT_FOUND = -1
-    DEPENDENCY_NOT_SUPPORTED = -2
-    DISPATCH_TEST_FN_NOT_FOUND = -3
-    DISPATCH_INVALID_TEST_DATA = -4
-    DISPATCH_UNSUPPORTED_SUITE = -5
+    KEY_VALUE_MAPPING_NOT_FOUND = -1    # Expression Id not found.
+    DEPENDENCY_NOT_SUPPORTED = -2       # Dependency not supported.
+    DISPATCH_TEST_FN_NOT_FOUND = -3     # Test function not found.
+    DISPATCH_INVALID_TEST_DATA = -4     # Invalid parameter type.
+    DISPATCH_UNSUPPORTED_SUITE = -5     # Test suite not supported/enabled.
 
     def __init__(self):
         """
@@ -159,13 +178,15 @@ class MbedTlsTest(BaseHostTest):
 
     def setup(self):
         """
-        Setup hook implementation. Reads test suite data file and parses out tests.
+        Setup hook implementation. Reads test suite data file and parses out
+        tests.
         """
         binary_path = self.get_config_item('image_path')
         script_dir = os.path.split(os.path.abspath(__file__))[0]
         suite_name = os.path.splitext(os.path.basename(binary_path))[0]
         data_file = ".".join((suite_name, 'data'))
-        data_file = os.path.join(script_dir, '..', 'mbedtls', suite_name, data_file)
+        data_file = os.path.join(script_dir, '..', 'mbedtls',
+                                 suite_name, data_file)
         if os.path.exists(data_file):
             self.log("Running tests from %s" % data_file)
             parser = TestDataParser()
@@ -262,7 +283,7 @@ class MbedTlsTest(BaseHostTest):
 
     def run_next_test(self):
         """
-        Send next test function to the target.
+        Fetch next test information and execute the test.
 
         """
         self.test_index += 1
@@ -275,7 +296,7 @@ class MbedTlsTest(BaseHostTest):
 
     def run_test(self, name, function_id, deps, args):
         """
-        Runs the test.
+        Execute the test on target by sending next test information.
 
         :param name: Test name
         :param function_id: function identifier
@@ -304,7 +325,7 @@ class MbedTlsTest(BaseHostTest):
     @event_callback('GO')
     def on_go(self, key, value, timestamp):
         """
-        Called on key "GO". Kicks off test execution.
+        Sent by the target to start first test.
 
         :param key: Event key
         :param value: Value. ignored
@@ -316,7 +337,8 @@ class MbedTlsTest(BaseHostTest):
     @event_callback("R")
     def on_result(self, key, value, timestamp):
         """
-        Handle result. Prints test start, finish prints required by Greentea to detect test execution.
+        Handle result. Prints test start, finish required by Greentea
+        to detect test execution.
 
         :param key: Event key
         :param value: Value. ignored

From 62a5d7d65a7e902cab39671b0d615f4fd5d30288 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 29 Jun 2018 10:02:54 +0100
Subject: [PATCH 322/578] Document status/error codes in helper.function

---
 tests/suites/helpers.function | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 7f5a6f29a..3c2a6db66 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -49,17 +49,21 @@ typedef struct HexParam_tag
 } HexParam_t;
 
 /*----------------------------------------------------------------------------*/
-/* Constants */
+/* Status and error constants */
 
-#define DEPENDENCY_SUPPORTED            0
-#define KEY_VALUE_MAPPING_FOUND         0
-#define DISPATCH_TEST_SUCCESS           0
+#define DEPENDENCY_SUPPORTED            0   /* Dependency supported by build */
+#define KEY_VALUE_MAPPING_FOUND         0   /* Integer expression found */
+#define DISPATCH_TEST_SUCCESS           0   /* Test dispatch successful */
 
-#define KEY_VALUE_MAPPING_NOT_FOUND     -1
-#define DEPENDENCY_NOT_SUPPORTED        -2
-#define DISPATCH_TEST_FN_NOT_FOUND      -3
-#define DISPATCH_INVALID_TEST_DATA      -4
-#define DISPATCH_UNSUPPORTED_SUITE      -5
+#define KEY_VALUE_MAPPING_NOT_FOUND     -1  /* Integer expression not found */
+#define DEPENDENCY_NOT_SUPPORTED        -2  /* Dependency not supported */
+#define DISPATCH_TEST_FN_NOT_FOUND      -3  /* Test function not found */
+#define DISPATCH_INVALID_TEST_DATA      -4  /* Invalid test parameter type.
+                                               Only int, string, binary data
+                                               and integer expressions are
+                                               allowed */
+#define DISPATCH_UNSUPPORTED_SUITE      -5  /* Test suite not supported by the
+                                               build */
 
 
 /*----------------------------------------------------------------------------*/

From 5fcca46a3a87bfbc04d72fa062a7db948bcea6a5 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 29 Jun 2018 11:05:32 +0100
Subject: [PATCH 323/578] Rename HexParam_t -> data_t for consistent coding
 style

---
 tests/scripts/generate_test_code.py        |  8 ++--
 tests/scripts/test_generate_test_code.py   | 10 ++---
 tests/suites/helpers.function              |  4 +-
 tests/suites/test_suite_aes.function       | 32 +++++++--------
 tests/suites/test_suite_arc4.function      |  4 +-
 tests/suites/test_suite_asn1write.function |  6 +--
 tests/suites/test_suite_base64.function    |  6 +--
 tests/suites/test_suite_blowfish.function  | 28 ++++++-------
 tests/suites/test_suite_camellia.function  | 28 ++++++-------
 tests/suites/test_suite_ccm.function       | 14 +++----
 tests/suites/test_suite_cipher.function    | 18 ++++----
 tests/suites/test_suite_cmac.function      | 30 +++++++-------
 tests/suites/test_suite_ctr_drbg.function  | 12 +++---
 tests/suites/test_suite_debug.function     |  2 +-
 tests/suites/test_suite_des.function       | 38 ++++++++---------
 tests/suites/test_suite_ecdh.function      |  4 +-
 tests/suites/test_suite_ecdsa.function     |  4 +-
 tests/suites/test_suite_ecjpake.function   |  6 +--
 tests/suites/test_suite_ecp.function       |  8 ++--
 tests/suites/test_suite_entropy.function   |  2 +-
 tests/suites/test_suite_gcm.function       | 22 +++++-----
 tests/suites/test_suite_hmac_drbg.function | 16 ++++----
 tests/suites/test_suite_md.function        | 22 +++++-----
 tests/suites/test_suite_mdx.function       |  8 ++--
 tests/suites/test_suite_mpi.function       |  6 +--
 tests/suites/test_suite_pem.function       |  2 +-
 tests/suites/test_suite_pk.function        | 20 ++++-----
 tests/suites/test_suite_pkcs1_v15.function | 16 ++++----
 tests/suites/test_suite_pkcs1_v21.function | 20 ++++-----
 tests/suites/test_suite_pkcs5.function     |  8 ++--
 tests/suites/test_suite_pkparse.function   |  2 +-
 tests/suites/test_suite_rsa.function       | 48 +++++++++++-----------
 tests/suites/test_suite_shax.function      | 10 ++---
 tests/suites/test_suite_ssl.function       |  2 +-
 tests/suites/test_suite_x509parse.function | 14 +++----
 tests/suites/test_suite_xtea.function      | 16 ++++----
 36 files changed, 248 insertions(+), 248 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 047b13001..c4c11fc39 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -300,19 +300,19 @@ def parse_function_signature(line):
         elif re.search('char\s*\*\s*.*', arg.strip()):
             args.append('char*')
             args_dispatch.append('(char *) params[%d]' % arg_idx)
-        elif re.search('HexParam_t\s*\*\s*.*', arg.strip()):
+        elif re.search('data_t\s*\*\s*.*', arg.strip()):
             args.append('hex')
             # create a structure
             pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
             len_initializer = '*( (uint32_t *) params[%d] )' % (arg_idx+1)
-            locals += """    HexParam_t hex%d = {%s, %s};
+            locals += """    data_t data%d = {%s, %s};
 """ % (arg_idx, pointer_initializer, len_initializer)
 
-            args_dispatch.append('&hex%d' % arg_idx)
+            args_dispatch.append('&data%d' % arg_idx)
             arg_idx += 1
         else:
             raise ValueError("Test function arguments can only be 'int', "
-                             "'char *' or 'HexParam_t'\n%s" % line)
+                             "'char *' or 'data_t'\n%s" % line)
         arg_idx += 1
 
     return name, args, locals, args_dispatch
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index 9964ab9f6..f1088a32a 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -442,11 +442,11 @@ class ParseFuncSignature(TestCase):
         Test hex parameters parsing
         :return:
         """
-        line = 'void entropy_threshold( char * a, HexParam_t * h, int result )'
+        line = 'void entropy_threshold( char * a, data_t * h, int result )'
         name, args, local, arg_dispatch = parse_function_signature(line)
         self.assertEqual(name, 'entropy_threshold')
         self.assertEqual(args, ['char*', 'hex', 'int'])
-        self.assertEqual(local, '    HexParam_t hex1 = {(uint8_t *) params[1], *( (uint32_t *) params[2] )};\n')
+        self.assertEqual(local, '    data_t hex1 = {(uint8_t *) params[1], *( (uint32_t *) params[2] )};\n')
         self.assertEqual(arg_dispatch, ['(char *) params[0]', '&hex1', '*( (int *) params[3] )'])
 
     def test_non_void_function(self):
@@ -454,15 +454,15 @@ class ParseFuncSignature(TestCase):
         Test invalid signature (non void).
         :return:
         """
-        line = 'int entropy_threshold( char * a, HexParam_t * h, int result )'
+        line = 'int entropy_threshold( char * a, data_t * h, int result )'
         self.assertRaises(ValueError, parse_function_signature, line)
 
     def test_unsupported_arg(self):
         """
-        Test unsupported arguments (not among int, char * and HexParam_t)
+        Test unsupported arguments (not among int, char * and data_t)
         :return:
         """
-        line = 'int entropy_threshold( char * a, HexParam_t * h, int * result )'
+        line = 'int entropy_threshold( char * a, data_t * h, int * result )'
         self.assertRaises(ValueError, parse_function_signature, line)
 
     def test_no_params(self):
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 3c2a6db66..56ae62916 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -42,11 +42,11 @@ typedef UINT32 uint32_t;
 #endif
 
 /* Type for Hex parameters */
-typedef struct HexParam_tag
+typedef struct data_tag
 {
     uint8_t *   x;
     uint32_t    len;
-} HexParam_t;
+} data_t;
 
 /*----------------------------------------------------------------------------*/
 /* Status and error constants */
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index a0f1b13eb..a797e699c 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -8,8 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void aes_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                      HexParam_t * hex_dst_string, int setkey_result )
+void aes_encrypt_ecb( data_t * key_str, data_t * src_str,
+                      data_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -32,8 +32,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void aes_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                      HexParam_t * hex_dst_string, int setkey_result )
+void aes_decrypt_ecb( data_t * key_str, data_t * src_str,
+                      data_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -56,8 +56,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                      HexParam_t * src_str, HexParam_t * hex_dst_string,
+void aes_encrypt_cbc( data_t * key_str, data_t * iv_str,
+                      data_t * src_str, data_t * hex_dst_string,
                       int cbc_result )
 {
     unsigned char output[100];
@@ -81,8 +81,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void aes_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                      HexParam_t * src_str, HexParam_t * hex_dst_string,
+void aes_decrypt_cbc( data_t * key_str, data_t * iv_str,
+                      data_t * src_str, data_t * hex_dst_string,
                       int cbc_result )
 {
     unsigned char output[100];
@@ -230,8 +230,8 @@ exit:
 
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
-                         HexParam_t * src_str, HexParam_t * hex_dst_string )
+void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str,
+                         data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -252,8 +252,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
-                         HexParam_t * src_str, HexParam_t * hex_dst_string )
+void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str,
+                         data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -274,8 +274,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_encrypt_cfb8( HexParam_t * key_str, HexParam_t * iv_str,
-                       HexParam_t * src_str, HexParam_t * hex_dst_string )
+void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str,
+                       data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -295,8 +295,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void aes_decrypt_cfb8( HexParam_t * key_str, HexParam_t * iv_str,
-                       HexParam_t * src_str, HexParam_t * hex_dst_string )
+void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str,
+                       data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index 2a56a5b2d..ae3b032b3 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -8,8 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_arc4_crypt( HexParam_t * src_str, HexParam_t * key_str,
-                         HexParam_t * hex_dst_string )
+void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str,
+                         data_t * hex_dst_string )
 {
     unsigned char dst_str[1000];
     mbedtls_arc4_context ctx;
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index 3b2d86e79..aae44a8c6 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -11,7 +11,7 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_octet_string( HexParam_t * str, HexParam_t * asn1,
+void mbedtls_asn1_write_octet_string( data_t * str, data_t * asn1,
                                       int buf_len, int result )
 {
     int ret;
@@ -44,7 +44,7 @@ void mbedtls_asn1_write_octet_string( HexParam_t * str, HexParam_t * asn1,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_ia5_string( char * str, HexParam_t * asn1,
+void mbedtls_asn1_write_ia5_string( char * str, data_t * asn1,
                                     int buf_len, int result )
 {
     int ret;
@@ -79,7 +79,7 @@ void mbedtls_asn1_write_ia5_string( char * str, HexParam_t * asn1,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_asn1_write_len( int len, HexParam_t * asn1, int buf_len,
+void mbedtls_asn1_write_len( int len, data_t * asn1, int buf_len,
                              int result )
 {
     int ret;
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 53f0f6921..3a8bf430f 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -49,7 +49,7 @@ void mbedtls_base64_decode( char * src_string, char * dst_string, int result )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_encode_hex( HexParam_t * src, char * dst, int dst_buf_size,
+void base64_encode_hex( data_t * src, char * dst, int dst_buf_size,
                         int result )
 {
     unsigned char *res = NULL;
@@ -70,7 +70,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_decode_hex( char * src, HexParam_t * dst, int dst_buf_size,
+void base64_decode_hex( char * src, data_t * dst, int dst_buf_size,
                         int result )
 {
     unsigned char *res = NULL;
@@ -92,7 +92,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void base64_decode_hex_src( HexParam_t * src, char * dst_ref, int result )
+void base64_decode_hex_src( data_t * src, char * dst_ref, int result )
 {
     unsigned char dst[1000] = { 0 };
     size_t len;
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index d88eac463..189e23dc6 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -8,8 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void blowfish_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                           HexParam_t * hex_dst_string, int setkey_result )
+void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str,
+                           data_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -32,8 +32,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void blowfish_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                           HexParam_t * hex_dst_string, int setkey_result )
+void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str,
+                           data_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_blowfish_context ctx;
@@ -56,8 +56,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str,
+                           data_t * src_str, data_t * hex_dst_string,
                            int cbc_result )
 {
     unsigned char output[100];
@@ -82,8 +82,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void blowfish_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str,
+                           data_t * src_str, data_t * hex_dst_string,
                            int cbc_result )
 {
     unsigned char output[100];
@@ -107,8 +107,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_encrypt_cfb64( HexParam_t * key_str, HexParam_t * iv_str,
-                             HexParam_t * src_str, HexParam_t * hex_dst_string
+void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str,
+                             data_t * src_str, data_t * hex_dst_string
                              )
 {
     unsigned char output[100];
@@ -130,8 +130,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void blowfish_decrypt_cfb64( HexParam_t * key_str, HexParam_t * iv_str,
-                             HexParam_t * src_str, HexParam_t * hex_dst_string
+void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str,
+                             data_t * src_str, data_t * hex_dst_string
                              )
 {
     unsigned char output[100];
@@ -153,8 +153,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
-void blowfish_encrypt_ctr( HexParam_t * key_str, HexParam_t * iv_str,
-                           HexParam_t * src_str, HexParam_t * hex_dst_string )
+void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str,
+                           data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char stream_str[100];
     unsigned char output[100];
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 4bfa1a5da..d09a6107a 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -8,8 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void camellia_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                           HexParam_t * hex_dst_string, int setkey_result )
+void camellia_encrypt_ecb( data_t * key_str, data_t * src_str,
+                           data_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -32,8 +32,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void camellia_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                           HexParam_t * hex_dst_string, int setkey_result )
+void camellia_decrypt_ecb( data_t * key_str, data_t * src_str,
+                           data_t * hex_dst_string, int setkey_result )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -56,8 +56,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str,
+                           data_t * src_str, data_t * hex_dst_string,
                            int cbc_result )
 {
     unsigned char output[100];
@@ -81,8 +81,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void camellia_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                           HexParam_t * src_str, HexParam_t * hex_dst_string,
+void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str,
+                           data_t * src_str, data_t * hex_dst_string,
                            int cbc_result )
 {
     unsigned char output[100];
@@ -106,9 +106,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_encrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
-                              HexParam_t * src_str,
-                              HexParam_t * hex_dst_string )
+void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str,
+                              data_t * src_str,
+                              data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
@@ -129,9 +129,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */
-void camellia_decrypt_cfb128( HexParam_t * key_str, HexParam_t * iv_str,
-                              HexParam_t * src_str,
-                              HexParam_t * hex_dst_string )
+void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str,
+                              data_t * src_str,
+                              data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_camellia_context ctx;
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 79ee0ff8f..9951ca168 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -116,9 +116,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_encrypt_and_tag( int cipher_id, HexParam_t * key,
-                                  HexParam_t * msg, HexParam_t * iv,
-                                  HexParam_t * add, HexParam_t * result )
+void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
+                                  data_t * msg, data_t * iv,
+                                  data_t * add, data_t * result )
 {
     mbedtls_ccm_context ctx;
     size_t tag_len;
@@ -149,10 +149,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ccm_auth_decrypt( int cipher_id, HexParam_t * key,
-                               HexParam_t * msg, HexParam_t * iv,
-                               HexParam_t * add, int tag_len, int result,
-                               HexParam_t * hex_msg )
+void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
+                               data_t * msg, data_t * iv,
+                               data_t * add, int tag_len, int result,
+                               data_t * hex_msg )
 {
     unsigned char tag[16];
     mbedtls_ccm_context ctx;
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index ddb9576e3..0de02e827 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -471,9 +471,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void decrypt_test_vec( int cipher_id, int pad_mode, HexParam_t * key,
-                       HexParam_t * iv, HexParam_t * cipher,
-                       HexParam_t * clear, HexParam_t * ad, HexParam_t * tag,
+void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key,
+                       data_t * iv, data_t * cipher,
+                       data_t * clear, data_t * ad, data_t * tag,
                        int finish_result, int tag_result )
 {
     unsigned char output[265];
@@ -529,9 +529,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
-void auth_crypt_tv( int cipher_id, HexParam_t * key, HexParam_t * iv,
-                    HexParam_t * ad, HexParam_t * cipher, HexParam_t * tag,
-                    char * result, HexParam_t * clear )
+void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
+                    data_t * ad, data_t * cipher, data_t * tag,
+                    char * result, data_t * clear )
 {
     int ret;
     unsigned char output[267]; /* above + 2 (overwrite check) */
@@ -598,8 +598,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void test_vec_ecb( int cipher_id, int operation, HexParam_t * key,
-                   HexParam_t * input, HexParam_t * result, int finish_result
+void test_vec_ecb( int cipher_id, int operation, data_t * key,
+                   data_t * input, data_t * result, int finish_result
                    )
 {
     mbedtls_cipher_context_t ctx;
@@ -655,7 +655,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void check_padding( int pad_mode, HexParam_t * input, int ret, int dlen_check
+void check_padding( int pad_mode, data_t * input, int ret, int dlen_check
                     )
 {
     mbedtls_cipher_info_t cipher_info;
diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function
index 85b3be149..cabf1070c 100644
--- a/tests/suites/test_suite_cmac.function
+++ b/tests/suites/test_suite_cmac.function
@@ -119,13 +119,13 @@ void mbedtls_cmac_setkey( int cipher_type, int key_size, int result )
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_cmac_multiple_blocks( int cipher_type, HexParam_t * key,
+void mbedtls_cmac_multiple_blocks( int cipher_type, data_t * key,
                                    int keybits, int block_size,
-                                   HexParam_t * block1, int block1_len,
-                                   HexParam_t * block2, int block2_len,
-                                   HexParam_t * block3, int block3_len,
-                                   HexParam_t * block4, int block4_len,
-                                   HexParam_t * expected_result )
+                                   data_t * block1, int block1_len,
+                                   data_t * block2, int block2_len,
+                                   data_t * block3, int block3_len,
+                                   data_t * block4, int block4_len,
+                                   data_t * expected_result )
 {
     const mbedtls_cipher_info_t *cipher_info;
     mbedtls_cipher_context_t ctx;
@@ -184,22 +184,22 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_cmac_multiple_operations_same_key( int cipher_type,
-                                                HexParam_t * key, int keybits,
+                                                data_t * key, int keybits,
                                                 int block_size,
-                                                HexParam_t * block_a1,
+                                                data_t * block_a1,
                                                 int block_a1_len,
-                                                HexParam_t * block_a2,
+                                                data_t * block_a2,
                                                 int block_a2_len,
-                                                HexParam_t * block_a3,
+                                                data_t * block_a3,
                                                 int block_a3_len,
-                                                HexParam_t * expected_result_a,
-                                                HexParam_t * block_b1,
+                                                data_t * expected_result_a,
+                                                data_t * block_b1,
                                                 int block_b1_len,
-                                                HexParam_t * block_b2,
+                                                data_t * block_b2,
                                                 int block_b2_len,
-                                                HexParam_t * block_b3,
+                                                data_t * block_b3,
                                                 int block_b3_len,
-                                                HexParam_t * expected_result_b
+                                                data_t * expected_result_b
                                                 )
 {
     const mbedtls_cipher_info_t *cipher_info;
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 619c76e19..c8d2aff4d 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -51,9 +51,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ctr_drbg_validate_pr( HexParam_t * add_init, HexParam_t * entropy,
-                           HexParam_t * add1, HexParam_t * add2,
-                           HexParam_t * result_str )
+void ctr_drbg_validate_pr( data_t * add_init, data_t * entropy,
+                           data_t * add1, data_t * add2,
+                           data_t * result_str )
 {
     mbedtls_ctr_drbg_context ctx;
     unsigned char buf[512];
@@ -75,9 +75,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ctr_drbg_validate_nopr( HexParam_t * add_init, HexParam_t * entropy,
-                             HexParam_t * add1, HexParam_t * add_reseed,
-                             HexParam_t * add2, HexParam_t * result_str )
+void ctr_drbg_validate_nopr( data_t * add_init, data_t * entropy,
+                             data_t * add1, data_t * add_reseed,
+                             data_t * add2, data_t * result_str )
 {
     mbedtls_ctr_drbg_context ctx;
     unsigned char buf[512];
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index f517c8a9f..377d630d9 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -105,7 +105,7 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_debug_print_buf( char * file, int line, char * text,
-                              HexParam_t * data, char * result_str )
+                              data_t * data, char * result_str )
 {
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 8fab5e415..b5acb7b0f 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -8,15 +8,15 @@
  */
 
 /* BEGIN_CASE */
-void des_check_weak( HexParam_t * key, int ret )
+void des_check_weak( data_t * key, int ret )
 {
     TEST_ASSERT( mbedtls_des_key_check_weak( key->x ) == ret );
 }
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                      HexParam_t * hex_dst_string )
+void des_encrypt_ecb( data_t * key_str, data_t * src_str,
+                      data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des_context ctx;
@@ -36,8 +36,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                      HexParam_t * hex_dst_string )
+void des_decrypt_ecb( data_t * key_str, data_t * src_str,
+                      data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des_context ctx;
@@ -57,8 +57,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                      HexParam_t * src_str, HexParam_t * hex_dst_string,
+void des_encrypt_cbc( data_t * key_str, data_t * iv_str,
+                      data_t * src_str, data_t * hex_dst_string,
                       int cbc_result )
 {
     unsigned char output[100];
@@ -82,8 +82,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                      HexParam_t * src_str, HexParam_t * hex_dst_string,
+void des_decrypt_cbc( data_t * key_str, data_t * iv_str,
+                      data_t * src_str, data_t * hex_dst_string,
                       int cbc_result )
 {
     unsigned char output[100];
@@ -107,8 +107,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des3_encrypt_ecb( int key_count, HexParam_t * key_str,
-                       HexParam_t * src_str, HexParam_t * hex_dst_string )
+void des3_encrypt_ecb( int key_count, data_t * key_str,
+                       data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
@@ -134,8 +134,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void des3_decrypt_ecb( int key_count, HexParam_t * key_str,
-                       HexParam_t * src_str, HexParam_t * hex_dst_string )
+void des3_decrypt_ecb( int key_count, data_t * key_str,
+                       data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
@@ -161,9 +161,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_encrypt_cbc( int key_count, HexParam_t * key_str,
-                       HexParam_t * iv_str, HexParam_t * src_str,
-                       HexParam_t * hex_dst_string, int cbc_result )
+void des3_encrypt_cbc( int key_count, data_t * key_str,
+                       data_t * iv_str, data_t * src_str,
+                       data_t * hex_dst_string, int cbc_result )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
@@ -193,9 +193,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void des3_decrypt_cbc( int key_count, HexParam_t * key_str,
-                       HexParam_t * iv_str, HexParam_t * src_str,
-                       HexParam_t * hex_dst_string, int cbc_result )
+void des3_decrypt_cbc( int key_count, data_t * key_str,
+                       data_t * iv_str, data_t * src_str,
+                       data_t * hex_dst_string, int cbc_result )
 {
     unsigned char output[100];
     mbedtls_des3_context ctx;
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 2d71828eb..a2c7cedba 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -43,8 +43,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecdh_primitive_testvec( int id, HexParam_t * rnd_buf_A, char * xA_str,
-                             char * yA_str, HexParam_t * rnd_buf_B,
+void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
+                             char * yA_str, data_t * rnd_buf_B,
                              char * xB_str, char * yB_str, char * z_str )
 {
     mbedtls_ecp_group grp;
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 65d497d53..48ce586be 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -41,8 +41,8 @@ exit:
 
 /* BEGIN_CASE */
 void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str,
-                              char * yQ_str, HexParam_t * rnd_buf,
-                              HexParam_t * hash, char * r_str, char * s_str,
+                              char * yQ_str, data_t * rnd_buf,
+                              data_t * hash, char * r_str, char * s_str,
                               int result )
 {
     mbedtls_ecp_group grp;
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 2579704a7..9e4f7a371 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -106,7 +106,7 @@ void ecjpake_selftest(  )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_one( int role, HexParam_t * msg, int ref_ret )
+void read_round_one( int role, data_t * msg, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
     const unsigned char * pw = NULL;
@@ -125,7 +125,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_cli( HexParam_t * msg, int ref_ret )
+void read_round_two_cli( data_t * msg, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
     const unsigned char * pw = NULL;
@@ -150,7 +150,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void read_round_two_srv( HexParam_t * msg, int ref_ret )
+void read_round_two_srv( data_t * msg, int ref_ret )
 {
     mbedtls_ecjpake_context ctx;
     const unsigned char * pw = NULL;
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index d5a092668..d79a6b3f2 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -193,7 +193,7 @@ exit:
 
 /* BEGIN_CASE */
 void ecp_write_binary( int id, char * x, char * y, char * z, int format,
-                       HexParam_t * out, int blen, int ret )
+                       data_t * out, int blen, int ret )
 {
     mbedtls_ecp_group grp;
     mbedtls_ecp_point P;
@@ -224,7 +224,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void ecp_read_binary( int id, HexParam_t * buf, char * x, char * y, char * z,
+void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z,
                       int ret )
 {
     mbedtls_ecp_group grp;
@@ -257,7 +257,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_tls_read_point( int id, HexParam_t * buf, char * x, char * y,
+void mbedtls_ecp_tls_read_point( int id, data_t * buf, char * x, char * y,
                                  char * z, int ret )
 {
     mbedtls_ecp_group grp;
@@ -344,7 +344,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_ecp_tls_read_group( HexParam_t * buf, int result, int bits,
+void mbedtls_ecp_tls_read_group( data_t * buf, int result, int bits,
                                  int record_len )
 {
     mbedtls_ecp_group grp;
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 9b54f3027..26a0f5911 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -302,7 +302,7 @@ void entropy_nv_seed_std_io(  )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-void entropy_nv_seed( HexParam_t * read_seed )
+void entropy_nv_seed( data_t * read_seed )
 {
     mbedtls_sha512_context accumulator;
     mbedtls_entropy_context ctx;
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index b3d212a50..4d3bba161 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -9,8 +9,8 @@
 
 /* BEGIN_CASE */
 void gcm_bad_parameters( int cipher_id, int direction,
-                         HexParam_t *key_str, HexParam_t *src_str,
-                         HexParam_t *iv_str, HexParam_t *add_str,
+                         data_t *key_str, data_t *src_str,
+                         data_t *iv_str, data_t *add_str,
                          int tag_len_bits, int gcm_result )
 {
     unsigned char output[128];
@@ -33,10 +33,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void gcm_encrypt_and_tag( int cipher_id, HexParam_t * key_str,
-                          HexParam_t * src_str, HexParam_t * iv_str,
-                          HexParam_t * add_str, HexParam_t * hex_dst_string,
-                          int tag_len_bits, HexParam_t * hex_tag_string,
+void gcm_encrypt_and_tag( int cipher_id, data_t * key_str,
+                          data_t * src_str, data_t * iv_str,
+                          data_t * add_str, data_t * hex_dst_string,
+                          int tag_len_bits, data_t * hex_tag_string,
                           int init_result )
 {
     unsigned char output[128];
@@ -65,11 +65,11 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void gcm_decrypt_and_verify( int cipher_id, HexParam_t * key_str,
-                             HexParam_t * src_str, HexParam_t * iv_str,
-                             HexParam_t * add_str, int tag_len_bits,
-                             HexParam_t * tag_str, char * result,
-                             HexParam_t * pt_result, int init_result )
+void gcm_decrypt_and_verify( int cipher_id, data_t * key_str,
+                             data_t * src_str, data_t * iv_str,
+                             data_t * add_str, int tag_len_bits,
+                             data_t * tag_str, char * result,
+                             data_t * pt_result, int init_result )
 {
     unsigned char output[128];
     mbedtls_gcm_context ctx;
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index aeea62c36..13bc40062 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -161,9 +161,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_no_reseed( int md_alg, HexParam_t * entropy,
-                          HexParam_t * custom, HexParam_t * add1,
-                          HexParam_t * add2, HexParam_t * output )
+void hmac_drbg_no_reseed( int md_alg, data_t * entropy,
+                          data_t * custom, data_t * add1,
+                          data_t * add2, data_t * output )
 {
     unsigned char data[1024];
     unsigned char my_output[512];
@@ -209,9 +209,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_nopr( int md_alg, HexParam_t * entropy, HexParam_t * custom,
-                     HexParam_t * add1, HexParam_t * add2, HexParam_t * add3,
-                     HexParam_t * output )
+void hmac_drbg_nopr( int md_alg, data_t * entropy, data_t * custom,
+                     data_t * add1, data_t * add2, data_t * add3,
+                     data_t * output )
 {
     unsigned char my_output[512];
     entropy_ctx p_entropy;
@@ -242,8 +242,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void hmac_drbg_pr( int md_alg, HexParam_t * entropy, HexParam_t * custom,
-                   HexParam_t * add1, HexParam_t * add2, HexParam_t * output )
+void hmac_drbg_pr( int md_alg, data_t * entropy, data_t * custom,
+                   data_t * add1, data_t * add2, data_t * output )
 {
     unsigned char my_output[512];
     entropy_ctx p_entropy;
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 07e2d5849..11cf88ae7 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -127,7 +127,7 @@ void md_info( int md_type, char * md_name, int md_size )
 
 /* BEGIN_CASE */
 void md_text( char * text_md_name, char * text_src_string,
-              HexParam_t * hex_hash_string )
+              data_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char src_str[1000];
@@ -150,8 +150,8 @@ void md_text( char * text_md_name, char * text_src_string,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hex( char * text_md_name, HexParam_t * src_str,
-             HexParam_t * hex_hash_string )
+void md_hex( char * text_md_name, data_t * src_str,
+             data_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -174,7 +174,7 @@ void md_hex( char * text_md_name, HexParam_t * src_str,
 
 /* BEGIN_CASE */
 void md_text_multi( char * text_md_name, char * text_src_string,
-                    HexParam_t * hex_hash_string )
+                    data_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char src_str[1000];
@@ -225,8 +225,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hex_multi( char * text_md_name, HexParam_t * src_str,
-                   HexParam_t * hex_hash_string )
+void md_hex_multi( char * text_md_name, data_t * src_str,
+                   data_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -272,8 +272,8 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_md_hmac( char * text_md_name, int trunc_size,
-                      HexParam_t * key_str, HexParam_t * src_str,
-                      HexParam_t * hex_hash_string )
+                      data_t * key_str, data_t * src_str,
+                      data_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -294,8 +294,8 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void md_hmac_multi( char * text_md_name, int trunc_size, HexParam_t * key_str,
-                    HexParam_t * src_str, HexParam_t * hex_hash_string )
+void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str,
+                    data_t * src_str, data_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
@@ -340,7 +340,7 @@ exit:
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
 void mbedtls_md_file( char * text_md_name, char * filename,
-                      HexParam_t * hex_hash_string )
+                      data_t * hex_hash_string )
 {
     char md_name[100];
     unsigned char output[100];
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index ddfe3697b..02004efa8 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -6,7 +6,7 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD2_C */
-void md2_text( char * text_src_string, HexParam_t * hex_hash_string )
+void md2_text( char * text_src_string, data_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
@@ -25,7 +25,7 @@ void md2_text( char * text_src_string, HexParam_t * hex_hash_string )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD4_C */
-void md4_text( char * text_src_string, HexParam_t * hex_hash_string )
+void md4_text( char * text_src_string, data_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
@@ -44,7 +44,7 @@ void md4_text( char * text_src_string, HexParam_t * hex_hash_string )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */
-void md5_text( char * text_src_string, HexParam_t * hex_hash_string )
+void md5_text( char * text_src_string, data_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
@@ -63,7 +63,7 @@ void md5_text( char * text_src_string, HexParam_t * hex_hash_string )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */
-void ripemd160_text( char * text_src_string, HexParam_t * hex_hash_string )
+void ripemd160_text( char * text_src_string, data_t * hex_hash_string )
 {
     int ret;
     unsigned char src_str[100];
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 4b7a04859..4754c6e53 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -53,7 +53,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_mpi_read_binary( HexParam_t * buf, int radix_A, char * input_A )
+void mbedtls_mpi_read_binary( data_t * buf, int radix_A, char * input_A )
 {
     mbedtls_mpi X;
     unsigned char str[1000];
@@ -73,7 +73,7 @@ exit:
 
 /* BEGIN_CASE */
 void mbedtls_mpi_write_binary( int radix_X, char * input_X,
-                               HexParam_t * input_A, int output_size,
+                               data_t * input_A, int output_size,
                                int result )
 {
     mbedtls_mpi X;
@@ -104,7 +104,7 @@ exit:
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
 void mbedtls_mpi_read_file( int radix_X, char * input_file,
-                            HexParam_t * input_A, int result )
+                            data_t * input_A, int result )
 {
     mbedtls_mpi X;
     unsigned char buf[1000];
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index dcd53d653..947f1fb25 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -6,7 +6,7 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void mbedtls_pem_write_buffer( char * start, char * end, HexParam_t * buf,
+void mbedtls_pem_write_buffer( char * start, char * end, data_t * buf,
                                char * result_str )
 {
     unsigned char *check_buf = NULL;
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 23e3a69e2..9005ddb31 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -121,9 +121,9 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_test_vec( HexParam_t * message_str, int digest, int mod,
+void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod,
                              int radix_N, char * input_N, int radix_E,
-                             char * input_E, HexParam_t * result_str,
+                             char * input_E, data_t * result_str,
                              int result )
 {
     unsigned char hash_result[1000];
@@ -154,10 +154,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_verify_ext_test_vec( HexParam_t * message_str, int digest,
+void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest,
                                  int mod, int radix_N, char * input_N,
                                  int radix_E, char * input_E,
-                                 HexParam_t * result_str, int pk_type,
+                                 data_t * result_str, int pk_type,
                                  int mgf1_hash_id, int salt_len, int result )
 {
     unsigned char hash_result[1000];
@@ -213,8 +213,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C */
-void pk_ec_test_vec( int type, int id, HexParam_t * key, HexParam_t * hash,
-                     HexParam_t * sig, int ret )
+void pk_ec_test_vec( int type, int id, data_t * key, data_t * hash,
+                     data_t * sig, int ret )
 {
     mbedtls_pk_context pk;
     mbedtls_ecp_keypair *eckey;
@@ -266,9 +266,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_encrypt_test_vec( HexParam_t * message, int mod, int radix_N,
+void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N,
                               char * input_N, int radix_E, char * input_E,
-                              HexParam_t * result, int ret )
+                              data_t * result, int ret )
 {
     unsigned char output[1000];
     rnd_pseudo_info rnd_info;
@@ -300,10 +300,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_rsa_decrypt_test_vec( HexParam_t * cipher, int mod, int radix_P,
+void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P,
                               char * input_P, int radix_Q, char * input_Q,
                               int radix_N, char * input_N, int radix_E,
-                              char * input_E, HexParam_t * clear, int ret )
+                              char * input_E, data_t * clear, int ret )
 {
     unsigned char output[1000];
     rnd_pseudo_info rnd_info;
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 9cf3b1934..83f417ca8 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -11,8 +11,8 @@
 /* BEGIN_CASE */
 void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N,
                               int radix_E, char * input_E, int hash,
-                              HexParam_t * message_str, HexParam_t * rnd_buf,
-                              HexParam_t * result_hex_str, int result )
+                              data_t * message_str, data_t * rnd_buf,
+                              data_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -50,8 +50,8 @@ exit:
 void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P,
                               int radix_Q, char * input_Q, int radix_N,
                               char * input_N, int radix_E, char * input_E,
-                              int hash, HexParam_t * result_hex_str,
-                              char * seed, HexParam_t * message_str,
+                              int hash, data_t * result_hex_str,
+                              char * seed, data_t * message_str,
                               int result )
 {
     unsigned char output[1000];
@@ -97,8 +97,8 @@ exit:
 void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q,
                             char * input_Q, int radix_N, char * input_N,
                             int radix_E, char * input_E, int digest, int hash,
-                            HexParam_t * message_str, HexParam_t * rnd_buf,
-                            HexParam_t * result_hex_str, int result )
+                            data_t * message_str, data_t * rnd_buf,
+                            data_t * result_hex_str, int result )
 {
     unsigned char hash_result[1000];
     unsigned char output[1000];
@@ -147,8 +147,8 @@ exit:
 /* BEGIN_CASE */
 void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N,
                               int radix_E, char * input_E, int digest,
-                              int hash, HexParam_t * message_str, char * salt,
-                              HexParam_t * result_str, int result )
+                              int hash, data_t * message_str, char * salt,
+                              data_t * result_str, int result )
 {
     unsigned char hash_result[1000];
     mbedtls_rsa_context ctx;
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index dd408863f..99be08ac0 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -11,8 +11,8 @@
 /* BEGIN_CASE */
 void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N,
                                int radix_E, char * input_E, int hash,
-                               HexParam_t * message_str, HexParam_t * rnd_buf,
-                               HexParam_t * result_hex_str, int result )
+                               data_t * message_str, data_t * rnd_buf,
+                               data_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -50,8 +50,8 @@ exit:
 void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P,
                                int radix_Q, char * input_Q, int radix_N,
                                char * input_N, int radix_E, char * input_E,
-                               int hash, HexParam_t * result_hex_str,
-                               char * seed, HexParam_t * message_str,
+                               int hash, data_t * result_hex_str,
+                               char * seed, data_t * message_str,
                                int result )
 {
     unsigned char output[1000];
@@ -98,8 +98,8 @@ exit:
 void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q,
                             char * input_Q, int radix_N, char * input_N,
                             int radix_E, char * input_E, int digest, int hash,
-                            HexParam_t * message_str, HexParam_t * rnd_buf,
-                            HexParam_t * result_hex_str, int result )
+                            data_t * message_str, data_t * rnd_buf,
+                            data_t * result_hex_str, int result )
 {
     unsigned char hash_result[1000];
     unsigned char output[1000];
@@ -149,8 +149,8 @@ exit:
 /* BEGIN_CASE */
 void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N,
                               int radix_E, char * input_E, int digest,
-                              int hash, HexParam_t * message_str, char * salt,
-                              HexParam_t * result_str, int result )
+                              int hash, data_t * message_str, char * salt,
+                              data_t * result_str, int result )
 {
     unsigned char hash_result[1000];
     mbedtls_rsa_context ctx;
@@ -185,8 +185,8 @@ void pkcs1_rsassa_pss_verify_ext( int mod, int radix_N, char * input_N,
                                   int radix_E, char * input_E,
                                   int msg_digest_id, int ctx_hash,
                                   int mgf_hash, int salt_len,
-                                  HexParam_t * message_str,
-                                  HexParam_t * result_str, int result_simple,
+                                  data_t * message_str,
+                                  data_t * result_str, int result_simple,
                                   int result_full )
 {
     unsigned char hash_result[1000];
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 0dcbb0a46..26f1d3331 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -8,8 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void pbkdf2_hmac( int hash, HexParam_t * pw_str, HexParam_t * salt_str,
-                  int it_cnt, int key_len, HexParam_t * result_key_string )
+void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str,
+                  int it_cnt, int key_len, data_t * result_key_string )
 {
     mbedtls_md_context_t ctx;
     const mbedtls_md_info_t *info;
@@ -32,8 +32,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_ASN1_PARSE_C */
-void mbedtls_pkcs5_pbes2( int params_tag, HexParam_t *params_hex, HexParam_t *pw,
-                  HexParam_t *data, int ref_ret, HexParam_t *ref_out )
+void mbedtls_pkcs5_pbes2( int params_tag, data_t *params_hex, data_t *pw,
+                  data_t *data, int ref_ret, data_t *ref_out )
 {
     int my_ret;
     mbedtls_asn1_buf params;
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 920f9369b..3eb0397e6 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -114,7 +114,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_parse_key( HexParam_t * buf, char * result_str, int result )
+void pk_parse_key( data_t * buf, char * result_str, int result )
 {
     mbedtls_pk_context pk;
     unsigned char output[2000];
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 83f735321..c43ef2050 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -18,11 +18,11 @@
  */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_sign( HexParam_t * message_str, int padding_mode,
+void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
                              int digest, int mod, int radix_P, char * input_P,
                              int radix_Q, char * input_Q, int radix_N,
                              char * input_N, int radix_E, char * input_E,
-                             HexParam_t * result_hex_str, int result )
+                             data_t * result_hex_str, int result )
 {
     unsigned char hash_result[1000];
     unsigned char output[1000];
@@ -69,10 +69,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_verify( HexParam_t * message_str, int padding_mode,
+void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode,
                                int digest, int mod, int radix_N,
                                char * input_N, int radix_E, char * input_E,
-                               HexParam_t * result_str, int result )
+                               data_t * result_str, int result )
 {
     unsigned char hash_result[1000];
     mbedtls_rsa_context ctx;
@@ -103,11 +103,11 @@ exit:
 
 
 /* BEGIN_CASE */
-void rsa_pkcs1_sign_raw( HexParam_t * hash_result,
+void rsa_pkcs1_sign_raw( data_t * hash_result,
                          int padding_mode, int mod, int radix_P,
                          char * input_P, int radix_Q, char * input_Q,
                          int radix_N, char * input_N, int radix_E,
-                         char * input_E, HexParam_t * result_hex_str )
+                         char * input_E, data_t * result_hex_str )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -174,10 +174,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_pkcs1_verify_raw( HexParam_t * hash_result,
+void rsa_pkcs1_verify_raw( data_t * hash_result,
                            int padding_mode, int mod, int radix_N,
                            char * input_N, int radix_E, char * input_E,
-                           HexParam_t * result_str, int correct )
+                           data_t * result_str, int correct )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -235,10 +235,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_encrypt( HexParam_t * message_str, int padding_mode,
+void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode,
                                 int mod, int radix_N, char * input_N,
                                 int radix_E, char * input_E,
-                                HexParam_t * result_hex_str, int result )
+                                data_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -276,10 +276,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void rsa_pkcs1_encrypt_bad_rng( HexParam_t * message_str, int padding_mode,
+void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode,
                                 int mod, int radix_N, char * input_N,
                                 int radix_E, char * input_E,
-                                HexParam_t * result_hex_str, int result )
+                                data_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx;
@@ -314,11 +314,11 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_pkcs1_decrypt( HexParam_t * message_str, int padding_mode,
+void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode,
                                 int mod, int radix_P, char * input_P,
                                 int radix_Q, char * input_Q, int radix_N,
                                 char * input_N, int radix_E, char * input_E,
-                                int max_output, HexParam_t * result_hex_str,
+                                int max_output, data_t * result_hex_str,
                                 int result )
 {
     unsigned char output[1000];
@@ -363,9 +363,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_public( HexParam_t * message_str, int mod, int radix_N,
+void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N,
                          char * input_N, int radix_E, char * input_E,
-                         HexParam_t * result_hex_str, int result )
+                         data_t * result_hex_str, int result )
 {
     unsigned char output[1000];
     mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
@@ -415,10 +415,10 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void mbedtls_rsa_private( HexParam_t * message_str, int mod, int radix_P,
+void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P,
                           char * input_P, int radix_Q, char * input_Q,
                           int radix_N, char * input_N, int radix_E,
-                          char * input_E, HexParam_t * result_hex_str,
+                          char * input_E, data_t * result_hex_str,
                           int result )
 {
     unsigned char output[1000];
@@ -1123,9 +1123,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */
-void mbedtls_rsa_export_raw( HexParam_t *input_N, HexParam_t *input_P,
-                             HexParam_t *input_Q, HexParam_t *input_D,
-                             HexParam_t *input_E, int is_priv,
+void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P,
+                             data_t *input_Q, data_t *input_D,
+                             data_t *input_E, int is_priv,
                              int successive )
 {
     /* Exported buffers */
@@ -1218,9 +1218,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
-void mbedtls_rsa_import_raw( HexParam_t *input_N,
-                             HexParam_t *input_P, HexParam_t *input_Q,
-                             HexParam_t *input_D, HexParam_t *input_E,
+void mbedtls_rsa_import_raw( data_t *input_N,
+                             data_t *input_P, data_t *input_Q,
+                             data_t *input_D, data_t *input_E,
                              int successive,
                              int is_priv,
                              int res_check,
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 186fb87c2..147ae0e1f 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -5,7 +5,7 @@
 /* END_HEADER */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
-void mbedtls_sha1( HexParam_t * src_str, HexParam_t * hex_hash_string )
+void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[41];
 
@@ -19,7 +19,7 @@ void mbedtls_sha1( HexParam_t * src_str, HexParam_t * hex_hash_string )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void sha224( HexParam_t * src_str, HexParam_t * hex_hash_string )
+void sha224( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[57];
 
@@ -33,7 +33,7 @@ void sha224( HexParam_t * src_str, HexParam_t * hex_hash_string )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
-void mbedtls_sha256( HexParam_t * src_str, HexParam_t * hex_hash_string )
+void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[65];
 
@@ -47,7 +47,7 @@ void mbedtls_sha256( HexParam_t * src_str, HexParam_t * hex_hash_string )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void sha384( HexParam_t * src_str, HexParam_t * hex_hash_string )
+void sha384( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[97];
 
@@ -61,7 +61,7 @@ void sha384( HexParam_t * src_str, HexParam_t * hex_hash_string )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */
-void mbedtls_sha512( HexParam_t * src_str, HexParam_t * hex_hash_string )
+void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string )
 {
     unsigned char output[129];
 
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index eed518385..326f22d3b 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -9,7 +9,7 @@
  */
 
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-void ssl_dtls_replay( HexParam_t * prevs, HexParam_t * new, int ret )
+void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
 {
     uint32_t len = 0;
     mbedtls_ssl_context ssl;
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 2e283087b..df95f633f 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -440,7 +440,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
-void x509parse_crt( HexParam_t * buf, char * result_str, int result )
+void x509parse_crt( data_t * buf, char * result_str, int result )
 {
     mbedtls_x509_crt   crt;
     unsigned char output[2000];
@@ -467,7 +467,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
-void x509parse_crl( HexParam_t * buf, char * result_str, int result )
+void x509parse_crl( data_t * buf, char * result_str, int result )
 {
     mbedtls_x509_crl   crl;
     unsigned char output[2000];
@@ -494,7 +494,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
-void mbedtls_x509_csr_parse( HexParam_t * csr_der, char * ref_out, int ref_ret )
+void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
 {
     mbedtls_x509_csr csr;
     char my_out[1000];
@@ -621,7 +621,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_desc( HexParam_t * buf, char * ref_desc )
+void x509_oid_desc( data_t * buf, char * ref_desc )
 {
     mbedtls_x509_buf oid;
     const char *desc = NULL;
@@ -649,7 +649,7 @@ void x509_oid_desc( HexParam_t * buf, char * ref_desc )
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
-void x509_oid_numstr( HexParam_t * oid_buf, char * numstr, int blen, int ret )
+void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
 {
     mbedtls_x509_buf oid;
     char num_buf[100];
@@ -689,7 +689,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-void x509_check_extended_key_usage( char * crt_file, HexParam_t * oid, int ret
+void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
                                     )
 {
     mbedtls_x509_crt crt;
@@ -737,7 +737,7 @@ void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-void x509_parse_rsassa_pss_params( HexParam_t * hex_params, int params_tag,
+void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
                                    int ref_msg_md, int ref_mgf_md,
                                    int ref_salt_len, int ref_ret )
 {
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index 94c6ff5e1..a24a42065 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -8,8 +8,8 @@
  */
 
 /* BEGIN_CASE */
-void xtea_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                       HexParam_t * hex_dst_string )
+void xtea_encrypt_ecb( data_t * key_str, data_t * src_str,
+                       data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;
@@ -25,8 +25,8 @@ void xtea_encrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
 /* END_CASE */
 
 /* BEGIN_CASE */
-void xtea_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
-                       HexParam_t * hex_dst_string )
+void xtea_decrypt_ecb( data_t * key_str, data_t * src_str,
+                       data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;
@@ -42,8 +42,8 @@ void xtea_decrypt_ecb( HexParam_t * key_str, HexParam_t * src_str,
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                       HexParam_t * src_str, HexParam_t * hex_dst_string )
+void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str,
+                       data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;
@@ -60,8 +60,8 @@ void xtea_encrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
-void xtea_decrypt_cbc( HexParam_t * key_str, HexParam_t * iv_str,
-                       HexParam_t * src_str, HexParam_t * hex_dst_string )
+void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str,
+                       data_t * src_str, data_t * hex_dst_string )
 {
     unsigned char output[100];
     mbedtls_xtea_context ctx;

From 27a35e77120b0fe7eda6fef3266ecbec999b677d Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 29 Jun 2018 12:39:19 +0100
Subject: [PATCH 324/578] Wildcard possible targets and document

Test application names and function file names can be constructed
based on the followed naming convention. This commit documents the
naming convention and removes explicit listing of the test
executables and the lookup table for finding .function file.
---
 tests/Makefile | 148 +++++++++----------------------------------------
 1 file changed, 25 insertions(+), 123 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 003d71c51..4d2edd456 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -53,126 +53,14 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
 
-APPS =	test_suite_aes.ecb		test_suite_aes.cbc		\
-	test_suite_aes.cfb		test_suite_aes.ofb		\
-	test_suite_aes.xts						\
-	test_suite_aes.rest		test_suite_arc4			\
-	test_suite_aria			test_suite_asn1write		\
-	test_suite_base64		test_suite_blowfish		\
-	test_suite_camellia		test_suite_ccm			\
-	test_suite_chacha20		test_suite_chachapoly		\
-	test_suite_aria							\
-	test_suite_cmac							\
-	test_suite_cipher.aes						\
-	test_suite_cipher.arc4		test_suite_cipher.ccm		\
-	test_suite_cipher.chacha20					\
-	test_suite_cipher.gcm						\
-	test_suite_cipher.blowfish					\
-	test_suite_cipher.camellia					\
-	test_suite_cipher.des		test_suite_cipher.null		\
-	test_suite_cipher.padding					\
-	test_suite_ctr_drbg		test_suite_debug		\
-	test_suite_des			test_suite_dhm			\
-	test_suite_ecdh			test_suite_ecdsa		\
-	test_suite_ecjpake		test_suite_ecp			\
-	test_suite_error		test_suite_entropy		\
-	test_suite_gcm.aes128_de					\
-	test_suite_gcm.aes192_de					\
-	test_suite_gcm.aes256_de					\
-	test_suite_gcm.aes128_en					\
-	test_suite_gcm.aes192_en					\
-	test_suite_gcm.aes256_en					\
-	test_suite_gcm.camellia						\
-	test_suite_hkdf							\
-	test_suite_hmac_drbg.misc					\
-	test_suite_hmac_drbg.no_reseed					\
-	test_suite_hmac_drbg.nopr					\
-	test_suite_hmac_drbg.pr						\
-	test_suite_md			test_suite_mdx			\
-	test_suite_memory_buffer_alloc					\
-	test_suite_mpi							\
-	test_suite_pem			test_suite_pkcs1_v15		\
-	test_suite_pkcs1_v21		test_suite_pkcs5		\
-	test_suite_pkparse		test_suite_pkwrite		\
-	test_suite_pk							\
-	test_suite_rsa			test_suite_shax			\
-	test_suite_ssl			test_suite_timing		\
-	test_suite_x509parse		test_suite_x509write		\
-	test_suite_xtea			test_suite_version
+# A test application is built for each suites/test_suite_*.data file.
+# Application name is same as .data file's base name and can be
+# constructed by stripping path 'suites/' and extension .data.
+APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data)))
 
+# Construct executable name by adding OS specific suffix $(EXEXT).
 BINARIES := $(addsuffix $(EXEXT),$(APPS))
 
-# Look up for associated function files
-func.test_suite_aes.ecb := test_suite_aes
-func.test_suite_aes.cbc := test_suite_aes
-func.test_suite_aes.cfb := test_suite_aes
-func.test_suite_aes.ofb := test_suite_aes
-func.test_suite_aes.xts := test_suite_aes
-func.test_suite_aes.rest := test_suite_aes
-func.test_suite_arc4 := test_suite_arc4
-func.test_suite_aria := test_suite_aria
-func.test_suite_asn1write := test_suite_asn1write
-func.test_suite_base64 := test_suite_base64
-func.test_suite_blowfish := test_suite_blowfish
-func.test_suite_camellia := test_suite_camellia
-func.test_suite_ccm := test_suite_ccm
-func.test_suite_chacha20 := test_suite_chacha20
-func.test_suite_chachapoly := test_suite_chachapoly
-func.test_suite_cmac := test_suite_cmac
-func.test_suite_cipher.chachapoly := test_suite_cipher
-func.test_suite_cipher.aes := test_suite_cipher
-func.test_suite_cipher.arc4 := test_suite_cipher
-func.test_suite_cipher.ccm := test_suite_cipher
-func.test_suite_cipher.chacha20 := test_suite_cipher
-func.test_suite_cipher.gcm := test_suite_cipher
-func.test_suite_cipher.blowfish := test_suite_cipher
-func.test_suite_cipher.camellia := test_suite_cipher
-func.test_suite_cipher.des := test_suite_cipher
-func.test_suite_cipher.null := test_suite_cipher
-func.test_suite_cipher.padding := test_suite_cipher
-func.test_suite_ctr_drbg := test_suite_ctr_drbg
-func.test_suite_debug := test_suite_debug
-func.test_suite_des := test_suite_des
-func.test_suite_dhm := test_suite_dhm
-func.test_suite_ecdh := test_suite_ecdh
-func.test_suite_ecdsa := test_suite_ecdsa
-func.test_suite_ecjpake := test_suite_ecjpake
-func.test_suite_ecp := test_suite_ecp
-func.test_suite_error := test_suite_error
-func.test_suite_entropy := test_suite_entropy
-func.test_suite_gcm.aes128_de := test_suite_gcm
-func.test_suite_gcm.aes192_de := test_suite_gcm
-func.test_suite_gcm.aes256_de := test_suite_gcm
-func.test_suite_gcm.aes128_en := test_suite_gcm
-func.test_suite_gcm.aes192_en := test_suite_gcm
-func.test_suite_gcm.aes256_en := test_suite_gcm
-func.test_suite_gcm.camellia := test_suite_gcm
-func.test_suite_hkdf := test_suite_hkdf
-func.test_suite_hmac_drbg.misc := test_suite_hmac_drbg
-func.test_suite_hmac_drbg.no_reseed := test_suite_hmac_drbg
-func.test_suite_hmac_drbg.nopr := test_suite_hmac_drbg
-func.test_suite_hmac_drbg.pr := test_suite_hmac_drbg
-func.test_suite_md := test_suite_md
-func.test_suite_mdx := test_suite_mdx
-func.test_suite_memory_buffer_alloc := test_suite_memory_buffer_alloc
-func.test_suite_mpi := test_suite_mpi
-func.test_suite_nist_kw := test_suite_nist_kw
-func.test_suite_pem := test_suite_pem
-func.test_suite_pkcs1_v15 := test_suite_pkcs1_v15
-func.test_suite_pkcs1_v21 := test_suite_pkcs1_v21
-func.test_suite_pkcs5 := test_suite_pkcs5
-func.test_suite_pkparse := test_suite_pkparse
-func.test_suite_pkwrite := test_suite_pkwrite
-func.test_suite_pk := test_suite_pk
-func.test_suite_rsa := test_suite_rsa
-func.test_suite_shax := test_suite_shax
-func.test_suite_ssl := test_suite_ssl
-func.test_suite_timing := test_suite_timing
-func.test_suite_x509parse := test_suite_x509parse
-func.test_suite_x509write := test_suite_x509write
-func.test_suite_xtea := test_suite_xtea
-func.test_suite_version := test_suite_version
-
 .SILENT:
 
 .PHONY: all check test clean
@@ -182,14 +70,26 @@ all: $(BINARIES)
 $(DEP):
 	$(MAKE) -C ../library
 
-# invoke perl explicitly for the sake of mingw32-make
-
 C_FILES := $(addsuffix .c,$(APPS))
 
+# Wildcard target for test code generation:
+# A .c file is generated for each .data file in the suites/ directory. Each .c
+# file depends on a .data and .function file from suites/ directory. Following
+# nameing convention is followed:
+#
+#     C file        |        Depends on
+#-----------------------------------------------------------------------------
+#  foo.c            | suites/foo.function suites/foo.data
+#  foo.bar.c        | suites/foo.function suites/foo.bar.data
+#
+# Note above that .c and .data files have same base name.
+# However, corresponding .function file's base name is the word before first
+# dot in .c file's base name.
+#
 .SECONDEXPANSION:
-$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function
+%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function
 	echo "  Gen   $@"
-	$(PYTHON) scripts/generate_test_code.py -f suites/$(func.$*).function \
+	$(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
 		-p suites/host_test.function \
@@ -208,8 +108,10 @@ ifndef WINDOWS
 	rm -rf $(APPS) *.c *.datax TESTS
 else
 	del /Q /F *.c *.exe *.datax
+ifneq ($(wildcard TESTS/.*),)
 	rmdir /Q /S TESTS
 endif
+endif
 
 check: $(BINARIES)
 	perl scripts/run-test-suites.pl
@@ -222,9 +124,9 @@ EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
 # Generate test code for target.
 
 .SECONDEXPANSION:
-$(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function
+$(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function
 	echo "  Gen  ./TESTS/mbedtls/$*/$*.c"
-	$(PYTHON) scripts/generate_test_code.py -f suites/$(func.$*).function \
+	$(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
 		-d suites/$*.data \
 		-t suites/main_test.function \
 		-p suites/target_test.function \

From 63ab501aa70912acd7847d2d529fe2c39f4938df Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Fri, 29 Jun 2018 15:00:11 +0100
Subject: [PATCH 325/578] Fix generate_test_code.py argument --helpers-file in
 CMakeLists.txt

---
 tests/CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 7b66dcfe4..58126bedc 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -29,7 +29,7 @@ function(add_test_suite suite_name)
 
     add_custom_command(
         OUTPUT test_suite_${data_name}.c
-        COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --help-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
+        COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o .
         DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
     )
 

From aee05bbe70dfdc1a468c0a2788fef62888a04266 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Mon, 2 Jul 2018 16:01:04 +0100
Subject: [PATCH 326/578] Add test suite framework summary

---
 tests/scripts/generate_test_code.py | 151 ++++++++++++++++++++++++++--
 1 file changed, 140 insertions(+), 11 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index c4c11fc39..a9ec566e6 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -19,18 +19,147 @@
 # This file is part of mbed TLS (https://tls.mbed.org)
 
 """
-This script dynamically generates test suite code for Mbed TLS, by
-taking following input files.
+This script is a key part of Mbed TLS test suites framework. For
+understanding the script it is important to understand the
+framework. This doc string contains a summary of the framework
+and explains the function of this script.
+
+Mbed TLS test suites:
+=====================
+Scope:
+------
+The test suites focus on unit testing the crypto primitives and also
+include x509 parser tests. Tests can be added to test any MBED TLS
+module. However, the framework is not capable of testing SSL
+protocol, since that requires full stack execution and that is best
+tested as part of the system test.
+
+Test case definition:
+---------------------
+Tests are defined in a test_suite_<module>[.<optional sub module>].data
+file. A test definition contains:
+ test name
+ optional build macro dependencies
+ test function
+ test parameters
+
+Test dependencies are build macros that can be specified to indicate
+the build config in which the test is valid. For example if a test
+depends on a feature that is only enabled by defining a macro. Then
+that macro should be specified as a dependency of the test.
+
+Test function is the function that implements the test steps. This
+function is specified for different tests that perform same steps
+with different parameters.
+
+Test parameters are specified in string form separated by ':'.
+Parameters can be of type string, binary data specified as hex
+string and integer constants specified as integer, macro or
+as an expression. Following is an example test definition:
+
+X509 CRL Unsupported critical extension (issuingDistributionPoint)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+Test functions:
+---------------
+Test functions are coded in C in test_suite_<module>.function files.
+Functions file is itself not compilable and contains special
+format patterns to specify test suite dependencies, start and end
+of functions and function dependencies. Check any existing functions
+file for example.
+
+Execution:
+----------
+Tests are executed in 3 steps:
+- Generating test_suite_<module>[.<optional sub module>].c file
+  for each corresponding .data file.
+- Building each source file into executables.
+- Running each executable and printing report.
+
+Generating C test source requires more than just the test functions.
+Following extras are required:
+- Process main()
+- Reading .data file and dispatching test cases.
+- Platform specific test case execution
+- Dependency checking
+- Integer expression evaluation
+- Test function dispatch
+
+Build dependencies and integer expressions (in the test parameters)
+are specified as strings in the .data file. Their run time value is
+not known at the generation stage. Hence, they need to be translated
+into run time evaluations. This script generates the run time checks
+for dependencies and integer expressions.
+
+Similarly, function names have to be translated into function calls.
+This script also generates code for function dispatch.
+
+The extra code mentioned here is either generated by this script
+or it comes from the input files: helpers file, platform file and
+the template file.
+
+Helper file:
+------------
+Helpers file contains common helper/utility functions and data.
+
+Platform file:
+--------------
+Platform file contains platform specific setup code and test case
+dispatch code. For example, host_test.function reads test data
+file from host's file system and dispatches tests.
+In case of on-target target_test.function tests are not dispatched
+on target. Target code is kept minimum and only test functions are
+dispatched. Test case dispatch is done on the host using tools like
+Greentea.
+
+Template file:
+---------
+Template file for example main_test.function is a template C file in
+which generated code and code from input files is substituted to
+generate a compilable C file. It also contains skeleton functions for
+dependency checks, expression evaluation and function dispatch. These
+functions are populated with checks and return codes by this script.
+
+Template file contains "replacement" fields that are formatted
+strings processed by Python str.format() method.
+
+This script:
+============
+Core function of this script is to fill the template file with
+code that is generated or read from helpers and platform files.
+
+This script replaces following fields in the template and generates
+the test source file:
+
+{test_common_helpers}       <-- All common code from helpers.function
+                                is substituted here.
+{functions_code}            <-- Test functions are substituted here
+                                from the input test_suit_xyz.function
+                                file. C preprocessor checks are generated
+                                for the build dependencies specified
+                                in the input file. This script also
+                                generates wrappers for the test
+                                functions with code to expand the
+                                string parameters read from the data
+                                file.
+{expression_code}           <-- This script enumerates the
+                                expressions in the .data file and
+                                generates code to handle enumerated
+                                expression Ids and return the values.
+{dep_check_code}            <-- This script enumerates all
+                                build dependencies and generate
+                                code to handle enumerated build
+                                dependency Id and return status: if
+                                the dependency is defined or not.
+{dispatch_code}             <-- This script enumerates the functions
+                                specified in the input test data file
+                                and generates the initializer for the
+                                function table in the template
+                                file.
+{platform_code}             <-- Platform specific setup and test
+                                dispatch code.
 
-test_suite_xyz.function     -   Test suite functions file contains test
-                                functions.
-test_suite_xyz.data         -   Contains test case vectors.
-main_test.function          -   Template to substitute generated test
-                                functions, dispatch code, dependency
-                                checking code etc.
-platform .function          -   Platform specific initialization and
-                                platform code.
-helpers.function -              Common/reusable data and functions.
 """
 
 

From b31aa44e16d782dfb6cec8f1f5e51e3126f9adcd Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Tue, 3 Jul 2018 11:57:54 +0100
Subject: [PATCH 327/578] Fix style errors reported by pylint

---
 tests/scripts/generate_test_code.py      | 525 +++++++++------
 tests/scripts/mbedtls_test.py            | 187 +++---
 tests/scripts/test_generate_test_code.py | 812 +++++++++++++----------
 3 files changed, 883 insertions(+), 641 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index a9ec566e6..a28a73669 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -16,7 +16,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-# This file is part of mbed TLS (https://tls.mbed.org)
+# This file is part of Mbed TLS (https://tls.mbed.org)
 
 """
 This script is a key part of Mbed TLS test suites framework. For
@@ -29,7 +29,7 @@ Mbed TLS test suites:
 Scope:
 ------
 The test suites focus on unit testing the crypto primitives and also
-include x509 parser tests. Tests can be added to test any MBED TLS
+include x509 parser tests. Tests can be added to test any Mbed TLS
 module. However, the framework is not capable of testing SSL
 protocol, since that requires full stack execution and that is best
 tested as part of the system test.
@@ -59,7 +59,8 @@ as an expression. Following is an example test definition:
 
 X509 CRL Unsupported critical extension (issuingDistributionPoint)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_crl_parse:"data_files/crl-idp.pem":\
+ MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
 
 Test functions:
 ---------------
@@ -170,17 +171,17 @@ import sys
 import argparse
 
 
-BEGIN_HEADER_REGEX = '/\*\s*BEGIN_HEADER\s*\*/'
-END_HEADER_REGEX = '/\*\s*END_HEADER\s*\*/'
+BEGIN_HEADER_REGEX = r'/\*\s*BEGIN_HEADER\s*\*/'
+END_HEADER_REGEX = r'/\*\s*END_HEADER\s*\*/'
 
-BEGIN_SUITE_HELPERS_REGEX = '/\*\s*BEGIN_SUITE_HELPERS\s*\*/'
-END_SUITE_HELPERS_REGEX = '/\*\s*END_SUITE_HELPERS\s*\*/'
+BEGIN_SUITE_HELPERS_REGEX = r'/\*\s*BEGIN_SUITE_HELPERS\s*\*/'
+END_SUITE_HELPERS_REGEX = r'/\*\s*END_SUITE_HELPERS\s*\*/'
 
-BEGIN_DEP_REGEX = 'BEGIN_DEPENDENCIES'
-END_DEP_REGEX = 'END_DEPENDENCIES'
+BEGIN_DEP_REGEX = r'BEGIN_DEPENDENCIES'
+END_DEP_REGEX = r'END_DEPENDENCIES'
 
-BEGIN_CASE_REGEX = '/\*\s*BEGIN_CASE\s*(.*?)\s*\*/'
-END_CASE_REGEX = '/\*\s*END_CASE\s*\*/'
+BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(.*?)\s*\*/'
+END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
 
 
 class GeneratorInputError(Exception):
@@ -192,7 +193,7 @@ class GeneratorInputError(Exception):
     pass
 
 
-class FileWrapper(io.FileIO):
+class FileWrapper(io.FileIO, object):
     """
     This class extends built-in io.FileIO class with attribute line_no,
     that indicates line number for the line that is read.
@@ -205,9 +206,9 @@ class FileWrapper(io.FileIO):
         :param file_name: File path to open.
         """
         super(FileWrapper, self).__init__(file_name, 'r')
-        self.line_no = 0
+        self._line_no = 0
 
-    def __next__(self):
+    def next(self):
         """
         Python 2 iterator method. This method overrides base class's
         next method and extends the next method to count the line
@@ -220,23 +221,31 @@ class FileWrapper(io.FileIO):
         """
         parent = super(FileWrapper, self)
         if hasattr(parent, '__next__'):
-            line = parent.__next__() # Python 3
+            line = parent.__next__()  # Python 3
         else:
-            line = parent.next() # Python 2
-        if line:
-            self.line_no += 1
+            line = parent.next()  # Python 2
+        if line is not None:
+            self._line_no += 1
             # Convert byte array to string with correct encoding and
             # strip any whitespaces added in the decoding process.
             return line.decode(sys.getdefaultencoding()).strip() + "\n"
         return None
 
     # Python 3 iterator method
-    next = __next__
+    __next__ = next
+
+    def get_line_no(self):
+        """
+        Gives current line number.
+        """
+        return self._line_no
+
+    line_no = property(get_line_no)
 
 
 def split_dep(dep):
     """
-    Split NOT character '!' from dependency. Used by gen_deps()
+    Split NOT character '!' from dependency. Used by gen_dependencies()
 
     :param dep: Dependency list
     :return: string tuple. Ex: ('!', MACRO) for !MACRO and ('', MACRO) for
@@ -245,7 +254,7 @@ def split_dep(dep):
     return ('!', dep[1:]) if dep[0] == '!' else ('', dep)
 
 
-def gen_deps(deps):
+def gen_dependencies(dependencies):
     """
     Test suite data and functions specifies compile time dependencies.
     This function generates C preprocessor code from the input
@@ -256,36 +265,39 @@ def gen_deps(deps):
     function split_dep() and proper preprocessor check is generated
     accordingly.
 
-    :param deps: List of dependencies.
+    :param dependencies: List of dependencies.
     :return: if defined and endif code with macro annotations for
              readability.
     """
-    dep_start = ''.join(['#if %sdefined(%s)\n' % split_dep(x) for x in deps])
-    dep_end = ''.join(['#endif /* %s */\n' % x for x in reversed(deps)])
+    dep_start = ''.join(['#if %sdefined(%s)\n' % (x, y) for x, y in
+                         map(split_dep, dependencies)])
+    dep_end = ''.join(['#endif /* %s */\n' %
+                       x for x in reversed(dependencies)])
 
     return dep_start, dep_end
 
 
-def gen_deps_one_line(deps):
+def gen_dependencies_one_line(dependencies):
     """
-    Similar to gen_deps() but generates dependency checks in one line.
+    Similar to gen_dependencies() but generates dependency checks in one line.
     Useful for generating code with #else block.
 
-    :param deps: List of dependencies.
-    :return: ifdef code
+    :param dependencies: List of dependencies.
+    :return: Preprocessor check code
     """
-    defines = '#if ' if len(deps) else ''
-    defines += ' && '.join(['%sdefined(%s)' % split_dep(x) for x in deps])
+    defines = '#if ' if dependencies else ''
+    defines += ' && '.join(['%sdefined(%s)' % (x, y) for x, y in map(
+        split_dep, dependencies)])
     return defines
 
 
-def gen_function_wrapper(name, locals, args_dispatch):
+def gen_function_wrapper(name, local_vars, args_dispatch):
     """
     Creates test function wrapper code. A wrapper has the code to
     unpack parameters from parameters[] array.
 
     :param name: Test function name
-    :param locals: Local variables declaration code
+    :param local_vars: Local variables declaration code
     :param args_dispatch: List of dispatch arguments.
            Ex: ['(char *)params[0]', '*((int *)params[1])']
     :return: Test function wrapper.
@@ -300,11 +312,11 @@ void {name}_wrapper( void ** params )
 '''.format(name=name,
            unused_params='' if args_dispatch else '    (void)params;\n',
            args=', '.join(args_dispatch),
-           locals=locals)
+           locals=local_vars)
     return wrapper
 
 
-def gen_dispatch(name, deps):
+def gen_dispatch(name, dependencies):
     """
     Test suite code template main_test.function defines a C function
     array to contain test case functions. This function generates an
@@ -314,18 +326,18 @@ def gen_dispatch(name, deps):
     dependencies are met, else NULL is assigned.
 
     :param name: Test function name
-    :param deps: List of dependencies
+    :param dependencies: List of dependencies
     :return: Dispatch code.
     """
-    if len(deps):
-        ifdef = gen_deps_one_line(deps)
+    if dependencies:
+        preprocessor_check = gen_dependencies_one_line(dependencies)
         dispatch_code = '''
-{ifdef}
+{preprocessor_check}
     {name}_wrapper,
 #else
     NULL,
 #endif
-'''.format(ifdef=ifdef, name=name)
+'''.format(preprocessor_check=preprocessor_check, name=name)
     else:
         dispatch_code = '''
     {name}_wrapper,
@@ -350,12 +362,12 @@ def parse_until_pattern(funcs_f, end_regex):
         headers += line
     else:
         raise GeneratorInputError("file: %s - end pattern [%s] not found!" %
-                                (funcs_f.name, end_regex))
+                                  (funcs_f.name, end_regex))
 
     return headers
 
 
-def parse_suite_deps(funcs_f):
+def parse_suite_dependencies(funcs_f):
     """
     Parses test suite dependencies specified at the top of a
     .function file, that starts with pattern BEGIN_DEPENDENCIES
@@ -365,21 +377,22 @@ def parse_suite_deps(funcs_f):
     :param funcs_f: file object for .functions file
     :return: List of test suite dependencies.
     """
-    deps = []
+    dependencies = []
     for line in funcs_f:
-        m = re.search('depends_on\:(.*)', line.strip())
-        if m:
-            deps += [x.strip() for x in m.group(1).split(':')]
+        match = re.search('depends_on:(.*)', line.strip())
+        if match:
+            dependencies += [x.strip() for x in match.group(1).split(':')]
         if re.search(END_DEP_REGEX, line):
             break
     else:
         raise GeneratorInputError("file: %s - end dependency pattern [%s]"
-                                " not found!" % (funcs_f.name, END_DEP_REGEX))
+                                  " not found!" % (funcs_f.name,
+                                                   END_DEP_REGEX))
 
-    return deps
+    return dependencies
 
 
-def parse_function_deps(line):
+def parse_function_dependencies(line):
     """
     Parses function dependencies, that are in the same line as
     comment BEGIN_CASE. Dependencies are specified after pattern
@@ -388,14 +401,15 @@ def parse_function_deps(line):
     :param line: Line from .functions file that has dependencies.
     :return: List of dependencies.
     """
-    deps = []
-    m = re.search(BEGIN_CASE_REGEX, line)
-    dep_str = m.group(1)
-    if len(dep_str):
-        m = re.search('depends_on:(.*)', dep_str)
-        if m:
-            deps = [x.strip() for x in m.group(1).strip().split(':')]
-    return deps
+    dependencies = []
+    match = re.search(BEGIN_CASE_REGEX, line)
+    dep_str = match.group(1)
+    if dep_str:
+        match = re.search('depends_on:(.*)', dep_str)
+        if match:
+            dependencies = [x.strip()
+                            for x in match.group(1).strip().split(':')]
+    return dependencies
 
 
 def parse_function_signature(line):
@@ -410,31 +424,31 @@ def parse_function_signature(line):
              wrapper function and argument dispatch code.
     """
     args = []
-    locals = ''
+    local_vars = ''
     args_dispatch = []
     # Check if the test function returns void.
-    m = re.search('\s*void\s+(\w+)\s*\(', line, re.I)
-    if not m:
+    match = re.search(r'\s*void\s+(\w+)\s*\(', line, re.I)
+    if not match:
         raise ValueError("Test function should return 'void'\n%s" % line)
-    name = m.group(1)
-    line = line[len(m.group(0)):]
+    name = match.group(1)
+    line = line[len(match.group(0)):]
     arg_idx = 0
     for arg in line[:line.find(')')].split(','):
         arg = arg.strip()
         if arg == '':
             continue
-        if re.search('int\s+.*', arg.strip()):
+        if re.search(r'int\s+.*', arg.strip()):
             args.append('int')
             args_dispatch.append('*( (int *) params[%d] )' % arg_idx)
-        elif re.search('char\s*\*\s*.*', arg.strip()):
+        elif re.search(r'char\s*\*\s*.*', arg.strip()):
             args.append('char*')
             args_dispatch.append('(char *) params[%d]' % arg_idx)
-        elif re.search('data_t\s*\*\s*.*', arg.strip()):
+        elif re.search(r'data_t\s*\*\s*.*', arg.strip()):
             args.append('hex')
             # create a structure
             pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
             len_initializer = '*( (uint32_t *) params[%d] )' % (arg_idx+1)
-            locals += """    data_t data%d = {%s, %s};
+            local_vars += """    data_t data%d = {%s, %s};
 """ % (arg_idx, pointer_initializer, len_initializer)
 
             args_dispatch.append('&data%d' % arg_idx)
@@ -444,37 +458,38 @@ def parse_function_signature(line):
                              "'char *' or 'data_t'\n%s" % line)
         arg_idx += 1
 
-    return name, args, locals, args_dispatch
+    return name, args, local_vars, args_dispatch
 
 
-def parse_function_code(funcs_f, deps, suite_deps):
+def parse_function_code(funcs_f, dependencies, suite_dependencies):
     """
     Parses out a function from function file object and generates
     function and dispatch code.
 
     :param funcs_f: file object of the functions file.
-    :param deps: List of dependencies
-    :param suite_deps: List of test suite dependencies
+    :param dependencies: List of dependencies
+    :param suite_dependencies: List of test suite dependencies
     :return: Function name, arguments, function code and dispatch code.
     """
     code = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
     for line in funcs_f:
         # Check function signature
-        m = re.match('.*?\s+(\w+)\s*\(', line, re.I)
-        if m:
+        match = re.match(r'.*?\s+(\w+)\s*\(', line, re.I)
+        if match:
             # check if we have full signature i.e. split in more lines
-            if not re.match('.*\)', line):
+            if not re.match(r'.*\)', line):
                 for lin in funcs_f:
                     line += lin
-                    if re.search('.*?\)', line):
+                    if re.search(r'.*?\)', line):
                         break
-            name, args, locals, args_dispatch = parse_function_signature(line)
+            name, args, local_vars, args_dispatch = parse_function_signature(
+                line)
             code += line.replace(name, 'test_' + name)
             name = 'test_' + name
             break
     else:
         raise GeneratorInputError("file: %s - Test functions not found!" %
-                                funcs_f.name)
+                                  funcs_f.name)
 
     for line in funcs_f:
         if re.search(END_CASE_REGEX, line):
@@ -482,20 +497,22 @@ def parse_function_code(funcs_f, deps, suite_deps):
         code += line
     else:
         raise GeneratorInputError("file: %s - end case pattern [%s] not "
-                                "found!" % (funcs_f.name, END_CASE_REGEX))
+                                  "found!" % (funcs_f.name, END_CASE_REGEX))
 
     # Add exit label if not present
     if code.find('exit:') == -1:
-        s = code.rsplit('}', 1)
-        if len(s) == 2:
+        split_code = code.rsplit('}', 1)
+        if len(split_code) == 2:
             code = """exit:
     ;;
-}""".join(s)
+}""".join(split_code)
 
-    code += gen_function_wrapper(name, locals, args_dispatch)
-    ifdef, endif = gen_deps(deps)
-    dispatch_code = gen_dispatch(name, suite_deps + deps)
-    return name, args, ifdef + code + endif, dispatch_code
+    code += gen_function_wrapper(name, local_vars, args_dispatch)
+    preprocessor_check_start, preprocessor_check_end = \
+        gen_dependencies(dependencies)
+    dispatch_code = gen_dispatch(name, suite_dependencies + dependencies)
+    return (name, args, preprocessor_check_start + code +
+            preprocessor_check_end, dispatch_code)
 
 
 def parse_functions(funcs_f):
@@ -508,9 +525,8 @@ def parse_functions(funcs_f):
              code, function code and a dict with function identifiers
              and arguments info.
     """
-    suite_headers = ''
     suite_helpers = ''
-    suite_deps = []
+    suite_dependencies = []
     suite_functions = ''
     func_info = {}
     function_idx = 0
@@ -518,62 +534,61 @@ def parse_functions(funcs_f):
     for line in funcs_f:
         if re.search(BEGIN_HEADER_REGEX, line):
             headers = parse_until_pattern(funcs_f, END_HEADER_REGEX)
-            suite_headers += headers
+            suite_helpers += headers
         elif re.search(BEGIN_SUITE_HELPERS_REGEX, line):
             helpers = parse_until_pattern(funcs_f, END_SUITE_HELPERS_REGEX)
             suite_helpers += helpers
         elif re.search(BEGIN_DEP_REGEX, line):
-            deps = parse_suite_deps(funcs_f)
-            suite_deps += deps
+            suite_dependencies += parse_suite_dependencies(funcs_f)
         elif re.search(BEGIN_CASE_REGEX, line):
-            deps = parse_function_deps(line)
+            dependencies = parse_function_dependencies(line)
             func_name, args, func_code, func_dispatch =\
-                parse_function_code(funcs_f, deps, suite_deps)
+                parse_function_code(funcs_f, dependencies, suite_dependencies)
             suite_functions += func_code
             # Generate dispatch code and enumeration info
             if func_name in func_info:
                 raise GeneratorInputError(
-                    "file: %s - function %s re-declared at line %d" % \
+                    "file: %s - function %s re-declared at line %d" %
                     (funcs_f.name, func_name, funcs_f.line_no))
             func_info[func_name] = (function_idx, args)
             dispatch_code += '/* Function Id: %d */\n' % function_idx
             dispatch_code += func_dispatch
             function_idx += 1
 
-    ifdef, endif = gen_deps(suite_deps)
-    func_code = ifdef + suite_headers + suite_helpers + suite_functions + endif
-    return suite_deps, dispatch_code, func_code, func_info
+    func_code = (suite_helpers +
+                 suite_functions).join(gen_dependencies(suite_dependencies))
+    return suite_dependencies, dispatch_code, func_code, func_info
 
 
-def escaped_split(str, ch):
+def escaped_split(inp_str, split_char):
     """
-    Split str on character ch but ignore escaped \{ch}
+    Split inp_str on character split_char but ignore if escaped.
     Since, return value is used to write back to the intermediate
     data file, any escape characters in the input are retained in the
     output.
 
-    :param str: String to split
-    :param ch: split character
+    :param inp_str: String to split
+    :param split_char: split character
     :return: List of splits
     """
-    if len(ch) > 1:
+    if len(split_char) > 1:
         raise ValueError('Expected split character. Found string!')
     out = []
     part = ''
     escape = False
-    for i in range(len(str)):
-        if not escape and str[i] == ch:
+    for character in inp_str:
+        if not escape and character == split_char:
             out.append(part)
             part = ''
         else:
-            part += str[i]
-            escape = not escape and str[i] == '\\'
-    if len(part):
+            part += character
+            escape = not escape and character == '\\'
+    if part:
         out.append(part)
     return out
 
 
-def parse_test_data(data_f, debug=False):
+def parse_test_data(data_f):
     """
     Parses .data file for each test case name, test function name,
     test dependencies and test arguments. This information is
@@ -587,44 +602,44 @@ def parse_test_data(data_f, debug=False):
     :return: Generator that yields test name, function name,
              dependency list and function argument list.
     """
-    STATE_READ_NAME = 0
-    STATE_READ_ARGS = 1
-    state = STATE_READ_NAME
-    deps = []
+    __state_read_name = 0
+    __state_read_args = 1
+    state = __state_read_name
+    dependencies = []
     name = ''
     for line in data_f:
         line = line.strip()
-        if len(line) and line[0] == '#': # Skip comments
+        if line and line[0] == '#':  # Skip comments
             continue
 
         # Blank line indicates end of test
-        if len(line) == 0:
-            if state == STATE_READ_ARGS:
+        if not line:
+            if state == __state_read_args:
                 raise GeneratorInputError("[%s:%d] Newline before arguments. "
                                           "Test function and arguments "
                                           "missing for %s" %
                                           (data_f.name, data_f.line_no, name))
             continue
 
-        if state == STATE_READ_NAME:
+        if state == __state_read_name:
             # Read test name
             name = line
-            state = STATE_READ_ARGS
-        elif state == STATE_READ_ARGS:
+            state = __state_read_args
+        elif state == __state_read_args:
             # Check dependencies
-            m = re.search('depends_on\:(.*)', line)
-            if m:
-                deps = [x.strip() for x in m.group(1).split(':') if len(
-                    x.strip())]
+            match = re.search('depends_on:(.*)', line)
+            if match:
+                dependencies = [x.strip() for x in match.group(1).split(':')
+                                if len(x.strip())]
             else:
                 # Read test vectors
                 parts = escaped_split(line, ':')
-                function = parts[0]
+                test_function = parts[0]
                 args = parts[1:]
-                yield name, function, deps, args
-                deps = []
-                state = STATE_READ_NAME
-    if state == STATE_READ_ARGS:
+                yield name, test_function, dependencies, args
+                dependencies = []
+                state = __state_read_name
+    if state == __state_read_args:
         raise GeneratorInputError("[%s:%d] Newline before arguments. "
                                   "Test function and arguments missing for "
                                   "%s" % (data_f.name, data_f.line_no, name))
@@ -642,19 +657,19 @@ def gen_dep_check(dep_id, dep):
     if dep_id < 0:
         raise GeneratorInputError("Dependency Id should be a positive "
                                   "integer.")
-    noT, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
-    if len(dep) == 0:
+    _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
+    if not dep:
         raise GeneratorInputError("Dependency should not be an empty string.")
     dep_check = '''
         case {id}:
             {{
-#if {noT}defined({macro})
+#if {_not}defined({macro})
                 ret = DEPENDENCY_SUPPORTED;
 #else
                 ret = DEPENDENCY_NOT_SUPPORTED;
 #endif
             }}
-            break;'''.format(noT=noT, macro=dep, id=dep_id)
+            break;'''.format(_not=_not, macro=dep, id=dep_id)
     return dep_check
 
 
@@ -670,7 +685,7 @@ def gen_expression_check(exp_id, exp):
     if exp_id < 0:
         raise GeneratorInputError("Expression Id should be a positive "
                                   "integer.")
-    if len(exp) == 0:
+    if not exp:
         raise GeneratorInputError("Expression should not be an empty string.")
     exp_code = '''
         case {exp_id}:
@@ -681,28 +696,28 @@ def gen_expression_check(exp_id, exp):
     return exp_code
 
 
-def write_deps(out_data_f, test_deps, unique_deps):
+def write_dependencies(out_data_f, test_dependencies, unique_dependencies):
     """
     Write dependencies to intermediate test data file, replacing
     the string form with identifiers. Also, generates dependency
     check code.
 
     :param out_data_f: Output intermediate data file
-    :param test_deps: Dependencies
-    :param unique_deps: Mutable list to track unique dependencies
+    :param test_dependencies: Dependencies
+    :param unique_dependencies: Mutable list to track unique dependencies
            that are global to this re-entrant function.
     :return: returns dependency check code.
     """
     dep_check_code = ''
-    if len(test_deps):
+    if test_dependencies:
         out_data_f.write('depends_on')
-        for dep in test_deps:
-            if dep not in unique_deps:
-                unique_deps.append(dep)
-                dep_id = unique_deps.index(dep)
+        for dep in test_dependencies:
+            if dep not in unique_dependencies:
+                unique_dependencies.append(dep)
+                dep_id = unique_dependencies.index(dep)
                 dep_check_code += gen_dep_check(dep_id, dep)
             else:
-                dep_id = unique_deps.index(dep)
+                dep_id = unique_dependencies.index(dep)
             out_data_f.write(':' + str(dep_id))
         out_data_f.write('\n')
     return dep_check_code
@@ -722,12 +737,12 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
     :return: Returns expression check code.
     """
     expression_code = ''
-    for i in range(len(test_args)):
+    for i, _ in enumerate(test_args):
         typ = func_args[i]
         val = test_args[i]
 
         # check if val is a non literal int val (i.e. an expression)
-        if typ == 'int' and not re.match('(\d+$)|((0x)?[0-9a-fA-F]+$)', val):
+        if typ == 'int' and not re.match(r'(\d+$)|((0x)?[0-9a-fA-F]+$)', val):
             typ = 'exp'
             if val not in unique_expressions:
                 unique_expressions.append(val)
@@ -744,33 +759,33 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
     return expression_code
 
 
-def gen_suite_deps_checks(suite_deps, dep_check_code, expression_code):
+def gen_suite_dep_checks(suite_dependencies, dep_check_code, expression_code):
     """
     Generates preprocessor checks for test suite dependencies.
 
-    :param suite_deps: Test suite dependencies read from the
+    :param suite_dependencies: Test suite dependencies read from the
             .functions file.
     :param dep_check_code: Dependency check code
     :param expression_code: Expression check code
     :return: Dependency and expression code guarded by test suite
              dependencies.
     """
-    if len(suite_deps):
-        ifdef = gen_deps_one_line(suite_deps)
+    if suite_dependencies:
+        preprocessor_check = gen_dependencies_one_line(suite_dependencies)
         dep_check_code = '''
-{ifdef}
+{preprocessor_check}
 {code}
 #endif
-'''.format(ifdef=ifdef, code=dep_check_code)
+'''.format(preprocessor_check=preprocessor_check, code=dep_check_code)
         expression_code = '''
-{ifdef}
+{preprocessor_check}
 {code}
 #endif
-'''.format(ifdef=ifdef, code=expression_code)
+'''.format(preprocessor_check=preprocessor_check, code=expression_code)
     return dep_check_code, expression_code
 
 
-def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
+def gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies):
     """
     This function reads test case name, dependencies and test vectors
     from the .data file. This information is correlated with the test
@@ -785,19 +800,20 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
     :param out_data_f:Output intermediate data file
     :param func_info: Dict keyed by function and with function id
            and arguments info
-    :param suite_deps: Test suite deps
+    :param suite_dependencies: Test suite dependencies
     :return: Returns dependency and expression check code
     """
-    unique_deps = []
+    unique_dependencies = []
     unique_expressions = []
     dep_check_code = ''
     expression_code = ''
-    for test_name, function_name, test_deps, test_args in parse_test_data(
-            data_f):
+    for test_name, function_name, test_dependencies, test_args in \
+            parse_test_data(data_f):
         out_data_f.write(test_name + '\n')
 
-        # Write deps
-        dep_check_code += write_deps(out_data_f, test_deps, unique_deps)
+        # Write dependencies
+        dep_check_code += write_dependencies(out_data_f, test_dependencies,
+                                             unique_dependencies)
 
         # Write test function name
         test_function_name = 'test_' + function_name
@@ -810,35 +826,143 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_deps):
         # Write parameters
         if len(test_args) != len(func_args):
             raise GeneratorInputError("Invalid number of arguments in test "
-                                      "%s. See function %s signature." % (
-                                      test_name, function_name))
+                                      "%s. See function %s signature." %
+                                      (test_name, function_name))
         expression_code += write_parameters(out_data_f, test_args, func_args,
                                             unique_expressions)
 
         # Write a newline as test case separator
         out_data_f.write('\n')
 
-    dep_check_code, expression_code = gen_suite_deps_checks(
-        suite_deps, dep_check_code, expression_code)
+    dep_check_code, expression_code = gen_suite_dep_checks(
+        suite_dependencies, dep_check_code, expression_code)
     return dep_check_code, expression_code
 
 
-def generate_code(funcs_file, data_file, template_file, platform_file,
-                  helpers_file, suites_dir, c_file, out_data_file):
+def add_input_info(funcs_file, data_file, template_file,
+                   c_file, snippets):
     """
-    Generates C source code from test suite file, data file, common
-    helpers file and platform file.
+    Add generator input info in snippets.
 
     :param funcs_file: Functions file object
     :param data_file: Data file object
     :param template_file: Template file object
-    :param platform_file: Platform file object
-    :param helpers_file: Helper functions file object
-    :param suites_dir: Test suites dir
     :param c_file: Output C file object
-    :param out_data_file: Output intermediate data file object
+    :param snippets: Dictionary to contain code pieces to be
+                     substituted in the template.
     :return:
     """
+    snippets['test_file'] = c_file
+    snippets['test_main_file'] = template_file
+    snippets['test_case_file'] = funcs_file
+    snippets['test_case_data_file'] = data_file
+
+
+def read_code_from_input_files(platform_file, helpers_file,
+                               out_data_file, snippets):
+    """
+    Read code from input files and create substitutions for replacement
+    strings in the template file.
+
+    :param platform_file: Platform file object
+    :param helpers_file: Helper functions file object
+    :param out_data_file: Output intermediate data file object
+    :param snippets: Dictionary to contain code pieces to be
+                     substituted in the template.
+    :return:
+    """
+    # Read helpers
+    with open(helpers_file, 'r') as help_f, open(platform_file, 'r') as \
+            platform_f:
+        snippets['test_common_helper_file'] = helpers_file
+        snippets['test_common_helpers'] = help_f.read()
+        snippets['test_platform_file'] = platform_file
+        snippets['platform_code'] = platform_f.read().replace(
+            'DATA_FILE', out_data_file.replace('\\', '\\\\'))  # escape '\'
+
+
+def write_test_source_file(template_file, c_file, snippets):
+    """
+    Write output source file with generated source code.
+
+    :param template_file: Template file name
+    :param c_file: Output source file
+    :param snippets: Generated and code snippets
+    :return:
+    """
+    with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
+        line_no = 1
+        for line in template_f.readlines():
+            # Update line number. +1 as #line directive sets next line number
+            snippets['line_no'] = line_no + 1
+            code = line.format(**snippets)
+            c_f.write(code)
+            line_no += 1
+
+
+def parse_function_file(funcs_file, snippets):
+    """
+    Parse function file and generate function dispatch code.
+
+    :param funcs_file: Functions file name
+    :param snippets: Dictionary to contain code pieces to be
+                     substituted in the template.
+    :return:
+    """
+    with FileWrapper(funcs_file) as funcs_f:
+        suite_dependencies, dispatch_code, func_code, func_info = \
+            parse_functions(funcs_f)
+        snippets['functions_code'] = func_code
+        snippets['dispatch_code'] = dispatch_code
+        return suite_dependencies, func_info
+
+
+def generate_intermediate_data_file(data_file, out_data_file,
+                                    suite_dependencies, func_info, snippets):
+    """
+    Generates intermediate data file from input data file and
+    information read from functions file.
+
+    :param data_file: Data file name
+    :param out_data_file: Output/Intermediate data file
+    :param suite_dependencies: List of suite dependencies.
+    :param func_info: Function info parsed from functions file.
+    :param snippets: Dictionary to contain code pieces to be
+                     substituted in the template.
+    :return:
+    """
+    with FileWrapper(data_file) as data_f, \
+            open(out_data_file, 'w') as out_data_f:
+        dep_check_code, expression_code = gen_from_test_data(
+            data_f, out_data_f, func_info, suite_dependencies)
+        snippets['dep_check_code'] = dep_check_code
+        snippets['expression_code'] = expression_code
+
+
+def generate_code(**input_info):
+    """
+    Generates C source code from test suite file, data file, common
+    helpers file and platform file.
+
+    input_info expands to following parameters:
+    funcs_file: Functions file object
+    data_file: Data file object
+    template_file: Template file object
+    platform_file: Platform file object
+    helpers_file: Helper functions file object
+    suites_dir: Test suites dir
+    c_file: Output C file object
+    out_data_file: Output intermediate data file object
+    :return:
+    """
+    funcs_file = input_info['funcs_file']
+    data_file = input_info['data_file']
+    template_file = input_info['template_file']
+    platform_file = input_info['platform_file']
+    helpers_file = input_info['helpers_file']
+    suites_dir = input_info['suites_dir']
+    c_file = input_info['c_file']
+    out_data_file = input_info['out_data_file']
     for name, path in [('Functions file', funcs_file),
                        ('Data file', data_file),
                        ('Template file', template_file),
@@ -848,44 +972,15 @@ def generate_code(funcs_file, data_file, template_file, platform_file,
         if not os.path.exists(path):
             raise IOError("ERROR: %s [%s] not found!" % (name, path))
 
-    snippets = {'generator_script' : os.path.basename(__file__)}
-
-    # Read helpers
-    with open(helpers_file, 'r') as help_f, open(platform_file, 'r') as \
-            platform_f:
-        snippets['test_common_helper_file'] = helpers_file
-        snippets['test_common_helpers'] = help_f.read()
-        snippets['test_platform_file'] = platform_file
-        snippets['platform_code'] = platform_f.read().replace(
-            'DATA_FILE', out_data_file.replace('\\', '\\\\')) # escape '\'
-
-    # Function code
-    with FileWrapper(funcs_file) as funcs_f, FileWrapper(data_file) as \
-            data_f, open(out_data_file, 'w') as out_data_f:
-        suite_deps, dispatch_code, func_code, func_info = parse_functions(
-            funcs_f)
-        snippets['functions_code'] = func_code
-        snippets['dispatch_code'] = dispatch_code
-        dep_check_code, expression_code = gen_from_test_data(
-            data_f, out_data_f, func_info, suite_deps)
-        snippets['dep_check_code'] = dep_check_code
-        snippets['expression_code'] = expression_code
-
-    snippets['test_file'] = c_file
-    snippets['test_main_file'] = template_file
-    snippets['test_case_file'] = funcs_file
-    snippets['test_case_data_file'] = data_file
-    # Read Template
-    # Add functions
-    #
-    with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
-        line_no = 1
-        for line in template_f.readlines():
-            # Update line number. +1 as #line directive sets next line number
-            snippets['line_no'] = line_no + 1
-            code = line.format(**snippets)
-            c_f.write(code)
-            line_no += 1
+    snippets = {'generator_script': os.path.basename(__file__)}
+    read_code_from_input_files(platform_file, helpers_file,
+                               out_data_file, snippets)
+    add_input_info(funcs_file, data_file, template_file,
+                   c_file, snippets)
+    suite_dependencies, func_info = parse_function_file(funcs_file, snippets)
+    generate_intermediate_data_file(data_file, out_data_file,
+                                    suite_dependencies, func_info, snippets)
+    write_test_source_file(template_file, c_file, snippets)
 
 
 def check_cmd():
@@ -949,18 +1044,20 @@ def check_cmd():
 
     out_c_file_dir = os.path.dirname(out_c_file)
     out_data_file_dir = os.path.dirname(out_data_file)
-    for d in [out_c_file_dir, out_data_file_dir]:
-        if not os.path.exists(d):
-            os.makedirs(d)
+    for directory in [out_c_file_dir, out_data_file_dir]:
+        if not os.path.exists(directory):
+            os.makedirs(directory)
 
-    generate_code(args.funcs_file, args.data_file, args.template_file,
-                  args.platform_file, args.helpers_file, args.suites_dir,
-                  out_c_file, out_data_file)
+    generate_code(funcs_file=args.funcs_file, data_file=args.data_file,
+                  template_file=args.template_file,
+                  platform_file=args.platform_file,
+                  helpers_file=args.helpers_file, suites_dir=args.suites_dir,
+                  c_file=out_c_file, out_data_file=out_data_file)
 
 
 if __name__ == "__main__":
     try:
         check_cmd()
-    except GeneratorInputError as e:
-        script_name = os.path.basename(sys.argv[0])
-        print("%s: input error: %s" % (script_name, str(e)))
+    except GeneratorInputError as err:
+        print("%s: input error: %s" %
+              (os.path.basename(sys.argv[0]), str(err)))
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index c3b1b7a3f..8fd72613e 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -15,18 +15,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-# This file is part of mbed TLS (https://tls.mbed.org)
+# This file is part of Mbed TLS (https://tls.mbed.org)
 
 
 """
-Mbed TLS on-target test suite tests are implemented as mbed-os greentea
+Mbed TLS on-target test suite tests are implemented as mbed-os Greentea
 tests. Greentea tests are implemented in two parts: target test and
 host test. Target test is a C application that is built for the
 target platform and executes on the target. Host test is a Python
 class derived from mbed_host_tests.BaseHostTest. Target communicates
 with the host over serial for the test data.
 
-Python tool mbedgt (greentea) is responsible for flashing the test
+Python tool mbedgt (Greentea) is responsible for flashing the test
 binary on to the target and dynamically loading the host test.
 
 This script contains the host test for handling target test's
@@ -64,67 +64,69 @@ class TestDataParser(object):
 
         :param data_file: Data file path
         """
-        with open(data_file, 'r') as f:
-            self.__parse(f)
+        with open(data_file, 'r') as data_f:
+            self.__parse(data_f)
 
     @staticmethod
-    def __escaped_split(str, ch):
+    def __escaped_split(inp_str, split_char):
         """
-        Splits str on ch except when escaped.
+        Splits inp_str on split_char except when escaped.
 
-        :param str: String to split
-        :param ch: Split character
+        :param inp_str: String to split
+        :param split_char: Split character
         :return: List of splits
         """
-        if len(ch) > 1:
+        if len(split_char) > 1:
             raise ValueError('Expected split character. Found string!')
         out = []
         part = ''
         escape = False
-        for i in range(len(str)):
-            if not escape and str[i] == ch:
+        for character in inp_str:
+            if not escape and character == split_char:
                 out.append(part)
                 part = ''
             else:
-                part += str[i]
-                escape = not escape and str[i] == '\\'
-        if len(part):
+                part += character
+                escape = not escape and character == '\\'
+        if part:
             out.append(part)
         return out
 
-    def __parse(self, file):
+    def __parse(self, data_f):
         """
         Parses data file using supplied file object.
 
-        :param file: Data file object
+        :param data_f: Data file object
         :return:
         """
-        for line in file:
+        for line in data_f:
             line = line.strip()
-            if len(line) == 0:
+            if not line:
                 continue
             # Read test name
             name = line
 
             # Check dependencies
-            deps = []
-            line = file.next().strip()
-            m = re.search('depends_on\:(.*)', line)
-            if m:
-                deps = [int(x) for x in m.group(1).split(':')]
-                line = file.next().strip()
+            dependencies = []
+            line = data_f.next().strip()
+            match = re.search('depends_on:(.*)', line)
+            if match:
+                dependencies = [int(x) for x in match.group(1).split(':')]
+                line = data_f.next().strip()
 
             # Read test vectors
             line = line.replace('\\n', '\n')
             parts = self.__escaped_split(line, ':')
-            function = int(parts[0])
-            x = parts[1:]
-            l = len(x)
-            if l % 2 != 0:
+            function_name = int(parts[0])
+            args = parts[1:]
+            args_count = len(args)
+            if args_count % 2 != 0:
                 raise TestDataParserError("Number of test arguments should "
                                           "be even: %s" % line)
-            args = [(x[i * 2], x[(i * 2) + 1]) for i in range(len(x)/2)]
-            self.tests.append((name, function, deps, args))
+            grouped_args = [(args[i * 2], args[(i * 2) + 1])
+                            for i in range(len(args)/2)]
+            self.tests.append((name, function_name, dependencies,
+                               grouped_args))
 
     def get_test_data(self):
         """
@@ -135,8 +137,8 @@ class TestDataParser(object):
 
 class MbedTlsTest(BaseHostTest):
     """
-    Host test for mbedtls unit tests. This script is loaded at
-    run time by Greentea for executing mbedtls test suites. Each
+    Host test for Mbed TLS unit tests. This script is loaded at
+    run time by Greentea for executing Mbed TLS test suites. Each
     communication from the target is received in this object as
     an event, which is then handled by the event handler method
     decorated by the associated event. Ex: @event_callback('GO').
@@ -144,7 +146,7 @@ class MbedTlsTest(BaseHostTest):
     Target test sends requests for dispatching next test. It reads
     tests from the intermediate data file and sends test function
     identifier, dependency identifiers, expression identifiers and
-    the test data in binary form. Target test checks dependecnies
+    the test data in binary form. Target test checks dependencies
     , evaluate integer constant expressions and dispatches the test
     function with received test parameters.
 
@@ -169,12 +171,18 @@ class MbedTlsTest(BaseHostTest):
         self.test_index = -1
         self.dep_index = 0
         self.error_str = dict()
-        self.error_str[self.DEPENDENCY_SUPPORTED] = 'DEPENDENCY_SUPPORTED'
-        self.error_str[self.KEY_VALUE_MAPPING_NOT_FOUND] = 'KEY_VALUE_MAPPING_NOT_FOUND'
-        self.error_str[self.DEPENDENCY_NOT_SUPPORTED] = 'DEPENDENCY_NOT_SUPPORTED'
-        self.error_str[self.DISPATCH_TEST_FN_NOT_FOUND] = 'DISPATCH_TEST_FN_NOT_FOUND'
-        self.error_str[self.DISPATCH_INVALID_TEST_DATA] = 'DISPATCH_INVALID_TEST_DATA'
-        self.error_str[self.DISPATCH_UNSUPPORTED_SUITE] = 'DISPATCH_UNSUPPORTED_SUITE'
+        self.error_str[self.DEPENDENCY_SUPPORTED] = \
+            'DEPENDENCY_SUPPORTED'
+        self.error_str[self.KEY_VALUE_MAPPING_NOT_FOUND] = \
+            'KEY_VALUE_MAPPING_NOT_FOUND'
+        self.error_str[self.DEPENDENCY_NOT_SUPPORTED] = \
+            'DEPENDENCY_NOT_SUPPORTED'
+        self.error_str[self.DISPATCH_TEST_FN_NOT_FOUND] = \
+            'DISPATCH_TEST_FN_NOT_FOUND'
+        self.error_str[self.DISPATCH_INVALID_TEST_DATA] = \
+            'DISPATCH_INVALID_TEST_DATA'
+        self.error_str[self.DISPATCH_UNSUPPORTED_SUITE] = \
+            'DISPATCH_UNSUPPORTED_SUITE'
 
     def setup(self):
         """
@@ -206,13 +214,13 @@ class MbedTlsTest(BaseHostTest):
             self.log('{{__testcase_name;%s}}' % name)
 
     @staticmethod
-    def align_32bit(b):
+    def align_32bit(data_bytes):
         """
         4 byte aligns input byte array.
 
         :return:
         """
-        b += bytearray((4 - (len(b))) % 4)
+        data_bytes += bytearray((4 - (len(data_bytes))) % 4)
 
     @staticmethod
     def hex_str_bytes(hex_str):
@@ -230,56 +238,56 @@ class MbedTlsTest(BaseHostTest):
             raise TestDataParserError("HEX parameter len should be mod of "
                                       "2: %s" % hex_str)
 
-        b = binascii.unhexlify(hex_str)
-        return b
+        data_bytes = binascii.unhexlify(hex_str)
+        return data_bytes
 
     @staticmethod
-    def int32_to_bigendian_bytes(i):
+    def int32_to_big_endian_bytes(i):
         """
-        Coverts i to bytearray in big endian format.
+        Coverts i to byte array in big endian format.
 
         :param i: Input integer
         :return: Output bytes array in big endian or network order
         """
-        b = bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
-        return b
+        data_bytes = bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
+        return data_bytes
 
-    def test_vector_to_bytes(self, function_id, deps, parameters):
+    def test_vector_to_bytes(self, function_id, dependencies, parameters):
         """
         Converts test vector into a byte array that can be sent to the target.
 
         :param function_id: Test Function Identifier
-        :param deps: Dependency list
+        :param dependencies: Dependency list
         :param parameters: Test function input parameters
         :return: Byte array and its length
         """
-        b = bytearray([len(deps)])
-        if len(deps):
-            b += bytearray(deps)
-        b += bytearray([function_id, len(parameters)])
+        data_bytes = bytearray([len(dependencies)])
+        if dependencies:
+            data_bytes += bytearray(dependencies)
+        data_bytes += bytearray([function_id, len(parameters)])
         for typ, param in parameters:
             if typ == 'int' or typ == 'exp':
                 i = int(param)
-                b += 'I' if typ == 'int' else 'E'
-                self.align_32bit(b)
-                b += self.int32_to_bigendian_bytes(i)
+                data_bytes += 'I' if typ == 'int' else 'E'
+                self.align_32bit(data_bytes)
+                data_bytes += self.int32_to_big_endian_bytes(i)
             elif typ == 'char*':
                 param = param.strip('"')
                 i = len(param) + 1  # + 1 for null termination
-                b += 'S'
-                self.align_32bit(b)
-                b += self.int32_to_bigendian_bytes(i)
-                b += bytearray(list(param))
-                b += '\0'   # Null terminate
+                data_bytes += 'S'
+                self.align_32bit(data_bytes)
+                data_bytes += self.int32_to_big_endian_bytes(i)
+                data_bytes += bytearray(list(param))
+                data_bytes += '\0'   # Null terminate
             elif typ == 'hex':
-                hb = self.hex_str_bytes(param)
-                b += 'H'
-                self.align_32bit(b)
-                i = len(hb)
-                b += self.int32_to_bigendian_bytes(i)
-                b += hb
-        length = self.int32_to_bigendian_bytes(len(b))
-        return b, length
+                binary_data = self.hex_str_bytes(param)
+                data_bytes += 'H'
+                self.align_32bit(data_bytes)
+                i = len(binary_data)
+                data_bytes += self.int32_to_big_endian_bytes(i)
+                data_bytes += binary_data
+        length = self.int32_to_big_endian_bytes(len(data_bytes))
+        return data_bytes, length
 
     def run_next_test(self):
         """
@@ -289,25 +297,26 @@ class MbedTlsTest(BaseHostTest):
         self.test_index += 1
         self.dep_index = 0
         if self.test_index < len(self.tests):
-            name, function_id, deps, args = self.tests[self.test_index]
-            self.run_test(name, function_id, deps, args)
+            name, function_id, dependencies, args = self.tests[self.test_index]
+            self.run_test(name, function_id, dependencies, args)
         else:
             self.notify_complete(True)
 
-    def run_test(self, name, function_id, deps, args):
+    def run_test(self, name, function_id, dependencies, args):
         """
         Execute the test on target by sending next test information.
 
         :param name: Test name
         :param function_id: function identifier
-        :param deps: Dependencies list
+        :param dependencies: Dependencies list
         :param args: test parameters
         :return:
         """
         self.log("Running: %s" % name)
 
-        bytes, length = self.test_vector_to_bytes(function_id, deps, args)
-        self.send_kv(length, bytes)
+        param_bytes, length = self.test_vector_to_bytes(function_id,
+                                                        dependencies, args)
+        self.send_kv(length, param_bytes)
 
     @staticmethod
     def get_result(value):
@@ -319,52 +328,52 @@ class MbedTlsTest(BaseHostTest):
         try:
             return int(value)
         except ValueError:
-            ValueError("Result should return error number. Instead received %s" % value)
+            ValueError("Result should return error number. "
+                       "Instead received %s" % value)
         return 0
 
     @event_callback('GO')
-    def on_go(self, key, value, timestamp):
+    def on_go(self, _key, _value, _timestamp):
         """
         Sent by the target to start first test.
 
-        :param key: Event key
-        :param value: Value. ignored
-        :param timestamp: Timestamp ignored.
+        :param _key: Event key
+        :param _value: Value. ignored
+        :param _timestamp: Timestamp ignored.
         :return:
         """
         self.run_next_test()
 
     @event_callback("R")
-    def on_result(self, key, value, timestamp):
+    def on_result(self, _key, value, _timestamp):
         """
         Handle result. Prints test start, finish required by Greentea
         to detect test execution.
 
-        :param key: Event key
+        :param _key: Event key
         :param value: Value. ignored
-        :param timestamp: Timestamp ignored.
+        :param _timestamp: Timestamp ignored.
         :return:
         """
         int_val = self.get_result(value)
-        name, function, deps, args = self.tests[self.test_index]
+        name, _, _, _ = self.tests[self.test_index]
         self.log('{{__testcase_start;%s}}' % name)
         self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
                                                      int_val != 0))
         self.run_next_test()
 
     @event_callback("F")
-    def on_failure(self, key, value, timestamp):
+    def on_failure(self, _key, value, _timestamp):
         """
         Handles test execution failure. That means dependency not supported or
         Test function not supported. Hence marking test as skipped.
 
-        :param key: Event key
+        :param _key: Event key
         :param value: Value. ignored
-        :param timestamp: Timestamp ignored.
+        :param _timestamp: Timestamp ignored.
         :return:
         """
         int_val = self.get_result(value)
-        name, function, deps, args = self.tests[self.test_index]
         if int_val in self.error_str:
             err = self.error_str[int_val]
         else:
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index f1088a32a..f0a935d20 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # Unit test for generate_test_code.py
 #
 # Copyright (C) 2018, ARM Limited, All Rights Reserved
@@ -16,143 +16,184 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-# This file is part of mbed TLS (https://tls.mbed.org)
-
-from StringIO import StringIO
-from unittest import TestCase, main as unittest_main
-from mock import patch
-from generate_test_code import *
-
+# This file is part of Mbed TLS (https://tls.mbed.org)
 
 """
 Unit tests for generate_test_code.py
 """
 
 
+import sys
+from StringIO import StringIO
+from unittest import TestCase, main as unittest_main
+from mock import patch
+from generate_test_code import gen_dependencies, gen_dependencies_one_line
+from generate_test_code import gen_function_wrapper, gen_dispatch
+from generate_test_code import parse_until_pattern, GeneratorInputError
+from generate_test_code import parse_suite_dependencies
+from generate_test_code import parse_function_dependencies
+from generate_test_code import parse_function_signature, parse_function_code
+from generate_test_code import parse_functions, END_HEADER_REGEX
+from generate_test_code import END_SUITE_HELPERS_REGEX, escaped_split
+from generate_test_code import parse_test_data, gen_dep_check
+from generate_test_code import gen_expression_check, write_dependencies
+from generate_test_code import write_parameters, gen_suite_dep_checks
+from generate_test_code import gen_from_test_data
+
+
 class GenDep(TestCase):
     """
     Test suite for function gen_dep()
     """
 
-    def test_deps_list(self):
+    def test_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = ['DEP1', 'DEP2']
-        dep_start, dep_end = gen_deps(deps)
-        ifdef1, ifdef2 = dep_start.splitlines()
+        dependencies = ['DEP1', 'DEP2']
+        dep_start, dep_end = gen_dependencies(dependencies)
+        preprocessor1, preprocessor2 = dep_start.splitlines()
         endif1, endif2 = dep_end.splitlines()
-        self.assertEqual(ifdef1, '#if defined(DEP1)', 'ifdef generated incorrectly')
-        self.assertEqual(ifdef2, '#if defined(DEP2)', 'ifdef generated incorrectly')
-        self.assertEqual(endif1, '#endif /* DEP2 */', 'endif generated incorrectly')
-        self.assertEqual(endif2, '#endif /* DEP1 */', 'endif generated incorrectly')
+        self.assertEqual(preprocessor1, '#if defined(DEP1)',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(preprocessor2, '#if defined(DEP2)',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(endif1, '#endif /* DEP2 */',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(endif2, '#endif /* DEP1 */',
+                         'Preprocessor generated incorrectly')
 
-    def test_disabled_deps_list(self):
+    def test_disabled_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = ['!DEP1', '!DEP2']
-        dep_start, dep_end = gen_deps(deps)
-        ifdef1, ifdef2 = dep_start.splitlines()
+        dependencies = ['!DEP1', '!DEP2']
+        dep_start, dep_end = gen_dependencies(dependencies)
+        preprocessor1, preprocessor2 = dep_start.splitlines()
         endif1, endif2 = dep_end.splitlines()
-        self.assertEqual(ifdef1, '#if !defined(DEP1)', 'ifdef generated incorrectly')
-        self.assertEqual(ifdef2, '#if !defined(DEP2)', 'ifdef generated incorrectly')
-        self.assertEqual(endif1, '#endif /* !DEP2 */', 'endif generated incorrectly')
-        self.assertEqual(endif2, '#endif /* !DEP1 */', 'endif generated incorrectly')
+        self.assertEqual(preprocessor1, '#if !defined(DEP1)',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(preprocessor2, '#if !defined(DEP2)',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(endif1, '#endif /* !DEP2 */',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(endif2, '#endif /* !DEP1 */',
+                         'Preprocessor generated incorrectly')
 
-    def test_mixed_deps_list(self):
+    def test_mixed_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = ['!DEP1', 'DEP2']
-        dep_start, dep_end = gen_deps(deps)
-        ifdef1, ifdef2 = dep_start.splitlines()
+        dependencies = ['!DEP1', 'DEP2']
+        dep_start, dep_end = gen_dependencies(dependencies)
+        preprocessor1, preprocessor2 = dep_start.splitlines()
         endif1, endif2 = dep_end.splitlines()
-        self.assertEqual(ifdef1, '#if !defined(DEP1)', 'ifdef generated incorrectly')
-        self.assertEqual(ifdef2, '#if defined(DEP2)', 'ifdef generated incorrectly')
-        self.assertEqual(endif1, '#endif /* DEP2 */', 'endif generated incorrectly')
-        self.assertEqual(endif2, '#endif /* !DEP1 */', 'endif generated incorrectly')
+        self.assertEqual(preprocessor1, '#if !defined(DEP1)',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(preprocessor2, '#if defined(DEP2)',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(endif1, '#endif /* DEP2 */',
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(endif2, '#endif /* !DEP1 */',
+                         'Preprocessor generated incorrectly')
 
-    def test_empty_deps_list(self):
+    def test_empty_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = []
-        dep_start, dep_end = gen_deps(deps)
-        self.assertEqual(dep_start, '', 'ifdef generated incorrectly')
-        self.assertEqual(dep_end, '', 'ifdef generated incorrectly')
+        dependencies = []
+        dep_start, dep_end = gen_dependencies(dependencies)
+        self.assertEqual(dep_start, '', 'Preprocessor generated incorrectly')
+        self.assertEqual(dep_end, '', 'Preprocessor generated incorrectly')
 
-    def test_large_deps_list(self):
+    def test_large_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = []
+        dependencies = []
         count = 10
         for i in range(count):
-            deps.append('DEP%d' % i)
-        dep_start, dep_end = gen_deps(deps)
-        self.assertEqual(len(dep_start.splitlines()), count, 'ifdef generated incorrectly')
-        self.assertEqual(len(dep_end.splitlines()), count, 'ifdef generated incorrectly')
+            dependencies.append('DEP%d' % i)
+        dep_start, dep_end = gen_dependencies(dependencies)
+        self.assertEqual(len(dep_start.splitlines()), count,
+                         'Preprocessor generated incorrectly')
+        self.assertEqual(len(dep_end.splitlines()), count,
+                         'Preprocessor generated incorrectly')
 
 
 class GenDepOneLine(TestCase):
     """
-    Test Suite for testing gen_deps_one_line()
+    Test Suite for testing gen_dependencies_one_line()
     """
 
-    def test_deps_list(self):
+    def test_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = ['DEP1', 'DEP2']
-        dep_str = gen_deps_one_line(deps)
-        self.assertEqual(dep_str, '#if defined(DEP1) && defined(DEP2)', 'ifdef generated incorrectly')
+        dependencies = ['DEP1', 'DEP2']
+        dep_str = gen_dependencies_one_line(dependencies)
+        self.assertEqual(dep_str, '#if defined(DEP1) && defined(DEP2)',
+                         'Preprocessor generated incorrectly')
 
-    def test_disabled_deps_list(self):
+    def test_disabled_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = ['!DEP1', '!DEP2']
-        dep_str = gen_deps_one_line(deps)
-        self.assertEqual(dep_str, '#if !defined(DEP1) && !defined(DEP2)', 'ifdef generated incorrectly')
+        dependencies = ['!DEP1', '!DEP2']
+        dep_str = gen_dependencies_one_line(dependencies)
+        self.assertEqual(dep_str, '#if !defined(DEP1) && !defined(DEP2)',
+                         'Preprocessor generated incorrectly')
 
-    def test_mixed_deps_list(self):
+    def test_mixed_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = ['!DEP1', 'DEP2']
-        dep_str = gen_deps_one_line(deps)
-        self.assertEqual(dep_str, '#if !defined(DEP1) && defined(DEP2)', 'ifdef generated incorrectly')
+        dependencies = ['!DEP1', 'DEP2']
+        dep_str = gen_dependencies_one_line(dependencies)
+        self.assertEqual(dep_str, '#if !defined(DEP1) && defined(DEP2)',
+                         'Preprocessor generated incorrectly')
 
-    def test_empty_deps_list(self):
+    def test_empty_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = []
-        dep_str = gen_deps_one_line(deps)
-        self.assertEqual(dep_str, '', 'ifdef generated incorrectly')
+        dependencies = []
+        dep_str = gen_dependencies_one_line(dependencies)
+        self.assertEqual(dep_str, '', 'Preprocessor generated incorrectly')
 
-    def test_large_deps_list(self):
+    def test_large_dependencies_list(self):
         """
-        Test that gen_dep() correctly creates deps for given dependency list.
+        Test that gen_dep() correctly creates dependencies for given
+        dependency list.
         :return:
         """
-        deps = []
+        dependencies = []
         count = 10
         for i in range(count):
-            deps.append('DEP%d' % i)
-        dep_str = gen_deps_one_line(deps)
-        expected = '#if ' + ' && '.join(['defined(%s)' % x for x in deps])
-        self.assertEqual(dep_str, expected, 'ifdef generated incorrectly')
+            dependencies.append('DEP%d' % i)
+        dep_str = gen_dependencies_one_line(dependencies)
+        expected = '#if ' + ' && '.join(['defined(%s)' %
+                                         x for x in dependencies])
+        self.assertEqual(dep_str, expected,
+                         'Preprocessor generated incorrectly')
 
 
 class GenFunctionWrapper(TestCase):
@@ -182,7 +223,8 @@ void test_a_wrapper( void ** params )
 
         :return:
         """
-        code = gen_function_wrapper('test_a', 'int x = 1;', ('x', 'b', 'c', 'd'))
+        code = gen_function_wrapper('test_a',
+                                    'int x = 1;', ('x', 'b', 'c', 'd'))
         expected = '''
 void test_a_wrapper( void ** params )
 {
@@ -230,7 +272,7 @@ class GenDispatch(TestCase):
 '''
         self.assertEqual(code, expected)
 
-    def test_empty_deps(self):
+    def test_empty_dependencies(self):
         """
         Test empty dependency list.
         :return:
@@ -246,7 +288,7 @@ class StringIOWrapper(StringIO, object):
     """
     file like class to mock file object in tests.
     """
-    def __init__(self, file_name, data, line_no = 1):
+    def __init__(self, file_name, data, line_no=1):
         """
         Init file handle.
 
@@ -260,17 +302,28 @@ class StringIOWrapper(StringIO, object):
 
     def next(self):
         """
-        Iterator return impl.
-        :return:
-        """
-        line = super(StringIOWrapper, self).next()
-        return line
+        Iterator method. This method overrides base class's
+        next method and extends the next method to count the line
+        numbers as each line is read.
 
-    def readline(self, limit=0):
+        :return: Line read from file.
+        """
+        parent = super(StringIOWrapper, self)
+        line = parent.next()  # Python 2
+        if line:
+            self.line_no += 1
+            # Convert byte array to string with correct encoding and
+            # strip any whitespaces added in the decoding process.
+            return line.decode(sys.getdefaultencoding()).strip() + "\n"
+        return None
+
+    __next__ = next
+
+    def readline(self, length=0):
         """
         Wrap the base class readline.
 
-        :param limit:
+        :param length:
         :return:
         """
         line = super(StringIOWrapper, self).readline()
@@ -300,8 +353,8 @@ class ParseUntilPattern(TestCase):
 
 #define ECP_PF_UNKNOWN     -1
 '''
-        s = StringIOWrapper('test_suite_ut.function', data, line_no=0)
-        headers = parse_until_pattern(s, END_HEADER_REGEX)
+        stream = StringIOWrapper('test_suite_ut.function', data, line_no=0)
+        headers = parse_until_pattern(stream, END_HEADER_REGEX)
         self.assertEqual(headers, expected)
 
     def test_line_no(self):
@@ -321,13 +374,15 @@ class ParseUntilPattern(TestCase):
 
 #define ECP_PF_UNKNOWN     -1
 ''' % (offset_line_no + 1)
-        s = StringIOWrapper('test_suite_ut.function', data, offset_line_no)
-        headers = parse_until_pattern(s, END_HEADER_REGEX)
+        stream = StringIOWrapper('test_suite_ut.function', data,
+                                 offset_line_no)
+        headers = parse_until_pattern(stream, END_HEADER_REGEX)
         self.assertEqual(headers, expected)
 
     def test_no_end_header_comment(self):
         """
-        Test that InvalidFileFormat is raised when end header comment is missing.
+        Test that InvalidFileFormat is raised when end header comment is
+        missing.
         :return:
         """
         data = '''#include "mbedtls/ecp.h"
@@ -335,16 +390,17 @@ class ParseUntilPattern(TestCase):
 #define ECP_PF_UNKNOWN     -1
 
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(InvalidFileFormat, parse_until_pattern, s, END_HEADER_REGEX)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(GeneratorInputError, parse_until_pattern, stream,
+                          END_HEADER_REGEX)
 
 
-class ParseSuiteDeps(TestCase):
+class ParseSuiteDependencies(TestCase):
     """
-    Test Suite for testing parse_suite_deps().
+    Test Suite for testing parse_suite_dependencies().
     """
 
-    def test_suite_deps(self):
+    def test_suite_dependencies(self):
         """
 
         :return:
@@ -355,9 +411,9 @@ class ParseSuiteDeps(TestCase):
  */
 '''
         expected = ['MBEDTLS_ECP_C']
-        s = StringIOWrapper('test_suite_ut.function', data)
-        deps = parse_suite_deps(s)
-        self.assertEqual(deps, expected)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        dependencies = parse_suite_dependencies(stream)
+        self.assertEqual(dependencies, expected)
 
     def test_no_end_dep_comment(self):
         """
@@ -367,10 +423,11 @@ class ParseSuiteDeps(TestCase):
         data = '''
 * depends_on:MBEDTLS_ECP_C
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(InvalidFileFormat, parse_suite_deps, s)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(GeneratorInputError, parse_suite_dependencies,
+                          stream)
 
-    def test_deps_split(self):
+    def test_dependencies_split(self):
         """
         Test that InvalidFileFormat is raised when end dep comment is missing.
         :return:
@@ -381,43 +438,47 @@ class ParseSuiteDeps(TestCase):
  */
 '''
         expected = ['MBEDTLS_ECP_C', 'A', 'B', 'C', 'D', 'F', 'G', '!H']
-        s = StringIOWrapper('test_suite_ut.function', data)
-        deps = parse_suite_deps(s)
-        self.assertEqual(deps, expected)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        dependencies = parse_suite_dependencies(stream)
+        self.assertEqual(dependencies, expected)
 
 
-class ParseFuncDeps(TestCase):
+class ParseFuncDependencies(TestCase):
     """
-    Test Suite for testing parse_function_deps()
+    Test Suite for testing parse_function_dependencies()
     """
 
-    def test_function_deps(self):
+    def test_function_dependencies(self):
         """
-        Test that parse_function_deps() correctly parses function dependencies.
+        Test that parse_function_dependencies() correctly parses function
+        dependencies.
         :return:
         """
-        line = '/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */'
+        line = '/* BEGIN_CASE ' \
+               'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */'
         expected = ['MBEDTLS_ENTROPY_NV_SEED', 'MBEDTLS_FS_IO']
-        deps = parse_function_deps(line)
-        self.assertEqual(deps, expected)
+        dependencies = parse_function_dependencies(line)
+        self.assertEqual(dependencies, expected)
 
-    def test_no_deps(self):
+    def test_no_dependencies(self):
         """
-        Test that parse_function_deps() correctly parses function dependencies.
+        Test that parse_function_dependencies() correctly parses function
+        dependencies.
         :return:
         """
         line = '/* BEGIN_CASE */'
-        deps = parse_function_deps(line)
-        self.assertEqual(deps, [])
+        dependencies = parse_function_dependencies(line)
+        self.assertEqual(dependencies, [])
 
-    def test_poorly_defined_deps(self):
+    def test_tolerance(self):
         """
-        Test that parse_function_deps() correctly parses function dependencies.
+        Test that parse_function_dependencies() correctly parses function
+        dependencies.
         :return:
         """
         line = '/* BEGIN_CASE depends_on:MBEDTLS_FS_IO: A : !B:C : F*/'
-        deps = parse_function_deps(line)
-        self.assertEqual(deps, ['MBEDTLS_FS_IO', 'A', '!B', 'C', 'F'])
+        dependencies = parse_function_dependencies(line)
+        self.assertEqual(dependencies, ['MBEDTLS_FS_IO', 'A', '!B', 'C', 'F'])
 
 
 class ParseFuncSignature(TestCase):
@@ -435,7 +496,9 @@ class ParseFuncSignature(TestCase):
         self.assertEqual(name, 'entropy_threshold')
         self.assertEqual(args, ['char*', 'int', 'int'])
         self.assertEqual(local, '')
-        self.assertEqual(arg_dispatch, ['(char *) params[0]', '*( (int *) params[1] )', '*( (int *) params[2] )'])
+        self.assertEqual(arg_dispatch, ['(char *) params[0]',
+                                        '*( (int *) params[1] )',
+                                        '*( (int *) params[2] )'])
 
     def test_hex_params(self):
         """
@@ -446,8 +509,12 @@ class ParseFuncSignature(TestCase):
         name, args, local, arg_dispatch = parse_function_signature(line)
         self.assertEqual(name, 'entropy_threshold')
         self.assertEqual(args, ['char*', 'hex', 'int'])
-        self.assertEqual(local, '    data_t hex1 = {(uint8_t *) params[1], *( (uint32_t *) params[2] )};\n')
-        self.assertEqual(arg_dispatch, ['(char *) params[0]', '&hex1', '*( (int *) params[3] )'])
+        self.assertEqual(local,
+                         '    data_t hex1 = {(uint8_t *) params[1], '
+                         '*( (uint32_t *) params[2] )};\n')
+        self.assertEqual(arg_dispatch, ['(char *) params[0]',
+                                        '&hex1',
+                                        '*( (int *) params[3] )'])
 
     def test_non_void_function(self):
         """
@@ -493,8 +560,9 @@ No
 test
 function
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(GeneratorInputError, parse_function_code, stream, [],
+                          [])
 
     def test_no_end_case_comment(self):
         """
@@ -506,11 +574,13 @@ void test_func()
 {
 }
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(GeneratorInputError, parse_function_code, stream, [],
+                          [])
 
     @patch("generate_test_code.parse_function_signature")
-    def test_parse_function_signature_called(self, parse_function_signature_mock):
+    def test_function_called(self,
+                             parse_function_signature_mock):
         """
         Test parse_function_code()
         :return:
@@ -521,26 +591,27 @@ void test_func()
 {
 }
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(GeneratorInputError, parse_function_code,
+                          stream, [], [])
         self.assertTrue(parse_function_signature_mock.called)
         parse_function_signature_mock.assert_called_with('void test_func()\n')
 
     @patch("generate_test_code.gen_dispatch")
-    @patch("generate_test_code.gen_deps")
+    @patch("generate_test_code.gen_dependencies")
     @patch("generate_test_code.gen_function_wrapper")
     @patch("generate_test_code.parse_function_signature")
     def test_return(self, parse_function_signature_mock,
-                                             gen_function_wrapper_mock,
-                                             gen_deps_mock,
-                                             gen_dispatch_mock):
+                    gen_function_wrapper_mock,
+                    gen_dependencies_mock,
+                    gen_dispatch_mock):
         """
         Test generated code.
         :return:
         """
         parse_function_signature_mock.return_value = ('func', [], '', [])
         gen_function_wrapper_mock.return_value = ''
-        gen_deps_mock.side_effect = gen_deps
+        gen_dependencies_mock.side_effect = gen_dependencies
         gen_dispatch_mock.side_effect = gen_dispatch
         data = '''
 void func()
@@ -550,10 +621,9 @@ void func()
 }
 /* END_CASE */
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        name, arg, code, dispatch_code = parse_function_code(s, [], [])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        name, arg, code, dispatch_code = parse_function_code(stream, [], [])
 
-        #self.assertRaises(InvalidFileFormat, parse_function_code, s, [], [])
         self.assertTrue(parse_function_signature_mock.called)
         parse_function_signature_mock.assert_called_with('void func()\n')
         gen_function_wrapper_mock.assert_called_with('test_func', '', [])
@@ -572,20 +642,20 @@ exit:
         self.assertEqual(dispatch_code, "\n    test_func_wrapper,\n")
 
     @patch("generate_test_code.gen_dispatch")
-    @patch("generate_test_code.gen_deps")
+    @patch("generate_test_code.gen_dependencies")
     @patch("generate_test_code.gen_function_wrapper")
     @patch("generate_test_code.parse_function_signature")
     def test_with_exit_label(self, parse_function_signature_mock,
-                           gen_function_wrapper_mock,
-                           gen_deps_mock,
-                           gen_dispatch_mock):
+                             gen_function_wrapper_mock,
+                             gen_dependencies_mock,
+                             gen_dispatch_mock):
         """
         Test when exit label is present.
         :return:
         """
         parse_function_signature_mock.return_value = ('func', [], '', [])
         gen_function_wrapper_mock.return_value = ''
-        gen_deps_mock.side_effect = gen_deps
+        gen_dependencies_mock.side_effect = gen_dependencies
         gen_dispatch_mock.side_effect = gen_dispatch
         data = '''
 void func()
@@ -598,8 +668,8 @@ exit:
 }
 /* END_CASE */
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        name, arg, code, dispatch_code = parse_function_code(s, [], [])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        _, _, code, _ = parse_function_code(stream, [], [])
 
         expected = '''#line 2 "test_suite_ut.function"
 void test_func()
@@ -625,7 +695,8 @@ class ParseFunction(TestCase):
         Test that begin header is checked and parse_until_pattern() is called.
         :return:
         """
-        def stop(this):
+        def stop(*_unused):
+            """Stop when parse_until_pattern is called."""
             raise Exception
         parse_until_pattern_mock.side_effect = stop
         data = '''/* BEGIN_HEADER */
@@ -634,10 +705,10 @@ class ParseFunction(TestCase):
 #define ECP_PF_UNKNOWN     -1
 /* END_HEADER */
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(Exception, parse_functions, s)
-        parse_until_pattern_mock.assert_called_with(s, END_HEADER_REGEX)
-        self.assertEqual(s.line_no, 2)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, stream)
+        parse_until_pattern_mock.assert_called_with(stream, END_HEADER_REGEX)
+        self.assertEqual(stream.line_no, 2)
 
     @patch("generate_test_code.parse_until_pattern")
     def test_begin_helper(self, parse_until_pattern_mock):
@@ -645,89 +716,97 @@ class ParseFunction(TestCase):
         Test that begin helper is checked and parse_until_pattern() is called.
         :return:
         """
-        def stop(this):
+        def stop(*_unused):
+            """Stop when parse_until_pattern is called."""
             raise Exception
         parse_until_pattern_mock.side_effect = stop
         data = '''/* BEGIN_SUITE_HELPERS */
-void print_helloworld()
+void print_hello_world()
 {
-    printf ("Hello World!\n");
+    printf("Hello World!\n");
 }
 /* END_SUITE_HELPERS */
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(Exception, parse_functions, s)
-        parse_until_pattern_mock.assert_called_with(s, END_SUITE_HELPERS_REGEX)
-        self.assertEqual(s.line_no, 2)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, stream)
+        parse_until_pattern_mock.assert_called_with(stream,
+                                                    END_SUITE_HELPERS_REGEX)
+        self.assertEqual(stream.line_no, 2)
 
-    @patch("generate_test_code.parse_suite_deps")
-    def test_begin_dep(self, parse_suite_deps_mock):
+    @patch("generate_test_code.parse_suite_dependencies")
+    def test_begin_dep(self, parse_suite_dependencies_mock):
         """
-        Test that begin dep is checked and parse_suite_deps() is called.
+        Test that begin dep is checked and parse_suite_dependencies() is
+        called.
         :return:
         """
-        def stop(this):
+        def stop(*_unused):
+            """Stop when parse_until_pattern is called."""
             raise Exception
-        parse_suite_deps_mock.side_effect = stop
+        parse_suite_dependencies_mock.side_effect = stop
         data = '''/* BEGIN_DEPENDENCIES
  * depends_on:MBEDTLS_ECP_C
  * END_DEPENDENCIES
  */
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(Exception, parse_functions, s)
-        parse_suite_deps_mock.assert_called_with(s)
-        self.assertEqual(s.line_no, 2)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, stream)
+        parse_suite_dependencies_mock.assert_called_with(stream)
+        self.assertEqual(stream.line_no, 2)
 
-    @patch("generate_test_code.parse_function_deps")
-    def test_begin_function_dep(self, parse_function_deps_mock):
+    @patch("generate_test_code.parse_function_dependencies")
+    def test_begin_function_dep(self, func_mock):
         """
-        Test that begin dep is checked and parse_function_deps() is called.
+        Test that begin dep is checked and parse_function_dependencies() is
+        called.
         :return:
         """
-        def stop(this):
+        def stop(*_unused):
+            """Stop when parse_until_pattern is called."""
             raise Exception
-        parse_function_deps_mock.side_effect = stop
+        func_mock.side_effect = stop
 
-        deps_str = '/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
+        dependencies_str = '/* BEGIN_CASE ' \
+            'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
         data = '''%svoid test_func()
 {
 }
-''' % deps_str
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(Exception, parse_functions, s)
-        parse_function_deps_mock.assert_called_with(deps_str)
-        self.assertEqual(s.line_no, 2)
+''' % dependencies_str
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(Exception, parse_functions, stream)
+        func_mock.assert_called_with(dependencies_str)
+        self.assertEqual(stream.line_no, 2)
 
     @patch("generate_test_code.parse_function_code")
-    @patch("generate_test_code.parse_function_deps")
-    def test_return(self, parse_function_deps_mock, parse_function_code_mock):
+    @patch("generate_test_code.parse_function_dependencies")
+    def test_return(self, func_mock1, func_mock2):
         """
         Test that begin case is checked and parse_function_code() is called.
         :return:
         """
-        def stop(this):
-            raise Exception
-        parse_function_deps_mock.return_value = []
-        in_func_code= '''void test_func()
+        func_mock1.return_value = []
+        in_func_code = '''void test_func()
 {
 }
 '''
         func_dispatch = '''
     test_func_wrapper,
 '''
-        parse_function_code_mock.return_value = 'test_func', [], in_func_code, func_dispatch
-        deps_str = '/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
+        func_mock2.return_value = 'test_func', [],\
+            in_func_code, func_dispatch
+        dependencies_str = '/* BEGIN_CASE ' \
+            'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
         data = '''%svoid test_func()
 {
 }
-''' % deps_str
-        s = StringIOWrapper('test_suite_ut.function', data)
-        suite_deps, dispatch_code, func_code, func_info = parse_functions(s)
-        parse_function_deps_mock.assert_called_with(deps_str)
-        parse_function_code_mock.assert_called_with(s, [], [])
-        self.assertEqual(s.line_no, 5)
-        self.assertEqual(suite_deps, [])
+''' % dependencies_str
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        suite_dependencies, dispatch_code, func_code, func_info = \
+            parse_functions(stream)
+        func_mock1.assert_called_with(dependencies_str)
+        func_mock2.assert_called_with(stream, [], [])
+        self.assertEqual(stream.line_no, 5)
+        self.assertEqual(suite_dependencies, [])
         expected_dispatch_code = '''/* Function Id: 0 */
 
     test_func_wrapper,
@@ -764,10 +843,11 @@ void func2()
 }
 /* END_CASE */
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        suite_deps, dispatch_code, func_code, func_info = parse_functions(s)
-        self.assertEqual(s.line_no, 23)
-        self.assertEqual(suite_deps, ['MBEDTLS_ECP_C'])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        suite_dependencies, dispatch_code, func_code, func_info = \
+            parse_functions(stream)
+        self.assertEqual(stream.line_no, 23)
+        self.assertEqual(suite_dependencies, ['MBEDTLS_ECP_C'])
 
         expected_dispatch_code = '''/* Function Id: 0 */
 
@@ -827,7 +907,8 @@ void test_func2_wrapper( void ** params )
 #endif /* MBEDTLS_ECP_C */
 '''
         self.assertEqual(func_code, expected_func_code)
-        self.assertEqual(func_info, {'test_func1': (0, []), 'test_func2': (1, [])})
+        self.assertEqual(func_info, {'test_func1': (0, []),
+                                     'test_func2': (1, [])})
 
     def test_same_function_name(self):
         """
@@ -857,15 +938,16 @@ void func()
 }
 /* END_CASE */
 '''
-        s = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(GeneratorInputError, parse_functions, s)
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaises(GeneratorInputError, parse_functions, stream)
 
 
-class ExcapedSplit(TestCase):
+class EscapedSplit(TestCase):
     """
     Test suite for testing escaped_split().
-    Note: Since escaped_split() output is used to write back to the intermediate data file. Any escape characters
-     in the input are retained in the output.
+    Note: Since escaped_split() output is used to write back to the
+    intermediate data file. Any escape characters in the input are
+    retained in the output.
     """
 
     def test_invalid_input(self):
@@ -877,7 +959,7 @@ class ExcapedSplit(TestCase):
 
     def test_empty_string(self):
         """
-        Test empty strig input.
+        Test empty string input.
         :return:
         """
         splits = escaped_split('', ':')
@@ -885,39 +967,42 @@ class ExcapedSplit(TestCase):
 
     def test_no_escape(self):
         """
-        Test with no escape character. The behaviour should be same as str.split()
+        Test with no escape character. The behaviour should be same as
+        str.split()
         :return:
         """
-        s = 'yahoo:google'
-        splits = escaped_split(s, ':')
-        self.assertEqual(splits, s.split(':'))
+        test_str = 'yahoo:google'
+        splits = escaped_split(test_str, ':')
+        self.assertEqual(splits, test_str.split(':'))
 
     def test_escaped_input(self):
         """
-        Test imput that has escaped delimiter.
+        Test input that has escaped delimiter.
         :return:
         """
-        s = 'yahoo\:google:facebook'
-        splits = escaped_split(s, ':')
-        self.assertEqual(splits, ['yahoo\:google', 'facebook'])
+        test_str = r'yahoo\:google:facebook'
+        splits = escaped_split(test_str, ':')
+        self.assertEqual(splits, [r'yahoo\:google', 'facebook'])
 
     def test_escaped_escape(self):
         """
-        Test imput that has escaped delimiter.
+        Test input that has escaped delimiter.
         :return:
         """
-        s = 'yahoo\\\:google:facebook'
-        splits = escaped_split(s, ':')
-        self.assertEqual(splits, ['yahoo\\\\', 'google', 'facebook'])
+        test_str = r'yahoo\\\:google:facebook'
+        splits = escaped_split(test_str, ':')
+        self.assertEqual(splits, [r'yahoo\\\\', 'google', 'facebook'])
 
     def test_all_at_once(self):
         """
-        Test imput that has escaped delimiter.
+        Test input that has escaped delimiter.
         :return:
         """
-        s = 'yahoo\\\:google:facebook\:instagram\\\:bbc\\\\:wikipedia'
-        splits = escaped_split(s, ':')
-        self.assertEqual(splits, ['yahoo\\\\', 'google', 'facebook\:instagram\\\\', 'bbc\\\\', 'wikipedia'])
+        test_str = r'yahoo\\\:google:facebook\:instagram\\\:bbc\\\\:wikipedia'
+        splits = escaped_split(test_str, ':')
+        self.assertEqual(splits, [r'yahoo\\\\', r'google',
+                                  r'facebook\:instagram\\\\',
+                                  r'bbc\\\\', r'wikipedia'])
 
 
 class ParseTestData(TestCase):
@@ -943,28 +1028,34 @@ dhm_do_dhm:10:"9345098382739712938719287391879381271":10:"9345098792137312973297
 Diffie-Hellman selftest
 dhm_selftest:
 """
-        s = StringIOWrapper('test_suite_ut.function', data)
-        tests = [(name, function, deps, args) for name, function, deps, args in parse_test_data(s)]
-        t1, t2, t3, t4 = tests
-        self.assertEqual(t1[0], 'Diffie-Hellman full exchange #1')
-        self.assertEqual(t1[1], 'dhm_do_dhm')
-        self.assertEqual(t1[2], [])
-        self.assertEqual(t1[3], ['10', '"23"', '10', '"5"'])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        tests = [(name, test_function, dependencies, args)
+                 for name, test_function, dependencies, args in
+                 parse_test_data(stream)]
+        test1, test2, test3, test4 = tests
+        self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
+        self.assertEqual(test1[1], 'dhm_do_dhm')
+        self.assertEqual(test1[2], [])
+        self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
 
-        self.assertEqual(t2[0], 'Diffie-Hellman full exchange #2')
-        self.assertEqual(t2[1], 'dhm_do_dhm')
-        self.assertEqual(t2[2], [])
-        self.assertEqual(t2[3], ['10', '"93450983094850938450983409623"', '10', '"9345098304850938450983409622"'])
+        self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
+        self.assertEqual(test2[1], 'dhm_do_dhm')
+        self.assertEqual(test2[2], [])
+        self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+                                    '10', '"9345098304850938450983409622"'])
 
-        self.assertEqual(t3[0], 'Diffie-Hellman full exchange #3')
-        self.assertEqual(t3[1], 'dhm_do_dhm')
-        self.assertEqual(t3[2], [])
-        self.assertEqual(t3[3], ['10', '"9345098382739712938719287391879381271"', '10', '"9345098792137312973297123912791271"'])
+        self.assertEqual(test3[0], 'Diffie-Hellman full exchange #3')
+        self.assertEqual(test3[1], 'dhm_do_dhm')
+        self.assertEqual(test3[2], [])
+        self.assertEqual(test3[3], ['10',
+                                    '"9345098382739712938719287391879381271"',
+                                    '10',
+                                    '"9345098792137312973297123912791271"'])
 
-        self.assertEqual(t4[0], 'Diffie-Hellman selftest')
-        self.assertEqual(t4[1], 'dhm_selftest')
-        self.assertEqual(t4[2], [])
-        self.assertEqual(t4[3], [])
+        self.assertEqual(test4[0], 'Diffie-Hellman selftest')
+        self.assertEqual(test4[1], 'dhm_selftest')
+        self.assertEqual(test4[2], [])
+        self.assertEqual(test4[3], [])
 
     def test_with_dependencies(self):
         """
@@ -980,22 +1071,26 @@ Diffie-Hellman full exchange #2
 dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
 
 """
-        s = StringIOWrapper('test_suite_ut.function', data)
-        tests = [(name, function, deps, args) for name, function, deps, args in parse_test_data(s)]
-        t1, t2 = tests
-        self.assertEqual(t1[0], 'Diffie-Hellman full exchange #1')
-        self.assertEqual(t1[1], 'dhm_do_dhm')
-        self.assertEqual(t1[2], ['YAHOO'])
-        self.assertEqual(t1[3], ['10', '"23"', '10', '"5"'])
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        tests = [(name, function_name, dependencies, args)
+                 for name, function_name, dependencies, args in
+                 parse_test_data(stream)]
+        test1, test2 = tests
+        self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
+        self.assertEqual(test1[1], 'dhm_do_dhm')
+        self.assertEqual(test1[2], ['YAHOO'])
+        self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
 
-        self.assertEqual(t2[0], 'Diffie-Hellman full exchange #2')
-        self.assertEqual(t2[1], 'dhm_do_dhm')
-        self.assertEqual(t2[2], [])
-        self.assertEqual(t2[3], ['10', '"93450983094850938450983409623"', '10', '"9345098304850938450983409622"'])
+        self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
+        self.assertEqual(test2[1], 'dhm_do_dhm')
+        self.assertEqual(test2[2], [])
+        self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+                                    '10', '"9345098304850938450983409622"'])
 
     def test_no_args(self):
         """
-        Test GeneratorInputError is raised when test function name and args line is missing.
+        Test GeneratorInputError is raised when test function name and
+        args line is missing.
         :return:
         """
         data = """
@@ -1007,37 +1102,39 @@ Diffie-Hellman full exchange #2
 dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
 
 """
-        s = StringIOWrapper('test_suite_ut.function', data)
-        e = None
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        err = None
         try:
-            for x, y, z, a in parse_test_data(s):
+            for _, _, _, _ in parse_test_data(stream):
                 pass
-        except GeneratorInputError as e:
+        except GeneratorInputError as err:
             pass
-        self.assertEqual(type(e), GeneratorInputError)
+        self.assertEqual(type(err), GeneratorInputError)
 
     def test_incomplete_data(self):
         """
-        Test GeneratorInputError is raised when test function name and args line is missing.
+        Test GeneratorInputError is raised when test function name
+        and args line is missing.
         :return:
         """
         data = """
 Diffie-Hellman full exchange #1
 depends_on:YAHOO
 """
-        s = StringIOWrapper('test_suite_ut.function', data)
-        e = None
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        err = None
         try:
-            for x, y, z, a in parse_test_data(s):
+            for _, _, _, _ in parse_test_data(stream):
                 pass
-        except GeneratorInputError as e:
+        except GeneratorInputError as err:
             pass
-        self.assertEqual(type(e), GeneratorInputError)
+        self.assertEqual(type(err), GeneratorInputError)
 
 
 class GenDepCheck(TestCase):
     """
-    Test suite for gen_dep_check(). It is assumed this function is called with valid inputs.
+    Test suite for gen_dep_check(). It is assumed this function is
+    called with valid inputs.
     """
 
     def test_gen_dep_check(self):
@@ -1058,7 +1155,7 @@ class GenDepCheck(TestCase):
         out = gen_dep_check(5, 'YAHOO')
         self.assertEqual(out, expected)
 
-    def test_noT(self):
+    def test_not_defined_dependency(self):
         """
         Test dependency with !.
         :return:
@@ -1093,7 +1190,8 @@ class GenDepCheck(TestCase):
 
 class GenExpCheck(TestCase):
     """
-    Test suite for gen_expression_check(). It is assumed this function is called with valid inputs.
+    Test suite for gen_expression_check(). It is assumed this function
+    is called with valid inputs.
     """
 
     def test_gen_exp_check(self):
@@ -1122,34 +1220,36 @@ class GenExpCheck(TestCase):
         Test invalid expression id.
         :return:
         """
-        self.assertRaises(GeneratorInputError, gen_expression_check, -1, 'YAHOO')
+        self.assertRaises(GeneratorInputError, gen_expression_check,
+                          -1, 'YAHOO')
 
 
-class WriteDeps(TestCase):
+class WriteDependencies(TestCase):
     """
-    Test suite for testing write_deps.
+    Test suite for testing write_dependencies.
     """
 
-    def test_no_test_deps(self):
+    def test_no_test_dependencies(self):
         """
-        Test when test_deps is empty.
+        Test when test dependencies input is empty.
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
-        unique_deps = []
-        dep_check_code = write_deps(s, [], unique_deps)
+        stream = StringIOWrapper('test_suite_ut.data', '')
+        unique_dependencies = []
+        dep_check_code = write_dependencies(stream, [], unique_dependencies)
         self.assertEqual(dep_check_code, '')
-        self.assertEqual(len(unique_deps), 0)
-        self.assertEqual(s.getvalue(), '')
+        self.assertEqual(len(unique_dependencies), 0)
+        self.assertEqual(stream.getvalue(), '')
 
     def test_unique_dep_ids(self):
         """
 
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
-        unique_deps = []
-        dep_check_code = write_deps(s, ['DEP3', 'DEP2', 'DEP1'], unique_deps)
+        stream = StringIOWrapper('test_suite_ut.data', '')
+        unique_dependencies = []
+        dep_check_code = write_dependencies(stream, ['DEP3', 'DEP2', 'DEP1'],
+                                            unique_dependencies)
         expect_dep_check_code = '''
         case 0:
             {
@@ -1179,20 +1279,23 @@ class WriteDeps(TestCase):
             }
             break;'''
         self.assertEqual(dep_check_code, expect_dep_check_code)
-        self.assertEqual(len(unique_deps), 3)
-        self.assertEqual(s.getvalue(), 'depends_on:0:1:2\n')
+        self.assertEqual(len(unique_dependencies), 3)
+        self.assertEqual(stream.getvalue(), 'depends_on:0:1:2\n')
 
     def test_dep_id_repeat(self):
         """
 
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
-        unique_deps = []
+        stream = StringIOWrapper('test_suite_ut.data', '')
+        unique_dependencies = []
         dep_check_code = ''
-        dep_check_code += write_deps(s, ['DEP3', 'DEP2'], unique_deps)
-        dep_check_code += write_deps(s, ['DEP2', 'DEP1'], unique_deps)
-        dep_check_code += write_deps(s, ['DEP1', 'DEP3'], unique_deps)
+        dep_check_code += write_dependencies(stream, ['DEP3', 'DEP2'],
+                                             unique_dependencies)
+        dep_check_code += write_dependencies(stream, ['DEP2', 'DEP1'],
+                                             unique_dependencies)
+        dep_check_code += write_dependencies(stream, ['DEP1', 'DEP3'],
+                                             unique_dependencies)
         expect_dep_check_code = '''
         case 0:
             {
@@ -1222,8 +1325,9 @@ class WriteDeps(TestCase):
             }
             break;'''
         self.assertEqual(dep_check_code, expect_dep_check_code)
-        self.assertEqual(len(unique_deps), 3)
-        self.assertEqual(s.getvalue(), 'depends_on:0:1\ndepends_on:1:2\ndepends_on:2:0\n')
+        self.assertEqual(len(unique_dependencies), 3)
+        self.assertEqual(stream.getvalue(),
+                         'depends_on:0:1\ndepends_on:1:2\ndepends_on:2:0\n')
 
 
 class WriteParams(TestCase):
@@ -1236,48 +1340,57 @@ class WriteParams(TestCase):
         Test with empty test_args
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
+        stream = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
-        expression_code = write_parameters(s, [], [], unique_expressions)
+        expression_code = write_parameters(stream, [], [], unique_expressions)
         self.assertEqual(len(unique_expressions), 0)
         self.assertEqual(expression_code, '')
-        self.assertEqual(s.getvalue(), '\n')
+        self.assertEqual(stream.getvalue(), '\n')
 
     def test_no_exp_param(self):
         """
         Test when there is no macro or expression in the params.
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
+        stream = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
-        expression_code = write_parameters(s, ['"Yahoo"', '"abcdef00"', '0'], ['char*', 'hex', 'int'],
+        expression_code = write_parameters(stream, ['"Yahoo"', '"abcdef00"',
+                                                    '0'],
+                                           ['char*', 'hex', 'int'],
                                            unique_expressions)
         self.assertEqual(len(unique_expressions), 0)
         self.assertEqual(expression_code, '')
-        self.assertEqual(s.getvalue(), ':char*:"Yahoo":hex:"abcdef00":int:0\n')
+        self.assertEqual(stream.getvalue(),
+                         ':char*:"Yahoo":hex:"abcdef00":int:0\n')
 
     def test_hex_format_int_param(self):
         """
         Test int parameter in hex format.
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
+        stream = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
-        expression_code = write_parameters(s, ['"Yahoo"', '"abcdef00"', '0xAA'], ['char*', 'hex', 'int'],
+        expression_code = write_parameters(stream,
+                                           ['"Yahoo"', '"abcdef00"', '0xAA'],
+                                           ['char*', 'hex', 'int'],
                                            unique_expressions)
         self.assertEqual(len(unique_expressions), 0)
         self.assertEqual(expression_code, '')
-        self.assertEqual(s.getvalue(), ':char*:"Yahoo":hex:"abcdef00":int:0xAA\n')
+        self.assertEqual(stream.getvalue(),
+                         ':char*:"Yahoo":hex:"abcdef00":int:0xAA\n')
 
     def test_with_exp_param(self):
         """
         Test when there is macro or expression in the params.
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
+        stream = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
-        expression_code = write_parameters(s, ['"Yahoo"', '"abcdef00"', '0', 'MACRO1', 'MACRO2', 'MACRO3'],
-                                           ['char*', 'hex', 'int', 'int', 'int', 'int'],
+        expression_code = write_parameters(stream,
+                                           ['"Yahoo"', '"abcdef00"', '0',
+                                            'MACRO1', 'MACRO2', 'MACRO3'],
+                                           ['char*', 'hex', 'int',
+                                            'int', 'int', 'int'],
                                            unique_expressions)
         self.assertEqual(len(unique_expressions), 3)
         self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
@@ -1298,21 +1411,29 @@ class WriteParams(TestCase):
             }
             break;'''
         self.assertEqual(expression_code, expected_expression_code)
-        self.assertEqual(s.getvalue(), ':char*:"Yahoo":hex:"abcdef00":int:0:exp:0:exp:1:exp:2\n')
+        self.assertEqual(stream.getvalue(),
+                         ':char*:"Yahoo":hex:"abcdef00":int:0:exp:0:exp:1'
+                         ':exp:2\n')
 
-    def test_with_repeate_calls(self):
+    def test_with_repeat_calls(self):
         """
         Test when write_parameter() is called with same macro or expression.
         :return:
         """
-        s = StringIOWrapper('test_suite_ut.data', '')
+        stream = StringIOWrapper('test_suite_ut.data', '')
         unique_expressions = []
         expression_code = ''
-        expression_code += write_parameters(s, ['"Yahoo"', 'MACRO1', 'MACRO2'], ['char*', 'int', 'int'],
+        expression_code += write_parameters(stream,
+                                            ['"Yahoo"', 'MACRO1', 'MACRO2'],
+                                            ['char*', 'int', 'int'],
                                             unique_expressions)
-        expression_code += write_parameters(s, ['"abcdef00"', 'MACRO2', 'MACRO3'], ['hex', 'int', 'int'],
+        expression_code += write_parameters(stream,
+                                            ['"abcdef00"', 'MACRO2', 'MACRO3'],
+                                            ['hex', 'int', 'int'],
                                             unique_expressions)
-        expression_code += write_parameters(s, ['0', 'MACRO3', 'MACRO1'], ['int', 'int', 'int'],
+        expression_code += write_parameters(stream,
+                                            ['0', 'MACRO3', 'MACRO1'],
+                                            ['int', 'int', 'int'],
                                             unique_expressions)
         self.assertEqual(len(unique_expressions), 3)
         self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
@@ -1337,31 +1458,34 @@ class WriteParams(TestCase):
 :hex:"abcdef00":exp:1:exp:2
 :int:0:exp:2:exp:0
 '''
-        self.assertEqual(s.getvalue(), expected_data_file)
+        self.assertEqual(stream.getvalue(), expected_data_file)
 
 
-class GenTestSuiteDepsChecks(TestCase):
+class GenTestSuiteDependenciesChecks(TestCase):
     """
-
+    Test suite for testing gen_suite_dep_checks()
     """
-    def test_empty_suite_deps(self):
+    def test_empty_suite_dependencies(self):
         """
-        Test with empty suite_deps list.
+        Test with empty suite_dependencies list.
 
         :return:
         """
-        dep_check_code, expression_code = gen_suite_deps_checks([], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
+        dep_check_code, expression_code = \
+            gen_suite_dep_checks([], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
         self.assertEqual(dep_check_code, 'DEP_CHECK_CODE')
         self.assertEqual(expression_code, 'EXPRESSION_CODE')
 
-    def test_suite_deps(self):
+    def test_suite_dependencies(self):
         """
-        Test with suite_deps list.
+        Test with suite_dependencies list.
 
         :return:
         """
-        dep_check_code, expression_code = gen_suite_deps_checks(['SUITE_DEP'], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
-        exprectd_dep_check_code = '''
+        dep_check_code, expression_code = \
+            gen_suite_dep_checks(['SUITE_DEP'], 'DEP_CHECK_CODE',
+                                 'EXPRESSION_CODE')
+        expected_dep_check_code = '''
 #if defined(SUITE_DEP)
 DEP_CHECK_CODE
 #endif
@@ -1371,7 +1495,7 @@ DEP_CHECK_CODE
 EXPRESSION_CODE
 #endif
 '''
-        self.assertEqual(dep_check_code, exprectd_dep_check_code)
+        self.assertEqual(dep_check_code, expected_dep_check_code)
         self.assertEqual(expression_code, expected_expression_code)
 
     def test_no_dep_no_exp(self):
@@ -1379,7 +1503,7 @@ EXPRESSION_CODE
         Test when there are no dependency and expression code.
         :return:
         """
-        dep_check_code, expression_code = gen_suite_deps_checks([], '', '')
+        dep_check_code, expression_code = gen_suite_dep_checks([], '', '')
         self.assertEqual(dep_check_code, '')
         self.assertEqual(expression_code, '')
 
@@ -1389,10 +1513,13 @@ class GenFromTestData(TestCase):
     Test suite for gen_from_test_data()
     """
 
-    @patch("generate_test_code.write_deps")
+    @staticmethod
+    @patch("generate_test_code.write_dependencies")
     @patch("generate_test_code.write_parameters")
-    @patch("generate_test_code.gen_suite_deps_checks")
-    def test_intermediate_data_file(self, gen_suite_deps_checks_mock, write_parameters_mock, write_deps_mock):
+    @patch("generate_test_code.gen_suite_dependencies_checks")
+    def test_intermediate_data_file(func_mock1,
+                                    write_parameters_mock,
+                                    write_dependencies_mock):
         """
         Test that intermediate data file is written with expected data.
         :return:
@@ -1405,13 +1532,15 @@ func1:0
         data_f = StringIOWrapper('test_suite_ut.data', data)
         out_data_f = StringIOWrapper('test_suite_ut.datax', '')
         func_info = {'test_func1': (1, ('int',))}
-        suite_deps = []
+        suite_dependencies = []
         write_parameters_mock.side_effect = write_parameters
-        write_deps_mock.side_effect = write_deps
-        gen_suite_deps_checks_mock.side_effect = gen_suite_deps_checks
-        gen_from_test_data(data_f, out_data_f, func_info, suite_deps)
-        write_deps_mock.assert_called_with(out_data_f, ['DEP1'], ['DEP1'])
-        write_parameters_mock.assert_called_with(out_data_f, ['0'], ('int',), [])
+        write_dependencies_mock.side_effect = write_dependencies
+        func_mock1.side_effect = gen_suite_dep_checks
+        gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies)
+        write_dependencies_mock.assert_called_with(out_data_f,
+                                                   ['DEP1'], ['DEP1'])
+        write_parameters_mock.assert_called_with(out_data_f, ['0'],
+                                                 ('int',), [])
         expected_dep_check_code = '''
         case 0:
             {
@@ -1422,7 +1551,8 @@ func1:0
 #endif
             }
             break;'''
-        gen_suite_deps_checks_mock.assert_called_with(suite_deps, expected_dep_check_code, '')
+        func_mock1.assert_called_with(
+            suite_dependencies, expected_dep_check_code, '')
 
     def test_function_not_found(self):
         """
@@ -1437,12 +1567,14 @@ func1:0
         data_f = StringIOWrapper('test_suite_ut.data', data)
         out_data_f = StringIOWrapper('test_suite_ut.datax', '')
         func_info = {'test_func2': (1, ('int',))}
-        suite_deps = []
-        self.assertRaises(GeneratorInputError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
+        suite_dependencies = []
+        self.assertRaises(GeneratorInputError, gen_from_test_data,
+                          data_f, out_data_f, func_info, suite_dependencies)
 
     def test_different_func_args(self):
         """
-        Test that AssertError is raised when no. of parameters and function args differ.
+        Test that AssertError is raised when no. of parameters and
+        function args differ.
         :return:
         """
         data = '''
@@ -1452,9 +1584,10 @@ func1:0
 '''
         data_f = StringIOWrapper('test_suite_ut.data', data)
         out_data_f = StringIOWrapper('test_suite_ut.datax', '')
-        func_info = {'test_func2': (1, ('int','hex'))}
-        suite_deps = []
-        self.assertRaises(GeneratorInputError, gen_from_test_data, data_f, out_data_f, func_info, suite_deps)
+        func_info = {'test_func2': (1, ('int', 'hex'))}
+        suite_dependencies = []
+        self.assertRaises(GeneratorInputError, gen_from_test_data, data_f,
+                          out_data_f, func_info, suite_dependencies)
 
     def test_output(self):
         """
@@ -1472,9 +1605,12 @@ func2:"yahoo":88:MACRO1
 '''
         data_f = StringIOWrapper('test_suite_ut.data', data)
         out_data_f = StringIOWrapper('test_suite_ut.datax', '')
-        func_info = {'test_func1': (0, ('int', 'int', 'int', 'int')), 'test_func2': (1, ('char*', 'int', 'int'))}
-        suite_deps = []
-        dep_check_code, expression_code = gen_from_test_data(data_f, out_data_f, func_info, suite_deps)
+        func_info = {'test_func1': (0, ('int', 'int', 'int', 'int')),
+                     'test_func2': (1, ('char*', 'int', 'int'))}
+        suite_dependencies = []
+        dep_check_code, expression_code = \
+            gen_from_test_data(data_f, out_data_f, func_info,
+                               suite_dependencies)
         expected_dep_check_code = '''
         case 0:
             {
@@ -1494,7 +1630,7 @@ func2:"yahoo":88:MACRO1
 #endif
             }
             break;'''
-        expecrted_data = '''My test 1
+        expected_data = '''My test 1
 depends_on:0
 0:int:0:int:0xfa:exp:0:exp:1
 
@@ -1515,9 +1651,9 @@ depends_on:0:1
             }
             break;'''
         self.assertEqual(dep_check_code, expected_dep_check_code)
-        self.assertEqual(out_data_f.getvalue(), expecrted_data)
+        self.assertEqual(out_data_f.getvalue(), expected_data)
         self.assertEqual(expression_code, expected_expression_code)
 
 
-if __name__=='__main__':
+if __name__ == '__main__':
     unittest_main()

From 8d686bfdb1df2b614e73e6af035e068ca7537c9e Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Wed, 4 Jul 2018 23:29:46 +0100
Subject: [PATCH 328/578] Incorporated code revoew comments.

---
 tests/scripts/generate_test_code.py | 131 ++++++++++++++++++++--------
 tests/scripts/mbedtls_test.py       |  21 ++---
 tests/suites/host_test.function     |  10 +--
 3 files changed, 112 insertions(+), 50 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index a28a73669..036ed1c02 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # Test suites code generator.
 #
-# Copyright (C) 2018, ARM Limited, All Rights Reserved
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
 # SPDX-License-Identifier: Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -180,9 +180,19 @@ END_SUITE_HELPERS_REGEX = r'/\*\s*END_SUITE_HELPERS\s*\*/'
 BEGIN_DEP_REGEX = r'BEGIN_DEPENDENCIES'
 END_DEP_REGEX = r'END_DEPENDENCIES'
 
-BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(.*?)\s*\*/'
+BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P<depends_on>.*?)\s*\*/'
 END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
 
+DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)'
+C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*'
+TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(\w+)\s*\('
+INT_CHECK_REGEX = r'int\s+.*'
+CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
+DATA_T_CHECK_REGEX = r'data_t\s*\*\s*.*'
+FUNCTION_ARG_LIST_START_REGEX = r'.*?\s+(\w+)\s*\('
+FUNCTION_ARG_LIST_END_REGEX = r'.*\)'
+EXIT_LABEL_REGEX = r'^exit:'
+
 
 class GeneratorInputError(Exception):
     """
@@ -228,7 +238,7 @@ class FileWrapper(io.FileIO, object):
             self._line_no += 1
             # Convert byte array to string with correct encoding and
             # strip any whitespaces added in the decoding process.
-            return line.decode(sys.getdefaultencoding()).strip() + "\n"
+            return line.decode(sys.getdefaultencoding()).rstrip() + '\n'
         return None
 
     # Python 3 iterator method
@@ -351,7 +361,7 @@ def parse_until_pattern(funcs_f, end_regex):
     Matches pattern end_regex to the lines read from the file object.
     Returns the lines read until end pattern is matched.
 
-    :param funcs_f: file object for .functions file
+    :param funcs_f: file object for .function file
     :param end_regex: Pattern to stop parsing
     :return: Lines read before the end pattern
     """
@@ -367,6 +377,31 @@ def parse_until_pattern(funcs_f, end_regex):
     return headers
 
 
+def validate_dependency(dependency):
+    """
+    Validates a C macro and raises GeneratorInputError on invalid input.
+    :param dependency: Input macro dependency
+    :return: input dependency stripped of leading & trailing white spaces.
+    """
+    dependency = dependency.strip()
+    if not re.match(C_IDENTIFIER_REGEX, dependency, re.I):
+        raise GeneratorInputError('Invalid dependency %s' % dependency)
+    return dependency
+
+
+def parse_dependencies(inp_str):
+    """
+    Parses dependencies out of inp_str, validates them and returns a
+    list of macros.
+
+    :param inp_str: Input string with macros delimited by ':'.
+    :return: list of dependencies
+    """
+    dependencies = [dep for dep in map(validate_dependency,
+                                       inp_str.split(':'))]
+    return dependencies
+
+
 def parse_suite_dependencies(funcs_f):
     """
     Parses test suite dependencies specified at the top of a
@@ -374,14 +409,18 @@ def parse_suite_dependencies(funcs_f):
     and end with END_DEPENDENCIES. Dependencies are specified
     after pattern 'depends_on:' and are delimited by ':'.
 
-    :param funcs_f: file object for .functions file
+    :param funcs_f: file object for .function file
     :return: List of test suite dependencies.
     """
     dependencies = []
     for line in funcs_f:
-        match = re.search('depends_on:(.*)', line.strip())
+        match = re.search(DEPENDENCY_REGEX, line.strip())
         if match:
-            dependencies += [x.strip() for x in match.group(1).split(':')]
+            try:
+                dependencies = parse_dependencies(match.group('dependencies'))
+            except GeneratorInputError as error:
+                raise GeneratorInputError(
+                    str(error) + " - %s:%d" % (funcs_f.name, funcs_f.line_no))
         if re.search(END_DEP_REGEX, line):
             break
     else:
@@ -398,19 +437,18 @@ def parse_function_dependencies(line):
     comment BEGIN_CASE. Dependencies are specified after pattern
     'depends_on:' and are delimited by ':'.
 
-    :param line: Line from .functions file that has dependencies.
+    :param line: Line from .function file that has dependencies.
     :return: List of dependencies.
     """
     dependencies = []
     match = re.search(BEGIN_CASE_REGEX, line)
-    dep_str = match.group(1)
+    dep_str = match.group('depends_on')
     if dep_str:
-        match = re.search('depends_on:(.*)', dep_str)
+        match = re.search(DEPENDENCY_REGEX, dep_str)
         if match:
-            dependencies = [x.strip()
-                            for x in match.group(1).strip().split(':')]
-    return dependencies
+            dependencies += parse_dependencies(match.group('dependencies'))
 
+    return dependencies
 
 def parse_function_signature(line):
     """
@@ -418,7 +456,7 @@ def parse_function_signature(line):
     a dispatch wrapper function that translates input test vectors
     read from the data file into test function arguments.
 
-    :param line: Line from .functions file that has a function
+    :param line: Line from .function file that has a function
                  signature.
     :return: function name, argument list, local variables for
              wrapper function and argument dispatch code.
@@ -427,23 +465,27 @@ def parse_function_signature(line):
     local_vars = ''
     args_dispatch = []
     # Check if the test function returns void.
-    match = re.search(r'\s*void\s+(\w+)\s*\(', line, re.I)
+    match = re.search(TEST_FUNCTION_VALIDATION_REGEX, line, re.I)
     if not match:
         raise ValueError("Test function should return 'void'\n%s" % line)
     name = match.group(1)
     line = line[len(match.group(0)):]
     arg_idx = 0
+    # Process arguments, ex: <type> arg1, <type> arg2 )
+    # This script assumes that the argument list is terminated by ')'
+    # i.e. the test functions will not have a function pointer
+    # argument.
     for arg in line[:line.find(')')].split(','):
         arg = arg.strip()
         if arg == '':
             continue
-        if re.search(r'int\s+.*', arg.strip()):
+        if re.search(INT_CHECK_REGEX, arg.strip()):
             args.append('int')
             args_dispatch.append('*( (int *) params[%d] )' % arg_idx)
-        elif re.search(r'char\s*\*\s*.*', arg.strip()):
+        elif re.search(CHAR_CHECK_REGEX, arg.strip()):
             args.append('char*')
             args_dispatch.append('(char *) params[%d]' % arg_idx)
-        elif re.search(r'data_t\s*\*\s*.*', arg.strip()):
+        elif re.search(DATA_T_CHECK_REGEX, arg.strip()):
             args.append('hex')
             # create a structure
             pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
@@ -472,21 +514,25 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies):
     :return: Function name, arguments, function code and dispatch code.
     """
     code = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
+    has_exit_label = False
     for line in funcs_f:
-        # Check function signature
-        match = re.match(r'.*?\s+(\w+)\s*\(', line, re.I)
+        # Check function signature. This script expects function name
+        # and return type to be specified at the same line.
+        match = re.match(FUNCTION_ARG_LIST_START_REGEX, line, re.I)
         if match:
             # check if we have full signature i.e. split in more lines
-            if not re.match(r'.*\)', line):
+            if not re.match(FUNCTION_ARG_LIST_END_REGEX, line):
                 for lin in funcs_f:
                     line += lin
-                    if re.search(r'.*?\)', line):
+                    if re.search(FUNCTION_ARG_LIST_END_REGEX, line):
                         break
             name, args, local_vars, args_dispatch = parse_function_signature(
                 line)
-            code += line.replace(name, 'test_' + name)
+            code += line.replace(name, 'test_' + name, 1)
             name = 'test_' + name
             break
+        else:
+            code += line
     else:
         raise GeneratorInputError("file: %s - Test functions not found!" %
                                   funcs_f.name)
@@ -494,6 +540,9 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies):
     for line in funcs_f:
         if re.search(END_CASE_REGEX, line):
             break
+        if not has_exit_label:
+            has_exit_label = \
+                re.search(EXIT_LABEL_REGEX, line.strip()) is not None
         code += line
     else:
         raise GeneratorInputError("file: %s - end case pattern [%s] not "
@@ -504,7 +553,7 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies):
         split_code = code.rsplit('}', 1)
         if len(split_code) == 2:
             code = """exit:
-    ;;
+    ;
 }""".join(split_code)
 
     code += gen_function_wrapper(name, local_vars, args_dispatch)
@@ -541,7 +590,12 @@ def parse_functions(funcs_f):
         elif re.search(BEGIN_DEP_REGEX, line):
             suite_dependencies += parse_suite_dependencies(funcs_f)
         elif re.search(BEGIN_CASE_REGEX, line):
-            dependencies = parse_function_dependencies(line)
+            try:
+                dependencies = parse_function_dependencies(line)
+            except GeneratorInputError as error:
+                raise GeneratorInputError(
+                    "%s:%d: %s" % (funcs_f.name, funcs_f.line_no,
+                                   str(error)))
             func_name, args, func_code, func_dispatch =\
                 parse_function_code(funcs_f, dependencies, suite_dependencies)
             suite_functions += func_code
@@ -568,7 +622,7 @@ def escaped_split(inp_str, split_char):
     output.
 
     :param inp_str: String to split
-    :param split_char: split character
+    :param split_char: Split character
     :return: List of splits
     """
     if len(split_char) > 1:
@@ -609,7 +663,8 @@ def parse_test_data(data_f):
     name = ''
     for line in data_f:
         line = line.strip()
-        if line and line[0] == '#':  # Skip comments
+        # Skip comments
+        if line.startswith('#'):
             continue
 
         # Blank line indicates end of test
@@ -627,10 +682,15 @@ def parse_test_data(data_f):
             state = __state_read_args
         elif state == __state_read_args:
             # Check dependencies
-            match = re.search('depends_on:(.*)', line)
+            match = re.search(DEPENDENCY_REGEX, line)
             if match:
-                dependencies = [x.strip() for x in match.group(1).split(':')
-                                if len(x.strip())]
+                try:
+                    dependencies = parse_dependencies(
+                        match.group('dependencies'))
+                except GeneratorInputError as error:
+                    raise GeneratorInputError(
+                        str(error) + " - %s:%d" %
+                        (data_f.name, data_f.line_no))
             else:
                 # Read test vectors
                 parts = escaped_split(line, ':')
@@ -742,7 +802,8 @@ def write_parameters(out_data_f, test_args, func_args, unique_expressions):
         val = test_args[i]
 
         # check if val is a non literal int val (i.e. an expression)
-        if typ == 'int' and not re.match(r'(\d+$)|((0x)?[0-9a-fA-F]+$)', val):
+        if typ == 'int' and not re.match(r'(\d+|0x[0-9a-f]+)$',
+                                         val, re.I):
             typ = 'exp'
             if val not in unique_expressions:
                 unique_expressions.append(val)
@@ -764,7 +825,7 @@ def gen_suite_dep_checks(suite_dependencies, dep_check_code, expression_code):
     Generates preprocessor checks for test suite dependencies.
 
     :param suite_dependencies: Test suite dependencies read from the
-            .functions file.
+            .function file.
     :param dep_check_code: Dependency check code
     :param expression_code: Expression check code
     :return: Dependency and expression code guarded by test suite
@@ -797,7 +858,7 @@ def gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies):
     evaluation code.
 
     :param data_f: Data file object
-    :param out_data_f:Output intermediate data file
+    :param out_data_f: Output intermediate data file
     :param func_info: Dict keyed by function and with function id
            and arguments info
     :param suite_dependencies: Test suite dependencies
@@ -983,7 +1044,7 @@ def generate_code(**input_info):
     write_test_source_file(template_file, c_file, snippets)
 
 
-def check_cmd():
+def main():
     """
     Command line parser.
 
@@ -1057,7 +1118,7 @@ def check_cmd():
 
 if __name__ == "__main__":
     try:
-        check_cmd()
+        main()
     except GeneratorInputError as err:
         print("%s: input error: %s" %
               (os.path.basename(sys.argv[0]), str(err)))
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 8fd72613e..a9730708a 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -1,6 +1,6 @@
 # Greentea host test script for Mbed TLS on-target test suite testing.
 #
-# Copyright (C) 2018, ARM Limited, All Rights Reserved
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
 # SPDX-License-Identifier: Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -19,19 +19,18 @@
 
 
 """
-Mbed TLS on-target test suite tests are implemented as mbed-os Greentea
+Mbed TLS on-target test suite tests are implemented as Greentea
 tests. Greentea tests are implemented in two parts: target test and
 host test. Target test is a C application that is built for the
 target platform and executes on the target. Host test is a Python
 class derived from mbed_host_tests.BaseHostTest. Target communicates
-with the host over serial for the test data.
+with the host over serial for the test data and sends back the result.
 
 Python tool mbedgt (Greentea) is responsible for flashing the test
-binary on to the target and dynamically loading the host test.
+binary on to the target and dynamically loading this host test module.
 
-This script contains the host test for handling target test's
-requests for test vectors. It also reports the test results
-in format understood by Greentea.
+Greentea documentation can be found here:
+https://github.com/ARMmbed/greentea
 """
 
 
@@ -148,7 +147,9 @@ class MbedTlsTest(BaseHostTest):
     identifier, dependency identifiers, expression identifiers and
     the test data in binary form. Target test checks dependencies
     , evaluate integer constant expressions and dispatches the test
-    function with received test parameters.
+    function with received test parameters. After test function is
+    finished, target sends the result. This class handles the result
+    event and prints verdict in the form that Greentea understands.
 
     """
     # status/error codes from suites/helpers.function
@@ -323,14 +324,14 @@ class MbedTlsTest(BaseHostTest):
         """
         Converts result from string type to integer
         :param value: Result code in string
-        :return: Integer result code
+        :return: Integer result code. Value is from the test status
+                 constants defined under the MbedTlsTest class.
         """
         try:
             return int(value)
         except ValueError:
             ValueError("Result should return error number. "
                        "Instead received %s" % value)
-        return 0
 
     @event_callback('GO')
     def on_go(self, _key, _value, _timestamp):
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 12431805f..f03f40c21 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -1,7 +1,7 @@
 #line 2 "suites/host_test.function"
 
 /**
- * \brief       Varifies that string is in string parameter format i.e. "<str>"
+ * \brief       Verifies that string is in string parameter format i.e. "<str>"
  *              It also strips enclosing '"' from the input string.
  *
  * \param str   String parameter.
@@ -18,14 +18,14 @@ int verify_string( char **str )
         return( -1 );
     }
 
-    (*str)++;
-    (*str)[strlen( *str ) - 1] = '\0';
+    ( *str )++;
+    ( *str )[strlen( *str ) - 1] = '\0';
 
     return( 0 );
 }
 
 /**
- * \brief       Varifies that string is an integer. Also gives the converted
+ * \brief       Verifies that string is an integer. Also gives the converted
  *              integer value.
  *
  * \param str   Input string.
@@ -243,7 +243,7 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store
     char ** out = params;
     int ret = ( DISPATCH_TEST_SUCCESS );
 
-    while ( cur - params < (int) cnt )
+    while ( cur < params + cnt )
     {
         char * type = *cur++;
         char * val = *cur++;

From 4084ec7ae5f4885f25319888eeed771d42cde720 Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 5 Jul 2018 14:20:08 +0100
Subject: [PATCH 329/578] Fixed unit tests in test_generate_test_code.py

---
 tests/scripts/generate_test_code.py      |  1 +
 tests/scripts/test_generate_test_code.py | 61 +++++++++++-------------
 2 files changed, 29 insertions(+), 33 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 036ed1c02..b744d7c07 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -450,6 +450,7 @@ def parse_function_dependencies(line):
 
     return dependencies
 
+
 def parse_function_signature(line):
     """
     Parses test function signature for validation and generates
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index f0a935d20..29d9e4f44 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # Unit test for generate_test_code.py
 #
-# Copyright (C) 2018, ARM Limited, All Rights Reserved
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
 # SPDX-License-Identifier: Apache-2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -23,7 +23,6 @@ Unit tests for generate_test_code.py
 """
 
 
-import sys
 from StringIO import StringIO
 from unittest import TestCase, main as unittest_main
 from mock import patch
@@ -288,7 +287,7 @@ class StringIOWrapper(StringIO, object):
     """
     file like class to mock file object in tests.
     """
-    def __init__(self, file_name, data, line_no=1):
+    def __init__(self, file_name, data, line_no=0):
         """
         Init file handle.
 
@@ -308,14 +307,8 @@ class StringIOWrapper(StringIO, object):
 
         :return: Line read from file.
         """
-        parent = super(StringIOWrapper, self)
-        line = parent.next()  # Python 2
-        if line:
-            self.line_no += 1
-            # Convert byte array to string with correct encoding and
-            # strip any whitespaces added in the decoding process.
-            return line.decode(sys.getdefaultencoding()).strip() + "\n"
-        return None
+        line = super(StringIOWrapper, self).next()
+        return line
 
     __next__ = next
 
@@ -327,7 +320,7 @@ class StringIOWrapper(StringIO, object):
         :return:
         """
         line = super(StringIOWrapper, self).readline()
-        if line:
+        if line is not None:
             self.line_no += 1
         return line
 
@@ -510,10 +503,10 @@ class ParseFuncSignature(TestCase):
         self.assertEqual(name, 'entropy_threshold')
         self.assertEqual(args, ['char*', 'hex', 'int'])
         self.assertEqual(local,
-                         '    data_t hex1 = {(uint8_t *) params[1], '
+                         '    data_t data1 = {(uint8_t *) params[1], '
                          '*( (uint32_t *) params[2] )};\n')
         self.assertEqual(arg_dispatch, ['(char *) params[0]',
-                                        '&hex1',
+                                        '&data1',
                                         '*( (int *) params[3] )'])
 
     def test_non_void_function(self):
@@ -629,13 +622,14 @@ void func()
         gen_function_wrapper_mock.assert_called_with('test_func', '', [])
         self.assertEqual(name, 'test_func')
         self.assertEqual(arg, [])
-        expected = '''#line 2 "test_suite_ut.function"
+        expected = '''#line 1 "test_suite_ut.function"
+
 void test_func()
 {
     ba ba black sheep
     have you any wool
 exit:
-    ;;
+    ;
 }
 '''
         self.assertEqual(code, expected)
@@ -671,7 +665,8 @@ exit:
         stream = StringIOWrapper('test_suite_ut.function', data)
         _, _, code, _ = parse_function_code(stream, [], [])
 
-        expected = '''#line 2 "test_suite_ut.function"
+        expected = '''#line 1 "test_suite_ut.function"
+
 void test_func()
 {
     ba ba black sheep
@@ -708,7 +703,7 @@ class ParseFunction(TestCase):
         stream = StringIOWrapper('test_suite_ut.function', data)
         self.assertRaises(Exception, parse_functions, stream)
         parse_until_pattern_mock.assert_called_with(stream, END_HEADER_REGEX)
-        self.assertEqual(stream.line_no, 2)
+        self.assertEqual(stream.line_no, 1)
 
     @patch("generate_test_code.parse_until_pattern")
     def test_begin_helper(self, parse_until_pattern_mock):
@@ -731,7 +726,7 @@ void print_hello_world()
         self.assertRaises(Exception, parse_functions, stream)
         parse_until_pattern_mock.assert_called_with(stream,
                                                     END_SUITE_HELPERS_REGEX)
-        self.assertEqual(stream.line_no, 2)
+        self.assertEqual(stream.line_no, 1)
 
     @patch("generate_test_code.parse_suite_dependencies")
     def test_begin_dep(self, parse_suite_dependencies_mock):
@@ -752,7 +747,7 @@ void print_hello_world()
         stream = StringIOWrapper('test_suite_ut.function', data)
         self.assertRaises(Exception, parse_functions, stream)
         parse_suite_dependencies_mock.assert_called_with(stream)
-        self.assertEqual(stream.line_no, 2)
+        self.assertEqual(stream.line_no, 1)
 
     @patch("generate_test_code.parse_function_dependencies")
     def test_begin_function_dep(self, func_mock):
@@ -775,7 +770,7 @@ void print_hello_world()
         stream = StringIOWrapper('test_suite_ut.function', data)
         self.assertRaises(Exception, parse_functions, stream)
         func_mock.assert_called_with(dependencies_str)
-        self.assertEqual(stream.line_no, 2)
+        self.assertEqual(stream.line_no, 1)
 
     @patch("generate_test_code.parse_function_code")
     @patch("generate_test_code.parse_function_dependencies")
@@ -866,17 +861,17 @@ void func2()
 '''
         self.assertEqual(dispatch_code, expected_dispatch_code)
         expected_func_code = '''#if defined(MBEDTLS_ECP_C)
-#line 3 "test_suite_ut.function"
+#line 2 "test_suite_ut.function"
 #include "mbedtls/ecp.h"
 
 #define ECP_PF_UNKNOWN     -1
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
 #if defined(MBEDTLS_FS_IO)
-#line 14 "test_suite_ut.function"
+#line 13 "test_suite_ut.function"
 void test_func1()
 {
 exit:
-    ;;
+    ;
 }
 
 void test_func1_wrapper( void ** params )
@@ -889,11 +884,11 @@ void test_func1_wrapper( void ** params )
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
 #if defined(MBEDTLS_FS_IO)
-#line 20 "test_suite_ut.function"
+#line 19 "test_suite_ut.function"
 void test_func2()
 {
 exit:
-    ;;
+    ;
 }
 
 void test_func2_wrapper( void ** params )
@@ -989,20 +984,20 @@ class EscapedSplit(TestCase):
         Test input that has escaped delimiter.
         :return:
         """
-        test_str = r'yahoo\\\:google:facebook'
+        test_str = r'yahoo\\:google:facebook'
         splits = escaped_split(test_str, ':')
-        self.assertEqual(splits, [r'yahoo\\\\', 'google', 'facebook'])
+        self.assertEqual(splits, [r'yahoo\\', 'google', 'facebook'])
 
     def test_all_at_once(self):
         """
         Test input that has escaped delimiter.
         :return:
         """
-        test_str = r'yahoo\\\:google:facebook\:instagram\\\:bbc\\\\:wikipedia'
+        test_str = r'yahoo\\:google:facebook\:instagram\\:bbc\\:wikipedia'
         splits = escaped_split(test_str, ':')
-        self.assertEqual(splits, [r'yahoo\\\\', r'google',
-                                  r'facebook\:instagram\\\\',
-                                  r'bbc\\\\', r'wikipedia'])
+        self.assertEqual(splits, [r'yahoo\\', r'google',
+                                  r'facebook\:instagram\\',
+                                  r'bbc\\', r'wikipedia'])
 
 
 class ParseTestData(TestCase):
@@ -1516,7 +1511,7 @@ class GenFromTestData(TestCase):
     @staticmethod
     @patch("generate_test_code.write_dependencies")
     @patch("generate_test_code.write_parameters")
-    @patch("generate_test_code.gen_suite_dependencies_checks")
+    @patch("generate_test_code.gen_suite_dep_checks")
     def test_intermediate_data_file(func_mock1,
                                     write_parameters_mock,
                                     write_dependencies_mock):

From fcdf68530265ecb15d0b846aae915c2df6fb203b Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 5 Jul 2018 17:31:46 +0100
Subject: [PATCH 330/578] Make test function parsing robust

This commit enhances parsing of the test function in generate_test_code.py for
cases where return type and function name are on separate lines.
---
 tests/scripts/generate_test_code.py      |  46 +++++----
 tests/scripts/test_generate_test_code.py | 122 ++++++++++++++++-------
 2 files changed, 112 insertions(+), 56 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index b744d7c07..b01bd3511 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -185,11 +185,10 @@ END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
 
 DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)'
 C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*'
-TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(\w+)\s*\('
+TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
 INT_CHECK_REGEX = r'int\s+.*'
 CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
 DATA_T_CHECK_REGEX = r'data_t\s*\*\s*.*'
-FUNCTION_ARG_LIST_START_REGEX = r'.*?\s+(\w+)\s*\('
 FUNCTION_ARG_LIST_END_REGEX = r'.*\)'
 EXIT_LABEL_REGEX = r'^exit:'
 
@@ -451,7 +450,7 @@ def parse_function_dependencies(line):
     return dependencies
 
 
-def parse_function_signature(line):
+def parse_function_arguments(line):
     """
     Parses test function signature for validation and generates
     a dispatch wrapper function that translates input test vectors
@@ -459,19 +458,15 @@ def parse_function_signature(line):
 
     :param line: Line from .function file that has a function
                  signature.
-    :return: function name, argument list, local variables for
+    :return: argument list, local variables for
              wrapper function and argument dispatch code.
     """
     args = []
     local_vars = ''
     args_dispatch = []
-    # Check if the test function returns void.
-    match = re.search(TEST_FUNCTION_VALIDATION_REGEX, line, re.I)
-    if not match:
-        raise ValueError("Test function should return 'void'\n%s" % line)
-    name = match.group(1)
-    line = line[len(match.group(0)):]
     arg_idx = 0
+    # Remove characters before arguments
+    line = line[line.find('(') + 1:]
     # Process arguments, ex: <type> arg1, <type> arg2 )
     # This script assumes that the argument list is terminated by ')'
     # i.e. the test functions will not have a function pointer
@@ -501,7 +496,7 @@ def parse_function_signature(line):
                              "'char *' or 'data_t'\n%s" % line)
         arg_idx += 1
 
-    return name, args, local_vars, args_dispatch
+    return args, local_vars, args_dispatch
 
 
 def parse_function_code(funcs_f, dependencies, suite_dependencies):
@@ -514,30 +509,38 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies):
     :param suite_dependencies: List of test suite dependencies
     :return: Function name, arguments, function code and dispatch code.
     """
-    code = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
+    line_directive = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
+    code = ''
     has_exit_label = False
     for line in funcs_f:
-        # Check function signature. This script expects function name
-        # and return type to be specified at the same line.
-        match = re.match(FUNCTION_ARG_LIST_START_REGEX, line, re.I)
+        # Check function signature. Function signature may be split
+        # across multiple lines. Here we try to find the start of
+        # arguments list, then remove '\n's and apply the regex to
+        # detect function start.
+        up_to_arg_list_start = code + line[:line.find('(') + 1]
+        match = re.match(TEST_FUNCTION_VALIDATION_REGEX,
+                         up_to_arg_list_start.replace('\n', ' '), re.I)
         if match:
             # check if we have full signature i.e. split in more lines
+            name = match.group('func_name')
             if not re.match(FUNCTION_ARG_LIST_END_REGEX, line):
                 for lin in funcs_f:
                     line += lin
                     if re.search(FUNCTION_ARG_LIST_END_REGEX, line):
                         break
-            name, args, local_vars, args_dispatch = parse_function_signature(
+            args, local_vars, args_dispatch = parse_function_arguments(
                 line)
-            code += line.replace(name, 'test_' + name, 1)
-            name = 'test_' + name
-            break
-        else:
             code += line
+            break
+        code += line
     else:
         raise GeneratorInputError("file: %s - Test functions not found!" %
                                   funcs_f.name)
 
+    # Prefix test function name with 'test_'
+    code = code.replace(name, 'test_' + name, 1)
+    name = 'test_' + name
+
     for line in funcs_f:
         if re.search(END_CASE_REGEX, line):
             break
@@ -557,7 +560,8 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies):
     ;
 }""".join(split_code)
 
-    code += gen_function_wrapper(name, local_vars, args_dispatch)
+    code = line_directive + code + gen_function_wrapper(name, local_vars,
+                                                        args_dispatch)
     preprocessor_check_start, preprocessor_check_end = \
         gen_dependencies(dependencies)
     dispatch_code = gen_dispatch(name, suite_dependencies + dependencies)
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index 29d9e4f44..149159c8c 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -31,7 +31,7 @@ from generate_test_code import gen_function_wrapper, gen_dispatch
 from generate_test_code import parse_until_pattern, GeneratorInputError
 from generate_test_code import parse_suite_dependencies
 from generate_test_code import parse_function_dependencies
-from generate_test_code import parse_function_signature, parse_function_code
+from generate_test_code import parse_function_arguments, parse_function_code
 from generate_test_code import parse_functions, END_HEADER_REGEX
 from generate_test_code import END_SUITE_HELPERS_REGEX, escaped_split
 from generate_test_code import parse_test_data, gen_dep_check
@@ -476,7 +476,7 @@ class ParseFuncDependencies(TestCase):
 
 class ParseFuncSignature(TestCase):
     """
-    Test Suite for parse_function_signature().
+    Test Suite for parse_function_arguments().
     """
 
     def test_int_and_char_params(self):
@@ -485,8 +485,7 @@ class ParseFuncSignature(TestCase):
         :return:
         """
         line = 'void entropy_threshold( char * a, int b, int result )'
-        name, args, local, arg_dispatch = parse_function_signature(line)
-        self.assertEqual(name, 'entropy_threshold')
+        args, local, arg_dispatch = parse_function_arguments(line)
         self.assertEqual(args, ['char*', 'int', 'int'])
         self.assertEqual(local, '')
         self.assertEqual(arg_dispatch, ['(char *) params[0]',
@@ -499,8 +498,7 @@ class ParseFuncSignature(TestCase):
         :return:
         """
         line = 'void entropy_threshold( char * a, data_t * h, int result )'
-        name, args, local, arg_dispatch = parse_function_signature(line)
-        self.assertEqual(name, 'entropy_threshold')
+        args, local, arg_dispatch = parse_function_arguments(line)
         self.assertEqual(args, ['char*', 'hex', 'int'])
         self.assertEqual(local,
                          '    data_t data1 = {(uint8_t *) params[1], '
@@ -509,21 +507,13 @@ class ParseFuncSignature(TestCase):
                                         '&data1',
                                         '*( (int *) params[3] )'])
 
-    def test_non_void_function(self):
-        """
-        Test invalid signature (non void).
-        :return:
-        """
-        line = 'int entropy_threshold( char * a, data_t * h, int result )'
-        self.assertRaises(ValueError, parse_function_signature, line)
-
     def test_unsupported_arg(self):
         """
         Test unsupported arguments (not among int, char * and data_t)
         :return:
         """
-        line = 'int entropy_threshold( char * a, data_t * h, int * result )'
-        self.assertRaises(ValueError, parse_function_signature, line)
+        line = 'void entropy_threshold( char * a, data_t * h, char result )'
+        self.assertRaises(ValueError, parse_function_arguments, line)
 
     def test_no_params(self):
         """
@@ -531,8 +521,7 @@ class ParseFuncSignature(TestCase):
         :return:
         """
         line = 'void entropy_threshold()'
-        name, args, local, arg_dispatch = parse_function_signature(line)
-        self.assertEqual(name, 'entropy_threshold')
+        args, local, arg_dispatch = parse_function_arguments(line)
         self.assertEqual(args, [])
         self.assertEqual(local, '')
         self.assertEqual(arg_dispatch, [])
@@ -554,8 +543,9 @@ test
 function
 '''
         stream = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(GeneratorInputError, parse_function_code, stream, [],
-                          [])
+        err_msg = 'file: test_suite_ut.function - Test functions not found!'
+        self.assertRaisesRegexp(GeneratorInputError, err_msg,
+                                parse_function_code, stream, [], [])
 
     def test_no_end_case_comment(self):
         """
@@ -568,17 +558,19 @@ void test_func()
 }
 '''
         stream = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaises(GeneratorInputError, parse_function_code, stream, [],
-                          [])
+        err_msg = r'file: test_suite_ut.function - '\
+                  'end case pattern .*? not found!'
+        self.assertRaisesRegexp(GeneratorInputError, err_msg,
+                                parse_function_code, stream, [], [])
 
-    @patch("generate_test_code.parse_function_signature")
+    @patch("generate_test_code.parse_function_arguments")
     def test_function_called(self,
-                             parse_function_signature_mock):
+                             parse_function_arguments_mock):
         """
         Test parse_function_code()
         :return:
         """
-        parse_function_signature_mock.return_value = ('test_func', [], '', [])
+        parse_function_arguments_mock.return_value = ([], '', [])
         data = '''
 void test_func()
 {
@@ -587,14 +579,14 @@ void test_func()
         stream = StringIOWrapper('test_suite_ut.function', data)
         self.assertRaises(GeneratorInputError, parse_function_code,
                           stream, [], [])
-        self.assertTrue(parse_function_signature_mock.called)
-        parse_function_signature_mock.assert_called_with('void test_func()\n')
+        self.assertTrue(parse_function_arguments_mock.called)
+        parse_function_arguments_mock.assert_called_with('void test_func()\n')
 
     @patch("generate_test_code.gen_dispatch")
     @patch("generate_test_code.gen_dependencies")
     @patch("generate_test_code.gen_function_wrapper")
-    @patch("generate_test_code.parse_function_signature")
-    def test_return(self, parse_function_signature_mock,
+    @patch("generate_test_code.parse_function_arguments")
+    def test_return(self, parse_function_arguments_mock,
                     gen_function_wrapper_mock,
                     gen_dependencies_mock,
                     gen_dispatch_mock):
@@ -602,7 +594,7 @@ void test_func()
         Test generated code.
         :return:
         """
-        parse_function_signature_mock.return_value = ('func', [], '', [])
+        parse_function_arguments_mock.return_value = ([], '', [])
         gen_function_wrapper_mock.return_value = ''
         gen_dependencies_mock.side_effect = gen_dependencies
         gen_dispatch_mock.side_effect = gen_dispatch
@@ -617,8 +609,8 @@ void func()
         stream = StringIOWrapper('test_suite_ut.function', data)
         name, arg, code, dispatch_code = parse_function_code(stream, [], [])
 
-        self.assertTrue(parse_function_signature_mock.called)
-        parse_function_signature_mock.assert_called_with('void func()\n')
+        self.assertTrue(parse_function_arguments_mock.called)
+        parse_function_arguments_mock.assert_called_with('void func()\n')
         gen_function_wrapper_mock.assert_called_with('test_func', '', [])
         self.assertEqual(name, 'test_func')
         self.assertEqual(arg, [])
@@ -638,8 +630,8 @@ exit:
     @patch("generate_test_code.gen_dispatch")
     @patch("generate_test_code.gen_dependencies")
     @patch("generate_test_code.gen_function_wrapper")
-    @patch("generate_test_code.parse_function_signature")
-    def test_with_exit_label(self, parse_function_signature_mock,
+    @patch("generate_test_code.parse_function_arguments")
+    def test_with_exit_label(self, parse_function_arguments_mock,
                              gen_function_wrapper_mock,
                              gen_dependencies_mock,
                              gen_dispatch_mock):
@@ -647,7 +639,7 @@ exit:
         Test when exit label is present.
         :return:
         """
-        parse_function_signature_mock.return_value = ('func', [], '', [])
+        parse_function_arguments_mock.return_value = ([], '', [])
         gen_function_wrapper_mock.return_value = ''
         gen_dependencies_mock.side_effect = gen_dependencies
         gen_dispatch_mock.side_effect = gen_dispatch
@@ -675,6 +667,66 @@ exit:
     yes sir yes sir
     3 bags full
 }
+'''
+        self.assertEqual(code, expected)
+
+    def test_non_void_function(self):
+        """
+        Test invalid signature (non void).
+        :return:
+        """
+        data = 'int entropy_threshold( char * a, data_t * h, int result )'
+        err_msg = 'file: test_suite_ut.function - Test functions not found!'
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        self.assertRaisesRegexp(GeneratorInputError, err_msg,
+                                parse_function_code, stream, [], [])
+
+    @patch("generate_test_code.gen_dispatch")
+    @patch("generate_test_code.gen_dependencies")
+    @patch("generate_test_code.gen_function_wrapper")
+    @patch("generate_test_code.parse_function_arguments")
+    def test_functio_name_on_newline(self, parse_function_arguments_mock,
+                                     gen_function_wrapper_mock,
+                                     gen_dependencies_mock,
+                                     gen_dispatch_mock):
+        """
+        Test when exit label is present.
+        :return:
+        """
+        parse_function_arguments_mock.return_value = ([], '', [])
+        gen_function_wrapper_mock.return_value = ''
+        gen_dependencies_mock.side_effect = gen_dependencies
+        gen_dispatch_mock.side_effect = gen_dispatch
+        data = '''
+void
+
+
+func()
+{
+    ba ba black sheep
+    have you any wool
+exit:
+    yes sir yes sir
+    3 bags full
+}
+/* END_CASE */
+'''
+        stream = StringIOWrapper('test_suite_ut.function', data)
+        _, _, code, _ = parse_function_code(stream, [], [])
+
+        expected = '''#line 1 "test_suite_ut.function"
+
+void
+
+
+test_func()
+{
+    ba ba black sheep
+    have you any wool
+exit:
+    yes sir yes sir
+    3 bags full
+}
 '''
         self.assertEqual(code, expected)
 

From 630281349e8b693cc0cc1bf96ae80c9e2a5296cd Mon Sep 17 00:00:00 2001
From: Azim Khan <Azim.Khan@arm.com>
Date: Thu, 5 Jul 2018 17:53:11 +0100
Subject: [PATCH 331/578] Replaced escaped_split() logic with regex

---
 tests/scripts/generate_test_code.py | 16 ++++------------
 tests/scripts/mbedtls_test.py       | 16 ++++------------
 2 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index b01bd3511..ece35dfb4 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -632,18 +632,10 @@ def escaped_split(inp_str, split_char):
     """
     if len(split_char) > 1:
         raise ValueError('Expected split character. Found string!')
-    out = []
-    part = ''
-    escape = False
-    for character in inp_str:
-        if not escape and character == split_char:
-            out.append(part)
-            part = ''
-        else:
-            part += character
-            escape = not escape and character == '\\'
-    if part:
-        out.append(part)
+    out = re.sub(r'(\\.)|' + split_char,
+                 lambda m: m.group(1) or '\n', inp_str,
+                 len(inp_str)).split('\n')
+    out = filter(lambda x: x or False, out)
     return out
 
 
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index a9730708a..557031099 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -77,18 +77,10 @@ class TestDataParser(object):
         """
         if len(split_char) > 1:
             raise ValueError('Expected split character. Found string!')
-        out = []
-        part = ''
-        escape = False
-        for character in inp_str:
-            if not escape and character == split_char:
-                out.append(part)
-                part = ''
-            else:
-                part += character
-                escape = not escape and character == '\\'
-        if part:
-            out.append(part)
+        out = re.sub(r'(\\.)|' + split_char,
+                     lambda m: m.group(1) or '\n', inp_str,
+                     len(inp_str)).split('\n')
+        out = filter(lambda x: x or False, out)
         return out
 
     def __parse(self, data_f):

From 32cbcdac8fecf4709908372779a8f0fa160e6990 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Fri, 6 Jul 2018 00:29:09 +0100
Subject: [PATCH 332/578] Fix Pylint errors in Python scripts

---
 tests/scripts/generate_test_code.py | 54 +++++++++++++++++++----------
 tests/scripts/mbedtls_test.py       |  2 +-
 2 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index ece35dfb4..2468063d1 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -499,6 +499,33 @@ def parse_function_arguments(line):
     return args, local_vars, args_dispatch
 
 
+def generate_function_code(name, code, local_vars, args_dispatch,
+                           dependencies):
+    """
+    Generate function code with preprocessor checks and parameter dispatch
+    wrapper.
+
+    :param name: Function name
+    :param code: Function code
+    :param local_vars: Local variables for function wrapper
+    :param args_dispatch: Argument dispatch code
+    :param dependencies: Preprocessor dependencies list
+    :return: Final function code
+    """
+    # Add exit label if not present
+    if code.find('exit:') == -1:
+        split_code = code.rsplit('}', 1)
+        if len(split_code) == 2:
+            code = """exit:
+    ;
+}""".join(split_code)
+
+    code += gen_function_wrapper(name, local_vars, args_dispatch)
+    preprocessor_check_start, preprocessor_check_end = \
+        gen_dependencies(dependencies)
+    return preprocessor_check_start + code + preprocessor_check_end
+
+
 def parse_function_code(funcs_f, dependencies, suite_dependencies):
     """
     Parses out a function from function file object and generates
@@ -552,21 +579,11 @@ def parse_function_code(funcs_f, dependencies, suite_dependencies):
         raise GeneratorInputError("file: %s - end case pattern [%s] not "
                                   "found!" % (funcs_f.name, END_CASE_REGEX))
 
-    # Add exit label if not present
-    if code.find('exit:') == -1:
-        split_code = code.rsplit('}', 1)
-        if len(split_code) == 2:
-            code = """exit:
-    ;
-}""".join(split_code)
-
-    code = line_directive + code + gen_function_wrapper(name, local_vars,
-                                                        args_dispatch)
-    preprocessor_check_start, preprocessor_check_end = \
-        gen_dependencies(dependencies)
+    code = line_directive + code
+    code = generate_function_code(name, code, local_vars, args_dispatch,
+                                  dependencies)
     dispatch_code = gen_dispatch(name, suite_dependencies + dependencies)
-    return (name, args, preprocessor_check_start + code +
-            preprocessor_check_end, dispatch_code)
+    return (name, args, code, dispatch_code)
 
 
 def parse_functions(funcs_f):
@@ -587,11 +604,10 @@ def parse_functions(funcs_f):
     dispatch_code = ''
     for line in funcs_f:
         if re.search(BEGIN_HEADER_REGEX, line):
-            headers = parse_until_pattern(funcs_f, END_HEADER_REGEX)
-            suite_helpers += headers
+            suite_helpers += parse_until_pattern(funcs_f, END_HEADER_REGEX)
         elif re.search(BEGIN_SUITE_HELPERS_REGEX, line):
-            helpers = parse_until_pattern(funcs_f, END_SUITE_HELPERS_REGEX)
-            suite_helpers += helpers
+            suite_helpers += parse_until_pattern(funcs_f,
+                                                 END_SUITE_HELPERS_REGEX)
         elif re.search(BEGIN_DEP_REGEX, line):
             suite_dependencies += parse_suite_dependencies(funcs_f)
         elif re.search(BEGIN_CASE_REGEX, line):
@@ -635,7 +651,7 @@ def escaped_split(inp_str, split_char):
     out = re.sub(r'(\\.)|' + split_char,
                  lambda m: m.group(1) or '\n', inp_str,
                  len(inp_str)).split('\n')
-    out = filter(lambda x: x or False, out)
+    out = [x for x in out if x]
     return out
 
 
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
index 557031099..8e8a89ba9 100755
--- a/tests/scripts/mbedtls_test.py
+++ b/tests/scripts/mbedtls_test.py
@@ -80,7 +80,7 @@ class TestDataParser(object):
         out = re.sub(r'(\\.)|' + split_char,
                      lambda m: m.group(1) or '\n', inp_str,
                      len(inp_str)).split('\n')
-        out = filter(lambda x: x or False, out)
+        out = [x for x in out if x]
         return out
 
     def __parse(self, data_f):

From 539aa06f6490701d1e462561b299fed8e5130f08 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Fri, 6 Jul 2018 00:29:50 +0100
Subject: [PATCH 333/578] Fix Python 2 & 3 compatibility in
 test_generate_test_code.py

---
 tests/scripts/test_generate_test_code.py | 73 +++++++++++++++++++-----
 1 file changed, 60 insertions(+), 13 deletions(-)

diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index 149159c8c..2ef12e18d 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -23,9 +23,19 @@ Unit tests for generate_test_code.py
 """
 
 
-from StringIO import StringIO
+try:
+    # Python 2
+    from StringIO import StringIO
+except ImportError:
+    # Python 3
+    from io import StringIO
 from unittest import TestCase, main as unittest_main
-from mock import patch
+try:
+    # Python 2
+    from mock import patch
+except ImportError:
+    # Python 3
+    from unittest.mock import patch
 from generate_test_code import gen_dependencies, gen_dependencies_one_line
 from generate_test_code import gen_function_wrapper, gen_dispatch
 from generate_test_code import parse_until_pattern, GeneratorInputError
@@ -307,9 +317,16 @@ class StringIOWrapper(StringIO, object):
 
         :return: Line read from file.
         """
-        line = super(StringIOWrapper, self).next()
+        parent = super(StringIOWrapper, self)
+        if getattr(parent, 'next', None):
+            # Python 2
+            line = parent.next()
+        else:
+            # Python 3
+            line = parent.__next__()
         return line
 
+    # Python 3
     __next__ = next
 
     def readline(self, length=0):
@@ -532,6 +549,38 @@ class ParseFunctionCode(TestCase):
     Test suite for testing parse_function_code()
     """
 
+    def assert_raises_regex(self, exp, regex, func, *args):
+        """
+        Python 2 & 3 portable wrapper of assertRaisesRegex(p)? function.
+
+        :param exp: Exception type expected to be raised by cb.
+        :param regex: Expected exception message
+        :param func: callable object under test
+        :param args: variable positional arguments
+        """
+        parent = super(ParseFunctionCode, self)
+
+        # Pylint does not appreciate that the super method called
+        # conditionally can be available in other Python version
+        # then that of Pylint.
+        # Workaround is to call the method via getattr.
+        # Pylint ignores that the method got via getattr is
+        # conditionally executed. Method has to be a callable.
+        # Hence, using a dummy callable for getattr default.
+        dummy = lambda *x: None
+        # First Python 3 assertRaisesRegex is checked, since Python 2
+        # assertRaisesRegexp is also available in Python 3 but is
+        # marked deprecated.
+        for name in ('assertRaisesRegex', 'assertRaisesRegexp'):
+            method = getattr(parent, name, dummy)
+            if method is not dummy:
+                method(exp, regex, func, *args)
+                break
+        else:
+            raise AttributeError(" 'ParseFunctionCode' object has no attribute"
+                                 " 'assertRaisesRegex' or 'assertRaisesRegexp'"
+                                )
+
     def test_no_function(self):
         """
         Test no test function found.
@@ -544,8 +593,8 @@ function
 '''
         stream = StringIOWrapper('test_suite_ut.function', data)
         err_msg = 'file: test_suite_ut.function - Test functions not found!'
-        self.assertRaisesRegexp(GeneratorInputError, err_msg,
-                                parse_function_code, stream, [], [])
+        self.assert_raises_regex(GeneratorInputError, err_msg,
+                                 parse_function_code, stream, [], [])
 
     def test_no_end_case_comment(self):
         """
@@ -560,8 +609,8 @@ void test_func()
         stream = StringIOWrapper('test_suite_ut.function', data)
         err_msg = r'file: test_suite_ut.function - '\
                   'end case pattern .*? not found!'
-        self.assertRaisesRegexp(GeneratorInputError, err_msg,
-                                parse_function_code, stream, [], [])
+        self.assert_raises_regex(GeneratorInputError, err_msg,
+                                 parse_function_code, stream, [], [])
 
     @patch("generate_test_code.parse_function_arguments")
     def test_function_called(self,
@@ -678,8 +727,8 @@ exit:
         data = 'int entropy_threshold( char * a, data_t * h, int result )'
         err_msg = 'file: test_suite_ut.function - Test functions not found!'
         stream = StringIOWrapper('test_suite_ut.function', data)
-        self.assertRaisesRegexp(GeneratorInputError, err_msg,
-                                parse_function_code, stream, [], [])
+        self.assert_raises_regex(GeneratorInputError, err_msg,
+                                 parse_function_code, stream, [], [])
 
     @patch("generate_test_code.gen_dispatch")
     @patch("generate_test_code.gen_dependencies")
@@ -1155,8 +1204,7 @@ dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
             for _, _, _, _ in parse_test_data(stream):
                 pass
         except GeneratorInputError as err:
-            pass
-        self.assertEqual(type(err), GeneratorInputError)
+            self.assertEqual(type(err), GeneratorInputError)
 
     def test_incomplete_data(self):
         """
@@ -1174,8 +1222,7 @@ depends_on:YAHOO
             for _, _, _, _ in parse_test_data(stream):
                 pass
         except GeneratorInputError as err:
-            pass
-        self.assertEqual(type(err), GeneratorInputError)
+            self.assertEqual(type(err), GeneratorInputError)
 
 
 class GenDepCheck(TestCase):

From 21798105f61dae6fb5c0246a1c61fb970e89322b Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Fri, 6 Jul 2018 00:41:08 +0100
Subject: [PATCH 334/578] Pylint tests in all.sh

---
 .pylint                             | 425 ++++++++++++++++++++++++++++
 tests/scripts/all.sh                |   2 +
 tests/scripts/check-python-files.sh |  18 ++
 3 files changed, 445 insertions(+)
 create mode 100644 .pylint
 create mode 100755 tests/scripts/check-python-files.sh

diff --git a/.pylint b/.pylint
new file mode 100644
index 000000000..934f30be5
--- /dev/null
+++ b/.pylint
@@ -0,0 +1,425 @@
+[MASTER]
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code
+extension-pkg-whitelist=
+
+# Add files or directories to the blacklist. They should be base names, not
+# paths.
+ignore=CVS
+
+# Add files or directories matching the regex patterns to the blacklist. The
+# regex matches against base names, not paths.
+ignore-patterns=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Use multiple processes to speed up Pylint.
+jobs=1
+
+# List of plugins (as comma separated values of python modules names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# Specify a configuration file.
+#rcfile=
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
+confidence=
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once).You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use"--disable=all --enable=classes
+# --disable=W"
+disable=print-statement,parameter-unpacking,unpacking-in-except,old-raise-syntax,backtick,long-suffix,old-ne-operator,old-octal-literal,import-star-module-level,raw-checker-failed,bad-inline-option,locally-disabled,locally-enabled,file-ignored,suppressed-message,useless-suppression,deprecated-pragma,apply-builtin,basestring-builtin,buffer-builtin,cmp-builtin,coerce-builtin,execfile-builtin,file-builtin,long-builtin,raw_input-builtin,reduce-builtin,standarderror-builtin,unicode-builtin,xrange-builtin,coerce-method,delslice-method,getslice-method,setslice-method,no-absolute-import,old-division,dict-iter-method,dict-view-method,next-method-called,metaclass-assignment,indexing-exception,raising-string,reload-builtin,oct-method,hex-method,nonzero-method,cmp-method,input-builtin,round-builtin,intern-builtin,unichr-builtin,map-builtin-not-iterating,zip-builtin-not-iterating,range-builtin-not-iterating,filter-builtin-not-iterating,using-cmp-argument,eq-without-hash,div-method,idiv-method,rdiv-method,exception-message-attribute,invalid-str-codec,sys-max-int,bad-python3-import,deprecated-string-function,deprecated-str-translate-call
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=
+
+
+[REPORTS]
+
+# Python expression which should return a note less than 10 (10 is the highest
+# note). You have access to the variables errors warning, statement which
+# respectively contain the number of errors / warnings messages and the total
+# number of statements analyzed. This is used by the global evaluation report
+# (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details
+#msg-template=
+
+# Set the output format. Available formats are text, parseable, colorized, json
+# and msvs (visual studio).You can also give a reporter class, eg
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages
+reports=no
+
+# Activate the evaluation score.
+score=yes
+
+
+[REFACTORING]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+
+[SIMILARITIES]
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+
+[FORMAT]
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )?<?https?://\S+>?$
+
+# Number of spaces of indent required inside a hanging  or continued line.
+indent-after-paren=4
+
+# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
+# tab).
+indent-string='    '
+
+# Maximum number of characters on a single line.
+max-line-length=79
+
+# Maximum number of lines in a module
+max-module-lines=2000
+
+# List of optional constructs for which whitespace checking is disabled. `dict-
+# separator` is used to allow tabulation in dicts, etc.: {1  : 1,\n222: 2}.
+# `trailing-comma` allows a space between comma and closing bracket: (a, ).
+# `empty-line` allows space-only lines.
+no-space-check=trailing-comma,dict-separator
+
+# Allow the body of a class to be on the same line as the declaration if body
+# contains single statement.
+single-line-class-stmt=no
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+
+[BASIC]
+
+# Naming hint for argument names
+argument-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Regular expression matching correct argument names
+argument-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Naming hint for attribute names
+attr-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Regular expression matching correct attribute names
+attr-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Bad variable names which should always be refused, separated by a comma
+bad-names=foo,bar,baz,toto,tutu,tata
+
+# Naming hint for class attribute names
+class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
+
+# Regular expression matching correct class attribute names
+class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
+
+# Naming hint for class names
+class-name-hint=[A-Z_][a-zA-Z0-9]+$
+
+# Regular expression matching correct class names
+class-rgx=[A-Z_][a-zA-Z0-9]+$
+
+# Naming hint for constant names
+const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$
+
+# Regular expression matching correct constant names
+const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=-1
+
+# Naming hint for function names
+function-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Regular expression matching correct function names
+function-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Good variable names which should always be accepted, separated by a comma
+good-names=i,j,k,ex,Run,_
+
+# Include a hint for the correct naming format with invalid-name
+include-naming-hint=no
+
+# Naming hint for inline iteration names
+inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$
+
+# Regular expression matching correct inline iteration names
+inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
+
+# Naming hint for method names
+method-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Regular expression matching correct method names
+method-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Naming hint for module names
+module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
+
+# Regular expression matching correct module names
+module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+property-classes=abc.abstractproperty
+
+# Naming hint for variable names
+variable-name-hint=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+# Regular expression matching correct variable names
+variable-rgx=(([a-z][a-z0-9_]{2,30})|(_[a-z0-9_]*))$
+
+
+[TYPECHECK]
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# This flag controls whether pylint should warn about no-member and similar
+# checks whenever an opaque object is returned when inferring. The inference
+# can return multiple potential results while evaluating a Python object, but
+# some branches might not be evaluated, which results in partial inference. In
+# that case, it might be useful to still emit no-member and other checks for
+# the rest of the inferred objects.
+ignore-on-opaque-inference=yes
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=optparse.Values,thread._local,_thread._local
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis. It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=
+
+# Show a hint with possible names when a member name was not found. The aspect
+# of finding the hint is based on edit distance.
+missing-member-hint=yes
+
+# The minimum edit distance a name should have in order to be considered a
+# similar match for a missing member name.
+missing-member-hint-distance=1
+
+# The total number of similar names that should be taken in consideration when
+# showing a hint for a missing member.
+missing-member-max-choices=1
+
+
+[VARIABLES]
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid to define new builtins when possible.
+additional-builtins=
+
+# Tells whether unused global variables should be treated as a violation.
+allow-global-unused-variables=yes
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,_cb
+
+# A regular expression matching the name of dummy variables (i.e. expectedly
+# not used).
+dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore
+ignored-argument-names=_.*|^ignored_|^unused_
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six.moves,future.builtins
+
+
+[SPELLING]
+
+# Spelling dictionary name. Available dictionaries: none. To make it working
+# install python-enchant package.
+spelling-dict=
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to indicated private dictionary in
+# --spelling-private-dict-file option instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,XXX,TODO
+
+
+[LOGGING]
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format
+logging-modules=logging
+
+
+[CLASSES]
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,__new__,setUp
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,_fields,_replace,_source,_make
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=mcs
+
+
+[DESIGN]
+
+# Maximum number of arguments for function / method
+max-args=5
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=7
+
+# Maximum number of boolean expressions in a if statement
+max-bool-expr=5
+
+# Maximum number of branch for function / method body
+max-branches=12
+
+# Maximum number of locals for function / method body
+max-locals=15
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of return / yield for function / method body
+max-returns=6
+
+# Maximum number of statements in function / method body
+max-statements=50
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+
+[IMPORTS]
+
+# Allow wildcard imports from modules that define __all__.
+allow-wildcard-with-all=no
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+# Deprecated modules which should not be used, separated by a comma
+deprecated-modules=regsub,TERMIOS,Bastion,rexec
+
+# Create a graph of external dependencies in the given file (report RP0402 must
+# not be disabled)
+ext-import-graph=
+
+# Create a graph of every (i.e. internal and external) dependencies in the
+# given file (report RP0402 must not be disabled)
+import-graph=
+
+# Create a graph of internal dependencies in the given file (report RP0402 must
+# not be disabled)
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "Exception"
+overgeneral-exceptions=Exception
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d7d5a8c1a..41ea08026 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1050,6 +1050,8 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do
     done
 done
 
+msg "Analyse: Python source with Pylint"
+tests/scripts/check-python-files.sh
 
 
 ################################################################
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
new file mode 100755
index 000000000..e987945c6
--- /dev/null
+++ b/tests/scripts/check-python-files.sh
@@ -0,0 +1,18 @@
+#! /usr/bin/env sh
+
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2018, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# Run 'pylint' on Python files for programming errors and helps enforcing
+# PEP8 coding standards.
+
+if `hash pylint > /dev/null 2>&1`; then
+    pylint -j 2 tests/scripts/generate_test_code.py --rcfile .pylint
+    pylint -j 2 tests/scripts/test_generate_test_code.py --rcfile .pylint
+    pylint -j 2 tests/scripts/mbedtls_test.py --rcfile .pylint
+else
+    echo "$0: WARNING: 'pylint' not found! Skipping checks on Python files."
+fi

From ee6529eb834434901aea0a080b15eabd497f9583 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Fri, 6 Jul 2018 00:50:34 +0100
Subject: [PATCH 335/578] Add generate_test_code.py unit tests in all.sh

---
 tests/scripts/all.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 41ea08026..ca9c93ef2 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1050,9 +1050,11 @@ for optimization_flag in -O2 -O3 -Ofast -Os; do
     done
 done
 
-msg "Analyse: Python source with Pylint"
+msg "Lint: Python scripts"
 tests/scripts/check-python-files.sh
 
+msg "uint test: generate_test_code.py"
+./tests/scripts/test_generate_test_code.py
 
 ################################################################
 #### Termination

From 440d8737c6ec7dbde182fb8058d86e6ab4ace075 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Wed, 18 Jul 2018 12:50:49 +0100
Subject: [PATCH 336/578] Fix macro validation regex

---
 tests/scripts/generate_test_code.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 2468063d1..77e235dec 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -184,7 +184,7 @@ BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P<depends_on>.*?)\s*\*/'
 END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
 
 DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)'
-C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*'
+C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*$'
 TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
 INT_CHECK_REGEX = r'int\s+.*'
 CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
@@ -1133,5 +1133,5 @@ if __name__ == "__main__":
     try:
         main()
     except GeneratorInputError as err:
-        print("%s: input error: %s" %
-              (os.path.basename(sys.argv[0]), str(err)))
+        sys.exit("%s: input error: %s" %
+                 (os.path.basename(sys.argv[0]), str(err)))

From d2d0112ca8c83b9c64e73571fd26b6223f8e9475 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Wed, 18 Jul 2018 17:48:37 +0100
Subject: [PATCH 337/578] Style fixes

---
 tests/scripts/check-python-files.sh |  6 ++--
 tests/scripts/generate_test_code.py | 11 +++----
 tests/suites/helpers.function       |  4 +--
 tests/suites/host_test.function     | 49 ++++++++++++++---------------
 tests/suites/main_test.function     |  4 +--
 tests/suites/target_test.function   | 14 ++++-----
 6 files changed, 41 insertions(+), 47 deletions(-)

diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
index e987945c6..009ba4cb0 100755
--- a/tests/scripts/check-python-files.sh
+++ b/tests/scripts/check-python-files.sh
@@ -1,10 +1,10 @@
 #! /usr/bin/env sh
 
-# This file is part of mbed TLS (https://tls.mbed.org)
+# This file is part of Mbed TLS (https://tls.mbed.org)
 #
-# Copyright (c) 2018, ARM Limited, All Rights Reserved
+# Copyright (c) 2018, Arm Limited, All Rights Reserved
 #
-# Purpose
+# Purpose:
 #
 # Run 'pylint' on Python files for programming errors and helps enforcing
 # PEP8 coding standards.
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 77e235dec..26d1c29cb 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -57,10 +57,9 @@ Parameters can be of type string, binary data specified as hex
 string and integer constants specified as integer, macro or
 as an expression. Following is an example test definition:
 
-X509 CRL Unsupported critical extension (issuingDistributionPoint)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idp.pem":\
- MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+ AES 128 GCM Encrypt and decrypt 8 bytes
+ depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+ enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:8:-1
 
 Test functions:
 ---------------
@@ -965,13 +964,11 @@ def write_test_source_file(template_file, c_file, snippets):
     :return:
     """
     with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
-        line_no = 1
-        for line in template_f.readlines():
+        for line_no, line in enumerate(template_f.readlines(), 1):
             # Update line number. +1 as #line directive sets next line number
             snippets['line_no'] = line_no + 1
             code = line.format(**snippets)
             c_f.write(code)
-            line_no += 1
 
 
 def parse_function_file(funcs_file, snippets):
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 56ae62916..32b1b790d 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -455,13 +455,13 @@ static void test_fail( const char *test, int line_no, const char* filename )
     test_info.filename = filename;
 }
 
-int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len)
+int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len )
 {
     int ret = 0;
     uint32_t i = 0;
 
     if ( a_len != b_len )
-        return( a_len - b_len );
+        return( -1 );
 
     for( i = 0; i < a_len; i++ )
     {
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index f03f40c21..b354af473 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -10,8 +10,8 @@
  */
 int verify_string( char **str )
 {
-    if( (*str)[0] != '"' ||
-        (*str)[strlen( *str ) - 1] != '"' )
+    if( ( *str )[0] != '"' ||
+        ( *str )[strlen( *str ) - 1] != '"' )
     {
         mbedtls_fprintf( stderr,
             "Expected string (with \"\") for parameter and got: %s\n", *str );
@@ -49,7 +49,7 @@ int verify_int( char *str, int *value )
         }
 
         if( ( ( minus && i == 2 ) || ( !minus && i == 1 ) ) &&
-            str[i - 1] == '0' && str[i] == 'x' )
+            str[i - 1] == '0' && ( str[i] == 'x' || str[i] == 'X' ) )
         {
             hex = 1;
             continue;
@@ -87,8 +87,9 @@ int verify_int( char *str, int *value )
 #define USAGE \
     "Usage: %s [OPTIONS] files...\n\n" \
     "   Command line arguments:\n" \
-    "     files...          One or more test data file. If no file is specified\n" \
-    "                       the followimg default test case is used:\n" \
+    "     files...          One or more test data files. If no file is\n" \
+    "                       specified the following default test case\n" \
+    "                       file is used:\n" \
     "                           %s\n\n" \
     "   Options:\n" \
     "     -v | --verbose    Display full information about each test\n" \
@@ -165,7 +166,7 @@ static int parse_arguments( char *buf, size_t len, char **params,
 
     params[cnt++] = cur;
 
-    while( *p != '\0' && p < buf + len )
+    while( *p != '\0' && p < ( buf + len ) )
     {
         if( *p == '\\' )
         {
@@ -195,23 +196,23 @@ static int parse_arguments( char *buf, size_t len, char **params,
 
         while( *p != '\0' )
         {
-            if( *p == '\\' && *(p + 1) == 'n' )
+            if( *p == '\\' && *( p + 1 ) == 'n' )
             {
                 p += 2;
-                *(q++) = '\n';
+                *( q++ ) = '\n';
             }
-            else if( *p == '\\' && *(p + 1) == ':' )
+            else if( *p == '\\' && *( p + 1 ) == ':' )
             {
                 p += 2;
-                *(q++) = ':';
+                *( q++ ) = ':';
             }
-            else if( *p == '\\' && *(p + 1) == '?' )
+            else if( *p == '\\' && *( p + 1 ) == '?' )
             {
                 p += 2;
-                *(q++) = '?';
+                *( q++ ) = '?';
             }
             else
-                *(q++) = *(p++);
+                *( q++ ) = *( p++ );
         }
         *q = '\0';
     }
@@ -231,8 +232,8 @@ static int parse_arguments( char *buf, size_t len, char **params,
  *                               }
  *
  *
- * \param cnt               Input string.
- * \param params            Out array of found strings.
+ * \param cnt               Parameter array count.
+ * \param params            Out array of found parameters.
  * \param int_params_store  Memory for storing processed integer parameters.
  *
  * \return      0 for success else 1
@@ -241,7 +242,7 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store
 {
     char ** cur = params;
     char ** out = params;
-    int ret = ( DISPATCH_TEST_SUCCESS );
+    int ret = DISPATCH_TEST_SUCCESS;
 
     while ( cur < params + cnt )
     {
@@ -262,7 +263,7 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store
         }
         else if ( strcmp( type, "int" ) == 0 )
         {
-            if ( verify_int ( val, int_params_store ) == 0 )
+            if ( verify_int( val, int_params_store ) == 0 )
             {
               *out++ = (char *) int_params_store++;
             }
@@ -276,12 +277,7 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store
         {
             if ( verify_string( &val ) == 0 )
             {
-                int j;
                 *int_params_store = unhexify( (unsigned char *) val, val );
-                printf ("\n");
-                for (j = 0; j < *int_params_store; j++)
-                    printf ("%02x ", (uint8_t)val[j]);
-                printf ("\n len %d\n", *int_params_store);
                 *out++ = val;
                 *out++ = (char *)(int_params_store++);
             }
@@ -401,7 +397,8 @@ int execute_tests( int argc , const char ** argv )
     FILE *file;
     char buf[5000];
     char *params[50];
-    int int_params[50]; // Store for proccessed integer params.
+    /* Store for proccessed integer params. */
+    int int_params[50];
     void *pointer;
 #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
     int stdout_fd = -1;
@@ -436,10 +433,10 @@ int execute_tests( int argc , const char ** argv )
 
     while( arg_index < argc )
     {
-        next_arg = argv[ arg_index ];
+        next_arg = argv[arg_index];
 
-        if( strcmp(next_arg, "--verbose" ) == 0 ||
-                 strcmp(next_arg, "-v" ) == 0 )
+        if( strcmp( next_arg, "--verbose" ) == 0 ||
+                 strcmp( next_arg, "-v" ) == 0 )
         {
             option_verbose = 1;
         }
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index fa8a0afee..9b3778278 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -16,7 +16,7 @@
  *      Test suite data     : {test_case_data_file}
  *
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
  */
 
 #if !defined(MBEDTLS_CONFIG_FILE)
@@ -149,7 +149,7 @@ int dispatch_test( int func_idx, void ** params )
     int ret = DISPATCH_TEST_SUCCESS;
     TestWrapper_t fp = NULL;
 
-    if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
+    if ( func_idx < (int)( sizeof( test_funcs ) / sizeof( TestWrapper_t ) ) )
     {{
         fp = test_funcs[func_idx];
         if ( fp )
diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
index f662eee86..56abf2948 100644
--- a/tests/suites/target_test.function
+++ b/tests/suites/target_test.function
@@ -31,11 +31,11 @@ while( 0 )
  * \param len   Length of byte array
  *
  */
-#define ALIGN_32BIT(p, start, len) do           \
-{                                               \
-    uint32_t align = ( - (uintptr_t)( p ) ) % 4;\
-    INCR_ASSERT( ( p ), ( start ), ( len ), align);\
-}                                               \
+#define ALIGN_32BIT(p, start, len) do               \
+{                                                   \
+    uint32_t align = ( - (uintptr_t)( p ) ) % 4;    \
+    INCR_ASSERT( ( p ), ( start ), ( len ), align );\
+}                                                   \
 while( 0 )
 
 
@@ -210,7 +210,7 @@ uint32_t find_hex_count( uint8_t count, uint8_t * data, uint32_t data_len )
  *                    the memory after use.
  */
 void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
-                            int * error )
+                          int * error )
 {
     uint32_t i = 0, hex_count = 0;
     char c;
@@ -393,7 +393,7 @@ int execute_tests( int args, const char ** argv )
 
         if ( data )
         {
-            free(data);
+            free( data );
             data = NULL;
         }
 

From 5cb7017077dcf9b1cc6eac277323ab2443678d78 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Thu, 19 Jul 2018 11:32:30 +0100
Subject: [PATCH 338/578] Less obscure test suites template

---
 tests/scripts/generate_test_code.py |  17 ++---
 tests/suites/main_test.function     | 108 ++++++++++++++--------------
 2 files changed, 63 insertions(+), 62 deletions(-)

diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 26d1c29cb..ce6f88c3c 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -122,7 +122,7 @@ dependency checks, expression evaluation and function dispatch. These
 functions are populated with checks and return codes by this script.
 
 Template file contains "replacement" fields that are formatted
-strings processed by Python str.format() method.
+strings processed by Python string.Template.substitute() method.
 
 This script:
 ============
@@ -132,9 +132,9 @@ code that is generated or read from helpers and platform files.
 This script replaces following fields in the template and generates
 the test source file:
 
-{test_common_helpers}       <-- All common code from helpers.function
+$test_common_helpers        <-- All common code from helpers.function
                                 is substituted here.
-{functions_code}            <-- Test functions are substituted here
+$functions_code             <-- Test functions are substituted here
                                 from the input test_suit_xyz.function
                                 file. C preprocessor checks are generated
                                 for the build dependencies specified
@@ -143,21 +143,21 @@ the test source file:
                                 functions with code to expand the
                                 string parameters read from the data
                                 file.
-{expression_code}           <-- This script enumerates the
+$expression_code            <-- This script enumerates the
                                 expressions in the .data file and
                                 generates code to handle enumerated
                                 expression Ids and return the values.
-{dep_check_code}            <-- This script enumerates all
+$dep_check_code             <-- This script enumerates all
                                 build dependencies and generate
                                 code to handle enumerated build
                                 dependency Id and return status: if
                                 the dependency is defined or not.
-{dispatch_code}             <-- This script enumerates the functions
+$dispatch_code              <-- This script enumerates the functions
                                 specified in the input test data file
                                 and generates the initializer for the
                                 function table in the template
                                 file.
-{platform_code}             <-- Platform specific setup and test
+$platform_code              <-- Platform specific setup and test
                                 dispatch code.
 
 """
@@ -167,6 +167,7 @@ import io
 import os
 import re
 import sys
+import string
 import argparse
 
 
@@ -967,7 +968,7 @@ def write_test_source_file(template_file, c_file, snippets):
         for line_no, line in enumerate(template_f.readlines(), 1):
             # Update line number. +1 as #line directive sets next line number
             snippets['line_no'] = line_no + 1
-            code = line.format(**snippets)
+            code = string.Template(line).substitute(**snippets)
             c_f.write(code)
 
 
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 9b3778278..2ba919ce0 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -3,17 +3,17 @@
  * *** THIS FILE HAS BEEN MACHINE GENERATED ***
  *
  * This file has been machine generated using the script:
- * {generator_script}
+ * $generator_script
  *
- * Test file      : {test_file}
+ * Test file      : $test_file
  *
  * The following files were used to create this file.
  *
- *      Main code file      : {test_main_file}
- *      Platform code file  : {test_platform_file}
- *      Helper file         : {test_common_helper_file}
- *      Test suite file     : {test_case_file}
- *      Test suite data     : {test_case_data_file}
+ *      Main code file      : $test_main_file
+ *      Platform code file  : $test_platform_file
+ *      Helper file         : $test_common_helper_file
+ *      Test suite file     : $test_case_file
+ *      Test suite data     : $test_case_data_file
  *
  *
  *  This file is part of Mbed TLS (https://tls.mbed.org)
@@ -29,9 +29,9 @@
 /*----------------------------------------------------------------------------*/
 /* Common helper code */
 
-{test_common_helpers}
+$test_common_helpers
 
-#line {line_no} "suites/main_test.function"
+#line $line_no "suites/main_test.function"
 
 
 /*----------------------------------------------------------------------------*/
@@ -40,9 +40,9 @@
 
 #define TEST_SUITE_ACTIVE
 
-{functions_code}
+$functions_code
 
-#line {line_no} "suites/main_test.function"
+#line $line_no "suites/main_test.function"
 
 
 /*----------------------------------------------------------------------------*/
@@ -54,7 +54,7 @@
  *              For optimizing space for embedded targets each expression/macro
  *              is identified by a unique identifier instead of string literals.
  *              Identifiers and evaluation code is generated by script:
- *              {generator_script}
+ *              $generator_script
  *
  * \param exp_id    Expression identifier.
  * \param out_value Pointer to int to hold the integer.
@@ -62,24 +62,24 @@
  * \return       0 if exp_id is found. 1 otherwise.
  */
 int get_expression( int32_t exp_id, int32_t * out_value )
-{{
+{
     int ret = KEY_VALUE_MAPPING_FOUND;
 
     (void) exp_id;
     (void) out_value;
 
     switch( exp_id )
-    {{
-{expression_code}
-#line {line_no} "suites/main_test.function"
+    {
+$expression_code
+#line $line_no "suites/main_test.function"
         default:
-           {{
+           {
                 ret = KEY_VALUE_MAPPING_NOT_FOUND;
-           }}
+           }
            break;
-    }}
+    }
     return( ret );
-}}
+}
 
 
 /**
@@ -87,27 +87,27 @@ int get_expression( int32_t exp_id, int32_t * out_value )
  *              For optimizing space for embedded targets each dependency
  *              is identified by a unique identifier instead of string literals.
  *              Identifiers and check code is generated by script:
- *              {generator_script}
+ *              $generator_script
  *
  * \param exp_id    Dependency identifier.
  *
  * \return       DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED
  */
 int dep_check( int dep_id )
-{{
+{
     int ret = DEPENDENCY_NOT_SUPPORTED;
 
     (void) dep_id;
 
     switch( dep_id )
-    {{
-{dep_check_code}
-#line {line_no} "suites/main_test.function"
+    {
+$dep_check_code
+#line $line_no "suites/main_test.function"
         default:
             break;
-    }}
+    }
     return( ret );
-}}
+}
 
 
 /**
@@ -125,14 +125,14 @@ typedef void (*TestWrapper_t)( void ** );
 /**
  * \brief       Table of test function wrappers. Used by dispatch_test().
  *              This table is populated by script:
- *              {generator_script}
+ *              $generator_script
  *
  */
 TestWrapper_t test_funcs[] =
-{{
-{dispatch_code}
-#line {line_no} "suites/main_test.function"
-}};
+{
+$dispatch_code
+#line $line_no "suites/main_test.function"
+};
 
 
 /**
@@ -145,25 +145,25 @@ TestWrapper_t test_funcs[] =
  *               DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
  */
 int dispatch_test( int func_idx, void ** params )
-{{
+{
     int ret = DISPATCH_TEST_SUCCESS;
     TestWrapper_t fp = NULL;
 
     if ( func_idx < (int)( sizeof( test_funcs ) / sizeof( TestWrapper_t ) ) )
-    {{
+    {
         fp = test_funcs[func_idx];
         if ( fp )
             fp( params );
         else
-            ret = ( DISPATCH_UNSUPPORTED_SUITE );
-    }}
+            ret = DISPATCH_UNSUPPORTED_SUITE;
+    }
     else
-    {{
-        ret = ( DISPATCH_TEST_FN_NOT_FOUND );
-    }}
+    {
+        ret = DISPATCH_TEST_FN_NOT_FOUND;
+    }
 
     return( ret );
-}}
+}
 
 
 /**
@@ -176,28 +176,28 @@ int dispatch_test( int func_idx, void ** params )
  *               DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
  */
 int check_test( int func_idx )
-{{
+{
     int ret = DISPATCH_TEST_SUCCESS;
     TestWrapper_t fp = NULL;
 
     if ( func_idx < (int)( sizeof(test_funcs)/sizeof( TestWrapper_t ) ) )
-    {{
+    {
         fp = test_funcs[func_idx];
         if ( fp == NULL )
-            ret = ( DISPATCH_UNSUPPORTED_SUITE );
-    }}
+            ret = DISPATCH_UNSUPPORTED_SUITE;
+    }
     else
-    {{
-        ret = ( DISPATCH_TEST_FN_NOT_FOUND );
-    }}
+    {
+        ret = DISPATCH_TEST_FN_NOT_FOUND;
+    }
 
     return( ret );
-}}
+}
 
 
-{platform_code}
+$platform_code
 
-#line {line_no} "suites/main_test.function"
+#line $line_no "suites/main_test.function"
 
 /*----------------------------------------------------------------------------*/
 /* Main Test code */
@@ -212,17 +212,17 @@ int check_test( int func_idx )
  * \return       Exit code.
  */
 int main( int argc, const char *argv[] )
-{{
+{
     int ret = platform_setup();
     if( ret != 0 )
-    {{
+    {
         mbedtls_fprintf( stderr,
                          "FATAL: Failed to initialize platform - error %d\n",
                          ret );
         return( -1 );
-    }}
+    }
     ret = execute_tests( argc, argv );
     platform_teardown();
     return( ret );
-}}
+}
 

From 58e9c1833bfb386e385a345776c6f853306adddc Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Mon, 6 Aug 2018 11:48:06 +0100
Subject: [PATCH 339/578] Fix Wformat-overflow warning in ssl_mail_client.c

sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
---
 programs/ssl/ssl_mail_client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index d3b569cb0..0ce6727dd 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -356,9 +356,11 @@ int main( int argc, char *argv[] )
     int ret = 1, len;
     int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context server_fd;
-    unsigned char buf[1024];
 #if defined(MBEDTLS_BASE64_C)
     unsigned char base[1024];
+    unsigned char buf[ sizeof( base ) + 2 ];
+#else
+    unsigned char buf[1024];
 #endif
     char hostname[32];
     const char *pers = "ssl_mail_client";

From ce6eebb0b89ce7deaa87009404399e9511c2af0b Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 7 Aug 2018 20:26:55 +0100
Subject: [PATCH 340/578] Use gmtime when target is not windows or posix

---
 include/mbedtls/threading.h |  9 +++++++++
 library/threading.c         | 17 +++++++++++++++++
 library/x509.c              | 24 +++++++++++++++++++++++-
 3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index c25daa5cd..4cfaadde2 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -99,6 +99,15 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 #if defined(MBEDTLS_FS_IO)
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+#if !defined(_WIN32) && (defined(__unix__) || \
+    (defined(__APPLE__) && defined(__MACH__)))
+#include <unistd.h>
+#if !defined(_POSIX_VERSION)
+extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+#endif /* !_POSIX_VERSION */
+#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 #endif /* MBEDTLS_THREADING_C */
 
 #ifdef __cplusplus
diff --git a/library/threading.c b/library/threading.c
index 7a32e672c..fa4f6c928 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -29,6 +29,14 @@
 
 #include "mbedtls/threading.h"
 
+#if !defined(_WIN32) && (defined(__unix__) || \
+    (defined(__APPLE__) && defined(__MACH__)))
+#include <unistd.h>
+#if !defined(_POSIX_VERSION)
+#define MBEDTLS_THREADING_USE_GMTIME
+#endif /* !_POSIX_VERSION */
+#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
+
 #if defined(MBEDTLS_THREADING_PTHREAD)
 static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
 {
@@ -114,6 +122,9 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
 #if defined(MBEDTLS_FS_IO)
     mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
 #endif
+#if defined(MBEDTLS_THREADING_USE_GMTIME)
+    mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
+#endif
 }
 
 /*
@@ -124,6 +135,9 @@ void mbedtls_threading_free_alt( void )
 #if defined(MBEDTLS_FS_IO)
     mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
 #endif
+#if defined(MBEDTLS_THREADING_USE_GMTIME)
+    mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
+#endif
 }
 #endif /* MBEDTLS_THREADING_ALT */
 
@@ -136,5 +150,8 @@ void mbedtls_threading_free_alt( void )
 #if defined(MBEDTLS_FS_IO)
 mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
 #endif
+#if defined(MBEDTLS_THREADING_USE_GMTIME)
+mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
+#endif
 
 #endif /* MBEDTLS_THREADING_C */
diff --git a/library/x509.c b/library/x509.c
index 2e6795f75..b7e799b44 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -890,6 +890,14 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
 }
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
+#if !defined(_WIN32) && (defined(__unix__) || \
+    (defined(__APPLE__) && defined(__MACH__)))
+#include <unistd.h>
+#if !defined(_POSIX_VERSION)
+#define MBEDTLS_X509_USE_GMTIME
+#endif /* !_POSIX_VERSION */
+#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
+
 /*
  * Set the time structure to the current time.
  * Return 0 on success, non-zero on failure.
@@ -900,11 +908,20 @@ static int x509_get_current_time( mbedtls_x509_time *now )
     mbedtls_time_t tt;
     int ret = 0;
 
+    (void)tm_buf;
+
+#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME)
+    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */
+
     tt = mbedtls_time( NULL );
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
     lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL;
-#else
+#elif defined(_POSIX_VERSION)
     lt = gmtime_r( &tt, &tm_buf );
+#else
+    lt = gmtime( &tt );
 #endif
 
     if( lt == NULL )
@@ -919,6 +936,11 @@ static int x509_get_current_time( mbedtls_x509_time *now )
         now->sec  = lt->tm_sec;
     }
 
+#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME)
+    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
+        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */
+
     return( ret );
 }
 

From 824dfb34b4b34854daefa71211a8896c634f33f4 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 7 Aug 2018 20:29:57 +0100
Subject: [PATCH 341/578] Add ChangeLog entry for use of gmtime

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index bda3de8f5..d8b282990 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
+   * Fix build failures on where only gmtime() is available but neither
+     gmtime_r() nor gmtime_s() are present. Fixes #1907.
 
 = mbed TLS 2.12.0 branch released 2018-07-25
 

From 97f3ecb972f2901c55c9a490a69f175012e7e6d1 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 7 Aug 2018 20:39:27 +0100
Subject: [PATCH 342/578] Document dependency on gmtime, gmtime_r & gmtime_s

---
 include/mbedtls/config.h | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 70820be56..9ee86ff24 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -137,12 +137,20 @@
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
  *
- * System has time.h and time(), gmtime() and the clock is correct.
+ * System has time.h and time(), gmtime_s() (Windows), gmtime_r() (POSIX) or
+ * gmtime() and the clock is correct.
  * The time needs to be correct (not necesarily very accurate, but at least
  * the date should be correct). This is used to verify the validity period of
  * X.509 certificates.
  *
  * Comment if your system does not have a correct clock.
+ *
+ * \warning gmtime() is used if the target platform is neither Windows nor
+ * POSIX. Unfortunately, gmtime() is not thread-safe, so a mutex is used when
+ * MBEDTLS_THREADING_C is defined to guarantee sequential usage of gmtime()
+ * across Mbed TLS threads. However, applications must ensure that calls to
+ * gmtime() from outside the library also use the mutex to avoid concurrency
+ * issues.
  */
 #define MBEDTLS_HAVE_TIME_DATE
 

From d7177435e3eb9ec7c1c34e16da9b6385003543e9 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 8 Aug 2018 09:41:17 +0100
Subject: [PATCH 343/578] Fix check-names.sh fail with USE_GMTIME macro

---
 library/threading.c |  8 ++++----
 library/x509.c      | 10 +++++-----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/library/threading.c b/library/threading.c
index fa4f6c928..95ae8d144 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -33,7 +33,7 @@
     (defined(__APPLE__) && defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION)
-#define MBEDTLS_THREADING_USE_GMTIME
+#define THREADING_USE_GMTIME
 #endif /* !_POSIX_VERSION */
 #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
 
@@ -122,7 +122,7 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t *
 #if defined(MBEDTLS_FS_IO)
     mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
 #endif
-#if defined(MBEDTLS_THREADING_USE_GMTIME)
+#if defined(THREADING_USE_GMTIME)
     mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
 #endif
 }
@@ -135,7 +135,7 @@ void mbedtls_threading_free_alt( void )
 #if defined(MBEDTLS_FS_IO)
     mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
 #endif
-#if defined(MBEDTLS_THREADING_USE_GMTIME)
+#if defined(THREADING_USE_GMTIME)
     mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
 #endif
 }
@@ -150,7 +150,7 @@ void mbedtls_threading_free_alt( void )
 #if defined(MBEDTLS_FS_IO)
 mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
 #endif
-#if defined(MBEDTLS_THREADING_USE_GMTIME)
+#if defined(THREADING_USE_GMTIME)
 mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
 #endif
 
diff --git a/library/x509.c b/library/x509.c
index b7e799b44..03c3bbe1d 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -894,7 +894,7 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
     (defined(__APPLE__) && defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION)
-#define MBEDTLS_X509_USE_GMTIME
+#define X509_USE_GMTIME
 #endif /* !_POSIX_VERSION */
 #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
 
@@ -910,10 +910,10 @@ static int x509_get_current_time( mbedtls_x509_time *now )
 
     (void)tm_buf;
 
-#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME)
+#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME)
     if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */
+#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */
 
     tt = mbedtls_time( NULL );
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -936,10 +936,10 @@ static int x509_get_current_time( mbedtls_x509_time *now )
         now->sec  = lt->tm_sec;
     }
 
-#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_X509_USE_GMTIME)
+#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME)
     if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif /* MBEDTLS_THREADING_C && MBEDTLS_X509_USE_GMTIME */
+#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */
 
     return( ret );
 }

From 372b50b25205329003a825563e3e8c0ecac81c0c Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Fri, 10 Aug 2018 10:56:31 +0100
Subject: [PATCH 344/578] Add a ChangeLog entry for #1816

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8c757a512..0642bea78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,10 @@ Bugfix
    * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
      Fix contributed by Espressif Systems.
 
+Changes
+   * Copy headers preserving timestamps when doing a "make install".
+     Contributed by xueruini.
+
 = mbed TLS 2.12.0 branch released 2018-07-25
 
 Security

From d1a4762adb4a05fdf297d960383aec19ac578b35 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Mon, 13 Aug 2018 13:49:52 +0300
Subject: [PATCH 345/578] Use mbedtls_printf instead of printf

Replace usages of `printf()` with `mbedtls_printf()` in `aria.c`
which were accidently merged. Fixes #1908
---
 ChangeLog      |  1 +
 library/aria.c | 28 ++++++++++++++--------------
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index abd5e61bb..61d0e4e83 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@ Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
      This improves compliance to RFC 4492, and as a result, solves
      interoperability issues with BouncyCastle. Raised by milenamil in #1157.
+   * Replace printf with mbedtls_printf in aria. Found by TrinityTonic in #1908.
 
 Changes
    * Copy headers preserving timestamps when doing a "make install".
diff --git a/library/aria.c b/library/aria.c
index e9bcd6d13..ca9e147f0 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -875,11 +875,11 @@ static const uint8_t aria_test2_ctr_ct[3][48] =         // CTR ciphertext
 #define ARIA_SELF_TEST_IF_FAIL              \
         {                                   \
             if( verbose )                   \
-                printf( "failed\n" );       \
+                mbedtls_printf( "failed\n" );       \
             return( 1 );                    \
         } else {                            \
             if( verbose )                   \
-                printf( "passed\n" );       \
+                mbedtls_printf( "passed\n" );       \
         }
 
 /*
@@ -908,7 +908,7 @@ int mbedtls_aria_self_test( int verbose )
     {
         /* test ECB encryption */
         if( verbose )
-            printf( "  ARIA-ECB-%d (enc): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-ECB-%d (enc): ", 128 + 64 * i );
         mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
         mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
         if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
@@ -916,14 +916,14 @@ int mbedtls_aria_self_test( int verbose )
 
         /* test ECB decryption */
         if( verbose )
-            printf( "  ARIA-ECB-%d (dec): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-ECB-%d (dec): ", 128 + 64 * i );
         mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
         mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
         if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 )
             ARIA_SELF_TEST_IF_FAIL;
     }
     if( verbose )
-        printf( "\n" );
+        mbedtls_printf( "\n" );
 
     /*
      * Test set 2
@@ -933,7 +933,7 @@ int mbedtls_aria_self_test( int verbose )
     {
         /* Test CBC encryption */
         if( verbose )
-            printf( "  ARIA-CBC-%d (enc): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-CBC-%d (enc): ", 128 + 64 * i );
         mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
         memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
         memset( buf, 0x55, sizeof( buf ) );
@@ -944,7 +944,7 @@ int mbedtls_aria_self_test( int verbose )
 
         /* Test CBC decryption */
         if( verbose )
-            printf( "  ARIA-CBC-%d (dec): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-CBC-%d (dec): ", 128 + 64 * i );
         mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
         memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
         memset( buf, 0xAA, sizeof( buf ) );
@@ -954,7 +954,7 @@ int mbedtls_aria_self_test( int verbose )
             ARIA_SELF_TEST_IF_FAIL;
     }
     if( verbose )
-        printf( "\n" );
+        mbedtls_printf( "\n" );
 
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -963,7 +963,7 @@ int mbedtls_aria_self_test( int verbose )
     {
         /* Test CFB encryption */
         if( verbose )
-            printf( "  ARIA-CFB-%d (enc): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-CFB-%d (enc): ", 128 + 64 * i );
         mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
         memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
         memset( buf, 0x55, sizeof( buf ) );
@@ -975,7 +975,7 @@ int mbedtls_aria_self_test( int verbose )
 
         /* Test CFB decryption */
         if( verbose )
-            printf( "  ARIA-CFB-%d (dec): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-CFB-%d (dec): ", 128 + 64 * i );
         mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
         memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
         memset( buf, 0xAA, sizeof( buf ) );
@@ -986,7 +986,7 @@ int mbedtls_aria_self_test( int verbose )
             ARIA_SELF_TEST_IF_FAIL;
     }
     if( verbose )
-        printf( "\n" );
+        mbedtls_printf( "\n" );
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -994,7 +994,7 @@ int mbedtls_aria_self_test( int verbose )
     {
         /* Test CTR encryption */
         if( verbose )
-            printf( "  ARIA-CTR-%d (enc): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-CTR-%d (enc): ", 128 + 64 * i );
         mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
         memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE );                    // IV = 0
         memset( buf, 0x55, sizeof( buf ) );
@@ -1006,7 +1006,7 @@ int mbedtls_aria_self_test( int verbose )
 
         /* Test CTR decryption */
         if( verbose )
-            printf( "  ARIA-CTR-%d (dec): ", 128 + 64 * i );
+            mbedtls_printf( "  ARIA-CTR-%d (dec): ", 128 + 64 * i );
         mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
         memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE );                    // IV = 0
         memset( buf, 0xAA, sizeof( buf ) );
@@ -1017,7 +1017,7 @@ int mbedtls_aria_self_test( int verbose )
             ARIA_SELF_TEST_IF_FAIL;
     }
     if( verbose )
-        printf( "\n" );
+        mbedtls_printf( "\n" );
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
     return( 0 );

From 446227a1bd177e988091acb84d338316262f4924 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Mon, 13 Aug 2018 14:46:45 +0300
Subject: [PATCH 346/578] Enhance nist_kw with some NULL buffers tests

Enhance the nist_kw test suite, with setting zero length input\output
buffers. Resolves #1882.
---
 tests/suites/test_suite_nist_kw.data     | 21 ++++++++++++++++
 tests/suites/test_suite_nist_kw.function | 32 +++++++++++++-----------
 2 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/tests/suites/test_suite_nist_kw.data b/tests/suites/test_suite_nist_kw.data
index eee45743e..446255857 100644
--- a/tests/suites/test_suite_nist_kw.data
+++ b/tests/suites/test_suite_nist_kw.data
@@ -69,6 +69,27 @@ nist_kw_ciphertext_lengths:32:16:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT
 NIST KW lengths #16 KWP unwrapping output buffer too short
 nist_kw_ciphertext_lengths:24:12:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
 
+NIST KW lengths #17 KW plaintext NULL (2 to 2^54 - 1 semiblocks)
+nist_kw_plaintext_lengths:0:8:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #18 KW wrapping output NULL
+nist_kw_plaintext_lengths:8:0:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #19 KWP wrapping output NULL
+nist_kw_plaintext_lengths:8:0:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #20 KW ciphertext NULL
+nist_kw_ciphertext_lengths:0:8:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #21 KWP ciphertext NULL
+nist_kw_ciphertext_lengths:0:8:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #15 KW unwrapping output NULL
+nist_kw_ciphertext_lengths:32:0:MBEDTLS_KW_MODE_KW:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
+NIST KW lengths #16 KWP unwrapping output NULL
+nist_kw_ciphertext_lengths:24:0:MBEDTLS_KW_MODE_KWP:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+
 NIST KW wrap AES-128 CAVS 17.4 PLAINTEXT LENGTH = 128 count 7
 depends_on:MBEDTLS_AES_C
 mbedtls_nist_kw_wrap:MBEDTLS_CIPHER_ID_AES:MBEDTLS_KW_MODE_KW:"095e293f31e317ba6861114b95c90792":"64349d506ae85ecd84459c7a5c423f55":"97de4425572274bd7fb2d6688d5afd4454d992348d42a643"
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index eb67c03f0..ff5bb8be0 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -158,19 +158,17 @@ void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res )
 
     memset( key, 0, sizeof( key ) );
 
-    if (in_len == 0)
-    {
-        /* mbedtls_calloc can return NULL for zero-length buffers. Make sure we
-         * always have a plaintext buffer, even if the length is 0. */
-        plaintext = mbedtls_calloc( 1, 1 );
-    }
-    else
+    if( in_len != 0 )
     {
         plaintext = mbedtls_calloc( 1, in_len );
     }
-    TEST_ASSERT( plaintext != NULL );
-    ciphertext = mbedtls_calloc( 1, output_len );
-    TEST_ASSERT( ciphertext != NULL );
+    TEST_ASSERT( in_len == 0 || plaintext != NULL );
+
+    if( out_len != 0 )
+    {
+        ciphertext = mbedtls_calloc( 1, output_len );
+    }
+    TEST_ASSERT( out_len == 0 || ciphertext != NULL );
 
     memset( plaintext, 0, in_len );
     memset( ciphertext, 0, output_len );
@@ -216,10 +214,16 @@ void nist_kw_ciphertext_lengths( int in_len, int out_len, int mode, int res )
 
     memset( key, 0, sizeof( key ) );
 
-    plaintext = mbedtls_calloc( 1, output_len );
-    TEST_ASSERT( plaintext != NULL );
-    ciphertext = mbedtls_calloc( 1, in_len );
-    TEST_ASSERT( ciphertext != NULL );
+    if( out_len != 0 )
+    {
+        plaintext = mbedtls_calloc( 1, output_len );
+    }
+    TEST_ASSERT( out_len == 0 || plaintext != NULL );
+    if( in_len != 0 )
+    {
+        ciphertext = mbedtls_calloc( 1, in_len );
+    }
+    TEST_ASSERT( in_len == 0 || ciphertext != NULL );
 
     memset( plaintext, 0, output_len );
     memset( ciphertext, 0, in_len );

From 7864090ec1ac5ebcdb76db39f324a0faf8e4cf18 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 13 Aug 2018 16:35:15 +0100
Subject: [PATCH 347/578] Reset session_in/out pointers in
 ssl_session_reset_int()

Fixes #1941.
---
 library/ssl_tls.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 91f96c8ab..3b047fc0b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5973,6 +5973,9 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
     ssl->transform_in = NULL;
     ssl->transform_out = NULL;
 
+    ssl->session_in = NULL;
+    ssl->session_out = NULL;
+
     memset( ssl->out_buf, 0, MBEDTLS_SSL_OUT_BUFFER_LEN );
     if( partial == 0 )
         memset( ssl->in_buf, 0, MBEDTLS_SSL_IN_BUFFER_LEN );
@@ -6842,14 +6845,14 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
     size_t transform_expansion;
     const mbedtls_ssl_transform *transform = ssl->transform_out;
 
+    if( transform == NULL )
+        return( (int) mbedtls_ssl_hdr_len( ssl ) );
+
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
         return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 #endif
 
-    if( transform == NULL )
-        return( (int) mbedtls_ssl_hdr_len( ssl ) );
-
     switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
     {
         case MBEDTLS_MODE_GCM:

From 361f254eab6780f05ecb10ceb66022a2197d48a8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 13 Aug 2018 16:36:58 +0100
Subject: [PATCH 348/578] Adapt ChangeLog

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index abd5e61bb..61a6552ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
      This improves compliance to RFC 4492, and as a result, solves
      interoperability issues with BouncyCastle. Raised by milenamil in #1157.
+   * Fix potential segmentation fault in mbedtls_ssl_get_max_frag_len()
+     and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
 
 Changes
    * Copy headers preserving timestamps when doing a "make install".

From 9ebdcffef4d1841dc2e81f41c25ad200ac91e049 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Mon, 6 Aug 2018 11:48:06 +0100
Subject: [PATCH 349/578] Fix Wformat-overflow warning in ssl_mail_client.c

sprintf( (char *) buf, "%s\r\n", base );
 Above code generates Wformat-overflow warning since both buf and base
are of same size. buf should be sizeof( base ) + characters added in
the format. In this case format 2 bytes for "\r\n".
---
 programs/ssl/ssl_mail_client.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index d3b569cb0..16cedfe94 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -356,9 +356,15 @@ int main( int argc, char *argv[] )
     int ret = 1, len;
     int exit_code = MBEDTLS_EXIT_FAILURE;
     mbedtls_net_context server_fd;
-    unsigned char buf[1024];
 #if defined(MBEDTLS_BASE64_C)
     unsigned char base[1024];
+    /* buf is used as the destination buffer for printing base with the format:
+     * "%s\r\n". Hence, the size of buf should be at least the size of base
+     * plus 2 bytes for the \r and \n characters.
+     */
+    unsigned char buf[sizeof( base ) + 2];
+#else
+    unsigned char buf[1024];
 #endif
     char hostname[32];
     const char *pers = "ssl_mail_client";

From 9dc3be760131fbd4aa1637b9d961ce7a9178c12d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 15:22:05 +0100
Subject: [PATCH 350/578] Improve wording in ChangeLog

---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 61a6552ef..59561fd07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,7 +10,7 @@ Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
      This improves compliance to RFC 4492, and as a result, solves
      interoperability issues with BouncyCastle. Raised by milenamil in #1157.
-   * Fix potential segmentation fault in mbedtls_ssl_get_max_frag_len()
+   * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
      and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
 
 Changes

From d0a78e91b39e3851b69550d214872a812d1130ac Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Mon, 6 Aug 2018 13:55:46 +0100
Subject: [PATCH 351/578] HKDF: Fix style issue

---
 include/mbedtls/hkdf.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 6833e7272..235c5ad5e 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -99,8 +99,8 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
  *
  *  \param  md        A hash function; md.size denotes the length of the hash
  *                    function output in bytes.
- *  \param  prk       A pseudorandom key of at least md.size bytes. \p prk is usually,
- *                    the output from the HKDF extract step.
+ *  \param  prk       A pseudorandom key of at least md.size bytes. \p prk is
+ *                    usually the output from the HKDF extract step.
  *  \param  prk_len   The length in bytes of \p prk.
  *  \param  info      An optional context and application specific information
  *                    string. This can be a zero-length string.

From 08a4aebc4694640f555b775f3bc4ad0a6a74170e Mon Sep 17 00:00:00 2001
From: Janos Follath <janos.follath@arm.com>
Date: Mon, 6 Aug 2018 14:20:15 +0100
Subject: [PATCH 352/578] HKDF: Add warning to partial functions

The standard HKDF security guarantees only hold if `mbedtls_hkdf()` is
used or if `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` are
called in succession carefully and an equivalent way.

Making `mbedtls_hkdf_extract()` and `mbedtls_hkdf_expand()` static would
prevent any misuse, but doing so would require the TLS 1.3 stack to
break abstraction and bypass the module API.

To reduce the risk of misuse we add warnings to the function
descriptions.
---
 ChangeLog              |  5 +++++
 include/mbedtls/hkdf.h | 10 ++++++++++
 2 files changed, 15 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index bda3de8f5..557567883 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@ Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
 
+Changes
+   * Add warnings to the documentation of the HKDF module to reduce the risk
+     of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
+     functions. Fixes #1775. Reported by Brian J. Murray.
+
 = mbed TLS 2.12.0 branch released 2018-07-25
 
 Security
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 235c5ad5e..e6ed7cde9 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -73,6 +73,11 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
  *  \brief  Take the input keying material \p ikm and extract from it a
  *          fixed-length pseudorandom key \p prk.
  *
+ *  \warning    This function should only be used if the security of it has been
+ *              studied and established in that particular context (eg. TLS 1.3
+ *              key schedule). For standard HKDF security guarantees use
+ *              \c mbedtls_hkdf instead.
+ *
  *  \param       md        A hash function; md.size denotes the length of the
  *                         hash function output in bytes.
  *  \param       salt      An optional salt value (a non-secret random value);
@@ -97,6 +102,11 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
  *  \brief  Expand the supplied \p prk into several additional pseudorandom
  *          keys, which is the output of the HKDF.
  *
+ *  \warning    This function should only be used if the security of it has been
+ *              studied and established in that particular context (eg. TLS 1.3
+ *              key schedule). For standard HKDF security guarantees use
+ *              \c mbedtls_hkdf instead.
+ *
  *  \param  md        A hash function; md.size denotes the length of the hash
  *                    function output in bytes.
  *  \param  prk       A pseudorandom key of at least md.size bytes. \p prk is

From 2c069dfad3aba3d8267a27d84dd7e253584c8e13 Mon Sep 17 00:00:00 2001
From: Mohammad Azim Khan <Azim.Khan@arm.com>
Date: Wed, 15 Aug 2018 13:55:37 +0100
Subject: [PATCH 353/578] Fix typo in test_suite_entropy.function

---
 tests/suites/test_suite_entropy.function | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 26a0f5911..0b1cfe80d 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -311,7 +311,6 @@ void entropy_nv_seed( data_t * read_seed )
     unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char empty[MBEDTLS_ENTROPY_BLOCK_SIZE];
-    unsigned char read_seed->x[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
     unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
@@ -323,7 +322,7 @@ void entropy_nv_seed( data_t * read_seed )
     memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
     // Set the initial NV seed to read
-    memcpy( buffer_seed, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    memcpy( buffer_seed, read_seed->x, read_seed->len );
 
     // Make sure we read/write NV seed from our buffers
     mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write );
@@ -348,7 +347,7 @@ void entropy_nv_seed( data_t * read_seed )
     // First run for updating write_seed
     header[0] = 0;
     mbedtls_sha512_update( &accumulator, header, 2 );
-    mbedtls_sha512_update( &accumulator, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE );
+    mbedtls_sha512_update( &accumulator, read_seed->x, read_seed->len );
     mbedtls_sha512_finish( &accumulator, buf );
 
     memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) );

From 31c1586893d975b139af191329eaafe19965506f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Sep 2017 09:38:11 +0200
Subject: [PATCH 354/578] Start separating handshake from record writing

---
 include/mbedtls/ssl_internal.h |  1 +
 library/ssl_cli.c              | 12 +++---
 library/ssl_srv.c              | 20 ++++-----
 library/ssl_tls.c              | 76 +++++++++++++++++++++++++++-------
 4 files changed, 79 insertions(+), 30 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index d214703d7..68b5f3033 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -559,6 +559,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
+int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 321d6367a..253c81f73 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1088,9 +1088,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         mbedtls_ssl_send_flight_completed( ssl );
 #endif
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -3075,9 +3075,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -3260,9 +3260,9 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 2872f1fb0..66de2e46c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2384,9 +2384,9 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
 
     ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -2624,7 +2624,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO;
 
-    ret = mbedtls_ssl_write_record( ssl );
+    ret = mbedtls_ssl_write_handshake_msg( ssl );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) );
 
@@ -2819,7 +2819,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
     ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size  >> 8 );
     ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size       );
 
-    ret = mbedtls_ssl_write_record( ssl );
+    ret = mbedtls_ssl_write_handshake_msg( ssl );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) );
 
@@ -3336,9 +3336,9 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -3363,9 +3363,9 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
         mbedtls_ssl_send_flight_completed( ssl );
 #endif
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -4227,9 +4227,9 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl )
      */
     ssl->handshake->new_session_ticket = 0;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3b047fc0b..464cf6933 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2927,19 +2927,41 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 /*
- * Record layer functions
+ * Handshake layer functions
  */
 
 /*
- * Write current record.
- * Uses ssl->out_msgtype, ssl->out_msglen and bytes at ssl->out_msg.
+ * Write current handshake (including CCS) message.
+ *
+ *  - fill in handshake headers
+ *  - update handshake checksum
+ *  - DTLS: save message for resending
+ *  - then pass to the record layer
+ *
+ * Inputs:
+ *  - ssl->out_msglen: 4 + actual handshake message len
+ *      (4 is the size of handshake headers for TLS)
+ *  - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
+ *  - ssl->out_msg + 4: the handshake message body
+ *
+ *  Outputs:
+ *   - ssl->out_msglen: the length of the record contents
+ *      (including handshake headers but excluding record headers)
+ *   - ssl->out_msg: the record contents (handshake headers + content)
  */
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
 {
-    int ret, done = 0, out_msg_type;
+    int ret, out_msg_type;
     size_t len = ssl->out_msglen;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) );
+
+    if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
+        ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
@@ -3028,6 +3050,32 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
     }
 #endif
 
+    ret = mbedtls_ssl_write_record( ssl );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );
+
+    return( ret );
+}
+
+/*
+ * Record layer functions
+ */
+
+/*
+ * Write current record.
+ *
+ * Uses:
+ *  - ssl->out_msgtype: type of the message (AppData, Handshake, Alert, CCS)
+ *  - ssl->out_msglen: length of the record content (excl headers)
+ *  - ssl->out_msg: record content
+ */
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
+{
+    int ret, done = 0;
+    size_t len = ssl->out_msglen;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
+
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     if( ssl->transform_out != NULL &&
         ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE )
@@ -4542,9 +4590,9 @@ write_msg:
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -4955,9 +5003,9 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl )
 
     ssl->state++;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -5583,9 +5631,9 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
         mbedtls_ssl_send_flight_completed( ssl );
 #endif
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 
@@ -6984,9 +7032,9 @@ static int ssl_write_hello_request( mbedtls_ssl_context *ssl )
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_HELLO_REQUEST;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
         return( ret );
     }
 

From 9c3a8caa928d2ea1679f3ec088b5afcfc533c185 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Sep 2017 09:54:27 +0200
Subject: [PATCH 355/578] Clarify code a bit in write_handshake_msg()

- take advantage of the fact that we're only called for first send
- put all sanity checks at the top
- rename and constify shortcut variables
- improve comments
---
 library/ssl_tls.c | 64 ++++++++++++++++++++++++++---------------------
 1 file changed, 36 insertions(+), 28 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 464cf6933..b66b4fec4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2938,6 +2938,8 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
  *  - DTLS: save message for resending
  *  - then pass to the record layer
  *
+ * DTLS: only used when first writing the message, not for resending.
+ *
  * Inputs:
  *  - ssl->out_msglen: 4 + actual handshake message len
  *      (4 is the size of handshake headers for TLS)
@@ -2951,11 +2953,15 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
  */
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
 {
-    int ret, out_msg_type;
-    size_t len = ssl->out_msglen;
+    int ret;
+    const size_t hs_len = ssl->out_msglen - 4;
+    const unsigned char hs_type = ssl->out_msg[0];
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) );
 
+    /*
+     * Sanity checks
+     */
     if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
         ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
     {
@@ -2963,29 +2969,32 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
 
+    if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+        hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
+        ssl->handshake == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
         ssl->handshake != NULL &&
         ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
     {
-        ; /* Skip special handshake treatment when resending */
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
     }
-    else
 #endif
+
+    /*
+     * Fill handshake headers
+     */
     if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
     {
-        out_msg_type = ssl->out_msg[0];
-
-        if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST &&
-            ssl->handshake == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
-        ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >>  8 );
-        ssl->out_msg[3] = (unsigned char)( ( len - 4 )       );
+        ssl->out_msg[1] = (unsigned char)( hs_len >> 16 );
+        ssl->out_msg[2] = (unsigned char)( hs_len >>  8 );
+        ssl->out_msg[3] = (unsigned char)( hs_len       );
 
         /*
          * DTLS has additional fields in the Handshake layer,
@@ -3002,17 +3011,16 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
                               "size %u, maximum %u",
-                               (unsigned) ( ssl->in_hslen - 4 ),
+                               (unsigned) ( hs_len ),
                                (unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
                 return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
             }
 
-            memmove( ssl->out_msg + 12, ssl->out_msg + 4, len - 4 );
+            memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len );
             ssl->out_msglen += 8;
-            len += 8;
 
             /* Write message_seq and update it, except for HelloRequest */
-            if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+            if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
             {
                 ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF;
                 ssl->out_msg[5] = ( ssl->handshake->out_msg_seq      ) & 0xFF;
@@ -3024,23 +3032,22 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
                 ssl->out_msg[5] = 0;
             }
 
-            /* We don't fragment, so frag_offset = 0 and frag_len = len */
+            /* Handshake hashes are computed without fragmentation,
+             * so set frag_offset = 0 and frag_len = hs_len for now */
             memset( ssl->out_msg + 6, 0x00, 3 );
             memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
         }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-        if( out_msg_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
-            ssl->handshake->update_checksum( ssl, ssl->out_msg, len );
+        /* Update running hashes of hanshake messages seen */
+        if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+            ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
     }
 
-    /* Save handshake and CCS messages for resending */
+    /* Save for resending */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake != NULL &&
-        ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING &&
-        ( ssl->out_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ||
-          ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) )
+        hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
     {
         if( ( ret = ssl_flight_append( ssl ) ) != 0 )
         {
@@ -3050,6 +3057,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
     }
 #endif
 
+    /* Actually send out */
     ret = mbedtls_ssl_write_record( ssl );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );

From 87a346f64e0d73522c17c22c5f4982c291d52641 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Sep 2017 12:45:21 +0200
Subject: [PATCH 356/578] Always save flight first, (re)send later

This will allow fragmentation to always happen in the same place, always from
a buffer distinct from ssl->out_msg, and with the same way of resuming after
returning WANT_WRITE
---
 include/mbedtls/ssl_internal.h |  1 +
 library/ssl_cli.c              | 11 ++++++-
 library/ssl_srv.c              | 20 +++++++++++-
 library/ssl_tls.c              | 59 ++++++++++++++++++++++++++--------
 4 files changed, 75 insertions(+), 16 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 68b5f3033..501202bb3 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -669,6 +669,7 @@ static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
 void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
 #endif
 
 /* Visible for testing purposes only */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 253c81f73..4b17deaaa 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1094,6 +1094,15 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         return( ret );
     }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+        return( ret );
+    }
+#endif
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
 
     return( 0 );
@@ -3402,7 +3411,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
         ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
     {
-        if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
             return( ret );
     }
 #endif
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 66de2e46c..eda50bb34 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2390,6 +2390,15 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
         return( ret );
     }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+        return( ret );
+    }
+#endif
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
 
     return( 0 );
@@ -3369,6 +3378,15 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
         return( ret );
     }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+        return( ret );
+    }
+#endif
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
 
     return( 0 );
@@ -4258,7 +4276,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
         ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
     {
-        if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
             return( ret );
     }
 #endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b66b4fec4..5f032232a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2822,18 +2822,34 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
 
 /*
  * Retransmit the current flight of messages.
+ */
+int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
+{
+    int ret = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
+
+    ret = mbedtls_ssl_flight_transmit( ssl );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
+
+    return( ret );
+}
+
+/*
+ * Transmit or retransmit the current flight of messages.
  *
  * Need to remember the current message in case flush_output returns
  * WANT_WRITE, causing us to exit this function and come back later.
  * This function must be called until state is no longer SENDING.
  */
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 {
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
 
     if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise resending" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise fligh transmission" ) );
 
         ssl->handshake->cur_msg = ssl->handshake->flight;
         ssl_swap_epochs( ssl );
@@ -2861,7 +2877,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
 
         ssl->handshake->cur_msg = cur->next;
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "resent handshake message header", ssl->out_msg, 12 );
+        MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
 
         if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
         {
@@ -2878,7 +2894,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
         ssl_set_timer( ssl, ssl->handshake->retransmit_timeout );
     }
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) );
 
     return( 0 );
 }
@@ -2931,14 +2947,15 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
  */
 
 /*
- * Write current handshake (including CCS) message.
+ * Write (DTLS: or queue) current handshake (including CCS) message.
  *
  *  - fill in handshake headers
  *  - update handshake checksum
  *  - DTLS: save message for resending
  *  - then pass to the record layer
  *
- * DTLS: only used when first writing the message, not for resending.
+ * DTLS: except for HelloRequest, messages are only queued, and will only be
+ * actually sent when calling flight_transmit() or resend().
  *
  * Inputs:
  *  - ssl->out_msglen: 4 + actual handshake message len
@@ -2946,7 +2963,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
  *  - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
  *  - ssl->out_msg + 4: the handshake message body
  *
- *  Outputs:
+ * Ouputs, ie state before passing to flight_append() or write_record():
  *   - ssl->out_msglen: the length of the record contents
  *      (including handshake headers but excluding record headers)
  *   - ssl->out_msg: the record contents (handshake headers + content)
@@ -3044,7 +3061,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
             ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
     }
 
-    /* Save for resending */
+    /* Either send now, or just save to be sent (and resent) later */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
         hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
@@ -3055,14 +3072,19 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
             return( ret );
         }
     }
+    else
 #endif
-
-    /* Actually send out */
-    ret = mbedtls_ssl_write_record( ssl );
+    {
+        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
+            return( ret );
+        }
+    }
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) );
 
-    return( ret );
+    return( 0 );
 }
 
 /*
@@ -5645,6 +5667,15 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
         return( ret );
     }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
+        return( ret );
+    }
+#endif
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
 
     return( 0 );
@@ -7207,7 +7238,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
         if( ssl->handshake != NULL &&
             ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
         {
-            if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 )
+            if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
                 return( ret );
         }
     }

From 28f4beab1c3f2df6a45000fa8985bf46736700b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Sep 2017 14:00:05 +0200
Subject: [PATCH 357/578] Start implementing fragmentation

---
 include/mbedtls/ssl_internal.h |  5 ++-
 library/ssl_tls.c              | 72 ++++++++++++++++++++++++++++++----
 2 files changed, 68 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 501202bb3..18982f89a 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -298,8 +298,9 @@ struct mbedtls_ssl_handshake_params
 
     uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
     unsigned char retransmit_state;     /*!<  Retransmission state           */
-    mbedtls_ssl_flight_item *flight;            /*!<  Current outgoing flight        */
-    mbedtls_ssl_flight_item *cur_msg;           /*!<  Current message in flight      */
+    mbedtls_ssl_flight_item *flight;    /*!<  Current outgoing flight        */
+    mbedtls_ssl_flight_item *cur_msg;   /*!<  Current message in flight      */
+    unsigned char *cur_msg_p;           /*!<  Position in current message    */
     unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
                                               flight being received          */
     mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5f032232a..6e0f6b604 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2852,16 +2852,23 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise fligh transmission" ) );
 
         ssl->handshake->cur_msg = ssl->handshake->flight;
+        ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
         ssl_swap_epochs( ssl );
 
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
     }
 
+    /*
+     * XXX: this should not be hardcoded.
+     * Currently UDP limit - HS header - Record header
+     * (Should account for encryption overhead (renegotiation, finished)?)
+     */
+#define HS_LIMIT    ( 512 - 12 - 13 )
+
     while( ssl->handshake->cur_msg != NULL )
     {
         int ret;
-        mbedtls_ssl_flight_item *cur = ssl->handshake->cur_msg;
-
+        const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
         /* Swap epochs before sending Finished: we can't do it after
          * sending ChangeCipherSpec, in case write returns WANT_READ.
          * Must be done before copying, may change out_msg pointer */
@@ -2871,14 +2878,64 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
             ssl_swap_epochs( ssl );
         }
 
-        memcpy( ssl->out_msg, cur->p, cur->len );
-        ssl->out_msglen = cur->len;
-        ssl->out_msgtype = cur->type;
+        /* CCS is copied as is, while HS messages may need fragmentation */
+        if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
+        {
+            memcpy( ssl->out_msg, cur->p, cur->len );
+            ssl->out_msglen = cur->len;
+            ssl->out_msgtype = cur->type;
 
-        ssl->handshake->cur_msg = cur->next;
+            /* Update position inside current message */
+            ssl->handshake->cur_msg_p += cur->len;
+        }
+        else
+        {
+            const unsigned char * const p = ssl->handshake->cur_msg_p;
+            const size_t hs_len = cur->len - 12;
+            const size_t frag_off = p - ( cur->p + 12 );
+            const size_t rem_len = hs_len - frag_off;
+            const size_t frag_len = rem_len > HS_LIMIT ? HS_LIMIT : rem_len;
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
+            /* Messages are stored with handshake headers as if not fragmented,
+             * copy beginning of headers then fill fragmentation fields.
+             * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
+            memcpy( ssl->out_msg, cur->p, 6 );
 
+            ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff );
+            ssl->out_msg[7] = ( ( frag_off >>  8 ) & 0xff );
+            ssl->out_msg[8] = ( ( frag_off       ) & 0xff );
+
+            ssl->out_msg[ 9] = ( ( frag_len >> 16 ) & 0xff );
+            ssl->out_msg[10] = ( ( frag_len >>  8 ) & 0xff );
+            ssl->out_msg[11] = ( ( frag_len       ) & 0xff );
+
+            MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
+
+            /* Copy the handshame message content and set records fields */
+            memcpy( ssl->out_msg + 12, p, frag_len );
+            ssl->out_msglen = frag_len + 12;
+            ssl->out_msgtype = cur->type;
+
+            /* Update position inside current message */
+            ssl->handshake->cur_msg_p += frag_len;
+        }
+
+        /* If done with the current message move to the next one if any */
+        if( ssl->handshake->cur_msg_p >= cur->p + cur->len )
+        {
+            if( cur->next != NULL )
+            {
+                ssl->handshake->cur_msg = cur->next;
+                ssl->handshake->cur_msg_p = cur->next->p + 12;
+            }
+            else
+            {
+                ssl->handshake->cur_msg = NULL;
+                ssl->handshake->cur_msg_p = NULL;
+            }
+        }
+
+        /* Actually send the message out */
         if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
@@ -2886,6 +2943,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         }
     }
 
+    /* Update state and set timer */
     if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
     else

From 2cb17e201b7a9508471bc4716f3f65951a73ed6d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 19 Sep 2017 13:00:47 +0200
Subject: [PATCH 358/578] Make handshake fragmentation follow max_frag_len

Note: no interop tests in ssl-opt.sh for now, as some of them make us run into
bugs in (the CI's default versions of) OpenSSL and GnuTLS, so interop tests
will be added later once the situation is clarified. <- TODO
---
 library/ssl_tls.c |  32 ++++++++++-----
 tests/ssl-opt.sh  | 102 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 123 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6e0f6b604..86a279c0e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2845,12 +2845,23 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
  */
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 {
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    const size_t max_record_content_len = mbedtls_ssl_get_max_frag_len( ssl );
+#else
+    const size_t max_record_content_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
+#endif
+    /* DTLS handshake headers are 12 bytes */
+    const size_t max_hs_fragment_len = max_record_content_len - 12;
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
 
     if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise fligh transmission" ) );
 
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "max handshake fragment length: %u",
+                                    max_hs_fragment_len ) );
+
         ssl->handshake->cur_msg = ssl->handshake->flight;
         ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
         ssl_swap_epochs( ssl );
@@ -2858,13 +2869,6 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING;
     }
 
-    /*
-     * XXX: this should not be hardcoded.
-     * Currently UDP limit - HS header - Record header
-     * (Should account for encryption overhead (renegotiation, finished)?)
-     */
-#define HS_LIMIT    ( 512 - 12 - 13 )
-
     while( ssl->handshake->cur_msg != NULL )
     {
         int ret;
@@ -2894,7 +2898,8 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
             const size_t hs_len = cur->len - 12;
             const size_t frag_off = p - ( cur->p + 12 );
             const size_t rem_len = hs_len - frag_off;
-            const size_t frag_len = rem_len > HS_LIMIT ? HS_LIMIT : rem_len;
+            const size_t frag_len = rem_len > max_hs_fragment_len
+                                  ? max_hs_fragment_len : rem_len;
 
             /* Messages are stored with handshake headers as if not fragmented,
              * copy beginning of headers then fill fragmentation fields.
@@ -7029,15 +7034,20 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
      */
     max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code );
 
-    /*
-     * Check if a smaller max length was negotiated
-     */
+    /* Check if a smaller max length was negotiated */
     if( ssl->session_out != NULL &&
         ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len )
     {
         max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code );
     }
 
+    /* During a handshake, use the value being negotiated */
+    if( ssl->session_negotiate != NULL &&
+        ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len )
+    {
+        max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
+    }
+
     return max_len;
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 937a27b76..0cf288f12 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4877,6 +4877,108 @@ run_test    "DTLS reassembly: fragmentation, nbio (openssl server)" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# Tests for sending fragmented handshake messages with DTLS
+#
+# Use client auth when we need the client to send large messages,
+# and use large cert chains on both sides too (the long chains we have all use
+# both RSA and ECDSA, but ideally we should have long chains with either).
+# Sizes reached (UDP payload):
+# - 2037B for server certificate
+# - 1542B for client certificate
+# - 1013B for newsessionticket
+# - all others below 512B
+# All those tests assume MAX_CONTENT_LEN is at least 2048
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: none (for reference)" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=2048" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=2048" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -C "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: server only" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=1024" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=2048" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: server only (more)" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=2048" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: client-initiated, server only" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=none \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=2048" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=512" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: client-initiated, both" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=2048" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=512" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # Tests for specific things with "unreliable" UDP connection
 
 not_with_valgrind # spurious resend due to timeout

From 01ec4af0238e62cf296b7eeade42ca5835327879 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 21 Sep 2017 13:16:52 +0200
Subject: [PATCH 359/578] Add ChangeLog entry

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 59561fd07..948e4c3da 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Features
+   * Add support for fragmentation of outoing DTLS handshake messages.
+
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890

From 0b1d9b2c75b6f220b4eb8f1447a5d487e277b081 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 21 Sep 2017 13:15:27 +0200
Subject: [PATCH 360/578] Declare ssl_conf_mtu()

---
 ChangeLog             |  3 +++
 include/mbedtls/ssl.h | 43 +++++++++++++++++++++++++++++++++++++++++++
 library/ssl_tls.c     |  7 +++++++
 3 files changed, 53 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 948e4c3da..7233d4d23 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,9 @@ Changes
    * Improve compatibility with some alternative CCM implementations by using
      CCM test vectors from RAM.
 
+INTERNAL NOTE: need to bump soversion of libmbedtls:
+- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
+
 = mbed TLS 2.12.0 branch released 2018-07-25
 
 Security
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2d511a8ea..0283eee62 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -958,6 +958,10 @@ struct mbedtls_ssl_config
     unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint16_t mtu;                   /*!< path mtu, used to fragment outoing messages */
+#endif
+
     unsigned char max_major_ver;    /*!< max. major version used            */
     unsigned char max_minor_ver;    /*!< max. minor version used            */
     unsigned char min_major_ver;    /*!< min. major version used            */
@@ -2423,6 +2427,33 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
                                           char cert_req_ca_list );
 #endif /* MBEDTLS_SSL_SRV_C */
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/**
+ * \brief          Set the Maximum Tranport Unit (MTU).
+ *                 This represents the maximum size of a datagram payload
+ *                 handled by the transport layer (usually UDP) as determined
+ *                 by the network link and stack. In practice, this controls
+ *                 the maximum size datagram the DTLS layer will pass to the
+ *                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
+ *
+ * \note           This only controls the size of the packet we send.
+ *                 Client-side, you can request the server to use smaller
+ *                 records with \c mbedtls_conf_max_frag_len().
+ *
+ * \note           If both a MTU and a maximum fragment length have been
+ *                 configured (or negotiated with the peer), the lower limit
+ *                 is used.
+ *
+ * \note           Values larger than \c MBEDTLS_SSL_OUT_CONTENT_LEN have no
+ *                 effect. This can only be used to decrease the maximum size
+ *                 of detagrams sent.
+ *
+ * \param conf     SSL configuration
+ * \param mtu      Value of the path MTU in bytes
+ */
+void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
  * \brief          Set the maximum fragment length to emit and/or negotiate
@@ -2433,6 +2464,18 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
  *                 (Client: set maximum fragment length to emit *and*
  *                 negotiate with the server during handshake)
  *
+ * \note           With TLS, this currently only affects ApplicationData (sent
+ *                 with \c mbedtls_ssl_read()), not handshake messages.
+ *                 With DTLS, this affects both ApplicationData and handshake.
+ *
+ * \note           This sets the maximum length for a record's paylaod,
+ *                 excluding record overhead that will be added to it, see
+ *                 \c mbedtls_ssl_get_record_expansion().
+ *
+ * \note           For DTLS, it is also possible to set a limit for the total
+ *                 size of daragrams passed to the transport layer, including
+ *                 record overhead, see \c mbedtls_ssl_conf_mtu().
+ *
  * \param conf     SSL configuration
  * \param mfl_code Code for maximum fragment length (allowed values:
  *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 86a279c0e..4b124ba8f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6750,6 +6750,13 @@ void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
 }
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu )
+{
+    conf->mtu = mtu;
+}
+#endif
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
 {

From 9468ff1966faea814edbd2600ad196dd98c96686 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 21 Sep 2017 13:49:50 +0200
Subject: [PATCH 361/578] Implement support for MTU setting

---
 include/mbedtls/ssl.h | 43 ++++++++++++++++++++++-----
 library/ssl_tls.c     | 69 +++++++++++++++++++++++++++++++++++--------
 2 files changed, 92 insertions(+), 20 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 0283eee62..706e27284 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2430,6 +2430,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 /**
  * \brief          Set the Maximum Tranport Unit (MTU).
+ *                 Special value: 0 means unset (no limit).
  *                 This represents the maximum size of a datagram payload
  *                 handled by the transport layer (usually UDP) as determined
  *                 by the network link and stack. In practice, this controls
@@ -2446,7 +2447,8 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
  *
  * \note           Values larger than \c MBEDTLS_SSL_OUT_CONTENT_LEN have no
  *                 effect. This can only be used to decrease the maximum size
- *                 of detagrams sent.
+ *                 of datagrams sent. Values lower than record layer expansion
+ *                 are ignored.
  *
  * \param conf     SSL configuration
  * \param mtu      Value of the path MTU in bytes
@@ -2738,6 +2740,9 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
  * \brief          Return the (maximum) number of bytes added by the record
  *                 layer: header + encryption/MAC overhead (inc. padding)
  *
+ * \note           This function is not available (always returns an error)
+ *                 when record compression is enabled.
+ *
  * \param ssl      SSL context
  *
  * \return         Current maximum record expansion in bytes, or
@@ -2752,12 +2757,8 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
  *                 This is the value negotiated with peer if any,
  *                 or the locally configured value.
  *
- * \note           With DTLS, \c mbedtls_ssl_write() will return an error if
- *                 called with a larger length value.
- *                 With TLS, \c mbedtls_ssl_write() will fragment the input if
- *                 necessary and return the number of bytes written; it is up
- *                 to the caller to call \c mbedtls_ssl_write() again in
- *                 order to send the remaining bytes if any.
+ * \sa             mbedtls_ssl_conf_max_frag_len()
+ * \sa             mbedtls_ssl_get_max_record_payload()
  *
  * \param ssl      SSL context
  *
@@ -2766,6 +2767,34 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
 size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
+/**
+ * \brief          Return the current maximum outgoing record payload in bytes.
+ *                 This takes into account the config.h setting \c
+ *                 MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated
+ *                 max fragment length extension if used, and for DTLS the
+ *                 path MTU as configured and current record expansion.
+ *
+ * \note           With DTLS, \c mbedtls_ssl_write() will return an error if
+ *                 called with a larger length value.
+ *                 With TLS, \c mbedtls_ssl_write() will fragment the input if
+ *                 necessary and return the number of bytes written; it is up
+ *                 to the caller to call \c mbedtls_ssl_write() again in
+ *                 order to send the remaining bytes if any.
+ *
+ * \note           This function is not available (always returns an error)
+ *                 when record compression is enabled.
+ *
+ * \sa             mbedtls_ssl_conf_mtu()
+ * \sa             mbedtls_ssl_get_max_frag_len()
+ * \sa             mbedtls_ssl_get_record_expansion()
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Current maximum payload for an outgoing record,
+ *                 or a negative error code.
+ */
+int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
  * \brief          Return the peer certificate from the current connection
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4b124ba8f..7b2ab0fb0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2845,16 +2845,20 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
  */
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 {
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    const size_t max_record_content_len = mbedtls_ssl_get_max_frag_len( ssl );
-#else
-    const size_t max_record_content_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
-#endif
+    const int ret_payload = mbedtls_ssl_get_max_out_record_payload( ssl );
+    const size_t max_record_payload = (size_t) ret_payload;
     /* DTLS handshake headers are 12 bytes */
-    const size_t max_hs_fragment_len = max_record_content_len - 12;
+    const size_t max_hs_fragment_len = max_record_payload - 12;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
 
+    if( ret_payload < 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload",
+                                  ret_payload );
+        return( ret_payload );
+    }
+
     if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise fligh transmission" ) );
@@ -7008,6 +7012,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
         return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
 #endif
 
     switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )
@@ -7055,10 +7060,45 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
         max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code );
     }
 
-    return max_len;
+    return( max_len );
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
+int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
+{
+    size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
+
+    if( max_len > mfl )
+        max_len = mfl;
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->mtu != 0 )
+    {
+        const size_t mtu = ssl->conf->mtu;
+        const int ret = mbedtls_ssl_get_record_expansion( ssl );
+        const size_t overhead = (size_t) ret;
+
+        if( ret < 0 )
+            return( ret );
+
+        if( mtu <= overhead )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) );
+            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+        }
+
+        if( max_len > mtu - overhead )
+            max_len = mtu - overhead;
+    }
+#endif
+
+    return( (int) max_len );
+}
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl )
 {
@@ -7610,12 +7650,15 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
 static int ssl_write_real( mbedtls_ssl_context *ssl,
                            const unsigned char *buf, size_t len )
 {
-    int ret;
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
-#else
-    size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+    int ret = mbedtls_ssl_get_max_out_record_payload( ssl );
+    const size_t max_len = (size_t) ret;
+
+    if( ret < 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret );
+        return( ret );
+    }
+
     if( len > max_len )
     {
 #if defined(MBEDTLS_SSL_PROTO_DTLS)

From b747c6cf9ba594f207c0d52b0ed572a875ee034b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Sun, 12 Aug 2018 13:28:53 +0200
Subject: [PATCH 362/578] Add basic first tests for MTU setting

For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
---
 library/ssl_tls.c          |  3 ++
 programs/ssl/ssl_client2.c | 15 +++++++-
 programs/ssl/ssl_server2.c | 15 +++++++-
 tests/ssl-opt.sh           | 76 ++++++++++++++++++++++++++++++++++++--
 4 files changed, 103 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ea46d85b3..b05d2883a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2905,6 +2905,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
             const size_t frag_len = rem_len > max_hs_fragment_len
                                   ? max_hs_fragment_len : rem_len;
 
+            if( frag_off == 0 && frag_len != hs_len )
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message" ) );
+
             /* Messages are stored with handshake headers as if not fragmented,
              * copy beginning of headers then fill fragmentation fields.
              * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 0dd9e3f7b..7cdc53a54 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -106,6 +106,7 @@ int main( void )
 #define DFL_TRANSPORT           MBEDTLS_SSL_TRANSPORT_STREAM
 #define DFL_HS_TO_MIN           0
 #define DFL_HS_TO_MAX           0
+#define DFL_DTLS_MTU            -1
 #define DFL_FALLBACK            -1
 #define DFL_EXTENDED_MS         -1
 #define DFL_ETM                 -1
@@ -198,7 +199,8 @@ int main( void )
 #define USAGE_DTLS \
     "    dtls=%%d             default: 0 (TLS)\n"                           \
     "    hs_timeout=%%d-%%d    default: (library default: 1000-60000)\n"    \
-    "                        range of DTLS handshake timeouts in millisecs\n"
+    "                        range of DTLS handshake timeouts in millisecs\n" \
+    "    mtu=%%d              default: (library default: unlimited)\n"
 #else
 #define USAGE_DTLS ""
 #endif
@@ -345,6 +347,7 @@ struct options
     int transport;              /* TLS or DTLS?                             */
     uint32_t hs_to_min;         /* Initial value of DTLS handshake timer    */
     uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
+    int dtls_mtu;               /* UDP Maximum tranport unit for DTLS       */
     int fallback;               /* is this a fallback connection?           */
     int extended_ms;            /* negotiate extended master secret?        */
     int etm;                    /* negotiate encrypt then mac?              */
@@ -617,6 +620,7 @@ int main( int argc, char *argv[] )
     opt.transport           = DFL_TRANSPORT;
     opt.hs_to_min           = DFL_HS_TO_MIN;
     opt.hs_to_max           = DFL_HS_TO_MAX;
+    opt.dtls_mtu            = DFL_DTLS_MTU;
     opt.fallback            = DFL_FALLBACK;
     opt.extended_ms         = DFL_EXTENDED_MS;
     opt.etm                 = DFL_ETM;
@@ -927,6 +931,12 @@ int main( int argc, char *argv[] )
             if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
                 goto usage;
         }
+        else if( strcmp( p, "mtu" ) == 0 )
+        {
+            opt.dtls_mtu = atoi( q );
+            if( opt.dtls_mtu < 0 )
+                goto usage;
+        }
         else if( strcmp( p, "recsplit" ) == 0 )
         {
             opt.recsplit = atoi( q );
@@ -1327,6 +1337,9 @@ int main( int argc, char *argv[] )
     if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
         mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
                                             opt.hs_to_max );
+
+    if( opt.dtls_mtu != DFL_DTLS_MTU )
+        mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7654a6446..484f84fdd 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -150,6 +150,7 @@ int main( void )
 #define DFL_ANTI_REPLAY         -1
 #define DFL_HS_TO_MIN           0
 #define DFL_HS_TO_MAX           0
+#define DFL_DTLS_MTU            -1
 #define DFL_BADMAC_LIMIT        -1
 #define DFL_EXTENDED_MS         -1
 #define DFL_ETM                 -1
@@ -297,7 +298,8 @@ int main( void )
 #define USAGE_DTLS \
     "    dtls=%%d             default: 0 (TLS)\n"                           \
     "    hs_timeout=%%d-%%d    default: (library default: 1000-60000)\n"    \
-    "                        range of DTLS handshake timeouts in millisecs\n"
+    "                        range of DTLS handshake timeouts in millisecs\n" \
+    "    mtu=%%d              default: (library default: unlimited)\n"
 #else
 #define USAGE_DTLS ""
 #endif
@@ -470,6 +472,7 @@ struct options
     int anti_replay;            /* Use anti-replay for DTLS? -1 for default */
     uint32_t hs_to_min;         /* Initial value of DTLS handshake timer    */
     uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
+    int dtls_mtu;               /* UDP Maximum tranport unit for DTLS       */
     int badmac_limit;           /* Limit of records with bad MAC            */
 } opt;
 
@@ -1338,6 +1341,7 @@ int main( int argc, char *argv[] )
     opt.anti_replay         = DFL_ANTI_REPLAY;
     opt.hs_to_min           = DFL_HS_TO_MIN;
     opt.hs_to_max           = DFL_HS_TO_MAX;
+    opt.dtls_mtu            = DFL_DTLS_MTU;
     opt.badmac_limit        = DFL_BADMAC_LIMIT;
     opt.extended_ms         = DFL_EXTENDED_MS;
     opt.etm                 = DFL_ETM;
@@ -1684,6 +1688,12 @@ int main( int argc, char *argv[] )
             if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
                 goto usage;
         }
+        else if( strcmp( p, "mtu" ) == 0 )
+        {
+            opt.dtls_mtu = atoi( q );
+            if( opt.dtls_mtu < 0 )
+                goto usage;
+        }
         else if( strcmp( p, "sni" ) == 0 )
         {
             opt.sni = q;
@@ -2155,6 +2165,9 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
         mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
+
+    if( opt.dtls_mtu != DFL_DTLS_MTU )
+        mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0cf288f12..3d61ac3a4 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4911,7 +4911,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: server only" \
+run_test    "DTLS fragmenting: server only (max_frag_len)" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
@@ -4929,7 +4929,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: server only (more)" \
+run_test    "DTLS fragmenting: server only (more) (max_frag_len)" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
@@ -4947,7 +4947,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: client-initiated, server only" \
+run_test    "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=none \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
@@ -4965,7 +4965,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: client-initiated, both" \
+run_test    "DTLS fragmenting: client-initiated, both (max_frag_len)" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
@@ -4979,6 +4979,74 @@ run_test    "DTLS fragmenting: client-initiated, both" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: none (for reference) (MTU)" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=2048" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=2048" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -C "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: client (MTU)" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=2048" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -C "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: server (MTU)" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=2048" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: both (MTU)" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # Tests for specific things with "unreliable" UDP connection
 
 not_with_valgrind # spurious resend due to timeout

From 72c2707d9c0db616a1b7d089c8e033c7b03dc705 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 13 Aug 2018 12:37:51 +0200
Subject: [PATCH 363/578] Add tests for MTU with renegotiation

This exercises our computation of record expansion.
---
 tests/ssl-opt.sh | 161 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 161 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 3d61ac3a4..833b5e37f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5047,6 +5047,167 @@ run_test    "DTLS fragmenting: both (MTU)" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: proxy MTU, simple handshake" \
+            -p "$P_PXY mtu=512" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512" \
+            0 \
+            -S "resend" \
+            -C "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_CHACHAPOLY_C
+run_test    "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
+            -p "$P_PXY mtu=512" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             exchanges=2 renegotiation=1 \
+             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             exchanges=2 renegotiation=1 renegotiate=1 \
+             mtu=512" \
+            0 \
+            -S "resend" \
+            -C "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
+run_test    "DTLS fragmenting: proxy MTU, AES-GCM renego" \
+            -p "$P_PXY mtu=512" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             exchanges=2 renegotiation=1 \
+             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             exchanges=2 renegotiation=1 renegotiate=1 \
+             mtu=512" \
+            0 \
+            -S "resend" \
+            -C "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CCM_C
+run_test    "DTLS fragmenting: proxy MTU, AES-CCM renego" \
+            -p "$P_PXY mtu=512" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             exchanges=2 renegotiation=1 \
+             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             exchanges=2 renegotiation=1 renegotiate=1 \
+             mtu=512" \
+            0 \
+            -S "resend" \
+            -C "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
+run_test    "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
+            -p "$P_PXY mtu=512" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             exchanges=2 renegotiation=1 \
+             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             exchanges=2 renegotiation=1 renegotiate=1 \
+             mtu=512" \
+            0 \
+            -S "resend" \
+            -C "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SHA256_C
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
+run_test    "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
+            -p "$P_PXY mtu=512" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             exchanges=2 renegotiation=1 \
+             force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             exchanges=2 renegotiation=1 renegotiate=1 \
+             mtu=512" \
+            0 \
+            -S "resend" \
+            -C "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # Tests for specific things with "unreliable" UDP connection
 
 not_with_valgrind # spurious resend due to timeout

From 7e89c17788ae6d134090c639bb0c96562df7f5a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 13 Aug 2018 12:45:26 +0200
Subject: [PATCH 364/578] Fix two typos in comments

---
 include/mbedtls/ssl.h | 2 +-
 library/ssl_tls.c     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 706e27284..a3b514cd4 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2470,7 +2470,7 @@ void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu );
  *                 with \c mbedtls_ssl_read()), not handshake messages.
  *                 With DTLS, this affects both ApplicationData and handshake.
  *
- * \note           This sets the maximum length for a record's paylaod,
+ * \note           This sets the maximum length for a record's payload,
  *                 excluding record overhead that will be added to it, see
  *                 \c mbedtls_ssl_get_record_expansion().
  *
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b05d2883a..b25d9bfe7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2923,7 +2923,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 
             MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
 
-            /* Copy the handshame message content and set records fields */
+            /* Copy the handshake message content and set records fields */
             memcpy( ssl->out_msg + 12, p, frag_len );
             ssl->out_msglen = frag_len + 12;
             ssl->out_msgtype = cur->type;

From 19c62f90e4608fc57f382cdbe8799ffdb98c9dda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 16 Aug 2018 10:50:39 +0200
Subject: [PATCH 365/578] Add test for session resumption

---
 library/ssl_tls.c | 11 ++++++-----
 tests/ssl-opt.sh  | 26 ++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b25d9bfe7..530f283b4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2861,10 +2861,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 
     if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise fligh transmission" ) );
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "max handshake fragment length: %u",
-                                    max_hs_fragment_len ) );
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
 
         ssl->handshake->cur_msg = ssl->handshake->flight;
         ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12;
@@ -2906,7 +2903,11 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
                                   ? max_hs_fragment_len : rem_len;
 
             if( frag_off == 0 && frag_len != hs_len )
-                MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message" ) );
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",
+                                            (unsigned) hs_len,
+                                            (unsigned) max_hs_fragment_len ) );
+            }
 
             /* Messages are stored with handshake headers as if not fragmented,
              * copy beginning of headers then fill fragmentation fields.
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 833b5e37f..7028a0738 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5068,6 +5068,32 @@ run_test    "DTLS fragmenting: proxy MTU, simple handshake" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# This ensures things still work after session_reset(),
+# for example it would have caught #1941.
+# It also exercises the "resumed hanshake" flow.
+# Since we don't support reading fragmented ClientHello yet,
+# up the MTU to 1450 (larger than ClientHello with session ticket,
+# but still smaller than client's Certificate to ensure fragmentation).
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: proxy MTU, resumed handshake" \
+            -p "$P_PXY mtu=1450" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=1450" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=1450 reconnect=1" \
+            0 \
+            -S "resend" \
+            -C "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From 2d56f0d346efa628776f92dcc7fdf8c0da66e87a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 16 Aug 2018 11:09:03 +0200
Subject: [PATCH 366/578] Add test with unreliable connection

---
 tests/ssl-opt.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7028a0738..397c565fe 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5234,6 +5234,25 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+client_needs_more_time 2
+run_test    "DTLS fragmenting: proxy MTU + 3d" \
+            -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # Tests for specific things with "unreliable" UDP connection
 
 not_with_valgrind # spurious resend due to timeout

From ad17fe9c377def269b4d96537f21427e4fddcdd2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 15:51:34 +0100
Subject: [PATCH 367/578] Fix overly strict bounds check in
 ssl_parse_certificate_request()

---
 library/ssl_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 321d6367a..466608375 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2721,7 +2721,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
      * therefore the buffer length at this point must be greater than that
      * regardless of the actual code path.
      */
-    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
+    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
         mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,

From ad0fe92fb6e63673ad90c8618f096ccf5ba7b6db Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 15:52:22 +0100
Subject: [PATCH 368/578] Adapt ChangeLog

---
 ChangeLog | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index abd5e61bb..f505b3886 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
      This improves compliance to RFC 4492, and as a result, solves
      interoperability issues with BouncyCastle. Raised by milenamil in #1157.
+   * Fix overly strict bounds check in ssl_parse_certificate_request()
+     which could lead to valid CertificateRequest messages being rejected.
+     Fixes #1954.
 
 Changes
    * Copy headers preserving timestamps when doing a "make install".

From 1abb368b8760569a53350f6d7f7cd628812f29d5 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 16 Aug 2018 21:42:09 +0100
Subject: [PATCH 369/578] Make gmtime() configurable at compile-time

---
 include/mbedtls/config.h        | 19 +++++++++++++
 include/mbedtls/platform_util.h | 43 +++++++++++++++++++++++++++++
 include/mbedtls/threading.h     |  4 +--
 library/platform_util.c         | 49 +++++++++++++++++++++++++++++++++
 library/threading.c             |  4 +--
 library/x509.c                  | 31 ++-------------------
 6 files changed, 117 insertions(+), 33 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9ee86ff24..18fbf92df 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3091,6 +3091,25 @@
  */
 //#define MBEDTLS_PLATFORM_ZEROIZE_ALT
 
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_time() supplied
+ * at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_ALT
+
 /* \} name SECTION: Customisation configuration options */
 
 /* Target and application specific configurations */
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 84f0732ee..5f26fb82c 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -25,7 +25,18 @@
 #ifndef MBEDTLS_PLATFORM_UTIL_H
 #define MBEDTLS_PLATFORM_UTIL_H
 
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/platform_time.h"
+
 #include <stddef.h>
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+#include <time.h>
+#endif /* MBEDTLS_HAVE_TIME_DATE */
 
 #ifdef __cplusplus
 extern "C" {
@@ -55,6 +66,38 @@ extern "C" {
  */
 void mbedtls_platform_zeroize( void *buf, size_t len );
 
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+/**
+ * \brief       Thread safe implementation of gmtime()
+ *
+ *              The function is an abstraction that when called behaves similar
+ *              to the gmtime() function from the C standard, but is thread
+ *              safe.
+ *
+ *              Mbed TLS will try to identify the underlying platform and
+ *              configure an appropriate underlying implementation (e.g.
+ *              gmtime_r() for POSIX and gmtime_s() for Windows). If this is
+ *              not possible, then gmtime() will be used. In this case, calls
+ *              from the library to gmtime() will be guarded by the mutex
+ *              mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
+ *              enabled. It is recommended that calls from outside the library
+ *              are also guarded by this mutex.
+ *
+ *              If MBEDTLS_PLATFORM_GMTIME_ALT is defined, then Mbed TLS will
+ *              unconditionally use the alternative implementation for
+ *              mbedtls_platform_gmtime() supplied by the user at compile time
+ *
+ * \param tt    Pointer to an object containing time (in seconds) since the
+ *              Epoc to be converted
+ * \param tm    Pointer to an object where the results will be stored
+ *
+ * \return      Pointer to an object of type struct tm on success, otherwise
+ *              NULL
+ */
+struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
+                                    struct tm *tm_buf );
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 4cfaadde2..070715259 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -103,9 +103,9 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #if !defined(_WIN32) && (defined(__unix__) || \
     (defined(__APPLE__) && defined(__MACH__)))
 #include <unistd.h>
-#if !defined(_POSIX_VERSION)
+#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* !_POSIX_VERSION */
+#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
 #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 #endif /* MBEDTLS_THREADING_C */
diff --git a/library/platform_util.c b/library/platform_util.c
index 1a57de939..e41f3c49c 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -20,6 +20,12 @@
  *  This file is part of Mbed TLS (https://tls.mbed.org)
  */
 
+/*
+ * Ensure gmtime_r is available even with -std=c99; must be included before
+ * config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ */
+#define _POSIX_C_SOURCE 200112L
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
@@ -27,6 +33,7 @@
 #endif
 
 #include "mbedtls/platform_util.h"
+#include "mbedtls/threading.h"
 
 #include <stddef.h>
 #include <string.h>
@@ -65,3 +72,45 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
     memset_func( buf, 0, len );
 }
 #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
+#include <time.h>
+#if !defined(_WIN32) && (defined(__unix__) || \
+    (defined(__APPLE__) && defined(__MACH__)))
+#include <unistd.h>
+#if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS
+#define PLATFORM_UTIL_USE_GMTIME
+#endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */
+#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
+
+struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
+                                    struct tm *tm_buf )
+{
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+    return ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL;
+#elif !defined(PLATFORM_UTIL_USE_GMTIME)
+    return gmtime_r( tt, tm_buf );
+#else
+    struct tm *lt;
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
+        return( NULL );
+#endif /* MBEDTLS_THREADING_C */
+
+    lt = gmtime( tt );
+
+    if( lt != NULL )
+    {
+        memcpy( tm_buf, lt, sizeof( struct tm ) );
+    }
+
+#if defined(MBEDTLS_THREADING_C)
+    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
+        return( NULL );
+#endif /* MBEDTLS_THREADING_C */
+
+    return ( lt == NULL ) ? NULL : tm_buf;
+#endif
+}
+#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */
diff --git a/library/threading.c b/library/threading.c
index 95ae8d144..3d7f61b2e 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -32,9 +32,9 @@
 #if !defined(_WIN32) && (defined(__unix__) || \
     (defined(__APPLE__) && defined(__MACH__)))
 #include <unistd.h>
-#if !defined(_POSIX_VERSION)
+#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
 #define THREADING_USE_GMTIME
-#endif /* !_POSIX_VERSION */
+#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
 #endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
diff --git a/library/x509.c b/library/x509.c
index 03c3bbe1d..15c0123c3 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -29,10 +29,6 @@
  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
  */
 
-/* Ensure gmtime_r is available even with -std=c99; must be included before
- * config.h, which pulls in glibc's features.h. Harmless on other platforms. */
-#define _POSIX_C_SOURCE 200112L
-
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
@@ -67,6 +63,7 @@
 #include "mbedtls/platform_time.h"
 #endif
 #if defined(MBEDTLS_HAVE_TIME_DATE)
+#include "mbedtls/platform_util.h"
 #include <time.h>
 #endif
 
@@ -890,14 +887,6 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
 }
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
-#if !defined(_WIN32) && (defined(__unix__) || \
-    (defined(__APPLE__) && defined(__MACH__)))
-#include <unistd.h>
-#if !defined(_POSIX_VERSION)
-#define X509_USE_GMTIME
-#endif /* !_POSIX_VERSION */
-#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
-
 /*
  * Set the time structure to the current time.
  * Return 0 on success, non-zero on failure.
@@ -910,19 +899,8 @@ static int x509_get_current_time( mbedtls_x509_time *now )
 
     (void)tm_buf;
 
-#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME)
-    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */
-
     tt = mbedtls_time( NULL );
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-    lt = gmtime_s( &tm_buf, &tt ) == 0 ? &tm_buf : NULL;
-#elif defined(_POSIX_VERSION)
-    lt = gmtime_r( &tt, &tm_buf );
-#else
-    lt = gmtime( &tt );
-#endif
+    lt = mbedtls_platform_gmtime( &tt, &tm_buf );
 
     if( lt == NULL )
         ret = -1;
@@ -936,11 +914,6 @@ static int x509_get_current_time( mbedtls_x509_time *now )
         now->sec  = lt->tm_sec;
     }
 
-#if defined(MBEDTLS_THREADING_C) && defined(X509_USE_GMTIME)
-    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif /* MBEDTLS_THREADING_C && X509_USE_GMTIME */
-
     return( ret );
 }
 

From a7b9f15f2721850ba2d4a02d438e40e050358f12 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 16 Aug 2018 21:46:35 +0100
Subject: [PATCH 370/578] Add ChangeLog entry for configurable gmtime() in
 platform

---
 ChangeLog | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index d8b282990..5aa54e57c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+API Changes
+   * Extend the platform module with an abstraction mbedtls_platform_gmtime()
+     whose implementation should behave as a thread safe version of gmtime().
+     This allows users to configure such an implementation at compile time when
+     the target system cannot be deduced automatically. At this stage Mbed TLS
+     is only able to configure implementations for Windows and POSIX C
+     libraries.
+
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890

From 248e27c487ed2aca15b335112bf909808ba8ba10 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 16 Aug 2018 21:50:23 +0100
Subject: [PATCH 371/578] Remove redundant statement from x509_get_current_time

---
 library/x509.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/library/x509.c b/library/x509.c
index 15c0123c3..c17697b22 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -897,8 +897,6 @@ static int x509_get_current_time( mbedtls_x509_time *now )
     mbedtls_time_t tt;
     int ret = 0;
 
-    (void)tm_buf;
-
     tt = mbedtls_time( NULL );
     lt = mbedtls_platform_gmtime( &tt, &tm_buf );
 

From eb2b15accd4433cb15b144acff35a6328efa62f2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 09:47:22 +0100
Subject: [PATCH 372/578] Improve ChangeLog wording for the commmit that Fixes
 #1954.

---
 ChangeLog | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f505b3886..8260ad651 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,9 +10,11 @@ Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
      This improves compliance to RFC 4492, and as a result, solves
      interoperability issues with BouncyCastle. Raised by milenamil in #1157.
-   * Fix overly strict bounds check in ssl_parse_certificate_request()
-     which could lead to valid CertificateRequest messages being rejected.
-     Fixes #1954.
+   * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
+     with TLS versions 1.1 and earlier when the server requested authentication
+     without providing a list of CAs. This was due to an overly strict bounds
+     check in parsing the CertificateRequest message,
+     introduced in Mbed TLS 2.12.0. Fixes #1954.
 
 Changes
    * Copy headers preserving timestamps when doing a "make install".

From 1218bc0f74a14436915e6c0807be0e3f752b9da4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 17 Aug 2018 10:51:26 +0200
Subject: [PATCH 373/578] Add simple interop tests (reliable connection)

---
 tests/ssl-opt.sh | 114 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 397c565fe..86e9f1e06 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5253,6 +5253,120 @@ run_test    "DTLS fragmenting: proxy MTU + 3d" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# here and below we just want to test that the we fragment in a way that
+# pleases other implementations, so we don't need the peer to fragment
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "DTLS fragmenting: gnutls server, DTLS 1.2" \
+            "$G_SRV -u" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 force_version=dtls1_2" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test    "DTLS fragmenting: gnutls server, DTLS 1.0" \
+            "$G_SRV -u" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 force_version=dtls1_2" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
+
+# gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
+requires_ipv6
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "DTLS fragmenting: gnutls client, DTLS 1.2" \
+            "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512 force_version=dtls1_2" \
+            "$G_CLI -u" \
+            0 \
+            -s "fragmenting handshake message"
+
+# gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
+requires_ipv6
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test    "DTLS fragmenting: gnutls client, DTLS 1.0" \
+            "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512 force_version=dtls1" \
+            "$G_CLI -u" \
+            0 \
+            -s "fragmenting handshake message"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "DTLS fragmenting: openssl server, DTLS 1.2" \
+            "$O_SRV -dtls1_2 -verify 10" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 force_version=dtls1_2" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test    "DTLS fragmenting: openssl server, DTLS 1.0" \
+            "$O_SRV -dtls1 -verify 10" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 force_version=dtls1" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+run_test    "DTLS fragmenting: openssl client, DTLS 1.2" \
+            "$P_SRV dtls=1 debug_level=2 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512 force_version=dtls1_2" \
+            "$O_CLI -dtls1_2" \
+            0 \
+            -s "fragmenting handshake message"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test    "DTLS fragmenting: openssl client, DTLS 1.0" \
+            "$P_SRV dtls=1 debug_level=2 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512 force_version=dtls1" \
+            "$O_CLI -dtls1" \
+            0 \
+            -s "fragmenting handshake message"
+
 # Tests for specific things with "unreliable" UDP connection
 
 not_with_valgrind # spurious resend due to timeout

From 0794d49566224e4d7a61bc510503ad3c55907620 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 17 Aug 2018 10:54:24 +0200
Subject: [PATCH 374/578] Skip some tests with valgrind (spurious resend)

---
 tests/ssl-opt.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 86e9f1e06..beceafae6 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5048,6 +5048,7 @@ run_test    "DTLS fragmenting: both (MTU)" \
             -C "error"
 
 # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
+not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5074,6 +5075,7 @@ run_test    "DTLS fragmenting: proxy MTU, simple handshake" \
 # Since we don't support reading fragmented ClientHello yet,
 # up the MTU to 1450 (larger than ClientHello with session ticket,
 # but still smaller than client's Certificate to ensure fragmentation).
+not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5094,6 +5096,7 @@ run_test    "DTLS fragmenting: proxy MTU, resumed handshake" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5121,6 +5124,7 @@ run_test    "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5149,6 +5153,7 @@ run_test    "DTLS fragmenting: proxy MTU, AES-GCM renego" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5177,6 +5182,7 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CCM renego" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5206,6 +5212,7 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From d26bb2090f86ea7068ce8493748cd7eaf5bbb66c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 09:54:10 +0100
Subject: [PATCH 375/578] Add tests for empty CA list in CertificateRequest,
 TLS 1.0 & 1.1

---
 tests/ssl-opt.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 937a27b76..58defbfcc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -801,6 +801,22 @@ run_test    "RC4: both enabled" \
             -S "SSL - None of the common ciphersuites is usable" \
             -S "SSL - The server has no ciphersuites in common"
 
+# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
+
+requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+run_test    "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
+            "$G_SRV"\
+            "$P_CLI force_version=tls1_1" \
+            0
+
+requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
+run_test    "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
+            "$G_SRV"\
+            "$P_CLI force_version=tls1" \
+            0
+
 # Tests for SHA-1 support
 
 requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES

From 38110dfc0e2f59604f6d39093471ae790323c5dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Fri, 17 Aug 2018 12:44:54 +0200
Subject: [PATCH 376/578] Add interop test with unreliable connection

Adds a requirement for GNUTLS_NEXT (3.5.3 or above, in practice we should
install 3.6.3) on the CI.

See internal ref IOTSSL-2401 for analysis of the bugs and their impact on the
tests.
---
 tests/ssl-opt.sh | 217 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 217 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index beceafae6..c27cc25c8 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -41,6 +41,28 @@ G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_fil
 G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
 TCP_CLIENT="$PERL scripts/tcp_client.pl"
 
+# alternative versions of OpenSSL and GnuTLS (no default path)
+
+if [ -n "${OPENSSL_LEGACY:-}" ]; then
+    O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+    O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
+else
+    O_LEGACY_SRV=false
+    O_LEGACY_CLI=false
+fi
+
+if [ -n "${GNUTLS_NEXT_SERV}" ]; then
+    G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
+else
+    G_NEXT_SRV=false
+fi
+
+if [ -n "${GNUTLS_NEXT_CLI}" ]; then
+    G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
+else
+    G_NEXT_CLI=false
+fi
+
 TESTS=0
 FAILS=0
 SKIPS=0
@@ -163,6 +185,34 @@ requires_gnutls() {
     fi
 }
 
+# skip next test if GnuTLS-next isn't available
+requires_gnutls_next() {
+    if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
+        if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
+            GNUTLS_NEXT_AVAILABLE="YES"
+        else
+            GNUTLS_NEXT_AVAILABLE="NO"
+        fi
+    fi
+    if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
+# skip next test if OpenSSL-legacy isn't available
+requires_openssl_legacy() {
+    if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
+        if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
+            OPENSSL_LEGACY_AVAILABLE="YES"
+        else
+            OPENSSL_LEGACY_AVAILABLE="NO"
+        fi
+    fi
+    if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
+        SKIP_NEXT="YES"
+    fi
+}
+
 # skip next test if IPv6 isn't available on this host
 requires_ipv6() {
     if [ -z "${HAS_IPV6:-}" ]; then
@@ -717,6 +767,19 @@ O_CLI="$O_CLI -connect localhost:+SRV_PORT"
 G_SRV="$G_SRV -p $SRV_PORT"
 G_CLI="$G_CLI -p +SRV_PORT localhost"
 
+if [ -n "${OPENSSL_LEGACY:-}" ]; then
+    O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
+    O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
+fi
+
+if [ -n "${GNUTLS_NEXT_SERV}" ]; then
+    G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
+fi
+
+if [ -n "${GNUTLS_NEXT_CLI}" ]; then
+    G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT localhost"
+fi
+
 # Allow SHA-1, because many of our test certificates use it
 P_SRV="$P_SRV allow_sha1=1"
 P_CLI="$P_CLI allow_sha1=1"
@@ -5260,6 +5323,8 @@ run_test    "DTLS fragmenting: proxy MTU + 3d" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# interop tests for DTLS fragmentating with reliable connection
+#
 # here and below we just want to test that the we fragment in a way that
 # pleases other implementations, so we don't need the peer to fragment
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
@@ -5374,6 +5439,158 @@ run_test    "DTLS fragmenting: openssl client, DTLS 1.0" \
             0 \
             -s "fragmenting handshake message"
 
+# interop tests for DTLS fragmentating with unreliable connection
+#
+# again we just want to test that the we fragment in a way that
+# pleases other implementations, so we don't need the peer to fragment
+requires_gnutls_next
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 2
+run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$G_NEXT_SRV -u" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 force_version=dtls1_2" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
+
+requires_gnutls_next
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 2
+run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$G_NEXT_SRV -u" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 force_version=dtls1_2" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
+
+## The two tests below are disabled due to a bug in GnuTLS client that causes
+## handshake failures when the NewSessionTicket message is lost, see
+## https://gitlab.com/gnutls/gnutls/issues/543
+## We can re-enable them when a fixed version fo GnuTLS is available
+## and installed in our CI system.
+##
+## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
+## requires_ipv6
+## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+## requires_config_enabled MBEDTLS_RSA_C
+## requires_config_enabled MBEDTLS_ECDSA_C
+## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+## client_needs_more_time 2
+## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
+##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
+##             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+##              crt_file=data_files/server7_int-ca.crt \
+##              key_file=data_files/server7.key \
+##              mtu=512 force_version=dtls1_2" \
+##             "$G_CLI -u" \
+##             0 \
+##             -s "fragmenting handshake message"
+##
+## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
+## requires_ipv6
+## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+## requires_config_enabled MBEDTLS_RSA_C
+## requires_config_enabled MBEDTLS_ECDSA_C
+## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+## client_needs_more_time 2
+## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
+##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
+##             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+##              crt_file=data_files/server7_int-ca.crt \
+##              key_file=data_files/server7.key \
+##              mtu=512 force_version=dtls1" \
+##             "$G_CLI -u" \
+##             0 \
+##             -s "fragmenting handshake message"
+
+## Interop test with OpenSSL might triger a bug in recent versions (that
+## probably won't be fixed before 1.1.1X), so we use an old version that
+## doesn't have this bug, but unfortunately it doesn't have support for DTLS
+## 1.2 either, so the DTLS 1.2 tests are commented for now.
+## Bug report: https://github.com/openssl/openssl/issues/6902
+## They should be re-enabled (and the DTLS 1.0 switched back to a non-legacy
+## version of OpenSSL once a fixed version of OpenSSL is available)
+##
+## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+## requires_config_enabled MBEDTLS_RSA_C
+## requires_config_enabled MBEDTLS_ECDSA_C
+## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+## client_needs_more_time 2
+## run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
+##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
+##             "$O_SRV -dtls1_2 -verify 10" \
+##             "$P_CLI dtls=1 debug_level=2 \
+##              crt_file=data_files/server8_int-ca2.crt \
+##              key_file=data_files/server8.key \
+##              mtu=512 force_version=dtls1_2" \
+##             0 \
+##             -c "fragmenting handshake message" \
+##             -C "error"
+
+requires_openssl_legacy
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 2
+run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$O_LEGACY_SRV -dtls1 -verify 10" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 force_version=dtls1" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
+
+## see comment on the previous-previous test
+## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+## requires_config_enabled MBEDTLS_RSA_C
+## requires_config_enabled MBEDTLS_ECDSA_C
+## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+## client_needs_more_time 2
+## run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
+##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
+##             "$P_SRV dtls=1 debug_level=2 \
+##              crt_file=data_files/server7_int-ca.crt \
+##              key_file=data_files/server7.key \
+##              mtu=512 force_version=dtls1_2" \
+##             "$O_CLI -dtls1_2" \
+##             0 \
+##             -s "fragmenting handshake message"
+
+# -nbio is added to prevent s_client from blocking in case of duplicated
+# messages at the end of the handshake
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 2
+run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$P_SRV dtls=1 debug_level=2 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512 force_version=dtls1" \
+            "$O_LEGACY_CLI -nbio -dtls1" \
+            0 \
+            -s "fragmenting handshake message"
+
 # Tests for specific things with "unreliable" UDP connection
 
 not_with_valgrind # spurious resend due to timeout

From 3136ede0e85b135e0212973ef34dd2565eca6e56 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 15:28:19 +0100
Subject: [PATCH 377/578] Compute record expansion in steps to ease readability

---
 library/ssl_tls.c | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5905a6d92..1969eaf0c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6839,7 +6839,7 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
 
 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
 {
-    size_t transform_expansion;
+    size_t transform_expansion = 0;
     const mbedtls_ssl_transform *transform = ssl->transform_out;
     unsigned block_size;
 
@@ -6865,23 +6865,21 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
             block_size = mbedtls_cipher_get_block_size(
                 &transform->cipher_ctx_enc );
 
+            /* Expansion due to the addition of the MAC. */
+            transform_expansion += transform->maclen;
+
+            /* Expansion due to the addition of CBC padding;
+             * Theoretically up to 256 bytes, but we never use
+             * more than the block size of the underlying cipher. */
+            transform_expansion += block_size;
+
+            /* For TLS 1.1 or higher, an explicit IV is added
+             * after the record header. */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
             if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-            {
-                /* Expansion due to addition of
-                 * - MAC
-                 * - CBC padding (theoretically up to 256 bytes, but
-                 *                we never use more than block_size)
-                 * - explicit IV
-                 */
-                transform_expansion = transform->maclen + 2 * block_size;
-            }
-            else
+                transform_expansion += block_size;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
-            {
-                /* No explicit IV prior to TLS 1.1. */
-                transform_expansion = transform->maclen + block_size;
-            }
+
             break;
 
         default:

From 5aa4e2cedd819b4fd307531eaa64f4f5ca8a01d4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 09:26:08 +0100
Subject: [PATCH 378/578] Move deduction of internal record buffer pointers to
 function

The SSL/TLS module maintains a number of internally used pointers
`out_hdr`, `out_len`, `out_iv`, ..., indicating where to write the
various parts of the record header.

These pointers have to be kept in sync and sometimes need update:
Most notably, the `out_msg` pointer should always point to the
beginning of the record payload, and its offset from the pointer
`out_iv` pointing to the end of the record header is determined
by the length of the explicit IV used in the current record
protection mechanism.

This commit introduces functions deducing these pointers from
the pointers `out_hdr` / `in_hdr` to the beginning of the header
of the current outgoing / incoming record.

The flexibility gained by these functions will subsequently
be used to allow shifting of `out_hdr` for the purpose of
packing multiple records into a single datagram.
---
 library/ssl_tls.c | 138 +++++++++++++++++++++++++++++-----------------
 1 file changed, 88 insertions(+), 50 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 530f283b4..4607749ef 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -96,6 +96,10 @@ static int ssl_check_timer( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
+                                     mbedtls_ssl_transform *transform );
+static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
+                                    mbedtls_ssl_transform *transform );
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 /*
  * Double the retransmit timeout value, within the allowed range,
@@ -2799,14 +2803,7 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
     memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 8 );
 
     /* Adjust to the newly activated transform */
-    if( ssl->transform_out != NULL &&
-        ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-    {
-        ssl->out_msg = ssl->out_iv + ssl->transform_out->ivlen -
-                                     ssl->transform_out->fixed_ivlen;
-    }
-    else
-        ssl->out_msg = ssl->out_iv;
+    ssl_update_out_pointers( ssl, ssl->transform_out );
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
     if( mbedtls_ssl_hw_record_activate != NULL )
@@ -5171,16 +5168,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     memset( ssl->in_ctr, 0, 8 );
 
-    /*
-     * Set the in_msg pointer to the correct location based on IV length
-     */
-    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-    {
-        ssl->in_msg = ssl->in_iv + ssl->transform_negotiate->ivlen -
-                      ssl->transform_negotiate->fixed_ivlen;
-    }
-    else
-        ssl->in_msg = ssl->in_iv;
+    ssl_update_in_pointers( ssl, ssl->transform_negotiate );
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
     if( mbedtls_ssl_hw_record_activate != NULL )
@@ -5631,16 +5619,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
 
-    /*
-     * Set the out_msg pointer to the correct location based on IV length
-     */
-    if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-    {
-        ssl->out_msg = ssl->out_iv + ssl->transform_negotiate->ivlen -
-                       ssl->transform_negotiate->fixed_ivlen;
-    }
-    else
-        ssl->out_msg = ssl->out_iv;
+    ssl_update_out_pointers( ssl, ssl->transform_negotiate );
 
     ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
 
@@ -5999,6 +5978,78 @@ static int ssl_cookie_check_dummy( void *ctx,
 }
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
 
+/* Once ssl->out_hdr as the address of the beginning of the
+ * next outgoing record is set, deduce the other pointers.
+ *
+ * Note: For TLS, we save the implicit record sequence number
+ *       (entering MAC computation) in the 8 bytes before ssl->out_hdr,
+ *       and the caller has to make sure there's space for this.
+ */
+
+static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
+                                     mbedtls_ssl_transform *transform )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        ssl->out_ctr = ssl->out_hdr +  3;
+        ssl->out_len = ssl->out_hdr + 11;
+        ssl->out_iv  = ssl->out_hdr + 13;
+    }
+    else
+#endif
+    {
+        ssl->out_ctr = ssl->out_hdr - 8;
+        ssl->out_len = ssl->out_hdr + 3;
+        ssl->out_iv  = ssl->out_hdr + 5;
+    }
+
+    /* Adjust out_msg to make space for explicit IV, if used. */
+    if( transform != NULL &&
+        ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+    {
+        ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen;
+    }
+    else
+        ssl->out_msg = ssl->out_iv;
+}
+
+/* Once ssl->in_hdr as the address of the beginning of the
+ * next incoming record is set, deduce the other pointers.
+ *
+ * Note: For TLS, we save the implicit record sequence number
+ *       (entering MAC computation) in the 8 bytes before ssl->in_hdr,
+ *       and the caller has to make sure there's space for this.
+ */
+
+static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
+                                    mbedtls_ssl_transform *transform )
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        ssl->in_ctr = ssl->in_hdr +  3;
+        ssl->in_len = ssl->in_hdr + 11;
+        ssl->in_iv  = ssl->in_hdr + 13;
+    }
+    else
+#endif
+    {
+        ssl->in_ctr = ssl->in_hdr - 8;
+        ssl->in_len = ssl->in_hdr + 3;
+        ssl->in_iv  = ssl->in_hdr + 5;
+    }
+
+    /* Offset in_msg from in_iv to allow space for explicit IV, if used. */
+    if( transform != NULL &&
+        ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
+    {
+        ssl->in_msg = ssl->in_iv + transform->ivlen - transform->fixed_ivlen;
+    }
+    else
+        ssl->in_msg = ssl->in_iv;
+}
+
 /*
  * Initialize an SSL context
  */
@@ -6036,37 +6087,24 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
     }
 
+    /* Set the incoming and outgoing record pointers. */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
     {
         ssl->out_hdr = ssl->out_buf;
-        ssl->out_ctr = ssl->out_buf +  3;
-        ssl->out_len = ssl->out_buf + 11;
-        ssl->out_iv  = ssl->out_buf + 13;
-        ssl->out_msg = ssl->out_buf + 13;
-
-        ssl->in_hdr = ssl->in_buf;
-        ssl->in_ctr = ssl->in_buf +  3;
-        ssl->in_len = ssl->in_buf + 11;
-        ssl->in_iv  = ssl->in_buf + 13;
-        ssl->in_msg = ssl->in_buf + 13;
+        ssl->in_hdr  = ssl->in_buf;
     }
     else
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
     {
-        ssl->out_ctr = ssl->out_buf;
-        ssl->out_hdr = ssl->out_buf +  8;
-        ssl->out_len = ssl->out_buf + 11;
-        ssl->out_iv  = ssl->out_buf + 13;
-        ssl->out_msg = ssl->out_buf + 13;
-
-        ssl->in_ctr = ssl->in_buf;
-        ssl->in_hdr = ssl->in_buf +  8;
-        ssl->in_len = ssl->in_buf + 11;
-        ssl->in_iv  = ssl->in_buf + 13;
-        ssl->in_msg = ssl->in_buf + 13;
+        ssl->out_hdr = ssl->out_buf + 8;
+        ssl->in_hdr  = ssl->in_buf  + 8;
     }
 
+    /* Derive other internal pointers. */
+    ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
+    ssl_update_in_pointers ( ssl, NULL /* no transform enabled */ );
+
     if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
         return( ret );
 

From 198594709baa82d55bba4e5ee442ffb5ffe886b4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 09:40:20 +0100
Subject: [PATCH 379/578] Store outgoing record sequence number outside record
 buffer

This commit is another step towards supporting the packing of
multiple records within a single datagram.

Previously, the incremental outgoing record sequence number was
statically stored within the record buffer, at its final place
within the record header. This slightly increased efficiency
as it was not necessary to copy the sequence number when writing
outgoing records.

When allowing multiple records within a single datagram, it is
necessary to allow the position of the current record within the
datagram buffer to be flexible; in particular, there is no static
address for the record sequence number field within the record header.

This commit introduces an additional field `cur_out_ctr` within
the main SSL context structure `mbedtls_ssl_context` to keep track
of the outgoing record sequence number independent of the buffer used
for the current record / datagram. Whenever a new record is written,
this sequence number is copied to the the address `out_ctr` of the
sequence number header field within the current outgoing record.
---
 include/mbedtls/ssl.h |  2 ++
 library/ssl_srv.c     |  2 +-
 library/ssl_tls.c     | 17 ++++++++++-------
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a3b514cd4..f27f6c02f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1116,6 +1116,8 @@ struct mbedtls_ssl_context
     size_t out_msglen;          /*!< record header: message length    */
     size_t out_left;            /*!< amount of data not yet written   */
 
+    unsigned char cur_out_ctr[8]; /*!<  Outgoing record sequence  number. */
+
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     unsigned char *compress_buf;        /*!<  zlib data buffer        */
 #endif
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index eda50bb34..7101f461f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1294,7 +1294,7 @@ read_record_header:
             return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
         }
 
-        memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 );
+        memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 );
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
         if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4607749ef..f2373eb51 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2798,8 +2798,8 @@ static void ssl_swap_epochs( mbedtls_ssl_context *ssl )
     ssl->handshake->alt_transform_out = tmp_transform;
 
     /* Swap epoch + sequence_number */
-    memcpy( tmp_out_ctr,                 ssl->out_ctr,                8 );
-    memcpy( ssl->out_ctr,                ssl->handshake->alt_out_ctr, 8 );
+    memcpy( tmp_out_ctr,                 ssl->cur_out_ctr,            8 );
+    memcpy( ssl->cur_out_ctr,            ssl->handshake->alt_out_ctr, 8 );
     memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 8 );
 
     /* Adjust to the newly activated transform */
@@ -3210,6 +3210,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                            ssl->conf->transport, ssl->out_hdr + 1 );
 
+        memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
         ssl->out_len[0] = (unsigned char)( len >> 8 );
         ssl->out_len[1] = (unsigned char)( len      );
 
@@ -5671,14 +5672,14 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
 
         /* Remember current epoch settings for resending */
         ssl->handshake->alt_transform_out = ssl->transform_out;
-        memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 );
+        memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
 
         /* Set sequence_number to zero */
-        memset( ssl->out_ctr + 2, 0, 6 );
+        memset( ssl->cur_out_ctr + 2, 0, 6 );
 
         /* Increment epoch */
         for( i = 2; i > 0; i-- )
-            if( ++ssl->out_ctr[i - 1] != 0 )
+            if( ++ssl->cur_out_ctr[i - 1] != 0 )
                 break;
 
         /* The loop goes to its end iff the counter is wrapping */
@@ -5690,7 +5691,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
     }
     else
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
-    memset( ssl->out_ctr, 0, 8 );
+    memset( ssl->cur_out_ctr, 0, 8 );
 
     ssl->transform_out = ssl->transform_negotiate;
     ssl->session_out = ssl->session_negotiate;
@@ -6166,6 +6167,8 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
         ssl->split_done = 0;
 #endif
 
+    memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) );
+
     ssl->transform_in = NULL;
     ssl->transform_out = NULL;
 
@@ -7381,7 +7384,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl )
 
     in_ctr_cmp = memcmp( ssl->in_ctr + ep_len,
                         ssl->conf->renego_period + ep_len, 8 - ep_len );
-    out_ctr_cmp = memcmp( ssl->out_ctr + ep_len,
+    out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len,
                           ssl->conf->renego_period + ep_len, 8 - ep_len );
 
     if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 )

From 04484621d0f6f6921f7d01bbef98eff6ceca0fb1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 09:49:38 +0100
Subject: [PATCH 380/578] Increment record sequence number in
 ssl_write_record()

Previously, the record sequence number was incremented at the
end of each successful call to mbedtls_ssl_flush_output(),
which works as long as there is precisely one such call for
each outgoing record.

When packing multiple records into a single datagram, this
property is no longer true, and instead the increment of the
record sequence number must happen after the record has been
prepared, and not after it has been dispatched.

This commit moves the code for incrementing the record sequence
number from mbedtls_ssl_flush_output() to ssl_write_record().
---
 library/ssl_tls.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f2373eb51..9342321af 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2648,7 +2648,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
 {
     int ret;
-    unsigned char *buf, i;
+    unsigned char *buf;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
 
@@ -2691,16 +2691,6 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
         ssl->out_left -= ret;
     }
 
-    for( i = 8; i > ssl_ep_len( ssl ); i-- )
-        if( ++ssl->out_ctr[i - 1] != 0 )
-            break;
-
-    /* The loop goes to its end iff the counter is wrapping */
-    if( i == ssl_ep_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
-        return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
-    }
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
 
@@ -3236,6 +3226,16 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
 
         MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
                        ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen );
+        for( i = 8; i > ssl_ep_len( ssl ); i-- )
+            if( ++ssl->cur_out_ctr[i - 1] != 0 )
+                break;
+
+        /* The loop goes to its end iff the counter is wrapping */
+        if( i == ssl_ep_len( ssl ) )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
+            return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING );
+        }
     }
 
     if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )

From 3b235902b86694728b54df430f247e4c145d30dd Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 09:54:53 +0100
Subject: [PATCH 381/578] Log calls to ssl_flight_append() in debugging output

---
 library/ssl_tls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9342321af..edb233bbd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2707,6 +2707,9 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
 static int ssl_flight_append( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_flight_item *msg;
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) );
+    MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight",
+                           ssl->out_msg, ssl->out_msglen );
 
     /* Allocate space for current message */
     if( ( msg = mbedtls_calloc( 1, sizeof(  mbedtls_ssl_flight_item ) ) ) == NULL )
@@ -2740,6 +2743,7 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl )
         cur->next = msg;
     }
 
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) );
     return( 0 );
 }
 

From 2b1e3547548acad8ce742eaef2df24c8d206684e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 11:19:13 +0100
Subject: [PATCH 382/578] Increase record buffer pointer after preparing a
 record

The packing of multiple records within a single datagram works
by increasing the pointer `out_hdr` (pointing to the beginning
of the next outgoing record) within the datagram buffer, as
long as space is available and no flush was mandatory.

This commit does not yet change the code's behavior of always
flushing after preparing a record, but it introduces the logic
of increasing `out_hdr` after preparing the record, and resetting
it after the flush has been completed.
---
 library/ssl_tls.c | 60 +++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 53 insertions(+), 7 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index edb233bbd..ad071a976 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -101,6 +101,17 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
 static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
                                     mbedtls_ssl_transform *transform );
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+static uint16_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
+{
+    uint16_t mtu = ssl->conf->mtu;
+
+    if( mtu != 0 && mtu < MBEDTLS_SSL_OUT_BUFFER_LEN )
+        return( (int) mtu );
+
+    return( MBEDTLS_SSL_OUT_BUFFER_LEN );
+}
+
 /*
  * Double the retransmit timeout value, within the allowed range,
  * returning -1 if the maximum value has already been reached.
@@ -2671,8 +2682,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
                        mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
 
-        buf = ssl->out_hdr + mbedtls_ssl_hdr_len( ssl ) +
-              ssl->out_msglen - ssl->out_left;
+        buf = ssl->out_hdr - ssl->out_left;
         ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left );
 
         MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret );
@@ -2691,6 +2701,17 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
         ssl->out_left -= ret;
     }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        ssl->out_hdr = ssl->out_buf;
+    }
+    else
+#endif
+    {
+        ssl->out_hdr = ssl->out_buf + 8;
+    }
+    ssl_update_out_pointers( ssl, ssl->transform_out );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
 
@@ -3200,6 +3221,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
     if( !done )
     {
+        unsigned i;
+        size_t protected_record_size;
+
         ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
         mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
                            ssl->conf->transport, ssl->out_hdr + 1 );
@@ -3221,15 +3245,37 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
             ssl->out_len[1] = (unsigned char)( len      );
         }
 
-        ssl->out_left = mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen;
+        protected_record_size = len + mbedtls_ssl_hdr_len( ssl );
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        /* In case of DTLS, double-check that we don't exceed
+         * the remaining space in the datagram. */
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        {
+            ret = ssl_get_maximum_datagram_size( ssl );
+            if( ret < 0 )
+                return( ret );
+
+            if( protected_record_size > (size_t) ret )
+            {
+                /* Should never happen */
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+        }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
-                            "version = [%d:%d], msglen = %d",
-                       ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
-                     ( ssl->out_len[0] << 8 ) | ssl->out_len[1] ) );
+                    "version = [%d:%d], msglen = %d",
+                    ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], len ) );
+
 
         MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
-                       ssl->out_hdr, mbedtls_ssl_hdr_len( ssl ) + ssl->out_msglen );
+                       ssl->out_hdr, protected_record_size );
+
+        ssl->out_left += protected_record_size;
+        ssl->out_hdr  += protected_record_size;
+        ssl_update_out_pointers( ssl, ssl->transform_out );
+
         for( i = 8; i > ssl_ep_len( ssl ); i-- )
             if( ++ssl->cur_out_ctr[i - 1] != 0 )
                 break;

From 67bc7c3a384aae3d42de45cc2fb79a83a252c770 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 11:33:50 +0100
Subject: [PATCH 383/578] Don't immediately flush datagram after preparing a
 record

This commit finally enables datagram packing by modifying the
record preparation function ssl_write_record() to not always
calling mbedtls_ssl_flush_output().
---
 include/mbedtls/ssl_internal.h |   2 +-
 library/ssl_tls.c              | 160 ++++++++++++++++++++++++++-------
 2 files changed, 128 insertions(+), 34 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 18982f89a..765da7a71 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -561,7 +561,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
 int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ad071a976..878495b17 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -100,6 +100,10 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl,
                                      mbedtls_ssl_transform *transform );
 static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
                                     mbedtls_ssl_transform *transform );
+
+#define SSL_DONT_FORCE_FLUSH 0
+#define SSL_FORCE_FLUSH      1
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
 static uint16_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
@@ -112,6 +116,55 @@ static uint16_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
     return( MBEDTLS_SSL_OUT_BUFFER_LEN );
 }
 
+static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
+{
+    size_t   const bytes_written = ssl->out_left;
+    uint16_t const mtu           = ssl_get_maximum_datagram_size( ssl );
+
+    /* Double-check that the write-index hasn't gone
+     * past what we can transmit in a single datagram. */
+    if( bytes_written > (size_t) mtu )
+    {
+        /* Should never happen... */
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    return( (int) ( mtu - bytes_written ) );
+}
+
+static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
+{
+    int ret;
+    size_t remaining, expansion;
+    size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+    const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
+
+    if( max_len > mfl )
+        max_len = mfl;
+#endif
+
+    ret = ssl_get_remaining_space_in_datagram( ssl );
+    if( ret < 0 )
+        return( ret );
+    remaining = (size_t) ret;
+
+    ret = mbedtls_ssl_get_record_expansion( ssl );
+    if( ret < 0 )
+        return( ret );
+    expansion = (size_t) ret;
+
+    if( remaining <= expansion )
+        return( 0 );
+
+    remaining -= expansion;
+    if( remaining >= max_len )
+        remaining = max_len;
+
+    return( (int) remaining );
+}
+
 /*
  * Double the retransmit timeout value, within the allowed range,
  * returning -1 if the maximum value has already been reached.
@@ -2857,20 +2910,9 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
  */
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 {
-    const int ret_payload = mbedtls_ssl_get_max_out_record_payload( ssl );
-    const size_t max_record_payload = (size_t) ret_payload;
-    /* DTLS handshake headers are 12 bytes */
-    const size_t max_hs_fragment_len = max_record_payload - 12;
-
+    int ret;
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
 
-    if( ret_payload < 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload",
-                                  ret_payload );
-        return( ret_payload );
-    }
-
     if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
@@ -2884,22 +2926,38 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 
     while( ssl->handshake->cur_msg != NULL )
     {
-        int ret;
+        size_t max_frag_len;
         const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
+
         /* Swap epochs before sending Finished: we can't do it after
          * sending ChangeCipherSpec, in case write returns WANT_READ.
          * Must be done before copying, may change out_msg pointer */
         if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
-            cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
+            cur->p[0] == MBEDTLS_SSL_HS_FINISHED   &&
+            ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
         {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
             ssl_swap_epochs( ssl );
         }
 
+        ret = ssl_get_remaining_payload_in_datagram( ssl );
+        if( ret < 0 )
+            return( ret );
+        max_frag_len = (size_t) ret;
+
         /* CCS is copied as is, while HS messages may need fragmentation */
         if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
         {
+            if( max_frag_len == 0 )
+            {
+                if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+                    return( ret );
+
+                continue;
+            }
+
             memcpy( ssl->out_msg, cur->p, cur->len );
-            ssl->out_msglen = cur->len;
+            ssl->out_msglen  = cur->len;
             ssl->out_msgtype = cur->type;
 
             /* Update position inside current message */
@@ -2911,14 +2969,31 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
             const size_t hs_len = cur->len - 12;
             const size_t frag_off = p - ( cur->p + 12 );
             const size_t rem_len = hs_len - frag_off;
-            const size_t frag_len = rem_len > max_hs_fragment_len
-                                  ? max_hs_fragment_len : rem_len;
+            size_t cur_hs_frag_len, max_hs_frag_len;
 
-            if( frag_off == 0 && frag_len != hs_len )
+            if( max_frag_len < 12 )
+            {
+                if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
+                    cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
+                {
+                    ssl_swap_epochs( ssl );
+                }
+
+                if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+                    return( ret );
+
+                continue;
+            }
+            max_hs_frag_len = max_frag_len - 12;
+
+            cur_hs_frag_len = rem_len > max_hs_frag_len ?
+                max_hs_frag_len : rem_len;
+
+            if( frag_off == 0 && cur_hs_frag_len != hs_len )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",
-                                            (unsigned) hs_len,
-                                            (unsigned) max_hs_fragment_len ) );
+                                            (unsigned) cur_hs_frag_len,
+                                            (unsigned) max_hs_frag_len ) );
             }
 
             /* Messages are stored with handshake headers as if not fragmented,
@@ -2930,19 +3005,19 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
             ssl->out_msg[7] = ( ( frag_off >>  8 ) & 0xff );
             ssl->out_msg[8] = ( ( frag_off       ) & 0xff );
 
-            ssl->out_msg[ 9] = ( ( frag_len >> 16 ) & 0xff );
-            ssl->out_msg[10] = ( ( frag_len >>  8 ) & 0xff );
-            ssl->out_msg[11] = ( ( frag_len       ) & 0xff );
+            ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff );
+            ssl->out_msg[10] = ( ( cur_hs_frag_len >>  8 ) & 0xff );
+            ssl->out_msg[11] = ( ( cur_hs_frag_len       ) & 0xff );
 
             MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
 
-            /* Copy the handshake message content and set records fields */
-            memcpy( ssl->out_msg + 12, p, frag_len );
-            ssl->out_msglen = frag_len + 12;
+            /* Copy the handshame message content and set records fields */
+            memcpy( ssl->out_msg + 12, p, cur_hs_frag_len );
+            ssl->out_msglen = cur_hs_frag_len + 12;
             ssl->out_msgtype = cur->type;
 
             /* Update position inside current message */
-            ssl->handshake->cur_msg_p += frag_len;
+            ssl->handshake->cur_msg_p += cur_hs_frag_len;
         }
 
         /* If done with the current message move to the next one if any */
@@ -2961,13 +3036,17 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         }
 
         /* Actually send the message out */
-        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+        if( ( ret = mbedtls_ssl_write_record( ssl,
+                                              SSL_DONT_FORCE_FLUSH ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
             return( ret );
         }
     }
 
+    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+        return( ret );
+
     /* Update state and set timer */
     if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER )
         ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED;
@@ -3158,7 +3237,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
     else
 #endif
     {
-        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+        if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret );
             return( ret );
@@ -3182,10 +3261,11 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
  *  - ssl->out_msglen: length of the record content (excl headers)
  *  - ssl->out_msg: record content
  */
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
 {
     int ret, done = 0;
     size_t len = ssl->out_msglen;
+    uint8_t flush = force_flush;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) );
 
@@ -3288,7 +3368,21 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl )
         }
     }
 
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        size_t remaining = ssl_get_remaining_payload_in_datagram( ssl );
+        if( remaining == 0 )
+            flush = SSL_FORCE_FLUSH;
+        else
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Stil %u bytes available in current datagram", (unsigned) remaining ) );
+        }
+    }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+    if( ( flush == SSL_FORCE_FLUSH ) &&
+        ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret );
         return( ret );
@@ -4570,7 +4664,7 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
     ssl->out_msg[0] = level;
     ssl->out_msg[1] = message;
 
-    if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
         return( ret );
@@ -7815,7 +7909,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
         ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
         memcpy( ssl->out_msg, buf, len );
 
-        if( ( ret = mbedtls_ssl_write_record( ssl ) ) != 0 )
+        if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
             return( ret );

From b50a253a879f91c6cf6db83e09f5fc3138b6e404 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 11:52:54 +0100
Subject: [PATCH 384/578] Move size check for records

---
 library/ssl_tls.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 878495b17..d1e699ce4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1413,14 +1413,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
     MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
                       ssl->out_msg, ssl->out_msglen );
 
-    if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
-                                    (unsigned) ssl->out_msglen,
-                                    MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
     /*
      * Add MAC before if needed
      */
@@ -3166,6 +3158,23 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
     }
 #endif
 
+    /* Double-check that we did not exceed the bounds
+     * of the outgoing record buffer.
+     * This should never fail as the various message
+     * writing functions must obey the bounds of the
+     * outgoing record buffer, but better be safe.
+     *
+     * Note: We deliberately do not check for the MTU or MFL here.
+     */
+    if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
+                                    "size %u, maximum %u",
+                                    (unsigned) ssl->out_msglen,
+                                    (unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
     /*
      * Fill handshake headers
      */

From 111fa497aa29cd537b823681a9267683d28e30fa Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Aug 2018 12:26:33 +0100
Subject: [PATCH 385/578] TEST-ONLY: Remove delayed CCS test

The test exercising a delayed CCS message is not
expected to work when datagram packing is used,
as the current UDP proxy is not able to recognize
records which are not at the beginning of a
datagram.
---
 tests/ssl-opt.sh | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c27cc25c8..54794415a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5701,16 +5701,6 @@ run_test    "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
             -s "too many records with bad MAC" \
             -s "Verification of the message MAC failed"
 
-run_test    "DTLS proxy: delay ChangeCipherSpec" \
-            -p "$P_PXY delay_ccs=1" \
-            "$P_SRV dtls=1 debug_level=1" \
-            "$P_CLI dtls=1 debug_level=1" \
-            0 \
-            -c "record from another epoch" \
-            -s "record from another epoch" \
-            -s "Extra-header:" \
-            -c "HTTP/1.0 200 OK"
-
 # Tests for "randomly unreliable connection": try a variety of flows and peers
 
 client_needs_more_time 2

From 2a43f6f539309637fd3a41c0835a109b6ec95797 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 10 Aug 2018 11:12:52 +0100
Subject: [PATCH 386/578] Introduce function to reset in/out pointers

---
 library/ssl_tls.c | 42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d1e699ce4..4e3c190d6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -54,6 +54,8 @@
 #include "mbedtls/oid.h"
 #endif
 
+static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
+
 /* Length of the "epoch" field in the record header */
 static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
 {
@@ -6215,6 +6217,28 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl )
 /*
  * Setup an SSL context
  */
+
+static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl )
+{
+    /* Set the incoming and outgoing record pointers. */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    {
+        ssl->out_hdr = ssl->out_buf;
+        ssl->in_hdr  = ssl->in_buf;
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+    {
+        ssl->out_hdr = ssl->out_buf + 8;
+        ssl->in_hdr  = ssl->in_buf  + 8;
+    }
+
+    /* Derive other internal pointers. */
+    ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
+    ssl_update_in_pointers ( ssl, NULL /* no transform enabled */ );
+}
+
 int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
                        const mbedtls_ssl_config *conf )
 {
@@ -6241,23 +6265,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
     }
 
-    /* Set the incoming and outgoing record pointers. */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        ssl->out_hdr = ssl->out_buf;
-        ssl->in_hdr  = ssl->in_buf;
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-    {
-        ssl->out_hdr = ssl->out_buf + 8;
-        ssl->in_hdr  = ssl->in_buf  + 8;
-    }
-
-    /* Derive other internal pointers. */
-    ssl_update_out_pointers( ssl, NULL /* no transform enabled */ );
-    ssl_update_in_pointers ( ssl, NULL /* no transform enabled */ );
+    ssl_reset_in_out_pointers( ssl );
 
     if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
         return( ret );

From 4ccbf064ed77ef0008ed026d31f69b1d253cface Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 10 Aug 2018 11:20:38 +0100
Subject: [PATCH 387/578] Minor improvements in ssl_session_reset_int()

---
 library/ssl_tls.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4e3c190d6..f2bb74838 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6304,8 +6304,6 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
     ssl->in_msg = ssl->in_buf + 13;
     ssl->in_msgtype = 0;
     ssl->in_msglen = 0;
-    if( partial == 0 )
-        ssl->in_left = 0;
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     ssl->next_record_offset = 0;
     ssl->in_epoch = 0;
@@ -6337,8 +6335,14 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
     ssl->session_out = NULL;
 
     memset( ssl->out_buf, 0, MBEDTLS_SSL_OUT_BUFFER_LEN );
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C)
     if( partial == 0 )
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+    {
+        ssl->in_left = 0;
         memset( ssl->in_buf, 0, MBEDTLS_SSL_IN_BUFFER_LEN );
+    }
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
     if( mbedtls_ssl_hw_record_reset != NULL )
@@ -6371,7 +6375,9 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
     if( partial == 0 )
+#endif
     {
         mbedtls_free( ssl->cli_id );
         ssl->cli_id = NULL;

From f29d4702f703e4a3bb0aa2276e7bd6ec7b24defa Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 10 Aug 2018 11:31:15 +0100
Subject: [PATCH 388/578] Reset in/out pointers on SSL session reset

If a previous session was interrupted during flushing, the out
pointers might point arbitrarily into the output buffer.
---
 library/ssl_tls.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f2bb74838..df21cbd2b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6300,8 +6300,8 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
     ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION;
 
     ssl->in_offt = NULL;
+    ssl_reset_in_out_pointers( ssl );
 
-    ssl->in_msg = ssl->in_buf + 13;
     ssl->in_msgtype = 0;
     ssl->in_msglen = 0;
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -6317,7 +6317,6 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
 
     ssl->keep_current_message = 0;
 
-    ssl->out_msg = ssl->out_buf + 13;
     ssl->out_msgtype = 0;
     ssl->out_msglen = 0;
     ssl->out_left = 0;

From 0defedb48823b931f04e8b626356f80b5b2de7c5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 10 Aug 2018 12:35:02 +0100
Subject: [PATCH 389/578] Fix unused variable warning in
 mbedtls_ssl_get_max_record_payload

If neither the maximum fragment length extension nor DTLS
are used, the SSL context argument is unnecessary as the
maximum payload length is hardcoded as MBEDTLS_SSL_MAX_CONTENT_LEN.
---
 library/ssl_tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index df21cbd2b..a57761ecb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7328,6 +7328,11 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
     }
 #endif
 
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) &&        \
+    !defined(MBEDTLS_SSL_PROTO_DTLS)
+    ((void) ssl);
+#endif
+
     return( (int) max_len );
 }
 

From 7e7721350bba4d26e374a70b7771cd3c89186701 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 10 Aug 2018 12:38:21 +0100
Subject: [PATCH 390/578] Fix unused variable warning in
 ssl_session_reset_int()

The `partial` argument is only used when DTLS and same port
client reconnect are enabled. This commit marks the variable
as unused if that's not the case.
---
 library/ssl_tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a57761ecb..98e508ec6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6284,6 +6284,11 @@ static int ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial )
 {
     int ret;
 
+#if !defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) ||     \
+    !defined(MBEDTLS_SSL_SRV_C)
+    ((void) partial);
+#endif
+
     ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
 
     /* Cancel any possibly running timer */

From 12405e76b5b59ef871a95e02703ee36d9ef71a25 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 13 Aug 2018 16:45:46 +0100
Subject: [PATCH 391/578] Increase max_frag_len / MTU in fragmentation ref
 tests

The tests "DTLS fragmenting: none (for reference)" and
"DTLS fragmenting: none (for reference) (MTU)" used a
maximum fragment length resp. MTU value of 2048 which
was meant to be large enough so that fragmentation
of the certificate message would not be necessary.
However, it is not large enough to hold the entire flight
to which the certificate belongs, and hence there will
be fragmentation as soon as datagram packing is used.

This commit increases the maximum fragment length resp.
MTU values to 4096 bytes to ensure that even with datagram
packing in place, no fragmentation is necessary.

A similar change was made in "DTLS fragmenting: client (MTU)".
---
 tests/ssl-opt.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 54794415a..1986c25b3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4960,11 +4960,11 @@ run_test    "DTLS fragmenting: none (for reference)" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
-             max_frag_len=2048" \
+             max_frag_len=4096" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             max_frag_len=2048" \
+             max_frag_len=4096" \
             0 \
             -S "found fragmented DTLS handshake message" \
             -C "found fragmented DTLS handshake message" \
@@ -5049,11 +5049,11 @@ run_test    "DTLS fragmenting: none (for reference) (MTU)" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
-             mtu=2048" \
+             mtu=4096" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             mtu=2048" \
+             mtu=4096" \
             0 \
             -S "found fragmented DTLS handshake message" \
             -C "found fragmented DTLS handshake message" \
@@ -5066,7 +5066,7 @@ run_test    "DTLS fragmenting: client (MTU)" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
-             mtu=2048" \
+             mtu=4096" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \

From 04da1892256999a9549775820758a187fcb19070 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 13:22:10 +0100
Subject: [PATCH 392/578] Make datagram packing dynamically configurable

This commit adds a public function

   `mbedtls_ssl_conf_datagram_packing()`

that allows to allow / forbid the packing of multiple
records within a single datagram.
---
 include/mbedtls/ssl.h | 37 +++++++++++++++++++++++++++++++++++++
 library/ssl_tls.c     | 16 +++++++++++++---
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f27f6c02f..85ab72206 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1102,6 +1102,11 @@ struct mbedtls_ssl_context
     int keep_current_message;   /*!< drop or reuse current message
                                      on next call to record layer? */
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint8_t disable_datagram_packing;  /*!< Disable packing multiple records
+                                        *   within a single datagram.  */
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
     /*
      * Record layer (outgoing data)
      */
@@ -1763,6 +1768,38 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi
 #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+/**
+ * \brief          Allow or disallow packing of multiple handshake records
+ *                 within a single datagram.
+ *
+ * \param ssl           The SSL context to configure.
+ * \param allow_packing This determines whether datagram packing may
+ *                      be used or not. A value of \c 0 means that every
+ *                      record will be sent in a separate datagram; a
+ *                      value of \c 1 means that, if space permits,
+ *                      multiple handshake messages (including CCS) belonging to
+ *                      a single flight may be packed within a single datagram.
+ *
+ * \note           This is enabled by default and should only be disabled
+ *                 for test purposes, or if datagram packing causes
+ *                 interoperability issues with peers that don't support it.
+ *
+ * \note           Allowing datagram packing reduces the network load since
+ *                 there's less overhead if multiple messages share the same
+ *                 datagram. Also, it increases the handshake efficiency
+ *                 since messages belonging to a single datagram will not
+ *                 be reordered in transit, and so future message buffering
+ *                 or flight retransmission (if no buffering is used) as
+ *                 means to deal with reordering are needed less frequently.
+ *
+ * \note           Application datagrams are not affected by this option and
+ *                 are currently always sent in separate datagrams.
+ *
+ */
+void mbedtls_ssl_conf_datagram_packing( mbedtls_ssl_context *ssl,
+                                        unsigned allow_packing );
+
 /**
  * \brief          Set retransmit timeout values for the DTLS handshake.
  *                 (DTLS only, no effect on TLS.)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 98e508ec6..9b8f7fea3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2923,6 +2923,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         size_t max_frag_len;
         const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
 
+        uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
+            SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
+
         /* Swap epochs before sending Finished: we can't do it after
          * sending ChangeCipherSpec, in case write returns WANT_READ.
          * Must be done before copying, may change out_msg pointer */
@@ -3030,8 +3033,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         }
 
         /* Actually send the message out */
-        if( ( ret = mbedtls_ssl_write_record( ssl,
-                                              SSL_DONT_FORCE_FLUSH ) ) != 0 )
+        if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret );
             return( ret );
@@ -6432,7 +6434,15 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
+
+void mbedtls_ssl_conf_datagram_packing( mbedtls_ssl_context *ssl,
+                                        unsigned allow_packing )
+{
+    ssl->disable_datagram_packing = !allow_packing;
+}
+
+void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf,
+                                         uint32_t min, uint32_t max )
 {
     conf->hs_timeout_min = min;
     conf->hs_timeout_max = max;

From e7675d0d3df9f89b784ea0b3c9d552e12062776f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 13:28:56 +0100
Subject: [PATCH 393/578] Add cmd line option to ssl_server2 for datagram
 packing

This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_server2
allowing to allow/forbid the use of datagram packing.
---
 programs/ssl/ssl_server2.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 484f84fdd..12f827611 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -152,6 +152,7 @@ int main( void )
 #define DFL_HS_TO_MAX           0
 #define DFL_DTLS_MTU            -1
 #define DFL_BADMAC_LIMIT        -1
+#define DFL_DGRAM_PACKING        1
 #define DFL_EXTENDED_MS         -1
 #define DFL_ETM                 -1
 
@@ -299,7 +300,10 @@ int main( void )
     "    dtls=%%d             default: 0 (TLS)\n"                           \
     "    hs_timeout=%%d-%%d    default: (library default: 1000-60000)\n"    \
     "                        range of DTLS handshake timeouts in millisecs\n" \
-    "    mtu=%%d              default: (library default: unlimited)\n"
+    "    mtu=%%d              default: (library default: unlimited)\n"  \
+    "    dgram_packing=%%d    default: 1 (allowed)\n"                   \
+    "                        allow or forbid packing of multiple\n" \
+    "                        records within a single datgram.\n"
 #else
 #define USAGE_DTLS ""
 #endif
@@ -473,6 +477,7 @@ struct options
     uint32_t hs_to_min;         /* Initial value of DTLS handshake timer    */
     uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
     int dtls_mtu;               /* UDP Maximum tranport unit for DTLS       */
+    int dgram_packing;          /* allow/forbid datagram packing            */
     int badmac_limit;           /* Limit of records with bad MAC            */
 } opt;
 
@@ -1342,6 +1347,7 @@ int main( int argc, char *argv[] )
     opt.hs_to_min           = DFL_HS_TO_MIN;
     opt.hs_to_max           = DFL_HS_TO_MAX;
     opt.dtls_mtu            = DFL_DTLS_MTU;
+    opt.dgram_packing       = DFL_DGRAM_PACKING;
     opt.badmac_limit        = DFL_BADMAC_LIMIT;
     opt.extended_ms         = DFL_EXTENDED_MS;
     opt.etm                 = DFL_ETM;
@@ -1694,6 +1700,15 @@ int main( int argc, char *argv[] )
             if( opt.dtls_mtu < 0 )
                 goto usage;
         }
+        else if( strcmp( p, "dgram_packing" ) == 0 )
+        {
+            opt.dgram_packing = atoi( q );
+            if( opt.dgram_packing != 0 &&
+                opt.dgram_packing != 1 )
+            {
+                goto usage;
+            }
+        }
         else if( strcmp( p, "sni" ) == 0 )
         {
             opt.sni = q;
@@ -2168,6 +2183,9 @@ int main( int argc, char *argv[] )
 
     if( opt.dtls_mtu != DFL_DTLS_MTU )
         mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
+
+    if( opt.dgram_packing != DFL_DGRAM_PACKING )
+        mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -2178,6 +2196,7 @@ int main( int argc, char *argv[] )
     };
 #endif
 
+
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
     if( opt.trunc_hmac != DFL_TRUNC_HMAC )
         mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );

From 4d61591c0c5380921d2815ebe410b4d106acf75b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 13:33:30 +0100
Subject: [PATCH 394/578] Add cmd line option to ssl_client2 for datagram
 packing

This commit adds a new command line option `dgram_packing`
to the example server application programs/ssl/ssl_client2
allowing to allow/forbid the use of datagram packing.
---
 programs/ssl/ssl_client2.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 7cdc53a54..e72327315 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -107,6 +107,7 @@ int main( void )
 #define DFL_HS_TO_MIN           0
 #define DFL_HS_TO_MAX           0
 #define DFL_DTLS_MTU            -1
+#define DFL_DGRAM_PACKING        1
 #define DFL_FALLBACK            -1
 #define DFL_EXTENDED_MS         -1
 #define DFL_ETM                 -1
@@ -200,7 +201,10 @@ int main( void )
     "    dtls=%%d             default: 0 (TLS)\n"                           \
     "    hs_timeout=%%d-%%d    default: (library default: 1000-60000)\n"    \
     "                        range of DTLS handshake timeouts in millisecs\n" \
-    "    mtu=%%d              default: (library default: unlimited)\n"
+    "    mtu=%%d              default: (library default: unlimited)\n"  \
+    "    dgram_packing=%%d    default: 1 (allowed)\n"                   \
+    "                        allow or forbid packing of multiple\n" \
+    "                        records within a single datgram.\n"
 #else
 #define USAGE_DTLS ""
 #endif
@@ -349,6 +353,7 @@ struct options
     uint32_t hs_to_max;         /* Max value of DTLS handshake timer        */
     int dtls_mtu;               /* UDP Maximum tranport unit for DTLS       */
     int fallback;               /* is this a fallback connection?           */
+    int dgram_packing;          /* allow/forbid datagram packing            */
     int extended_ms;            /* negotiate extended master secret?        */
     int etm;                    /* negotiate encrypt then mac?              */
 } opt;
@@ -624,6 +629,7 @@ int main( int argc, char *argv[] )
     opt.fallback            = DFL_FALLBACK;
     opt.extended_ms         = DFL_EXTENDED_MS;
     opt.etm                 = DFL_ETM;
+    opt.dgram_packing       = DFL_DGRAM_PACKING;
 
     for( i = 1; i < argc; i++ )
     {
@@ -937,6 +943,15 @@ int main( int argc, char *argv[] )
             if( opt.dtls_mtu < 0 )
                 goto usage;
         }
+        else if( strcmp( p, "dgram_packing" ) == 0 )
+        {
+            opt.dgram_packing = atoi( q );
+            if( opt.dgram_packing != 0 &&
+                opt.dgram_packing != 1 )
+            {
+                goto usage;
+            }
+        }
         else if( strcmp( p, "recsplit" ) == 0 )
         {
             opt.recsplit = atoi( q );
@@ -1340,6 +1355,9 @@ int main( int argc, char *argv[] )
 
     if( opt.dtls_mtu != DFL_DTLS_MTU )
         mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
+
+    if( opt.dgram_packing != DFL_DGRAM_PACKING )
+        mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)

From c4305238b5df651d04222c1ffcab2e1784635bdb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 13:41:21 +0100
Subject: [PATCH 395/578] Re-enable delayed CCS test

Now that datagram packing can be dynamically configured,
the test exercising the behavior of Mbed TLS when facing
an out-of-order CCS message can be re-introduced, disabling
datagram packing for the sender of the delayed CCS.
---
 tests/ssl-opt.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1986c25b3..abb8d8f1a 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5701,6 +5701,16 @@ run_test    "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
             -s "too many records with bad MAC" \
             -s "Verification of the message MAC failed"
 
+run_test    "DTLS proxy: delay ChangeCipherSpec" \
+            -p "$P_PXY delay_ccs=1" \
+            "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
+            "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \
+            0 \
+            -c "record from another epoch" \
+            -s "record from another epoch" \
+            -s "Extra-header:" \
+            -c "HTTP/1.0 200 OK"
+
 # Tests for "randomly unreliable connection": try a variety of flows and peers
 
 client_needs_more_time 2

From 1c9a24ce8c2c647c6b7e4cef1109efd883c4ec4d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 13:46:33 +0100
Subject: [PATCH 396/578] Disable datagram packing for various UDP proxy tests

The UDP proxy does currently not dissect datagrams into records,
an hence the coverage of the reordering, package loss and duplication
tests is much smaller if datagram packing is in use.

This commit disables datagram packing for most UDP proxy tests,
in particular all 3D (drop, duplicate, delay) tests.
---
 tests/ssl-opt.sh | 108 +++++++++++++++++++++++------------------------
 1 file changed, 54 insertions(+), 54 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index abb8d8f1a..9b8ef5561 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5310,11 +5310,11 @@ requires_config_enabled MBEDTLS_ECDSA_C
 client_needs_more_time 2
 run_test    "DTLS fragmenting: proxy MTU + 3d" \
             -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+            "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
              mtu=512" \
-            "$P_CLI dtls=1 debug_level=2 \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
              mtu=512" \
@@ -5452,7 +5452,7 @@ client_needs_more_time 2
 run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
             "$G_NEXT_SRV -u" \
-            "$P_CLI dtls=1 debug_level=2 \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
              mtu=512 force_version=dtls1_2" \
@@ -5469,7 +5469,7 @@ client_needs_more_time 2
 run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
             "$G_NEXT_SRV -u" \
-            "$P_CLI dtls=1 debug_level=2 \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
              mtu=512 force_version=dtls1_2" \
@@ -5550,7 +5550,7 @@ client_needs_more_time 2
 run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
             "$O_LEGACY_SRV -dtls1 -verify 10" \
-            "$P_CLI dtls=1 debug_level=2 \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
              mtu=512 force_version=dtls1" \
@@ -5583,7 +5583,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
 client_needs_more_time 2
 run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-            "$P_SRV dtls=1 debug_level=2 \
+            "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
              mtu=512 force_version=dtls1" \
@@ -5612,8 +5612,8 @@ run_test    "DTLS proxy: reference" \
 not_with_valgrind # spurious resend due to timeout
 run_test    "DTLS proxy: duplicate every packet" \
             -p "$P_PXY duplicate=1" \
-            "$P_SRV dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
             0 \
             -c "replayed record" \
             -s "replayed record" \
@@ -5625,8 +5625,8 @@ run_test    "DTLS proxy: duplicate every packet" \
 
 run_test    "DTLS proxy: duplicate every packet, server anti-replay off" \
             -p "$P_PXY duplicate=1" \
-            "$P_SRV dtls=1 debug_level=2 anti_replay=0" \
-            "$P_CLI dtls=1 debug_level=2" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
             0 \
             -c "replayed record" \
             -S "replayed record" \
@@ -5639,24 +5639,24 @@ run_test    "DTLS proxy: duplicate every packet, server anti-replay off" \
 
 run_test    "DTLS proxy: multiple records in same datagram" \
             -p "$P_PXY pack=50" \
-            "$P_SRV dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
             0 \
             -c "next record in same datagram" \
             -s "next record in same datagram"
 
 run_test    "DTLS proxy: multiple records in same datagram, duplicate every packet" \
             -p "$P_PXY pack=50 duplicate=1" \
-            "$P_SRV dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
             0 \
             -c "next record in same datagram" \
             -s "next record in same datagram"
 
 run_test    "DTLS proxy: inject invalid AD record, default badmac_limit" \
             -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 debug_level=1" \
-            "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
             0 \
             -c "discarding invalid record (mac)" \
             -s "discarding invalid record (mac)" \
@@ -5667,8 +5667,8 @@ run_test    "DTLS proxy: inject invalid AD record, default badmac_limit" \
 
 run_test    "DTLS proxy: inject invalid AD record, badmac_limit 1" \
             -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 debug_level=1 badmac_limit=1" \
-            "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
             1 \
             -C "discarding invalid record (mac)" \
             -S "discarding invalid record (mac)" \
@@ -5679,8 +5679,8 @@ run_test    "DTLS proxy: inject invalid AD record, badmac_limit 1" \
 
 run_test    "DTLS proxy: inject invalid AD record, badmac_limit 2" \
             -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 debug_level=1 badmac_limit=2" \
-            "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
             0 \
             -c "discarding invalid record (mac)" \
             -s "discarding invalid record (mac)" \
@@ -5691,8 +5691,8 @@ run_test    "DTLS proxy: inject invalid AD record, badmac_limit 2" \
 
 run_test    "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
             -p "$P_PXY bad_ad=1" \
-            "$P_SRV dtls=1 debug_level=1 badmac_limit=2 exchanges=2" \
-            "$P_CLI dtls=1 debug_level=1 read_timeout=100 exchanges=2" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \
             1 \
             -c "discarding invalid record (mac)" \
             -s "discarding invalid record (mac)" \
@@ -5716,9 +5716,9 @@ run_test    "DTLS proxy: delay ChangeCipherSpec" \
 client_needs_more_time 2
 run_test    "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \
              psk=abc123" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
             -s "Extra-header:" \
@@ -5727,8 +5727,8 @@ run_test    "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
 client_needs_more_time 2
 run_test    "DTLS proxy: 3d, \"short\" RSA handshake" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 \
              force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
             0 \
             -s "Extra-header:" \
@@ -5737,8 +5737,8 @@ run_test    "DTLS proxy: 3d, \"short\" RSA handshake" \
 client_needs_more_time 2
 run_test    "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \
             0 \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
@@ -5746,8 +5746,8 @@ run_test    "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
 client_needs_more_time 2
 run_test    "DTLS proxy: 3d, FS, client auth" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=required" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0" \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=required" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0" \
             0 \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
@@ -5755,8 +5755,8 @@ run_test    "DTLS proxy: 3d, FS, client auth" \
 client_needs_more_time 2
 run_test    "DTLS proxy: 3d, FS, ticket" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=none" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=none" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \
             0 \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
@@ -5764,8 +5764,8 @@ run_test    "DTLS proxy: 3d, FS, ticket" \
 client_needs_more_time 2
 run_test    "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=1 auth_mode=required" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=1" \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1 auth_mode=required" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=1" \
             0 \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
@@ -5773,9 +5773,9 @@ run_test    "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
 client_needs_more_time 2
 run_test    "DTLS proxy: 3d, max handshake, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 nbio=2 tickets=1 \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1 \
              auth_mode=required" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 nbio=2 tickets=1" \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 nbio=2 tickets=1" \
             0 \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
@@ -5783,9 +5783,9 @@ run_test    "DTLS proxy: 3d, max handshake, nbio" \
 client_needs_more_time 4
 run_test    "DTLS proxy: 3d, min handshake, resumption" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \
              psk=abc123 debug_level=3" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \
              debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -5797,9 +5797,9 @@ run_test    "DTLS proxy: 3d, min handshake, resumption" \
 client_needs_more_time 4
 run_test    "DTLS proxy: 3d, min handshake, resumption, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \
              psk=abc123 debug_level=3 nbio=2" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \
              debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
             0 \
@@ -5812,9 +5812,9 @@ client_needs_more_time 4
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, client-initiated renego" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \
              psk=abc123 renegotiation=1 debug_level=2" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \
              renegotiate=1 debug_level=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -5827,9 +5827,9 @@ client_needs_more_time 4
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \
              psk=abc123 renegotiation=1 debug_level=2" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \
              renegotiate=1 debug_level=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -5842,10 +5842,10 @@ client_needs_more_time 4
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, server-initiated renego" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \
              psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
              debug_level=2" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \
              renegotiation=1 exchanges=4 debug_level=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -5858,10 +5858,10 @@ client_needs_more_time 4
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
 run_test    "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
-            "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \
+            "$P_SRV dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 auth_mode=none \
              psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
              debug_level=2 nbio=2" \
-            "$P_CLI dtls=1 hs_timeout=250-10000 tickets=0 psk=abc123 \
+            "$P_CLI dtls=1 dgram_packing=0 hs_timeout=250-10000 tickets=0 psk=abc123 \
              renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
              force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
             0 \
@@ -5875,7 +5875,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, openssl server" \
             -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
             "$O_SRV -dtls1 -mtu 2048" \
-            "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \
+            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \
             0 \
             -c "HTTP/1.0 200 OK"
 
@@ -5884,7 +5884,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, openssl server, fragmentation" \
             -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
             "$O_SRV -dtls1 -mtu 768" \
-            "$P_CLI dtls=1 hs_timeout=250-60000 tickets=0" \
+            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 tickets=0" \
             0 \
             -c "HTTP/1.0 200 OK"
 
@@ -5893,7 +5893,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
             "$O_SRV -dtls1 -mtu 768" \
-            "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \
+            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2 tickets=0" \
             0 \
             -c "HTTP/1.0 200 OK"
 
@@ -5903,7 +5903,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, gnutls server" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$G_SRV -u --mtu 2048 -a" \
-            "$P_CLI dtls=1 hs_timeout=250-60000" \
+            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \
             0 \
             -s "Extra-header:" \
             -c "Extra-header:"
@@ -5914,7 +5914,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, gnutls server, fragmentation" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$G_SRV -u --mtu 512" \
-            "$P_CLI dtls=1 hs_timeout=250-60000" \
+            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000" \
             0 \
             -s "Extra-header:" \
             -c "Extra-header:"
@@ -5925,7 +5925,7 @@ not_with_valgrind # risk of non-mbedtls peer timing out
 run_test    "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
             -p "$P_PXY drop=5 delay=5 duplicate=5" \
             "$G_SRV -u --mtu 512" \
-            "$P_CLI dtls=1 hs_timeout=250-60000 nbio=2" \
+            "$P_CLI dgram_packing=0 dtls=1 hs_timeout=250-60000 nbio=2" \
             0 \
             -s "Extra-header:" \
             -c "Extra-header:"

From 7ae8a76ced295aa9721ebaaa1f05498756863e02 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 15:43:35 +0100
Subject: [PATCH 397/578] Add tests for datagram packing option to ssl-opt.sh

This commit adds four tests to ssl-opt.sh running default
DTLS client and server with and without datagram packing
enabled, and checking that datagram packing is / is not
used by inspecting the debug output.
---
 tests/ssl-opt.sh | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9b8ef5561..995478019 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -912,6 +912,35 @@ run_test    "SHA-256 allowed by default in client certificate" \
             "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
             0
 
+# Tests for datagram packing
+run_test    "DTLS: multiple records in same datagram, client and server" \
+            "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
+            0 \
+            -c "next record in same datagram" \
+            -s "next record in same datagram"
+
+run_test    "DTLS: multiple records in same datagram, client only" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
+            0 \
+            -s "next record in same datagram" \
+            -C "next record in same datagram"
+
+run_test    "DTLS: multiple records in same datagram, server only" \
+            "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
+            0 \
+            -S "next record in same datagram" \
+            -c "next record in same datagram"
+
+run_test    "DTLS: multiple records in same datagram, neither client nor server" \
+            "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
+            "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
+            0 \
+            -S "next record in same datagram" \
+            -C "next record in same datagram"
+
 # Tests for Truncated HMAC extension
 
 run_test    "Truncated HMAC: client default, server default" \

From d87a59cc3679e04f417be281057e479d7b7ae0ae Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 14 Aug 2018 16:34:55 +0100
Subject: [PATCH 398/578] Adapt ChangeLog

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index bab69f676..ef8abc8bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,12 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 Features
    * Add support for fragmentation of outoing DTLS handshake messages.
+   * Add support for packing multiple records within a single datagram,
+     enabled by default.
+
+API Changes
+   * Add function mbedtls_ssl_conf_datagram_packing() to configure
+     the use of datagram packing (enabled by default).
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if

From bc73e4a822b57d0ab924b817d3ede91ef170cac7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 15:53:21 +0100
Subject: [PATCH 399/578] Allow GNUTLS_NEXT_CLI / GNUTLS_NEXT_SERV to be unset
 in ssl-opt.sh

---
 tests/ssl-opt.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 995478019..f5de2ee00 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -51,13 +51,13 @@ else
     O_LEGACY_CLI=false
 fi
 
-if [ -n "${GNUTLS_NEXT_SERV}" ]; then
+if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
     G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
 else
     G_NEXT_SRV=false
 fi
 
-if [ -n "${GNUTLS_NEXT_CLI}" ]; then
+if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
     G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
 else
     G_NEXT_CLI=false
@@ -772,11 +772,11 @@ if [ -n "${OPENSSL_LEGACY:-}" ]; then
     O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
 fi
 
-if [ -n "${GNUTLS_NEXT_SERV}" ]; then
+if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
     G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
 fi
 
-if [ -n "${GNUTLS_NEXT_CLI}" ]; then
+if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
     G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT localhost"
 fi
 

From 4a9d006f5f524890f2d2f77e3df00ccc02fc7364 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 16:10:47 +0100
Subject: [PATCH 400/578] Add missing dependency in ssl-opt.sh

---
 tests/ssl-opt.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f5de2ee00..4fa8609f9 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5605,6 +5605,7 @@ run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
 
 # -nbio is added to prevent s_client from blocking in case of duplicated
 # messages at the end of the handshake
+requires_openssl_legacy
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From e1dcb0355743aab27b3e538ebf9eda53f4f9ef61 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 16:47:58 +0100
Subject: [PATCH 401/578] Don't send empty fragments of nonempty handshake
 messages

This for example lead to the following corner case bug:
The code attempted to piggy-back a Finished message at
the end of a datagram where precisely 12 bytes of payload
were still available. This lead to an empty Finished fragment
being sent, and when  mbedtls_ssl_flight_transmit() was called
again, it believed that it was just starting to send the
Finished message, thereby calling ssl_swap_epochs() which
had already happened in the call sending the empty fragment.
Therefore, the second call would send the 'rest' of the
Finished message with wrong epoch.
---
 library/ssl_tls.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9b8f7fea3..cc470583a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2923,15 +2923,17 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         size_t max_frag_len;
         const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg;
 
+        int const is_finished =
+            ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
+              cur->p[0] == MBEDTLS_SSL_HS_FINISHED );
+
         uint8_t const force_flush = ssl->disable_datagram_packing == 1 ?
             SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH;
 
         /* Swap epochs before sending Finished: we can't do it after
          * sending ChangeCipherSpec, in case write returns WANT_READ.
          * Must be done before copying, may change out_msg pointer */
-        if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
-            cur->p[0] == MBEDTLS_SSL_HS_FINISHED   &&
-            ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
+        if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) );
             ssl_swap_epochs( ssl );
@@ -2968,13 +2970,10 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
             const size_t rem_len = hs_len - frag_off;
             size_t cur_hs_frag_len, max_hs_frag_len;
 
-            if( max_frag_len < 12 )
+            if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) )
             {
-                if( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE &&
-                    cur->p[0] == MBEDTLS_SSL_HS_FINISHED )
-                {
+                if( is_finished )
                     ssl_swap_epochs( ssl );
-                }
 
                 if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
                     return( ret );

From 327c93b1824c0e086ed45b325659ad0fb8f3c428 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 13:56:18 +0100
Subject: [PATCH 402/578] Add parameter to ssl_read_record() controlling
 checksum update

Previously, mbedtls_ssl_read_record() always updated the handshake
checksum in case a handshake record was received. While desirable
most of the time, for the CertificateVerify message the checksum
update must only happen after the message has been fully processed,
because the validation requires the handshake digest up to but
excluding the CertificateVerify itself. As a remedy, the bulk
of mbedtls_ssl_read_record() was previously duplicated within
ssl_parse_certificate_verify(), hardening maintenance in case
mbedtls_ssl_read_record() is subject to changes.

This commit adds a boolean parameter to mbedtls_ssl_read_record()
indicating whether the checksum should be updated in case of a
handshake message or not. This allows using it also for
ssl_parse_certificate_verify(), manually updating the checksum
after the message has been processed.
---
 include/mbedtls/ssl_internal.h |  2 +-
 library/ssl_cli.c              | 10 +++++-----
 library/ssl_srv.c              | 21 +++------------------
 library/ssl_tls.c              | 16 +++++++++-------
 4 files changed, 18 insertions(+), 31 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 765da7a71..c817def23 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -557,7 +557,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
  *              following the above definition.
  *
  */
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, unsigned update_digest );
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 73e4391a0..d160c42d0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1500,7 +1500,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
 
     buf = ssl->in_msg;
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         /* No alert on a read error. */
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
@@ -2349,7 +2349,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
         return( ret );
@@ -2656,7 +2656,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
         return( 0 );
     }
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
         return( ret );
@@ -2808,7 +2808,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
         return( ret );
@@ -3297,7 +3297,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
         return( ret );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 7101f461f..84c83e330 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3728,7 +3728,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
     }
     else
 #endif
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
         return( ret );
@@ -4038,25 +4038,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
     }
 
     /* Read the message without adding it to the checksum */
-    do {
-
-        do ret = mbedtls_ssl_read_record_layer( ssl );
-        while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
-
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
-            return( ret );
-        }
-
-        ret = mbedtls_ssl_handle_message_type( ssl );
-
-    } while( MBEDTLS_ERR_SSL_NON_FATAL           == ret ||
-             MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
-
+    ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ );
     if( 0 != ret )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret );
+        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret );
         return( ret );
     }
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cc470583a..23b066c5c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4283,7 +4283,8 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
  * RFC 6347 4.1.2.7) and continue reading until a valid record is found.
  *
  */
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
+                             unsigned update_digest )
 {
     int ret;
 
@@ -4313,7 +4314,8 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl )
             return( ret );
         }
 
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
+        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
+            update_digest == 1 )
         {
             mbedtls_ssl_update_handshake_status( ssl );
         }
@@ -4900,7 +4902,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
     }
 #endif
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         /* mbedtls_ssl_read_record may have sent an alert already. We
            let it decide whether to alert. */
@@ -5275,7 +5277,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
         return( ret );
@@ -5904,7 +5906,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
 
     ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 );
 
-    if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
         return( ret );
@@ -7653,7 +7655,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
             ssl_set_timer( ssl, ssl->conf->read_timeout );
         }
 
-        if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+        if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
         {
             if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
                 return( 0 );
@@ -7668,7 +7670,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
             /*
              * OpenSSL sends empty messages to randomize the IV
              */
-            if( ( ret = mbedtls_ssl_read_record( ssl ) ) != 0 )
+            if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
             {
                 if( ret == MBEDTLS_ERR_SSL_CONN_EOF )
                     return( 0 );

From 02f5907499a29998ef112324e1c6715446b6b1e7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 14:00:24 +0100
Subject: [PATCH 403/578] Correct misleading debugging output

Usually, debug messages beginning with "=> and "<="
match up and indicate entering of and returning from
functions, respectively. This commit fixes one exception
to this rule in mbedtls_ssl_read_record(), which sometimes
printed two messages of the form "<= XXX".
---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 23b066c5c..910e58498 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4322,7 +4322,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     }
     else
     {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= reuse previously read message" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) );
         ssl->keep_current_message = 0;
     }
 

From a4b143a57ccc16243dce5f206e197ce44559955a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 14:01:34 +0100
Subject: [PATCH 404/578] Remove nested loop in mbedtls_ssl_read_record()

---
 library/ssl_tls.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 910e58498..8e209e78a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4294,8 +4294,9 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     {
         do {
 
-            do ret = mbedtls_ssl_read_record_layer( ssl );
-            while( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
+            ret = mbedtls_ssl_read_record_layer( ssl );
+            if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
+                continue;
 
             if( ret != 0 )
             {

From 4162b11eb4cb46822c79269cb241d10d86156f23 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 14:05:04 +0100
Subject: [PATCH 405/578] Make mbedtls_ssl_read_record_layer() static

This function was previously global because it was
used directly within ssl_parse_certificate_verify()
in library/ssl_srv.c. The previous commit removed
this dependency, replacing the call by a call to
the global parent function mbedtls_ssl_read_record().
This renders mbedtls_ssl_read_record_layer() internal
and therefore allows to make it static, and accordingly
rename it as ssl_read_record_layer().
---
 include/mbedtls/ssl_internal.h | 1 -
 library/ssl_tls.c              | 6 ++++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index c817def23..052277891 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -479,7 +479,6 @@ int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
 
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8e209e78a..b8f271527 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4283,6 +4283,8 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
  * RFC 6347 4.1.2.7) and continue reading until a valid record is found.
  *
  */
+static int ssl_read_record_layer( mbedtls_ssl_context *ssl );
+
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_digest )
 {
@@ -4294,7 +4296,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     {
         do {
 
-            ret = mbedtls_ssl_read_record_layer( ssl );
+            ret = ssl_read_record_layer( ssl );
             if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
                 continue;
 
@@ -4332,7 +4334,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
+static int ssl_read_record_layer( mbedtls_ssl_context *ssl )
 {
     int ret;
 

From 1097b34022a416ee180c13dd7a84d3bcbbd85542 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 14:09:41 +0100
Subject: [PATCH 406/578] Extract message-consuming code-path to separate
 function

The first part of the function ssl_read_record_layer() was
to mark the previous message as consumed. This commit moves
the corresponding code-path to a separate static function
ssl_consume_current_message().
---
 library/ssl_tls.c | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b8f271527..23a5bddac 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4283,6 +4283,9 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
  * RFC 6347 4.1.2.7) and continue reading until a valid record is found.
  *
  */
+
+/* Helper functions for mbedtls_ssl_read_record(). */
+static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
 static int ssl_read_record_layer( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
@@ -4334,13 +4337,9 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-static int ssl_read_record_layer( mbedtls_ssl_context *ssl )
+static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
 {
-    int ret;
-
     /*
-     * Step A
-     *
      * Consume last content-layer message and potentially
      * update in_msglen which keeps track of the contents'
      * consumption state.
@@ -4422,6 +4421,25 @@ static int ssl_read_record_layer( mbedtls_ssl_context *ssl )
         ssl->in_msglen = 0;
     }
 
+    return( 0 );
+}
+
+static int ssl_read_record_layer( mbedtls_ssl_context *ssl )
+{
+    int ret;
+
+    /*
+     * Step A
+     *
+     * Consume last content-layer message and potentially
+     * update in_msglen which keeps track of the contents'
+     * consumption state.
+     */
+
+    ret = ssl_consume_current_message( ssl );
+    if( ret != 0 )
+        return( ret );
+
     /*
      * Step B
      *

From 2699459529927fa33061d32c94b78ef5260f501f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 14:14:59 +0100
Subject: [PATCH 407/578] Move call to ssl_consume_current_message()

Subsequent commits will potentially inject buffered
messages after the last incoming message has been
consumed, but before a new one is fetched. As a
preparatory step to this, this commit moves the call
to ssl_consume_current_message() from ssl_read_record_layer()
to the calling function mbedtls_ssl_read_record().
---
 library/ssl_tls.c | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 23a5bddac..54bb44359 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4299,6 +4299,10 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     {
         do {
 
+            ret = ssl_consume_current_message( ssl );
+            if( ret != 0 )
+                return( ret );
+
             ret = ssl_read_record_layer( ssl );
             if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
                 continue;
@@ -4429,22 +4433,7 @@ static int ssl_read_record_layer( mbedtls_ssl_context *ssl )
     int ret;
 
     /*
-     * Step A
-     *
-     * Consume last content-layer message and potentially
-     * update in_msglen which keeps track of the contents'
-     * consumption state.
-     */
-
-    ret = ssl_consume_current_message( ssl );
-    if( ret != 0 )
-        return( ret );
-
-    /*
-     * Step B
-     *
      * Fetch and decode new record if current one is fully consumed.
-     *
      */
 
     if( ssl->in_msglen > 0 )

From e74d556b43232409d3b98a13e6e224ef15d8a202 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 14:26:08 +0100
Subject: [PATCH 408/578] Introduce function to indicate if record is fully
 processed

This commit introduces a function ssl_record_is_in_progress()
to indicate if there is there is more data within the current
record to be processed. Further, it moves the corresponding
call from ssl_read_record_layer() to the parent function
mbedtls_ssl_read_record(). With this change, ssl_read_record_layer()
has the sole purpose of fetching and decoding a new record,
and hence this commit also renames it to ssl_get_next_record().
---
 library/ssl_tls.c | 40 ++++++++++++++++++++++------------------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 54bb44359..cfb95eae2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4286,7 +4286,8 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
 
 /* Helper functions for mbedtls_ssl_read_record(). */
 static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
-static int ssl_read_record_layer( mbedtls_ssl_context *ssl );
+static int ssl_get_next_record( mbedtls_ssl_context *ssl );
+static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
 
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_digest )
@@ -4303,14 +4304,17 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
             if( ret != 0 )
                 return( ret );
 
-            ret = ssl_read_record_layer( ssl );
-            if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
-                continue;
-
-            if( ret != 0 )
+            if( ssl_record_is_in_progress( ssl ) == 0 )
             {
-                MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
-                return( ret );
+                ret = ssl_get_next_record( ssl );
+                if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
+                    continue;
+
+                if( ret != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
+                    return( ret );
+                }
             }
 
             ret = mbedtls_ssl_handle_message_type( ssl );
@@ -4428,22 +4432,22 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static int ssl_read_record_layer( mbedtls_ssl_context *ssl )
+static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
+{
+    if( ssl->in_msglen > 0 )
+        return( 1 );
+
+    return( 0 );
+}
+
+static int ssl_get_next_record( mbedtls_ssl_context *ssl )
 {
     int ret;
 
     /*
-     * Fetch and decode new record if current one is fully consumed.
+     * Fetch and decode new record
      */
 
-    if( ssl->in_msglen > 0 )
-    {
-        /* There's something left to be processed in the current record. */
-        return( 0 );
-    }
-
-    /* Current record either fully processed or to be discarded. */
-
     if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );

From 40f50848fad3e1371ad5b0a933013f9542d0d749 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 14:48:01 +0100
Subject: [PATCH 409/578] Add frame for loading and storing buffered messages

This commit introduces the frame for saving and loading
buffered messages within message reading function
mbedtls_ssl_read_record().
---
 include/mbedtls/ssl.h |  1 +
 library/ssl_tls.c     | 70 +++++++++++++++++++++++++++++++++++++++----
 2 files changed, 65 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 85ab72206..3a8dd21e9 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -121,6 +121,7 @@
 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH               -0x6600  /**< Couldn't set the hash for verifying CertificateVerify */
 #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING               -0x6580  /**< Internal-only message signaling that further message-processing should be done */
 #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS                 -0x6500  /**< The asynchronous operation is not completed yet. */
+#define MBEDTLS_ERR_SSL_EARLY_MESSAGE                     -0x6480  /**< Internal-only message signaling that a message arrived early. */
 
 /*
  * Various constants
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cfb95eae2..41292a53b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4289,6 +4289,12 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
 static int ssl_get_next_record( mbedtls_ssl_context *ssl );
 static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
+static int ssl_buffer_message( mbedtls_ssl_context *ssl );
+static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_digest )
 {
@@ -4306,19 +4312,47 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
 
             if( ssl_record_is_in_progress( ssl ) == 0 )
             {
-                ret = ssl_get_next_record( ssl );
-                if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
-                    continue;
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+                int have_buffered = 0;
 
-                if( ret != 0 )
+                /* We only check for buffered messages if the
+                 * current datagram is fully consumed. */
+                if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+                    ssl_another_record_in_datagram( ssl ) == 0 )
                 {
-                    MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
-                    return( ret );
+                    if( ssl_load_buffered_message( ssl ) == 0 )
+                        have_buffered = 1;
+                }
+
+                if( have_buffered == 0 )
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+                {
+                    ret = ssl_get_next_record( ssl );
+                    if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
+                        continue;
+
+                    if( ret != 0 )
+                    {
+                        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
+                        return( ret );
+                    }
                 }
             }
 
             ret = mbedtls_ssl_handle_message_type( ssl );
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+            if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
+            {
+                /* Buffer future message */
+                ret = ssl_buffer_message( ssl );
+                if( ret != 0 )
+                    return( ret );
+
+                ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+            }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
         } while( MBEDTLS_ERR_SSL_NON_FATAL           == ret  ||
                  MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret );
 
@@ -4345,6 +4379,30 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl )
+{
+    if( ssl->in_left > ssl->next_record_offset )
+        return( 1 );
+
+    return( 0 );
+}
+
+static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
+{
+    /* No buffering support so far. */
+    ((void) ssl );
+    return( -1 );
+}
+
+static int ssl_buffer_message( mbedtls_ssl_context *ssl )
+{
+    /* No buffering support so far. */
+    ((void) ssl );
+    return( 0 );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
 static int ssl_consume_current_message( mbedtls_ssl_context *ssl )
 {
     /*

From 2ed6bcc79335314fc2ddf3da0722940bdba962ce Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 15:11:57 +0100
Subject: [PATCH 410/578] Implement support for remembering CCS messages

This commit implements support for remembering out-of-order
CCS messages. Specifically, a flag is set whenever a CCS message
is read which remains until the end of a flight, and when a
CCS message is expected and a CCS message has been seen in the
current flight, a synthesized CCS record is created.
---
 include/mbedtls/ssl_internal.h |   3 +
 library/ssl_tls.c              | 101 ++++++++++++++++++++++++++++-----
 2 files changed, 89 insertions(+), 15 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 052277891..ec840476f 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -307,6 +307,9 @@ struct mbedtls_ssl_handshake_params
                                               resending messages             */
     unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                               for resending messages         */
+
+    uint8_t seen_ccs;                   /*!< Indicates if a CCS message has
+                                         *   been seen in the current flight. */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 41292a53b..6a44145d7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3069,6 +3069,9 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
     /* The next incoming flight will start with this msg_seq */
     ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
 
+    /* We don't want to remember CCS's across flight boundaries. */
+    ssl->handshake->seen_ccs = 0;
+
     /* Cancel timer */
     ssl_set_timer( ssl, 0 );
 
@@ -4138,15 +4141,6 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
         }
 #endif
 
-        /* Drop unexpected ChangeCipherSpec messages */
-        if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC &&
-            ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC &&
-            ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ChangeCipherSpec" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
-        }
-
         /* Drop unexpected ApplicationData records,
          * except at the beginning of renegotiations */
         if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA &&
@@ -4390,16 +4384,75 @@ static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl )
 
 static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
 {
-    /* No buffering support so far. */
-    ((void) ssl );
-    return( -1 );
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+    int ret = 0;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
+
+    if( hs == NULL )
+        return( -1 );
+
+    if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
+        ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+    {
+        /* Check if we have seen a ChangeCipherSpec before.
+         * If yes, synthesize a CCS record. */
+        if( ! hs->seen_ccs )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
+            ret = -1;
+            goto exit;
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Inject buffered CCS message" ) );
+        ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
+        ssl->in_msglen = 1;
+        ssl->in_msg[0] = 1;
+
+        /* As long as they are equal, the exact value doesn't matter. */
+        ssl->in_left            = 0;
+        ssl->next_record_offset = 0;
+
+        hs->seen_ccs = 0;
+        goto exit;
+    }
+    ret = -1;
+
+exit:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) );
+    return( ret );
 }
 
 static int ssl_buffer_message( mbedtls_ssl_context *ssl )
 {
-    /* No buffering support so far. */
-    ((void) ssl );
-    return( 0 );
+    int ret = 0;
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+
+    if( hs == NULL )
+        return( 0 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) );
+
+    switch( ssl->in_msgtype )
+    {
+        case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) );
+            hs->seen_ccs = 1;
+            break;
+
+        case MBEDTLS_SSL_MSG_HANDSHAKE:
+            /* No support for buffering handshake messages so far. */
+            break;
+
+        default:
+            break;
+    }
+
+exit:
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) );
+    return( ret );
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
@@ -4649,6 +4702,24 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
         }
     }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    /* Drop unexpected ChangeCipherSpec messages */
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC  &&
+        ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC    &&
+        ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+    {
+        if( ssl->handshake == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) );
+            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) );
+        return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+    }
+#endif
+
     if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
     {
         if( ssl->in_msglen != 2 )

From aa5d0c44937727a36a82d4cca0776dad91b6db35 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 13:15:19 +0100
Subject: [PATCH 411/578] Add test for buffering out-of-order CCS

---
 tests/ssl-opt.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4fa8609f9..c05600024 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5741,6 +5741,16 @@ run_test    "DTLS proxy: delay ChangeCipherSpec" \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
 
+# Tests for reordering support with DTLS
+
+run_test    "DTLS reordering: Buffer out-of-order CCS message"\
+            -p "$P_PXY delay=3 seed=1" \
+            "$P_SRV cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dtls=1 debug_level=2" \
+            0 \
+            -c "Inject buffered CCS message" \
+            -c "Remember CCS message"
+
 # Tests for "randomly unreliable connection": try a variety of flows and peers
 
 client_needs_more_time 2

From 9e1ec22c36bb1f96bbcaf834a97840fcced0ca1b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 15 Aug 2018 15:54:43 +0100
Subject: [PATCH 412/578] Return MBEDTLS_ERR_SSL_EARLY_MESSAGE for future HS
 messages

This leads future HS messages to traverse the buffering
function ssl_buffer_message(), which however doesn't do
anything at the moment for HS messages. Since the error
code MBEDTLS_ERR_SSL_EARLY_MESSAGE is afterwards remapped
to MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -- which is what
was returned prior to this commit when receiving a future
handshake message -- this commit therefore does not yet
introduce any change in observable behavior.
---
 library/ssl_tls.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6a44145d7..bca5b403c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3656,6 +3656,14 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
               ( ssl->state  == MBEDTLS_SSL_HANDSHAKE_OVER &&
                 ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) )
         {
+            if( recv_msg_seq > ssl->handshake->in_msg_seq )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)",
+                                            recv_msg_seq,
+                                            ssl->handshake->in_msg_seq ) );
+                return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+            }
+
             /* Retransmit only on last message from previous flight, to avoid
              * too many retransmissions.
              * Besides, No sane server ever retransmits HelloVerifyRequest */

From 56e205e2c9db8359bd7755c60d9c88c34d57d572 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 09:06:12 +0100
Subject: [PATCH 413/578] Prepare handshake reassembly in separate function

This commit moves the code-path preparing the handshake
reassembly buffer, consisting of header, message content,
and reassembly bitmap, to a separate function
ssl_prepare_reassembly_buffer().
---
 library/ssl_tls.c | 56 ++++++++++++++++++++++++++++++-----------------
 1 file changed, 36 insertions(+), 20 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bca5b403c..e0ce692a8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3470,6 +3470,39 @@ static int ssl_bitmask_check( unsigned char *mask, size_t len )
     return( 0 );
 }
 
+/* msg_len does not include the handshake header */
+static int ssl_prepare_reassembly_buffer( mbedtls_ssl_context *ssl, /* debug */
+                                          unsigned msg_len,
+                                          unsigned char **target )
+{
+    size_t alloc_len;
+    unsigned char *buf;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
+                                msg_len ) );
+
+    /* NOTE: That should be checked earlier */
+    if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
+        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    }
+
+    alloc_len  = 12;                                 /* Handshake header */
+    alloc_len += msg_len;                            /* Content buffer   */
+    alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap           */
+
+    buf = mbedtls_calloc( 1, alloc_len );
+    if( buf == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
+        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+    }
+
+    *target = buf;
+    return( 0 );
+}
+
 /*
  * Reassemble fragmented DTLS handshake messages.
  *
@@ -3495,26 +3528,9 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
      */
     if( ssl->handshake->hs_msg == NULL )
     {
-        size_t alloc_len;
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
-                            msg_len ) );
-
-        if( ssl->in_hslen > MBEDTLS_SSL_IN_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
-            return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-        }
-
-        /* The bitmask needs one bit per byte of message excluding header */
-        alloc_len = 12 + msg_len + msg_len / 8 + ( msg_len % 8 != 0 );
-
-        ssl->handshake->hs_msg = mbedtls_calloc( 1, alloc_len );
-        if( ssl->handshake->hs_msg == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-        }
+        ret = ssl_prepare_reassembly_buffer( msg_len, &ssl->handshake->hs_msg );
+        if( ret != 0 )
+            return( ret );
 
         /* Prepare final header: copy msg_type, length and message_seq,
          * then add standardised fragment_offset and fragment_length */

From d07df86871498129db908377288ae3da8a396aa8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 09:14:58 +0100
Subject: [PATCH 414/578] Make allocation of reassembly bitmap optional

This commit adds a parameter to ssl_prepare_reassembly_buffer()
allowing to disable the allocation of space for a reassembly bitmap.
This will allow this function to be used for the allocation of buffers
for future handshake messages in case these need no fragmentation.
---
 library/ssl_tls.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e0ce692a8..a9f84d497 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3473,6 +3473,7 @@ static int ssl_bitmask_check( unsigned char *mask, size_t len )
 /* msg_len does not include the handshake header */
 static int ssl_prepare_reassembly_buffer( mbedtls_ssl_context *ssl, /* debug */
                                           unsigned msg_len,
+                                          unsigned add_bitmap,
                                           unsigned char **target )
 {
     size_t alloc_len;
@@ -3490,7 +3491,9 @@ static int ssl_prepare_reassembly_buffer( mbedtls_ssl_context *ssl, /* debug */
 
     alloc_len  = 12;                                 /* Handshake header */
     alloc_len += msg_len;                            /* Content buffer   */
-    alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap           */
+
+    if( add_bitmap )
+        alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap       */
 
     buf = mbedtls_calloc( 1, alloc_len );
     if( buf == NULL )
@@ -3528,7 +3531,8 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
      */
     if( ssl->handshake->hs_msg == NULL )
     {
-        ret = ssl_prepare_reassembly_buffer( msg_len, &ssl->handshake->hs_msg );
+        ret = ssl_prepare_reassembly_buffer( msg_len, 1,
+                                             &ssl->handshake->hs_msg );
         if( ret != 0 )
             return( ret );
 

From e25e3b7d960a11c2509698be61a0e4319aabf068 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 09:30:53 +0100
Subject: [PATCH 415/578] Add function to check is HS msg is a proper fragment

This commit introduces a static function ssl_hs_is_proper_fragment()
to check if the current incoming handshake message is a proper fragment.
It is used within mbedtls_ssl_prepare_handshake_record() to decide whether
handshake reassembly through ssl_reassemble_dtls_handshake() is needed.

The commit changes the behavior of the library in the (unnatural)
situation where proper fragments for a handshake message are followed
by a non-fragmented version of the same message. In this case,
the previous code invoked the handshake reassembly routine
ssl_reassemble_dtls_handshake(), while with this commit, the full
handshake message is directly forwarded to the user, no altering
the handshake reassembly state -- in particular, not freeing it.
As a remedy, freeing of a potential handshake reassembly structure
is now done as part of the handshake update function
mbedtls_ssl_update_handshake_status().
---
 library/ssl_tls.c | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a9f84d497..c2daeb36e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3409,6 +3409,17 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
+{
+    if( ssl->in_msglen < ssl->in_hslen ||
+        memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
+        memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 )
+    {
+        return( 1 );
+    }
+    return( 0 );
+}
 /*
  * Mark bits in bitmask (used for DTLS HS reassembly)
  */
@@ -3636,9 +3647,6 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
 
     memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
 
-    mbedtls_free( ssl->handshake->hs_msg );
-    ssl->handshake->hs_msg = NULL;
-
     MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message",
                    ssl->in_msg, ssl->in_hslen );
 
@@ -3646,6 +3654,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
 {
     if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
@@ -3713,12 +3722,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
         }
         /* Wait until message completion to increment in_msg_seq */
 
-        /* Reassemble if current message is fragmented or reassembly is
-         * already in progress */
-        if( ssl->in_msglen < ssl->in_hslen ||
-            memcmp( ssl->in_msg + 6, "\0\0\0",        3 ) != 0 ||
-            memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ||
-            ( ssl->handshake != NULL && ssl->handshake->hs_msg != NULL ) )
+        if( ssl_hs_is_proper_fragment( ssl ) == 1 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
 
@@ -3756,6 +3760,13 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
         ssl->handshake != NULL )
     {
         ssl->handshake->in_msg_seq++;
+
+        /* Clear up handshake reassembly structure, if any. */
+        if( ssl->handshake->hs_msg != NULL )
+        {
+            mbedtls_free( ssl->handshake->hs_msg );
+            ssl->handshake->hs_msg = NULL;
+        }
     }
 #endif
 }

From d7f8ae2508ddb901e5204efc2d8a7f8492db6e22 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 09:45:56 +0100
Subject: [PATCH 416/578] Introduce sub-structure of ssl_handshake_params for
 buffering

This commit introduces a sub-structure `buffering` within
mbedtls_ssl_handshake_params that shall contain all data
related to the reassembly and/or buffering of handshake
messages.

Currently, only buffering of CCS messages is implemented,
so the only member of this struct is the previously introduced
`seen_ccs` field.
---
 include/mbedtls/ssl_internal.h |  6 +++++-
 library/ssl_tls.c              | 10 +++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index ec840476f..b9084b437 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -308,8 +308,12 @@ struct mbedtls_ssl_handshake_params
     unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                               for resending messages         */
 
-    uint8_t seen_ccs;                   /*!< Indicates if a CCS message has
+    struct
+    {
+        uint8_t seen_ccs;               /*!< Indicates if a CCS message has
                                          *   been seen in the current flight. */
+
+    } buffering;
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c2daeb36e..5e573422e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3070,7 +3070,7 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
     ssl->handshake->in_flight_start_seq = ssl->handshake->in_msg_seq;
 
     /* We don't want to remember CCS's across flight boundaries. */
-    ssl->handshake->seen_ccs = 0;
+    ssl->handshake->buffering.seen_ccs = 0;
 
     /* Cancel timer */
     ssl_set_timer( ssl, 0 );
@@ -4436,11 +4436,11 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
     {
         /* Check if we have seen a ChangeCipherSpec before.
          * If yes, synthesize a CCS record. */
-        if( ! hs->seen_ccs )
+        if( ! hs->buffering.seen_ccs )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
             ret = -1;
-            goto exit;
+            return( -1 );
         }
 
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "Inject buffered CCS message" ) );
@@ -4452,7 +4452,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
         ssl->in_left            = 0;
         ssl->next_record_offset = 0;
 
-        hs->seen_ccs = 0;
+        hs->buffering.seen_ccs = 0;
         goto exit;
     }
     ret = -1;
@@ -4477,7 +4477,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
     {
         case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) );
-            hs->seen_ccs = 1;
+            hs->buffering.seen_ccs = 1;
             break;
 
         case MBEDTLS_SSL_MSG_HANDSHAKE:

From 0271f967d60f8c8058aabb610d59e4eb4d69e50c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 13:23:47 +0100
Subject: [PATCH 417/578] Introduce buffering structure for handshake messages

This commit introduces, but does not yet put to use, a sub-structure
of mbedtls_ssl_handshake_params::buffering that will be used for the
buffering and/or reassembly of handshake messages with handshake
sequence numbers that are greater or equal to the next expected
sequence number.
---
 include/mbedtls/ssl_internal.h | 13 ++++++++
 library/ssl_tls.c              | 58 ++++++++++++++++++++++++++++++++--
 2 files changed, 68 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index b9084b437..a34d38521 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -155,6 +155,9 @@
 #define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
                                       ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
 
+/* The maximum number of buffered handshake messages. */
+#define MBEDTLS_SSL_MAX_BUFFERED_HS 2
+
 /* Maximum length we can advertise as our max content length for
    RFC 6066 max_fragment_length extension negotiation purposes
    (the lesser of both sizes, if they are unequal.)
@@ -313,6 +316,14 @@ struct mbedtls_ssl_handshake_params
         uint8_t seen_ccs;               /*!< Indicates if a CCS message has
                                          *   been seen in the current flight. */
 
+        struct mbedtls_ssl_hs_buffer
+        {
+            uint8_t is_valid      : 1;
+            uint8_t is_fragmented : 1;
+            uint8_t is_complete   : 1;
+            unsigned char *data;
+        } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
+
     } buffering;
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
@@ -372,6 +383,8 @@ struct mbedtls_ssl_handshake_params
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 };
 
+typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
+
 /*
  * This structure contains a full set of runtime transform parameters
  * either in negotiation or active.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5e573422e..7e01aa35a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -167,6 +167,8 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
     return( (int) remaining );
 }
 
+static void ssl_buffering_free( mbedtls_ssl_context *ssl );
+
 /*
  * Double the retransmit timeout value, within the allowed range,
  * returning -1 if the maximum value has already been reached.
@@ -3072,6 +3074,9 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl )
     /* We don't want to remember CCS's across flight boundaries. */
     ssl->handshake->buffering.seen_ccs = 0;
 
+    /* Clear future message buffering structure. */
+    ssl_buffering_free( ssl );
+
     /* Cancel timer */
     ssl_set_timer( ssl, 0 );
 
@@ -3747,9 +3752,9 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
 
 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
 {
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
 
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER &&
-        ssl->handshake != NULL )
+    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL )
     {
         ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
     }
@@ -3759,7 +3764,8 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
         ssl->handshake != NULL )
     {
-        ssl->handshake->in_msg_seq++;
+        unsigned offset;
+        mbedtls_ssl_hs_buffer *hs_buf;
 
         /* Clear up handshake reassembly structure, if any. */
         if( ssl->handshake->hs_msg != NULL )
@@ -3767,6 +3773,28 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
             mbedtls_free( ssl->handshake->hs_msg );
             ssl->handshake->hs_msg = NULL;
         }
+
+        /* Increment handshake sequence number */
+        hs->in_msg_seq++;
+
+        /*
+         * Clear up handshake buffering and reassembly structure.
+         */
+
+        /* Free first entry */
+        hs_buf = &hs->buffering.hs[0];
+        if( hs_buf->is_valid )
+            mbedtls_free( hs_buf->data );
+
+        /* Shift all other entries */
+        for( offset = 0; offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
+             offset++, hs_buf++ )
+        {
+            *hs_buf = *(hs_buf + 1);
+        }
+
+        /* Create a fresh last entry */
+        memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
     }
 #endif
 }
@@ -8286,6 +8314,29 @@ static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert )
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+static void ssl_buffering_free( mbedtls_ssl_context *ssl )
+{
+    unsigned offset;
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+
+    if( hs == NULL )
+        return;
+
+    for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
+    {
+        mbedtls_ssl_hs_buffer *hs_buf = &hs->buffering.hs[offset];
+        if( hs_buf->is_valid == 1 )
+        {
+            mbedtls_free( hs_buf->data );
+            memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
+        }
+    }
+}
+
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
 void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
@@ -8367,6 +8418,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
     mbedtls_free( handshake->verify_cookie );
     mbedtls_free( handshake->hs_msg );
     ssl_flight_free( handshake->flight );
+    ssl_buffering_free( ssl );
 #endif
 
     mbedtls_platform_zeroize( handshake,

From 12555c61d3a39c215476e841030a65eea0b3b997 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 12:47:53 +0100
Subject: [PATCH 418/578] Introduce function to parse total handshake length

This commit introduces a static helper function ssl_get_hs_total_len()
parsing the total message length field in the handshake header, and
puts it to use in mbedtls_ssl_prepare_handshake_record().
---
 library/ssl_tls.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7e01aa35a..d7c61655e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -55,6 +55,7 @@
 #endif
 
 static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
+static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context *ssl );
 
 /* Length of the "epoch" field in the record header */
 static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
@@ -3659,6 +3660,12 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context *ssl )
+{
+    return( ( ssl->in_msg[1] << 16 ) |
+            ( ssl->in_msg[2] << 8  ) |
+              ssl->in_msg[3] );
+}
 
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
 {
@@ -3669,10 +3676,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_INVALID_RECORD );
     }
 
-    ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + (
-                    ( ssl->in_msg[1] << 16 ) |
-                    ( ssl->in_msg[2] << 8  ) |
-                      ssl->in_msg[3] );
+    ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
                         " %d, type = %d, hslen = %d",

From 44650b7a7448460d07d02172285151f9a650c746 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 12:51:11 +0100
Subject: [PATCH 419/578] Introduce function checking sanity of the DTLS HS
 header

This commit introduces helper functions
- ssl_get_hs_frag_len()
- ssl_get_hs_frag_off()
to parse the fragment length resp. fragment offset fields
in the handshake header.

Moreover, building on these helper functions, it adds a
function ssl_check_hs_header() checking the validity of
a DTLS handshake header with respect to the specification,
i.e. the indicated fragment must be a subrange of the total
handshake message, and the total handshake fragment length
(including header) must not exceed the record content size.

These checks were previously performed at a later stage during
ssl_reassemble_dtls_handshake().
---
 library/ssl_tls.c | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d7c61655e..a321eaf42 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3426,6 +3426,41 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
     }
     return( 0 );
 }
+
+static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context *ssl )
+{
+    return( ( ssl->in_msg[9] << 16  ) |
+            ( ssl->in_msg[10] << 8  ) |
+              ssl->in_msg[11] );
+}
+
+static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context *ssl )
+{
+    return( ( ssl->in_msg[6] << 16 ) |
+            ( ssl->in_msg[7] << 8  ) |
+              ssl->in_msg[8] );
+}
+
+static int ssl_check_hs_header( mbedtls_ssl_context *ssl )
+{
+    uint32_t msg_len, frag_off, frag_len;
+
+    msg_len  = ssl_get_hs_total_len( ssl );
+    frag_off = ssl_get_hs_frag_off( ssl );
+    frag_len = ssl_get_hs_frag_len( ssl );
+
+    if( frag_off > msg_len )
+        return( -1 );
+
+    if( frag_len > msg_len - frag_off )
+        return( -1 );
+
+    if( frag_len + 12 > ssl->in_msglen )
+        return( -1 );
+
+    return( 0 );
+}
+
 /*
  * Mark bits in bitmask (used for DTLS HS reassembly)
  */
@@ -3688,6 +3723,12 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
         int ret;
         unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
 
+        if( ssl_check_hs_header( ssl ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
         if( ssl->handshake != NULL &&
             ( ( ssl->state   != MBEDTLS_SSL_HANDSHAKE_OVER &&
                 recv_msg_seq != ssl->handshake->in_msg_seq ) ||

From 6d97ef5a0366cb1ee1ae8d586d076fecbb8293e5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 13:09:04 +0100
Subject: [PATCH 420/578] Use uniform treatment for future messages and proper
 HS fragments

This commit returns the error code MBEDTLS_ERR_SSL_EARLY_MESSAGE
for proper handshake fragments, forwarding their treatment to
the buffering function ssl_buffer_message(); currently, though,
this function does not yet buffer or reassembly HS messages, so:

! This commit temporarily disables support for handshake reassembly !
---
 include/mbedtls/ssl_internal.h |   2 -
 library/ssl_tls.c              | 156 ++-------------------------------
 2 files changed, 6 insertions(+), 152 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index a34d38521..fbf3e70e8 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -297,8 +297,6 @@ struct mbedtls_ssl_handshake_params
     unsigned char verify_cookie_len;    /*!<  Cli: cookie length
                                               Srv: flag for sending a cookie */
 
-    unsigned char *hs_msg;              /*!<  Reassembled handshake message  */
-
     uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
     unsigned char retransmit_state;     /*!<  Retransmission state           */
     mbedtls_ssl_flight_item *flight;    /*!<  Current outgoing flight        */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a321eaf42..ed4168631 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3558,141 +3558,6 @@ static int ssl_prepare_reassembly_buffer( mbedtls_ssl_context *ssl, /* debug */
     return( 0 );
 }
 
-/*
- * Reassemble fragmented DTLS handshake messages.
- *
- * Use a temporary buffer for reassembly, divided in two parts:
- * - the first holds the reassembled message (including handshake header),
- * - the second holds a bitmask indicating which parts of the message
- *   (excluding headers) have been received so far.
- */
-static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
-{
-    unsigned char *msg, *bitmask;
-    size_t frag_len, frag_off;
-    size_t msg_len = ssl->in_hslen - 12; /* Without headers */
-
-    if( ssl->handshake == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "not supported outside handshake (for now)" ) );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
-
-    /*
-     * For first fragment, check size and allocate buffer
-     */
-    if( ssl->handshake->hs_msg == NULL )
-    {
-        ret = ssl_prepare_reassembly_buffer( msg_len, 1,
-                                             &ssl->handshake->hs_msg );
-        if( ret != 0 )
-            return( ret );
-
-        /* Prepare final header: copy msg_type, length and message_seq,
-         * then add standardised fragment_offset and fragment_length */
-        memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 );
-        memset( ssl->handshake->hs_msg + 6, 0, 3 );
-        memcpy( ssl->handshake->hs_msg + 9,
-                ssl->handshake->hs_msg + 1, 3 );
-    }
-    else
-    {
-        /* Make sure msg_type and length are consistent */
-        if( memcmp( ssl->handshake->hs_msg, ssl->in_msg, 4 ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment header mismatch" ) );
-            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-        }
-    }
-
-    msg = ssl->handshake->hs_msg + 12;
-    bitmask = msg + msg_len;
-
-    /*
-     * Check and copy current fragment
-     */
-    frag_off = ( ssl->in_msg[6]  << 16 ) |
-               ( ssl->in_msg[7]  << 8  ) |
-                 ssl->in_msg[8];
-    frag_len = ( ssl->in_msg[9]  << 16 ) |
-               ( ssl->in_msg[10] << 8  ) |
-                 ssl->in_msg[11];
-
-    if( frag_off + frag_len > msg_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment offset/len: %d + %d > %d",
-                          frag_off, frag_len, msg_len ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    if( frag_len + 12 > ssl->in_msglen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid fragment length: %d + 12 > %d",
-                          frag_len, ssl->in_msglen ) );
-        return( MBEDTLS_ERR_SSL_INVALID_RECORD );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
-                        frag_off, frag_len ) );
-
-    memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
-    ssl_bitmask_set( bitmask, frag_off, frag_len );
-
-    /*
-     * Do we have the complete message by now?
-     * If yes, finalize it, else ask to read the next record.
-     */
-    if( ssl_bitmask_check( bitmask, msg_len ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "message is not complete yet" ) );
-        return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake message completed" ) );
-
-    if( frag_len + 12 < ssl->in_msglen )
-    {
-        /*
-         * We'got more handshake messages in the same record.
-         * This case is not handled now because no know implementation does
-         * that and it's hard to test, so we prefer to fail cleanly for now.
-         */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "last fragment not alone in its record" ) );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
-
-    if( ssl->in_left > ssl->next_record_offset )
-    {
-        /*
-         * We've got more data in the buffer after the current record,
-         * that we don't want to overwrite. Move it before writing the
-         * reassembled message, and adjust in_left and next_record_offset.
-         */
-        unsigned char *cur_remain = ssl->in_hdr + ssl->next_record_offset;
-        unsigned char *new_remain = ssl->in_msg + ssl->in_hslen;
-        size_t remain_len = ssl->in_left - ssl->next_record_offset;
-
-        /* First compute and check new lengths */
-        ssl->next_record_offset = new_remain - ssl->in_hdr;
-        ssl->in_left = ssl->next_record_offset + remain_len;
-
-        if( ssl->in_left > MBEDTLS_SSL_IN_BUFFER_LEN -
-                           (size_t)( ssl->in_hdr - ssl->in_buf ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "reassembled message too large for buffer" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        memmove( new_remain, cur_remain, remain_len );
-    }
-
-    memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "reassembled handshake message",
-                   ssl->in_msg, ssl->in_hslen );
-
-    return( 0 );
-}
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context *ssl )
@@ -3772,15 +3637,14 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
         }
         /* Wait until message completion to increment in_msg_seq */
 
+        /* Message reassembly is handled alongside buffering of future
+         * messages; the commonality is that both handshake fragments and
+         * future messages cannot be forwarded immediately to the handshake
+         * handshake logic layer. */
         if( ssl_hs_is_proper_fragment( ssl ) == 1 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) );
-
-            if( ( ret = ssl_reassemble_dtls_handshake( ssl ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_reassemble_dtls_handshake", ret );
-                return( ret );
-            }
+            return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
         }
     }
     else
@@ -3812,13 +3676,6 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
         unsigned offset;
         mbedtls_ssl_hs_buffer *hs_buf;
 
-        /* Clear up handshake reassembly structure, if any. */
-        if( ssl->handshake->hs_msg != NULL )
-        {
-            mbedtls_free( ssl->handshake->hs_msg );
-            ssl->handshake->hs_msg = NULL;
-        }
-
         /* Increment handshake sequence number */
         hs->in_msg_seq++;
 
@@ -4554,7 +4411,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_MSG_HANDSHAKE:
-            /* No support for buffering handshake messages so far. */
+            /* TODO: Implement buffering and reassembly here. */
             break;
 
         default:
@@ -8461,7 +8318,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     mbedtls_free( handshake->verify_cookie );
-    mbedtls_free( handshake->hs_msg );
     ssl_flight_free( handshake->flight );
     ssl_buffering_free( ssl );
 #endif

From 37f95320814e29fc2d65e4a6b900e28f32a1116f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 13:55:32 +0100
Subject: [PATCH 421/578] Implement future message buffering and loading

This commit implements future handshake message buffering
and loading by implementing ssl_load_buffered_message()
and ssl_buffer_message().

Whenever a handshake message is received which is
- a future handshake message (i.e., the sequence number
  is larger than the next expected one), or which is
- a proper fragment of the next expected handshake message,
ssl_buffer_message() is called, which does the following:
- Ignore message if its sequence number is too far ahead
  of the next expected sequence number, as controlled by
  the macro constant MBEDTLS_SSL_MAX_BUFFERED_HS.
- Otherwise, check if buffering for the message with the
  respective sequence number has already commenced.
  - If not, allocate space to back up the message within
    the buffering substructure of mbedtls_ssl_handshake_params.
    If the message is a proper fragment, allocate additional
    space for a reassembly bitmap; if it is a full message,
    omit the bitmap. In any case, fall throuh to the next case.
  - If the message has already been buffered, check that
    the header is the same, and add the current fragment
    if the message is not yet complete (this excludes the
    case where a future message has been received in a single
    fragment, hence omitting the bitmap, and is afterwards
    also received as a series of proper fragments; in this
    case, the proper fragments will be ignored).

For loading buffered messages in ssl_load_buffered_message(),
the approach is the following:
- Check the first entry in the buffering window (the window
  is always based at the next expected handshake message).
  If buffering hasn't started or if reassembly is still
  in progress, ignore. If the next expected message has been
  fully received, copy it to the input buffer (which is empty,
  as ssl_load_buffered_message() is only called in this case).
---
 library/ssl_tls.c | 171 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 170 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ed4168631..b6e2c0edb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4354,6 +4354,7 @@ static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl )
 static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+    mbedtls_ssl_hs_buffer * hs_buf;
     int ret = 0;
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
@@ -4385,6 +4386,58 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
         hs->buffering.seen_ccs = 0;
         goto exit;
     }
+
+    /* Debug only */
+    {
+        unsigned offset;
+        for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
+        {
+            hs_buf = &hs->buffering.hs[offset];
+            if( hs_buf->is_valid == 1 )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.",
+                            hs->in_msg_seq + offset,
+                            hs_buf->is_complete ? "fully" : "partitially" ) );
+            }
+        }
+    }
+
+    /* Check if we have buffered and/or fully reassembled the
+     * next handshake message. */
+    hs_buf = &hs->buffering.hs[0];
+    if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) )
+    {
+        /* Synthesize a record containing the buffered HS message. */
+        size_t msg_len = ( hs_buf->data[1] << 16 ) |
+                         ( hs_buf->data[2] << 8  ) |
+                           hs_buf->data[3];
+
+        /* Double-check that we haven't accidentally buffered
+         * a message that doesn't fit into the input buffer. */
+        if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
+
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) );
+        MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)",
+                               hs_buf->data, msg_len + 12 );
+
+        ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+        ssl->in_hslen   = msg_len + 12;
+        ssl->in_msglen  = msg_len + 12;
+        memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen );
+
+        ret = 0;
+        goto exit;
+    }
+    else
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered",
+                                    hs->in_msg_seq ) );
+    }
+
     ret = -1;
 
 exit:
@@ -4411,8 +4464,124 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
             break;
 
         case MBEDTLS_SSL_MSG_HANDSHAKE:
-            /* TODO: Implement buffering and reassembly here. */
+        {
+            unsigned recv_msg_seq_offset;
+            unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5];
+            mbedtls_ssl_hs_buffer *hs_buf;
+            size_t msg_len = ssl->in_hslen - 12;
+
+            /* We should never receive an old handshake
+             * message - double-check nonetheless. */
+            if( recv_msg_seq < ssl->handshake->in_msg_seq )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+            }
+
+            recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq;
+            if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS )
+            {
+                /* Silently ignore -- message too far in the future */
+                MBEDTLS_SSL_DEBUG_MSG( 2,
+                 ( "Ignore future HS message with sequence number %u, "
+                   "buffering window %u - %u",
+                   recv_msg_seq, ssl->handshake->in_msg_seq,
+                   ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) );
+
+                goto exit;
+            }
+
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ",
+                                        recv_msg_seq, recv_msg_seq_offset ) );
+
+            hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
+
+            /* Check if the buffering for this seq nr has already commenced. */
+            if( ! hs_buf->is_valid )
+            {
+                hs_buf->is_fragmented =
+                    ( ssl_hs_is_proper_fragment( ssl ) == 1 );
+
+                /* We copy the message back into the input buffer
+                 * after reassembly, so check that it's not too large.
+                 * This is an implementation-specific limitation
+                 * and not one from the standard, hence it is not
+                 * checked in ssl_check_hs_header(). */
+                if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
+                {
+                    /* Ignore message */
+                    goto exit;
+                }
+
+                ret = ssl_prepare_reassembly_buffer( ssl, msg_len,
+                                                     hs_buf->is_fragmented,
+                                                     &hs_buf->data );
+                if( ret == MBEDTLS_ERR_SSL_ALLOC_FAILED &&
+                    recv_msg_seq_offset > 0 )
+                {
+                    /* If we run out of RAM trying to buffer a *future*
+                     * message, simply ignore instead of failing. */
+                    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Not enough RAM available to buffer future message - ignore" ) );
+                    goto exit;
+                }
+                else if( ret != 0 )
+                    return( ret );
+
+                /* Prepare final header: copy msg_type, length and message_seq,
+                 * then add standardised fragment_offset and fragment_length */
+                memcpy( hs_buf->data, ssl->in_msg, 6 );
+                memset( hs_buf->data + 6, 0, 3 );
+                memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
+
+                hs_buf->is_valid = 1;
+            }
+            else
+            {
+                /* Make sure msg_type and length are consistent */
+                if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 )
+                {
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) );
+                    /* Ignore */
+                    goto exit;
+                }
+            }
+
+            if( ! hs_buf->is_complete )
+            {
+                size_t frag_len, frag_off;
+                unsigned char * const msg = hs_buf->data + 12;
+
+                /*
+                 * Check and copy current fragment
+                 */
+
+                /* Validation of header fields already done in
+                 * mbedtls_ssl_prepare_handshake_record(). */
+                frag_off = ssl_get_hs_frag_off( ssl );
+                frag_len = ssl_get_hs_frag_len( ssl );
+
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
+                                            frag_off, frag_len ) );
+                memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
+
+                if( hs_buf->is_fragmented )
+                {
+                    unsigned char * const bitmask = msg + msg_len;
+                    ssl_bitmask_set( bitmask, frag_off, frag_len );
+                    hs_buf->is_complete = ( ssl_bitmask_check( bitmask,
+                                                               msg_len ) == 0 );
+                }
+                else
+                {
+                    hs_buf->is_complete = 1;
+                }
+
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete",
+                                   hs_buf->is_complete ? "" : "not yet " ) );
+            }
+
             break;
+        }
 
         default:
             break;

From e38422107e0f8ea4107fbc85e6253cf8f41cfec8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 15:28:59 +0100
Subject: [PATCH 422/578] Add test for reordering of handshake messages

---
 tests/ssl-opt.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c05600024..15481e183 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5743,6 +5743,14 @@ run_test    "DTLS proxy: delay ChangeCipherSpec" \
 
 # Tests for reordering support with DTLS
 
+run_test    "DTLS reordering: Buffer out-of-order handshake message" \
+            -p "$P_PXY delay=2 seed=1" \
+            "$P_SRV cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dtls=1 debug_level=2" \
+            0 \
+            -c "Buffering HS message" \
+            -c "Next handshake message has been buffered - load"
+
 run_test    "DTLS reordering: Buffer out-of-order CCS message"\
             -p "$P_PXY delay=3 seed=1" \
             "$P_SRV cookies=0 dtls=1 debug_level=2" \

From 5f066e7aac1b0a8e8d7178291978bc1b87ee6eac Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 14:56:31 +0100
Subject: [PATCH 423/578] Implement future record buffering

This commit implements the buffering of a record from the next epoch.

- The buffering substructure of mbedtls_ssl_handshake_params
  gets another field to hold a raw record (incl. header) from
  a future epoch.
- If ssl_parse_record_header() sees a record from the next epoch,
  it signals that it might be suitable for buffering by returning
  MBEDTLS_ERR_SSL_EARLY_MESSAGE.
- If ssl_get_next_record() finds this error code, it passes control
  to ssl_buffer_future_record() which may or may not decide to buffer
  the record; it does so if
  - a handshake is in progress,
  - the record is a handshake record
  - no record has already been buffered.
  If these conditions are met, the record is backed up in the
  aforementioned buffering substructure.
- If the current datagram is fully processed, ssl_load_buffered_record()
  is called to check if a record has been buffered, and if yes,
  if by now the its epoch is the current one; if yes, it copies
  the record into the (empty! otherwise, ssl_load_buffered_record()
  wouldn't have been called) input buffer.
---
 include/mbedtls/ssl_internal.h |   7 ++
 library/ssl_tls.c              | 148 ++++++++++++++++++++++++++++++++-
 2 files changed, 152 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index fbf3e70e8..660173401 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -322,6 +322,13 @@ struct mbedtls_ssl_handshake_params
             unsigned char *data;
         } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
 
+        struct
+        {
+            unsigned char *data;
+            size_t len;
+            unsigned epoch;
+        } future_record;
+
     } buffering;
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b6e2c0edb..85ed1e51c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4097,7 +4097,16 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
             }
             else
 #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */
+            {
+                /* Consider buffering the record. */
+                if( rec_epoch == (unsigned int) ssl->in_epoch + 1 )
+                {
+                    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) );
+                    return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+                }
+
                 return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+            }
         }
 
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -4254,7 +4263,9 @@ static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
 static int ssl_buffer_message( mbedtls_ssl_context *ssl );
+static int ssl_buffer_future_record( mbedtls_ssl_context *ssl );
 static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
@@ -4689,13 +4700,133 @@ static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+
+static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+    if( hs == NULL )
+        return;
+
+    mbedtls_free( hs->buffering.future_record.data );
+    hs->buffering.future_record.data = NULL;
+}
+
+static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+    unsigned char * rec;
+    size_t rec_len;
+    unsigned rec_epoch;
+
+    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( 0 );
+
+    if( hs == NULL )
+        return( 0 );
+
+    /* Only consider loading future records if the
+     * input buffer is empty. */
+    if( ssl_another_record_in_datagram( ssl ) == 1 )
+        return( 0 );
+
+    rec       = hs->buffering.future_record.data;
+    rec_len   = hs->buffering.future_record.len;
+    rec_epoch = hs->buffering.future_record.epoch;
+
+    if( rec == NULL )
+        return( 0 );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) );
+
+    if( rec_epoch != ssl->in_epoch )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) );
+        goto exit;
+    }
+
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) );
+
+    /* Double-check that the record is not too large */
+    if( rec_len > MBEDTLS_SSL_IN_BUFFER_LEN -
+        (size_t)( ssl->in_hdr - ssl->in_buf ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    memcpy( ssl->in_hdr, rec, rec_len );
+    ssl->in_left = rec_len;
+    ssl->next_record_offset = 0;
+
+    ssl_free_buffered_record( ssl );
+
+exit:
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) );
+    return( 0 );
+}
+
+static int ssl_buffer_future_record( mbedtls_ssl_context *ssl )
+{
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+    size_t const rec_hdr_len = 13;
+
+    /* Don't buffer future records outside handshakes. */
+    if( hs == NULL )
+        return( 0 );
+
+    /* Only buffer handshake records (we are only interested
+     * in Finished messages). */
+    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
+        return( 0 );
+
+    /* Don't buffer more than one future epoch record. */
+    if( hs->buffering.future_record.data != NULL )
+        return( 0 );
+
+    /* Buffer record */
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
+                                ssl->in_epoch + 1 ) );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", ssl->in_hdr,
+                           rec_hdr_len + ssl->in_msglen );
+
+    /* ssl_parse_record_header() only considers records
+     * of the next epoch as candidates for buffering. */
+    hs->buffering.future_record.epoch = ssl->in_epoch + 1;
+    hs->buffering.future_record.len   = rec_hdr_len + ssl->in_msglen;
+
+    hs->buffering.future_record.data =
+        mbedtls_calloc( 1, hs->buffering.future_record.len );
+    if( hs->buffering.future_record.data == NULL )
+    {
+        /* If we run out of RAM trying to buffer a
+         * record from the next epoch, just ignore. */
+        return( 0 );
+    }
+
+    memcpy( hs->buffering.future_record.data,
+            ssl->in_hdr, rec_hdr_len + ssl->in_msglen );
+
+    return( 0 );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
 static int ssl_get_next_record( mbedtls_ssl_context *ssl )
 {
     int ret;
 
-    /*
-     * Fetch and decode new record
-     */
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    /* We might have buffered a future record; if so,
+     * and if the epoch matches now, load it.
+     * On success, this call will set ssl->in_left to
+     * the length of the buffered record, so that
+     * the calls to ssl_fetch_input() below will
+     * essentially be no-ops. */
+    ret = ssl_load_buffered_record( ssl );
+    if( ret != 0 )
+        return( ret );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) ) ) != 0 )
     {
@@ -4709,6 +4840,16 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl )
         if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
             ret != MBEDTLS_ERR_SSL_CLIENT_RECONNECT )
         {
+            if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
+            {
+                ret = ssl_buffer_future_record( ssl );
+                if( ret != 0 )
+                    return( ret );
+
+                /* Fall through to handling of unexpected records */
+                ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
+            }
+
             if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD )
             {
                 /* Skip unexpected record (but not whole datagram) */
@@ -8489,6 +8630,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
     mbedtls_free( handshake->verify_cookie );
     ssl_flight_free( handshake->flight );
     ssl_buffering_free( ssl );
+    ssl_free_buffered_record( ssl );
 #endif
 
     mbedtls_platform_zeroize( handshake,

From b34149c00ff3b629a531feb5f57ea817c10f5c97 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 15:29:06 +0100
Subject: [PATCH 424/578] Add test for buffering of record from next epoch

---
 tests/ssl-opt.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 15481e183..b9601980d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5751,6 +5751,14 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message" \
             -c "Buffering HS message" \
             -c "Next handshake message has been buffered - load"
 
+run_test    "DTLS reordering: Buffer record from future epoch" \
+            -p "$P_PXY drop=3 seed=2" \
+            "$P_SRV cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dtls=1 debug_level=2" \
+            0 \
+            -s "Buffer record from epoch 1" \
+            -s "Found buffered record from current epoch - load"
+
 run_test    "DTLS reordering: Buffer out-of-order CCS message"\
             -p "$P_PXY delay=3 seed=1" \
             "$P_SRV cookies=0 dtls=1 debug_level=2" \

From b063a5ffade4eade10539b5b198e82af121e54ba Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 16:06:44 +0100
Subject: [PATCH 425/578] Update error codes

---
 library/error.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/error.c b/library/error.c
index 774244b45..6c8868919 100644
--- a/library/error.c
+++ b/library/error.c
@@ -515,6 +515,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
             mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
         if( use_ret == -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) )
             mbedtls_snprintf( buf, buflen, "SSL - The asynchronous operation is not completed yet" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_EARLY_MESSAGE) )
+            mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" );
 #endif /* MBEDTLS_SSL_TLS_C */
 
 #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)

From f103542c3db905c19ac99f4de1a18b42f1176e08 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 16:07:27 +0100
Subject: [PATCH 426/578] Adapt ChangeLog

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index ef8abc8bf..945531861 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,7 @@ Changes
      Drozd. Fixes #1215 raised by randombit.
    * Improve compatibility with some alternative CCM implementations by using
      CCM test vectors from RAM.
+   * Add support for buffering of out-of-order handshake messages.
 
 INTERNAL NOTE: need to bump soversion of libmbedtls:
 - added new member 'mtu' to public 'mbedtls_ssl_conf' structure

From d488b9e490d10906953d1e31a16253d3060e962f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 16:35:37 +0100
Subject: [PATCH 427/578] Increase maximum number of buffered handshake
 messages

---
 include/mbedtls/ssl_internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 660173401..eb9885a17 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -156,7 +156,7 @@
                                       ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
 
 /* The maximum number of buffered handshake messages. */
-#define MBEDTLS_SSL_MAX_BUFFERED_HS 2
+#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
 
 /* Maximum length we can advertise as our max content length for
    RFC 6066 max_fragment_length extension negotiation purposes

From 872730481d3d34d287a8a94ff294222778d94b9c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 16 Aug 2018 16:53:13 +0100
Subject: [PATCH 428/578] Disable datagram packing in reordering tests

---
 tests/ssl-opt.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b9601980d..5434ecfb7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5745,24 +5745,24 @@ run_test    "DTLS proxy: delay ChangeCipherSpec" \
 
 run_test    "DTLS reordering: Buffer out-of-order handshake message" \
             -p "$P_PXY delay=2 seed=1" \
-            "$P_SRV cookies=0 dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
+            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
             0 \
             -c "Buffering HS message" \
             -c "Next handshake message has been buffered - load"
 
 run_test    "DTLS reordering: Buffer record from future epoch" \
             -p "$P_PXY drop=3 seed=2" \
-            "$P_SRV cookies=0 dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
+            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
             0 \
             -s "Buffer record from epoch 1" \
             -s "Found buffered record from current epoch - load"
 
 run_test    "DTLS reordering: Buffer out-of-order CCS message"\
             -p "$P_PXY delay=3 seed=1" \
-            "$P_SRV cookies=0 dtls=1 debug_level=2" \
-            "$P_CLI dtls=1 debug_level=2" \
+            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
             0 \
             -c "Inject buffered CCS message" \
             -c "Remember CCS message"

From 56d5eaa96c94725df8dc94702e48b4e3eff74911 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 09:06:31 +0100
Subject: [PATCH 429/578] Mark SSL ctx unused in
 ssl_prepare_reassembly_buffer() if !DEBUG

The SSL context is passed to the reassembly preparation function
ssl_prepare_reassembly_buffer() solely for the purpose of allowing
debugging output. This commit marks the context as unused if
debugging is disabled (through !MBEDTLS_DEBUG_C).
---
 library/ssl_tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 85ed1e51c..c00c97496 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3531,6 +3531,11 @@ static int ssl_prepare_reassembly_buffer( mbedtls_ssl_context *ssl, /* debug */
     size_t alloc_len;
     unsigned char *buf;
 
+#if !defined(MBEDTLS_DEBUG_C)
+    /* The SSL context is used for debugging only. */
+    ((void) ssl);
+#endif
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
                                 msg_len ) );
 

From 01ea77836356405885f436f26c93c96fc0edf16a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 13:33:41 +0100
Subject: [PATCH 430/578] UDP proxy: Add option to delay specific handshake
 messages

---
 programs/test/udp_proxy.c | 109 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 109 insertions(+)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 55e0f249c..2986ee30a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -40,6 +40,8 @@
 #define mbedtls_time            time
 #define mbedtls_time_t          time_t
 #define mbedtls_printf          printf
+#define mbedtls_calloc          calloc
+#define mbedtls_free            free
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
@@ -106,6 +108,21 @@ int main( void )
     "    delay=%%d            default: 0 (no delayed packets)\n"            \
     "                        delay about 1:N packets randomly\n"            \
     "    delay_ccs=0/1       default: 0 (don't delay ChangeCipherSpec)\n"   \
+    "    delay_cli=%%s        Handshake message from client that should be\n"\
+    "                        delayed. Possible values are 'ClientHello',\n" \
+    "                        'Certificate', 'CertificateVerify', and\n"     \
+    "                        'ClientKeyExchange'.\n"                        \
+    "                        May be used multiple times, even for the same\n"\
+    "                        message, in which case the respective message\n"\
+    "                        gets delayed multiple times.\n"                 \
+    "    delay_srv=%%s        Handshake message from server that should be\n"\
+    "                        delayed. Possible values are 'HelloRequest',\n"\
+    "                        'ServerHello', 'ServerHelloDone', 'Certificate'\n"\
+    "                        'ServerKeyExchange', 'NewSessionTicket',\n"\
+    "                        'HelloVerifyRequest' and ''CertificateRequest'.\n"\
+    "                        May be used multiple times, even for the same\n"\
+    "                        message, in which case the respective message\n"\
+    "                        gets delayed multiple times.\n"                 \
     "    drop=%%d             default: 0 (no dropped packets)\n"            \
     "                        drop about 1:N packets randomly\n"             \
     "    mtu=%%d              default: 0 (unlimited)\n"                     \
@@ -121,6 +138,9 @@ int main( void )
 /*
  * global options
  */
+
+#define MAX_DELAYED_HS 10
+
 static struct options
 {
     const char *server_addr;    /* address to forward packets to            */
@@ -131,6 +151,12 @@ static struct options
     int duplicate;              /* duplicate 1 in N packets (none if 0)     */
     int delay;                  /* delay 1 packet in N (none if 0)          */
     int delay_ccs;              /* delay ChangeCipherSpec                   */
+    char* delay_cli[MAX_DELAYED_HS];  /* handshake types of messages from
+                                      * client that should be delayed.      */
+    uint8_t delay_cli_cnt;      /* Number of entries in delay_cli.          */
+    char* delay_srv[MAX_DELAYED_HS];  /* handshake types of messages from
+                                      * server that should be delayed.      */
+    uint8_t delay_srv_cnt;      /* Number of entries in delay_srv.          */
     int drop;                   /* drop 1 packet in N (none if 0)           */
     int mtu;                    /* drop packets larger than this            */
     int bad_ad;                 /* inject corrupted ApplicationData record  */
@@ -164,6 +190,11 @@ static void get_options( int argc, char *argv[] )
     opt.pack           = DFL_PACK;
     /* Other members default to 0 */
 
+    opt.delay_cli_cnt = 0;
+    opt.delay_srv_cnt = 0;
+    memset( opt.delay_cli, 0, sizeof( opt.delay_cli ) );
+    memset( opt.delay_srv, 0, sizeof( opt.delay_srv ) );
+
     for( i = 1; i < argc; i++ )
     {
         p = argv[i];
@@ -197,6 +228,43 @@ static void get_options( int argc, char *argv[] )
             if( opt.delay_ccs < 0 || opt.delay_ccs > 1 )
                 exit_usage( p, q );
         }
+        else if( strcmp( p, "delay_cli" ) == 0 ||
+                 strcmp( p, "delay_srv" ) == 0 )
+        {
+            uint8_t *delay_cnt;
+            char **delay_list;
+            size_t len;
+            char *buf;
+
+            if( strcmp( p, "delay_cli" ) == 0 )
+            {
+                delay_cnt  = &opt.delay_cli_cnt;
+                delay_list = opt.delay_cli;
+            }
+            else
+            {
+                delay_cnt  = &opt.delay_srv_cnt;
+                delay_list = opt.delay_srv;
+            }
+
+            if( *delay_cnt == MAX_DELAYED_HS )
+            {
+                mbedtls_printf( " maximally %d uses of delay_cli argument allows\n",
+                                MAX_DELAYED_HS );
+                exit_usage( p, NULL );
+            }
+
+            len = strlen( q );
+            buf = mbedtls_calloc( 1, len + 1 );
+            if( buf == NULL )
+            {
+                mbedtls_printf( " Allocation failure\n" );
+                exit( 1 );
+            }
+            memcpy( buf, q, len + 1 );
+
+            delay_list[ (*delay_cnt)++ ] = buf;
+        }
         else if( strcmp( p, "drop" ) == 0 )
         {
             opt.drop = atoi( q );
@@ -540,6 +608,10 @@ int handle_message( const char *way,
     packet cur;
     size_t id;
 
+    uint8_t delay_idx;
+    char ** delay_list;
+    uint8_t delay_list_len;
+
     /* receive packet */
     if( ( ret = mbedtls_net_recv( src, cur.buf, sizeof( cur.buf ) ) ) <= 0 )
     {
@@ -555,6 +627,36 @@ int handle_message( const char *way,
 
     id = cur.len % sizeof( dropped );
 
+    if( strcmp( way, "S <- C" ) == 0 )
+    {
+        delay_list     = opt.delay_cli;
+        delay_list_len = opt.delay_cli_cnt;
+    }
+    else
+    {
+        delay_list     = opt.delay_srv;
+        delay_list_len = opt.delay_srv_cnt;
+    }
+    /* Check if message type is in the list of messages
+     * that should be delayed */
+    for( delay_idx = 0; delay_idx < delay_list_len; delay_idx++ )
+    {
+        if( delay_list[ delay_idx ] == NULL )
+            continue;
+
+        if( strcmp( delay_list[ delay_idx ], cur.type ) == 0 )
+        {
+            /* Delay message */
+            memcpy( &prev, &cur, sizeof( packet ) );
+
+            /* Remove entry from list */
+            mbedtls_free( delay_list[delay_idx] );
+            delay_list[delay_idx] = NULL;
+
+            return( 0 );
+        }
+    }
+
     /* do we want to drop, delay, or forward it? */
     if( ( opt.mtu != 0 &&
           cur.len > (unsigned) opt.mtu ) ||
@@ -604,6 +706,7 @@ int main( int argc, char *argv[] )
 {
     int ret = 1;
     int exit_code = MBEDTLS_EXIT_FAILURE;
+    uint8_t delay_idx;
 
     mbedtls_net_context listen_fd, client_fd, server_fd;
 
@@ -798,6 +901,12 @@ exit:
     }
 #endif
 
+    for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
+    {
+        mbedtls_free( opt.delay_cli + delay_idx );
+        mbedtls_free( opt.delay_srv + delay_idx );
+    }
+
     mbedtls_net_free( &client_fd );
     mbedtls_net_free( &server_fd );
     mbedtls_net_free( &listen_fd );

From 56cdfd1e2995c76a5bb95d74651d1fc9815330b1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 13:42:15 +0100
Subject: [PATCH 431/578] Refine reordering tests

Now that the UDP proxy has the ability to delay specific
handshake message on the client and server side, use
this to rewrite the reordering tests and thereby make
them independent on the choice of PRNG used by the proxy
(which is not stable across platforms).
---
 tests/ssl-opt.sh | 70 ++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 56 insertions(+), 14 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 5434ecfb7..4b32314c5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5743,29 +5743,71 @@ run_test    "DTLS proxy: delay ChangeCipherSpec" \
 
 # Tests for reordering support with DTLS
 
-run_test    "DTLS reordering: Buffer out-of-order handshake message" \
-            -p "$P_PXY delay=2 seed=1" \
+run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
+            -p "$P_PXY delay_srv=ServerHello" \
             "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
             "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
             0 \
             -c "Buffering HS message" \
-            -c "Next handshake message has been buffered - load"
+            -c "Next handshake message has been buffered - load"\
+            -S "Buffering HS message" \
+            -S "Next handshake message has been buffered - load"\
+            -C "Inject buffered CCS message" \
+            -C "Remember CCS message" \
+            -S "Inject buffered CCS message" \
+            -S "Remember CCS message"
 
-run_test    "DTLS reordering: Buffer record from future epoch" \
-            -p "$P_PXY drop=3 seed=2" \
+run_test    "DTLS reordering: Buffer out-of-order handshake message on server" \
+            -p "$P_PXY delay_cli=Certificate" \
+            "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
+            0 \
+            -C "Buffering HS message" \
+            -C "Next handshake message has been buffered - load"\
+            -s "Buffering HS message" \
+            -s "Next handshake message has been buffered - load" \
+            -C "Inject buffered CCS message" \
+            -C "Remember CCS message" \
+            -S "Inject buffered CCS message" \
+            -S "Remember CCS message"
+
+run_test    "DTLS reordering: Buffer out-of-order CCS message on client"\
+            -p "$P_PXY delay_srv=NewSessionTicket" \
+            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
+            0 \
+            -C "Buffering HS message" \
+            -C "Next handshake message has been buffered - load"\
+            -S "Buffering HS message" \
+            -S "Next handshake message has been buffered - load" \
+            -c "Inject buffered CCS message" \
+            -c "Remember CCS message" \
+            -S "Inject buffered CCS message" \
+            -S "Remember CCS message"
+
+run_test    "DTLS reordering: Buffer out-of-order CCS message on server"\
+            -p "$P_PXY delay_cli=ClientKeyExchange" \
+            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
+            0 \
+            -C "Buffering HS message" \
+            -C "Next handshake message has been buffered - load"\
+            -S "Buffering HS message" \
+            -S "Next handshake message has been buffered - load" \
+            -C "Inject buffered CCS message" \
+            -C "Remember CCS message" \
+            -s "Inject buffered CCS message" \
+            -s "Remember CCS message"
+
+run_test    "DTLS reordering: Buffer record from future epoch (client and server)" \
+            -p "$P_PXY delay_ccs=1" \
             "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
             "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
             0 \
             -s "Buffer record from epoch 1" \
-            -s "Found buffered record from current epoch - load"
-
-run_test    "DTLS reordering: Buffer out-of-order CCS message"\
-            -p "$P_PXY delay=3 seed=1" \
-            "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
-            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
-            0 \
-            -c "Inject buffered CCS message" \
-            -c "Remember CCS message"
+            -s "Found buffered record from current epoch - load" \
+            -c "Buffer record from epoch 1" \
+            -c "Found buffered record from current epoch - load"
 
 # Tests for "randomly unreliable connection": try a variety of flows and peers
 

From 34b03ef78f3953f83b2e06d1b23459d21648f0fa Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Mon, 20 Aug 2018 10:38:35 +0300
Subject: [PATCH 432/578] Remove redundant `else` statement

Remove `else` statement, as it is redundant. resolves #1776
---
 ChangeLog     | 3 +++
 library/ecp.c | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index abd5e61bb..0d3d40a63 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@ Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
      This improves compliance to RFC 4492, and as a result, solves
      interoperability issues with BouncyCastle. Raised by milenamil in #1157.
+   * Remove redundant else statement, which is not readable, and the positive
+     path in the if statement results in exiting the funciton. Raised by irwir
+     in #1776.
 
 Changes
    * Copy headers preserving timestamps when doing a "make install".
diff --git a/library/ecp.c b/library/ecp.c
index 68c6f4914..9e2c085bb 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1897,7 +1897,6 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *
             mbedtls_mpi_get_bit( d, 1 ) != 0 ||
             mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
             return( MBEDTLS_ERR_ECP_INVALID_KEY );
-        else
 
         /* see [Curve25519] page 5 */
         if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )

From 0d4b376ddf559b88b6625ba1821ae4b128f9a08a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 09:36:59 +0100
Subject: [PATCH 433/578] Return through cleanup section in
 ssl_load_buffered_message()

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c00c97496..e6b5ad209 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4387,7 +4387,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
             ret = -1;
-            return( -1 );
+            goto exit;
         }
 
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "Inject buffered CCS message" ) );

From 6e7aaca146da9b4945895986abbb91ae3068c811 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Aug 2018 10:37:23 +0200
Subject: [PATCH 434/578] Move MTU setting to SSL context, not config

This setting belongs to the individual connection, not to a configuration
shared by many connections. (If a default value is desired, that can be handled
by the application code that calls mbedtls_ssl_set_mtu().)

There are at least two ways in which this matters:
- per-connection settings can be adjusted if MTU estimates become available
  during the lifetime of the connection
- it is at least conceivable that a server might recognize restricted clients
  based on range of IPs and immediately set a lower MTU for them. This is much
easier to do with a per-connection setting than by maintaining multiple
near-duplicated ssl_config objects that differ only by the MTU setting.
---
 ChangeLog                  |  5 ++-
 include/mbedtls/ssl.h      | 74 ++++++++++++++++++++------------------
 library/ssl_tls.c          | 18 +++++-----
 programs/ssl/ssl_client2.c | 10 +++---
 programs/ssl/ssl_server2.c |  8 +++--
 5 files changed, 63 insertions(+), 52 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bab69f676..a95cc6c59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,7 +3,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
 Features
-   * Add support for fragmentation of outoing DTLS handshake messages.
+   * Add support for fragmentation of outgoing DTLS handshake messages. This
+     is controlled by the maximum fragment length as set locally or negotiated
+     with the peer, as well as new per-connection MTU option, set using
+     mbedtls_ssl_set_mtu().
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a3b514cd4..69a2e8618 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -958,10 +958,6 @@ struct mbedtls_ssl_config
     unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint16_t mtu;                   /*!< path mtu, used to fragment outoing messages */
-#endif
-
     unsigned char max_major_ver;    /*!< max. major version used            */
     unsigned char max_minor_ver;    /*!< max. minor version used            */
     unsigned char min_major_ver;    /*!< min. major version used            */
@@ -1116,6 +1112,10 @@ struct mbedtls_ssl_context
     size_t out_msglen;          /*!< record header: message length    */
     size_t out_left;            /*!< amount of data not yet written   */
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    uint16_t mtu;               /*!< path mtu, used to fragment outoing messages */
+#endif
+
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     unsigned char *compress_buf;        /*!<  zlib data buffer        */
 #endif
@@ -1378,6 +1378,39 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
                           mbedtls_ssl_recv_t *f_recv,
                           mbedtls_ssl_recv_timeout_t *f_recv_timeout );
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+/**
+ * \brief          Set the Maximum Tranport Unit (MTU).
+ *                 Special value: 0 means unset (no limit).
+ *                 This represents the maximum size of a datagram payload
+ *                 handled by the transport layer (usually UDP) as determined
+ *                 by the network link and stack. In practice, this controls
+ *                 the maximum size datagram the DTLS layer will pass to the
+ *                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
+ *
+ * \note           This can be called at any point during the connection, for
+ *                 example when a PMTU estimate becomes available from other
+ *                 sources, such as lower (or higher) protocol layers.
+ *
+ * \note           This only controls the size of the packet we send.
+ *                 Client-side, you can request the server to use smaller
+ *                 records with \c mbedtls_conf_max_frag_len().
+ *
+ * \note           If both a MTU and a maximum fragment length have been
+ *                 configured (or negotiated with the peer), the lower limit
+ *                 is used.
+ *
+ * \note           Values larger than \c MBEDTLS_SSL_OUT_CONTENT_LEN have no
+ *                 effect. This can only be used to decrease the maximum size
+ *                 of datagrams sent. Values lower than record layer expansion
+ *                 are ignored.
+ *
+ * \param ssl      SSL context
+ * \param mtu      Value of the path MTU in bytes
+ */
+void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
 /**
  * \brief          Set the timeout period for mbedtls_ssl_read()
  *                 (Default: no timeout.)
@@ -2427,35 +2460,6 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
                                           char cert_req_ca_list );
 #endif /* MBEDTLS_SSL_SRV_C */
 
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-/**
- * \brief          Set the Maximum Tranport Unit (MTU).
- *                 Special value: 0 means unset (no limit).
- *                 This represents the maximum size of a datagram payload
- *                 handled by the transport layer (usually UDP) as determined
- *                 by the network link and stack. In practice, this controls
- *                 the maximum size datagram the DTLS layer will pass to the
- *                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
- *
- * \note           This only controls the size of the packet we send.
- *                 Client-side, you can request the server to use smaller
- *                 records with \c mbedtls_conf_max_frag_len().
- *
- * \note           If both a MTU and a maximum fragment length have been
- *                 configured (or negotiated with the peer), the lower limit
- *                 is used.
- *
- * \note           Values larger than \c MBEDTLS_SSL_OUT_CONTENT_LEN have no
- *                 effect. This can only be used to decrease the maximum size
- *                 of datagrams sent. Values lower than record layer expansion
- *                 are ignored.
- *
- * \param conf     SSL configuration
- * \param mtu      Value of the path MTU in bytes
- */
-void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 /**
  * \brief          Set the maximum fragment length to emit and/or negotiate
@@ -2476,7 +2480,7 @@ void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu );
  *
  * \note           For DTLS, it is also possible to set a limit for the total
  *                 size of daragrams passed to the transport layer, including
- *                 record overhead, see \c mbedtls_ssl_conf_mtu().
+ *                 record overhead, see \c mbedtls_ssl_set_mtu().
  *
  * \param conf     SSL configuration
  * \param mfl_code Code for maximum fragment length (allowed values:
@@ -2784,7 +2788,7 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl );
  * \note           This function is not available (always returns an error)
  *                 when record compression is enabled.
  *
- * \sa             mbedtls_ssl_conf_mtu()
+ * \sa             mbedtls_ssl_set_mtu()
  * \sa             mbedtls_ssl_get_max_frag_len()
  * \sa             mbedtls_ssl_get_record_expansion()
  *
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 530f283b4..7f85ddff1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6270,6 +6270,13 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
     ssl->f_recv_timeout = f_recv_timeout;
 }
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu )
+{
+    ssl->mtu = mtu;
+}
+#endif
+
 void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
 {
     conf->read_timeout   = timeout;
@@ -6758,13 +6765,6 @@ void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 )
 }
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_conf_mtu( mbedtls_ssl_config *conf, uint16_t mtu )
-{
-    conf->mtu = mtu;
-}
-#endif
-
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
 int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code )
 {
@@ -7101,9 +7101,9 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->mtu != 0 )
+    if( ssl->mtu != 0 )
     {
-        const size_t mtu = ssl->conf->mtu;
+        const size_t mtu = ssl->mtu;
         const int ret = mbedtls_ssl_get_record_expansion( ssl );
         const size_t overhead = (size_t) ret;
 
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 7cdc53a54..e4a7412a9 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1337,10 +1337,7 @@ int main( int argc, char *argv[] )
     if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
         mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min,
                                             opt.hs_to_max );
-
-    if( opt.dtls_mtu != DFL_DTLS_MTU )
-        mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#endif
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
@@ -1498,6 +1495,11 @@ int main( int argc, char *argv[] )
                              mbedtls_net_send, mbedtls_net_recv,
                              opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( opt.dtls_mtu != DFL_DTLS_MTU )
+        mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+#endif
+
 #if defined(MBEDTLS_TIMING_C)
     mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
                                             mbedtls_timing_get_delay );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 484f84fdd..71ec85bd3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2165,9 +2165,6 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
         mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
-
-    if( opt.dtls_mtu != DFL_DTLS_MTU )
-        mbedtls_ssl_conf_mtu( &conf, opt.dtls_mtu );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -2486,6 +2483,11 @@ int main( int argc, char *argv[] )
         mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
                              opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+    if( opt.dtls_mtu != DFL_DTLS_MTU )
+        mbedtls_ssl_set_mtu( &ssl, opt.dtls_mtu );
+#endif
+
 #if defined(MBEDTLS_TIMING_C)
     mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
                                             mbedtls_timing_get_delay );

From e00ae375d3cb981e0c804486517b33e99d89b540 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 09:39:42 +0100
Subject: [PATCH 435/578] Omit debug output in ssl_load_buffered_message
 outside a handshake

---
 library/ssl_tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e6b5ad209..8ead5fa7c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4373,11 +4373,11 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
     mbedtls_ssl_hs_buffer * hs_buf;
     int ret = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
-
     if( hs == NULL )
         return( -1 );
 
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
+
     if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
         ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
     {

From 4422bbb096ec1ebfde9112714153f3fdc03b2814 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 09:40:19 +0100
Subject: [PATCH 436/578] Whitespace fixes

---
 library/ssl_tls.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8ead5fa7c..b8ca1545f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4383,7 +4383,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
     {
         /* Check if we have seen a ChangeCipherSpec before.
          * If yes, synthesize a CCS record. */
-        if( ! hs->buffering.seen_ccs )
+        if( !hs->buffering.seen_ccs )
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) );
             ret = -1;
@@ -4513,7 +4513,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
             hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ];
 
             /* Check if the buffering for this seq nr has already commenced. */
-            if( ! hs_buf->is_valid )
+            if( !hs_buf->is_valid )
             {
                 hs_buf->is_fragmented =
                     ( ssl_hs_is_proper_fragment( ssl ) == 1 );
@@ -4562,7 +4562,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                 }
             }
 
-            if( ! hs_buf->is_complete )
+            if( !hs_buf->is_complete )
             {
                 size_t frag_len, frag_off;
                 unsigned char * const msg = hs_buf->data + 12;

From 3a0aad1c9d9380cdcab2b019e7b5a41dafe8d781 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 09:44:02 +0100
Subject: [PATCH 437/578] Rename `update_digest` to `update_hs_digest`

---
 include/mbedtls/ssl_internal.h | 8 ++++++--
 library/ssl_tls.c              | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index eb9885a17..bfc3a5a42 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -515,7 +515,10 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
  *              of the logic of (D)TLS from the implementation
  *              of the secure transport.
  *
- * \param  ssl  SSL context to use
+ * \param  ssl              The SSL context to use.
+ * \param  update_hs_digest This indicates if the handshake digest
+ *                          should be automatically updated in case
+ *                          a handshake message is found.
  *
  * \return      0 or non-zero error code.
  *
@@ -581,7 +584,8 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
  *              following the above definition.
  *
  */
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, unsigned update_digest );
+int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
+                             unsigned update_hs_digest );
 int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
 
 int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b8ca1545f..19523bac9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4275,7 +4275,7 @@ static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
-                             unsigned update_digest )
+                             unsigned update_hs_digest )
 {
     int ret;
 
@@ -4342,7 +4342,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
         }
 
         if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
-            update_digest == 1 )
+            update_hs_digest == 1 )
         {
             mbedtls_ssl_update_handshake_status( ssl );
         }

From caf874189165c202ea1b744c2d4a4f1d572164ac Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 09:45:51 +0100
Subject: [PATCH 438/578] Fix typo in documentation of UDP proxy argument
 'delay_cli'

---
 programs/test/udp_proxy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 2986ee30a..77eaa5d2f 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -249,7 +249,7 @@ static void get_options( int argc, char *argv[] )
 
             if( *delay_cnt == MAX_DELAYED_HS )
             {
-                mbedtls_printf( " maximally %d uses of delay_cli argument allows\n",
+                mbedtls_printf( " maximally %d uses of delay_cli argument allowed\n",
                                 MAX_DELAYED_HS );
                 exit_usage( p, NULL );
             }

From 02f3a8a921ba4aec77238eaa43305cebf1520eb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Aug 2018 10:49:28 +0200
Subject: [PATCH 439/578] Adjust timeout values for 3d test

Use the same values as other 3d tests: this makes the test hopefully a bit
faster than the default values, while not increasing the failure rate.

While at it:
- adjust "needs_more_time" setting for 3d interop tests (we can't set the
  timeout values for other implementations, so the test might be slow)
- fix some supposedly DTLS 1.0 test that were using dtls1_2 on the command
  line
---
 tests/ssl-opt.sh | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c27cc25c8..e966649d1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5313,11 +5313,11 @@ run_test    "DTLS fragmenting: proxy MTU + 3d" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
-             mtu=512" \
+             hs_timeout=250-10000 mtu=512" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             mtu=512" \
+             hs_timeout=250-10000 mtu=512" \
             0 \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
@@ -5350,7 +5350,7 @@ run_test    "DTLS fragmenting: gnutls server, DTLS 1.0" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1_2" \
+             mtu=512 force_version=dtls1" \
             0 \
             -c "fragmenting handshake message" \
             -C "error"
@@ -5448,14 +5448,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-client_needs_more_time 2
+client_needs_more_time 4
 run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
             "$G_NEXT_SRV -u" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1_2" \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
             0 \
             -c "fragmenting handshake message" \
             -C "error"
@@ -5465,14 +5465,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 2
+client_needs_more_time 4
 run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
             "$G_NEXT_SRV -u" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1_2" \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
             0 \
             -c "fragmenting handshake message" \
             -C "error"
@@ -5489,13 +5489,13 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## requires_config_enabled MBEDTLS_RSA_C
 ## requires_config_enabled MBEDTLS_ECDSA_C
 ## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-## client_needs_more_time 2
+## client_needs_more_time 4
 ## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
 ##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
 ##             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
 ##              crt_file=data_files/server7_int-ca.crt \
 ##              key_file=data_files/server7.key \
-##              mtu=512 force_version=dtls1_2" \
+##              hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
 ##             "$G_CLI -u" \
 ##             0 \
 ##             -s "fragmenting handshake message"
@@ -5506,13 +5506,13 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## requires_config_enabled MBEDTLS_RSA_C
 ## requires_config_enabled MBEDTLS_ECDSA_C
 ## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-## client_needs_more_time 2
+## client_needs_more_time 4
 ## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
 ##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
 ##             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
 ##              crt_file=data_files/server7_int-ca.crt \
 ##              key_file=data_files/server7.key \
-##              mtu=512 force_version=dtls1" \
+##              hs_timeout=250-60000 mtu=512 force_version=dtls1" \
 ##             "$G_CLI -u" \
 ##             0 \
 ##             -s "fragmenting handshake message"
@@ -5529,14 +5529,14 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## requires_config_enabled MBEDTLS_RSA_C
 ## requires_config_enabled MBEDTLS_ECDSA_C
 ## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-## client_needs_more_time 2
+## client_needs_more_time 4
 ## run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
 ##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
 ##             "$O_SRV -dtls1_2 -verify 10" \
 ##             "$P_CLI dtls=1 debug_level=2 \
 ##              crt_file=data_files/server8_int-ca2.crt \
 ##              key_file=data_files/server8.key \
-##              mtu=512 force_version=dtls1_2" \
+##              hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
 ##             0 \
 ##             -c "fragmenting handshake message" \
 ##             -C "error"
@@ -5546,14 +5546,14 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 2
+client_needs_more_time 4
 run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
             "$O_LEGACY_SRV -dtls1 -verify 10" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             mtu=512 force_version=dtls1" \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
             0 \
             -c "fragmenting handshake message" \
             -C "error"
@@ -5563,13 +5563,13 @@ run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
 ## requires_config_enabled MBEDTLS_RSA_C
 ## requires_config_enabled MBEDTLS_ECDSA_C
 ## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-## client_needs_more_time 2
+## client_needs_more_time 4
 ## run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
 ##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
 ##             "$P_SRV dtls=1 debug_level=2 \
 ##              crt_file=data_files/server7_int-ca.crt \
 ##              key_file=data_files/server7.key \
-##              mtu=512 force_version=dtls1_2" \
+##              hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
 ##             "$O_CLI -dtls1_2" \
 ##             0 \
 ##             -s "fragmenting handshake message"
@@ -5580,13 +5580,13 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-client_needs_more_time 2
+client_needs_more_time 4
 run_test    "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
             -p "$P_PXY drop=8 delay=8 duplicate=8" \
             "$P_SRV dtls=1 debug_level=2 \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
-             mtu=512 force_version=dtls1" \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
             "$O_LEGACY_CLI -nbio -dtls1" \
             0 \
             -s "fragmenting handshake message"

From 065a2a3472e6d24be99bfcde65931dbfa75f4c86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Aug 2018 11:09:26 +0200
Subject: [PATCH 440/578] Fix some typos and links in comments and doc

---
 include/mbedtls/ssl.h | 6 +++---
 library/ssl_tls.c     | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 69a2e8618..1d392ab31 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1113,7 +1113,7 @@ struct mbedtls_ssl_context
     size_t out_left;            /*!< amount of data not yet written   */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint16_t mtu;               /*!< path mtu, used to fragment outoing messages */
+    uint16_t mtu;               /*!< path mtu, used to fragment outgoing messages */
 #endif
 
 #if defined(MBEDTLS_ZLIB_SUPPORT)
@@ -1394,13 +1394,13 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *
  * \note           This only controls the size of the packet we send.
  *                 Client-side, you can request the server to use smaller
- *                 records with \c mbedtls_conf_max_frag_len().
+ *                 records with \c mbedtls_ssl_conf_max_frag_len().
  *
  * \note           If both a MTU and a maximum fragment length have been
  *                 configured (or negotiated with the peer), the lower limit
  *                 is used.
  *
- * \note           Values larger than \c MBEDTLS_SSL_OUT_CONTENT_LEN have no
+ * \note           Values larger than #MBEDTLS_SSL_OUT_CONTENT_LEN have no
  *                 effect. This can only be used to decrease the maximum size
  *                 of datagrams sent. Values lower than record layer expansion
  *                 are ignored.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7f85ddff1..5f3abe597 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3034,7 +3034,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl )
  *  - ssl->out_msg[0]: the handshake type (ClientHello, ServerHello, etc)
  *  - ssl->out_msg + 4: the handshake message body
  *
- * Ouputs, ie state before passing to flight_append() or write_record():
+ * Outputs, ie state before passing to flight_append() or write_record():
  *   - ssl->out_msglen: the length of the record contents
  *      (including handshake headers but excluding record headers)
  *   - ssl->out_msg: the record contents (handshake headers + content)

From 050dd6ad354f89f9e20ff94483a40526e520ccfd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Aug 2018 11:16:40 +0200
Subject: [PATCH 441/578] Improve documentation of ssl_set_mtu().

---
 include/mbedtls/ssl.h | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1d392ab31..f563437d1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1392,18 +1392,25 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *                 example when a PMTU estimate becomes available from other
  *                 sources, such as lower (or higher) protocol layers.
  *
- * \note           This only controls the size of the packet we send.
+ * \note           This only controls the size of the packets we send.
  *                 Client-side, you can request the server to use smaller
  *                 records with \c mbedtls_ssl_conf_max_frag_len().
  *
  * \note           If both a MTU and a maximum fragment length have been
- *                 configured (or negotiated with the peer), the lower limit
- *                 is used.
+ *                 configured (or negotiated with the peer), the resulting
+ *                 lower limit (after translating the MTU setting to a limit
+ *                 on the record content length) is used.
  *
- * \note           Values larger than #MBEDTLS_SSL_OUT_CONTENT_LEN have no
- *                 effect. This can only be used to decrease the maximum size
- *                 of datagrams sent. Values lower than record layer expansion
- *                 are ignored.
+ * \note           This can only be used to decrease the maximum size
+ *                 of datagrams sent. It cannot be used to increase the
+ *                 maximum size of records over the limit set by
+ *                 #MBEDTLS_SSL_OUT_CONTENT_LEN.
+ *
+ * \note           Values lower than the current record layer expansion will
+ *                 result in an error when trying to send data.
+ *
+ * \note           Using record compression together with a non-zero MTU value
+ *                 will result in an error when trying to send data.
  *
  * \param ssl      SSL context
  * \param mtu      Value of the path MTU in bytes

From 58e9dc3d4bf2d30be1eddf96b161ab3571df03b7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 15:53:21 +0100
Subject: [PATCH 442/578] Allow GNUTLS_NEXT_CLI / GNUTLS_NEXT_SERV to be unset
 in ssl-opt.sh

---
 tests/ssl-opt.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e966649d1..205cc5dd1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -51,13 +51,13 @@ else
     O_LEGACY_CLI=false
 fi
 
-if [ -n "${GNUTLS_NEXT_SERV}" ]; then
+if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
     G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
 else
     G_NEXT_SRV=false
 fi
 
-if [ -n "${GNUTLS_NEXT_CLI}" ]; then
+if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
     G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
 else
     G_NEXT_CLI=false
@@ -772,11 +772,11 @@ if [ -n "${OPENSSL_LEGACY:-}" ]; then
     O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
 fi
 
-if [ -n "${GNUTLS_NEXT_SERV}" ]; then
+if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
     G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
 fi
 
-if [ -n "${GNUTLS_NEXT_CLI}" ]; then
+if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
     G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT localhost"
 fi
 

From 982931523551b8b5e7e5db1f95eebe0c47ebdb30 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 17 Aug 2018 16:10:47 +0100
Subject: [PATCH 443/578] Add missing dependency in ssl-opt.sh

---
 tests/ssl-opt.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 205cc5dd1..9ff0795bc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5576,6 +5576,7 @@ run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
 
 # -nbio is added to prevent s_client from blocking in case of duplicated
 # messages at the end of the handshake
+requires_openssl_legacy
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From 4532329397dc3201c292a628d4e875a3e7ca6569 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Aug 2018 11:52:24 +0200
Subject: [PATCH 444/578] Add proxy-enforcement to a MTU test

---
 tests/ssl-opt.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9ff0795bc..f1c19828b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5097,6 +5097,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 run_test    "DTLS fragmenting: both (MTU)" \
+            -p "$P_PXY mtu=512" \
             "$P_SRV dtls=1 debug_level=2 auth_mode=required \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \

From a1071a58a3606e755e1e9832300bd4a35493e42b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Aug 2018 11:56:14 +0200
Subject: [PATCH 445/578] Compute record expansion at the right time

Depends on the current transform, which might change when retransmitting a
flight containing a Finished message, so compute it only after the transform
is swapped.
---
 library/ssl_tls.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5f3abe597..da21db237 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2845,20 +2845,8 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl )
  */
 int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 {
-    const int ret_payload = mbedtls_ssl_get_max_out_record_payload( ssl );
-    const size_t max_record_payload = (size_t) ret_payload;
-    /* DTLS handshake headers are 12 bytes */
-    const size_t max_hs_fragment_len = max_record_payload - 12;
-
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) );
 
-    if( ret_payload < 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload",
-                                  ret_payload );
-        return( ret_payload );
-    }
-
     if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) );
@@ -2895,6 +2883,10 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
         }
         else
         {
+            const int ret_payload = mbedtls_ssl_get_max_out_record_payload( ssl );
+            const size_t max_record_payload = (size_t) ret_payload;
+            /* DTLS handshake headers are 12 bytes */
+            const size_t max_hs_fragment_len = max_record_payload - 12;
             const unsigned char * const p = ssl->handshake->cur_msg_p;
             const size_t hs_len = cur->len - 12;
             const size_t frag_off = p - ( cur->p + 12 );
@@ -2902,6 +2894,13 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
             const size_t frag_len = rem_len > max_hs_fragment_len
                                   ? max_hs_fragment_len : rem_len;
 
+            if( ret_payload < 0 )
+            {
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload",
+                                          ret_payload );
+                return( ret_payload );
+            }
+
             if( frag_off == 0 && frag_len != hs_len )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)",

From 4cb782d2f67d186feef72e57c376f5831c20b0c8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 11:19:05 +0100
Subject: [PATCH 446/578] Return from ssl_load_buffered_record early if no
 record is buffered

---
 library/ssl_tls.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 19523bac9..058173c4a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4730,11 +4730,6 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
     if( hs == NULL )
         return( 0 );
 
-    /* Only consider loading future records if the
-     * input buffer is empty. */
-    if( ssl_another_record_in_datagram( ssl ) == 1 )
-        return( 0 );
-
     rec       = hs->buffering.future_record.data;
     rec_len   = hs->buffering.future_record.len;
     rec_epoch = hs->buffering.future_record.epoch;
@@ -4742,6 +4737,11 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
     if( rec == NULL )
         return( 0 );
 
+    /* Only consider loading future records if the
+     * input buffer is empty. */
+    if( ssl_another_record_in_datagram( ssl ) == 1 )
+        return( 0 );
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) );
 
     if( rec_epoch != ssl->in_epoch )

From 513815a38dd3e864531456d9537298de8b32d7ce Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 11:56:09 +0100
Subject: [PATCH 447/578] Fix typo in debugging output

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cc470583a..05a2a9f01 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3388,7 +3388,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
             flush = SSL_FORCE_FLUSH;
         else
         {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Stil %u bytes available in current datagram", (unsigned) remaining ) );
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) );
         }
     }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

From 4e1a9c17f29f9b4af76d95202a0030c7aa46873b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 12:21:35 +0100
Subject: [PATCH 448/578] ssl-opt.sh: Preserve proxy log, too, if
 --preserve-logs is specified

---
 tests/ssl-opt.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4fa8609f9..09728314d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -682,6 +682,9 @@ run_test() {
     if [ "$PRESERVE_LOGS" -gt 0 ]; then
         mv $SRV_OUT o-srv-${TESTS}.log
         mv $CLI_OUT o-cli-${TESTS}.log
+        if [ -n "$PXY_CMD" ]; then
+            mv $PXY_OUT o-pxy-${TESTS}.log
+        fi
     fi
 
     rm -f $SRV_OUT $CLI_OUT $PXY_OUT

From 7be2e5bb165c3061f1ac6eda46ce82dcdf448d64 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 12:21:35 +0100
Subject: [PATCH 449/578] ssl-opt.sh: Preserve proxy log, too, if
 --preserve-logs is specified

---
 tests/ssl-opt.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a1c7d0490..4a93a1772 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -632,6 +632,9 @@ run_test() {
     if [ "$PRESERVE_LOGS" -gt 0 ]; then
         mv $SRV_OUT o-srv-${TESTS}.log
         mv $CLI_OUT o-cli-${TESTS}.log
+        if [ -n "$PXY_CMD" ]; then
+            mv $PXY_OUT o-pxy-${TESTS}.log
+        fi
     fi
 
     rm -f $SRV_OUT $CLI_OUT $PXY_OUT

From f362c297fa199fc4269d940e252b8933426fce2b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 20 Aug 2018 12:40:23 +0100
Subject: [PATCH 450/578] ssl-opt.sh Add dependency on gnutls in two
 fragmentation tests

---
 tests/ssl-opt.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 09728314d..b6af4dff0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5359,6 +5359,7 @@ run_test    "DTLS fragmenting: proxy MTU + 3d" \
 #
 # here and below we just want to test that the we fragment in a way that
 # pleases other implementations, so we don't need the peer to fragment
+requires_gnutls
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5373,6 +5374,7 @@ run_test    "DTLS fragmenting: gnutls server, DTLS 1.2" \
             -c "fragmenting handshake message" \
             -C "error"
 
+requires_gnutls
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From 94347133684093e57668a8b4775735b31d3cdbfc Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Mon, 20 Aug 2018 14:59:33 +0300
Subject: [PATCH 451/578] Move the assertion

Move the assertion for checking the heap allocatino succeeded.
---
 tests/suites/test_suite_nist_kw.function | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index ff5bb8be0..5d0cd801a 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -161,14 +161,14 @@ void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res )
     if( in_len != 0 )
     {
         plaintext = mbedtls_calloc( 1, in_len );
+        TEST_ASSERT( plaintext != NULL );
     }
-    TEST_ASSERT( in_len == 0 || plaintext != NULL );
 
     if( out_len != 0 )
     {
         ciphertext = mbedtls_calloc( 1, output_len );
+    TEST_ASSERT( ciphertext != NULL );
     }
-    TEST_ASSERT( out_len == 0 || ciphertext != NULL );
 
     memset( plaintext, 0, in_len );
     memset( ciphertext, 0, output_len );
@@ -217,13 +217,13 @@ void nist_kw_ciphertext_lengths( int in_len, int out_len, int mode, int res )
     if( out_len != 0 )
     {
         plaintext = mbedtls_calloc( 1, output_len );
+        TEST_ASSERT( plaintext != NULL );
     }
-    TEST_ASSERT( out_len == 0 || plaintext != NULL );
     if( in_len != 0 )
     {
         ciphertext = mbedtls_calloc( 1, in_len );
+        TEST_ASSERT( ciphertext != NULL );
     }
-    TEST_ASSERT( in_len == 0 || ciphertext != NULL );
 
     memset( plaintext, 0, output_len );
     memset( ciphertext, 0, in_len );

From 615129839558690d2bca8fbdcc1ca885ee8d208e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Aug 2018 09:40:07 +0200
Subject: [PATCH 452/578] Add missing requires_gnutls guards

---
 tests/ssl-opt.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f1c19828b..4a6234803 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5332,6 +5332,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_gnutls
 run_test    "DTLS fragmenting: gnutls server, DTLS 1.2" \
             "$G_SRV -u" \
             "$P_CLI dtls=1 debug_level=2 \
@@ -5346,6 +5347,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+requires_gnutls
 run_test    "DTLS fragmenting: gnutls server, DTLS 1.0" \
             "$G_SRV -u" \
             "$P_CLI dtls=1 debug_level=2 \
@@ -5362,6 +5364,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_gnutls
 run_test    "DTLS fragmenting: gnutls client, DTLS 1.2" \
             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
              crt_file=data_files/server7_int-ca.crt \
@@ -5377,6 +5380,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+requires_gnutls
 run_test    "DTLS fragmenting: gnutls client, DTLS 1.0" \
             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
              crt_file=data_files/server7_int-ca.crt \
@@ -5486,6 +5490,7 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ##
 ## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
 ## requires_ipv6
+## requires_gnutls
 ## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 ## requires_config_enabled MBEDTLS_RSA_C
 ## requires_config_enabled MBEDTLS_ECDSA_C
@@ -5503,6 +5508,7 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ##
 ## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
 ## requires_ipv6
+## requires_gnutls
 ## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 ## requires_config_enabled MBEDTLS_RSA_C
 ## requires_config_enabled MBEDTLS_ECDSA_C

From f2f1d40d6d96fd5f7c0973d91b5620d30a6e0913 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Aug 2018 09:53:22 +0200
Subject: [PATCH 453/578] Improve wording in ChangeLog and documentation

---
 ChangeLog             |  2 +-
 include/mbedtls/ssl.h | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a95cc6c59..3f144a7e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,7 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Features
    * Add support for fragmentation of outgoing DTLS handshake messages. This
      is controlled by the maximum fragment length as set locally or negotiated
-     with the peer, as well as new per-connection MTU option, set using
+     with the peer, as well as by a new per-connection MTU option, set using
      mbedtls_ssl_set_mtu().
 
 Bugfix
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f563437d1..4471de507 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1392,9 +1392,11 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *                 example when a PMTU estimate becomes available from other
  *                 sources, such as lower (or higher) protocol layers.
  *
- * \note           This only controls the size of the packets we send.
- *                 Client-side, you can request the server to use smaller
- *                 records with \c mbedtls_ssl_conf_max_frag_len().
+ * \note           This setting only controls the size of the packets we send,
+ *                 and does not restrict the size of the datagrams we're
+ *                 willing to receive.  Client-side, you can request the
+ *                 server to use smaller records with \c
+ *                 mbedtls_ssl_conf_max_frag_len().
  *
  * \note           If both a MTU and a maximum fragment length have been
  *                 configured (or negotiated with the peer), the resulting
@@ -1402,7 +1404,8 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *                 on the record content length) is used.
  *
  * \note           This can only be used to decrease the maximum size
- *                 of datagrams sent. It cannot be used to increase the
+ *                 of datagrams (hence records, as records cannot span
+ *                 multiple datagrams) sent. It cannot be used to increase the
  *                 maximum size of records over the limit set by
  *                 #MBEDTLS_SSL_OUT_CONTENT_LEN.
  *

From 000281e07d796576d615243b5883b243f22dc53f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Aug 2018 11:20:58 +0200
Subject: [PATCH 454/578] Fix "unused parameter" warning in small configs

---
 library/ssl_tls.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index da21db237..faa9467e1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7092,6 +7092,11 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
 {
     size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
 
+#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \
+    !defined(MBEDTLS_SSL_PROTO_DTLS)
+    (void) ssl;
+#endif
+
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     const size_t mfl = mbedtls_ssl_get_max_frag_len( ssl );
 

From 661103595e90529a2a3fc0af3648331f02b1af30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Aug 2018 11:55:40 +0200
Subject: [PATCH 455/578] Try to further clarify documentation

---
 include/mbedtls/ssl.h | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4471de507..35f4d320a 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1388,6 +1388,10 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *                 the maximum size datagram the DTLS layer will pass to the
  *                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
  *
+ * \note           The limit on datagram size is converted to a limit on
+ *                 record payload by subtracting the current overhead of
+ *                 encapsulation and encryption/authentication if any.
+ *
  * \note           This can be called at any point during the connection, for
  *                 example when a PMTU estimate becomes available from other
  *                 sources, such as lower (or higher) protocol layers.
@@ -1400,14 +1404,12 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *
  * \note           If both a MTU and a maximum fragment length have been
  *                 configured (or negotiated with the peer), the resulting
- *                 lower limit (after translating the MTU setting to a limit
- *                 on the record content length) is used.
+ *                 lower limit on record payload (see first note) is used.
  *
  * \note           This can only be used to decrease the maximum size
- *                 of datagrams (hence records, as records cannot span
- *                 multiple datagrams) sent. It cannot be used to increase the
- *                 maximum size of records over the limit set by
- *                 #MBEDTLS_SSL_OUT_CONTENT_LEN.
+ *                 of datagrams (hence records, see first note) sent. It
+ *                 cannot be used to increase the maximum size of records over
+ *                 the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
  *
  * \note           Values lower than the current record layer expansion will
  *                 result in an error when trying to send data.

From 2f2d9020cd4eaab26b4159fd87e1220211e35a63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 21 Aug 2018 12:17:54 +0200
Subject: [PATCH 456/578] Add delay in test to avoid race condition

We previously observed random-looking failures from this test. I think they
were caused by a race condition where the client tries to reconnect while the
server is still closing the connection and has not yet returned to an
accepting state. In that case, the server would fail to see and reply to the
ClientHello, and the client would have to resend it.

I believe logs of failing runs are compatible with this interpretation:
- the proxy logs show the new ClientHello and the server's closing Alert are
  sent the same millisecond.
- the client logs show the server's closing Alert is received after the new
  handshake has been started (discarding message from wrong epoch).

The attempted fix is for the client to wait a bit before reconnecting, which
should vastly enhance the probability of the server reaching its accepting
state before the client tries to reconnect. The value of 1 second is arbitrary
but should be more than enough even on loaded machines.

The test was run locally 100 times in a row on a slightly loaded machine (an
instance of all.sh running in parallel) without any failure after this fix.
---
 tests/ssl-opt.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4a6234803..f811789e6 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5139,6 +5139,8 @@ run_test    "DTLS fragmenting: proxy MTU, simple handshake" \
 # Since we don't support reading fragmented ClientHello yet,
 # up the MTU to 1450 (larger than ClientHello with session ticket,
 # but still smaller than client's Certificate to ensure fragmentation).
+# reco_delay avoids races where the client reconnects before the server has
+# resumed listening, which would result in a spurious resend.
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5152,7 +5154,7 @@ run_test    "DTLS fragmenting: proxy MTU, resumed handshake" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             mtu=1450 reconnect=1" \
+             mtu=1450 reconnect=1 reco_delay=1" \
             0 \
             -S "resend" \
             -C "resend" \

From f61ff4e1d689388d76abb83f685f48a5c1c1f914 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 13:17:47 +0100
Subject: [PATCH 457/578] ssl_server2: Remove redundant new line

---
 programs/ssl/ssl_server2.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4378e4f25..8d414364a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2193,7 +2193,6 @@ int main( int argc, char *argv[] )
     };
 #endif
 
-
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
     if( opt.trunc_hmac != DFL_TRUNC_HMAC )
         mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );

From ecff20554821ca9962c587fd9f55768f4d9fe787 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 13:20:00 +0100
Subject: [PATCH 458/578] Remove stray bracket if MBEDTLS_ZLIB_SUPPORT is
 defined

---
 library/ssl_tls.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0b3fea177..08ed75dc2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7238,7 +7238,6 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL )
         return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
 #endif
 
     switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) )

From 1f5a15d86dcc7350c5684b350e33b9d769b7cfd4 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 13:31:31 +0100
Subject: [PATCH 459/578] Check retval of remaining_payload_in_datagram in
 ssl_write_record()

---
 library/ssl_tls.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 08ed75dc2..e888812f6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3383,7 +3383,16 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
     {
-        size_t remaining = ssl_get_remaining_payload_in_datagram( ssl );
+        size_t remaining;
+        ret = ssl_get_remaining_payload_in_datagram( ssl );
+        if( ret < 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram",
+                                   ret );
+            return( ret );
+        }
+
+        remaining = (size_t) ret;
         if( remaining == 0 )
             flush = SSL_FORCE_FLUSH;
         else

From 47db877039d61ff28d2c3ce121acaed47e55b437 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 13:32:13 +0100
Subject: [PATCH 460/578] ssl_write_record: Consider setting flush variable
 only if unset

---
 library/ssl_tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e888812f6..e4ea5c2bc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3381,7 +3381,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+        flush == SSL_DONT_FORCE_FLUSH )
     {
         size_t remaining;
         ret = ssl_get_remaining_payload_in_datagram( ssl );

From 6b13afe1a5295ef092a30dba32d3d8ae7c1d9a07 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Tue, 21 Aug 2018 16:11:13 +0300
Subject: [PATCH 461/578] Fix indentation

Fix indentation in the test.
---
 tests/suites/test_suite_nist_kw.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index 5d0cd801a..ae3ef8062 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -167,7 +167,7 @@ void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res )
     if( out_len != 0 )
     {
         ciphertext = mbedtls_calloc( 1, output_len );
-    TEST_ASSERT( ciphertext != NULL );
+        TEST_ASSERT( ciphertext != NULL );
     }
 
     memset( plaintext, 0, in_len );

From e678eaa93e37d2833c6a5565a8b320f6a7640249 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 14:57:46 +0100
Subject: [PATCH 462/578] Reject invalid CCS records early

This commit moves the length and content check for CCS messages to
the function mbedtls_ssl_handle_message_type() which is called after
a record has been deprotected.

Previously, these checks were performed in the function
mbedtls_ssl_parse_change_cipher_spec(); however, now that
the arrival of out-of-order CCS messages is remembered
as a boolean flag, the check also has to happen when this
flag is set. Moving the length and content check to
mbedtls_ssl_handle_message_type() allows to treat both
checks uniformly.
---
 library/ssl_tls.c | 49 +++++++++++++++++++++++++++++------------------
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 058173c4a..4b64fe623 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4476,6 +4476,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
     {
         case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) );
+
             hs->buffering.seen_ccs = 1;
             break;
 
@@ -4986,23 +4987,38 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
         }
     }
 
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    /* Drop unexpected ChangeCipherSpec messages */
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC  &&
-        ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC    &&
-        ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+    if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
     {
-        if( ssl->handshake == NULL )
+        if( ssl->in_msglen != 1 )
         {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) );
-            return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
+                           ssl->in_msglen ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) );
-        return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
-    }
+        if( ssl->in_msg[0] != 1 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x",
+                                        ssl->in_msg[0] ) );
+            return( MBEDTLS_ERR_SSL_INVALID_RECORD );
+        }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+        if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+            ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC    &&
+            ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
+        {
+            if( ssl->handshake == NULL )
+            {
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) );
+                return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD );
+            }
+
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) );
+            return( MBEDTLS_ERR_SSL_EARLY_MESSAGE );
+        }
 #endif
+    }
 
     if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT )
     {
@@ -5718,13 +5734,8 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
     }
 
-    if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
-    }
+    /* CCS records are only accepted if they have length 1 and content '1',
+     * so we don't need to check this here. */
 
     /*
      * Switch to our negotiated transform and session parameters for inbound

From 5bcf2b081f4ba0ec395478611d19e03f0793c7b6 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 14:25:40 +0100
Subject: [PATCH 463/578] ssl-opt.sh: Allow spurious resend in DTLS session
 resumption test

When a server replies to a cookieless ClientHello with a HelloVerifyRequest,
it is supposed to reset the connection and wait for a subsequent ClientHello
which includes the cookie from the HelloVerifyRequest.
In testing environments, it might happen that the reset of the server
takes longer than for the client to replying to the HelloVerifyRequest
with the ClientHello+Cookie. In this case, the ClientHello gets lost
and the client will need retransmit. This may happen even if the underlying
datagram transport is reliable.

This commit removes a guard in the ssl-opt.sh test
'DTLS fragmenting: proxy MTU, resumed handshake' which made
the test fail in case the log showed a resend from the client.
---
 tests/ssl-opt.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 886c44cfa..9b416fbb2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5171,6 +5171,9 @@ run_test    "DTLS fragmenting: proxy MTU, simple handshake" \
 # Since we don't support reading fragmented ClientHello yet,
 # up the MTU to 1450 (larger than ClientHello with session ticket,
 # but still smaller than client's Certificate to ensure fragmentation).
+#
+# A resend on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "resend"' below.
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5187,7 +5190,6 @@ run_test    "DTLS fragmenting: proxy MTU, resumed handshake" \
              mtu=1450 reconnect=1" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"

From 2a97b0e7a37b5ccc0e84118552aac7f6e58724c5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 15:47:49 +0100
Subject: [PATCH 464/578] Introduce function to return size of buffer needed
 for reassembly

A previous commit introduced the function ssl_prepare_reassembly_buffer()
which took a message length and a boolean flag indicating if a reassembly
bit map was needed, and attempted to heap-allocate a buffer of sufficient
size to hold both the message, its header, and potentially the reassembly
bitmap.

A subsequent commit is going to introduce a limit on the amount of heap
allocations allowed for the purpose of buffering, and this change will
need to know the reassembly buffer size before attempting the allocation.

To this end, this commit changes ssl_prepare_reassembly_buffer() into
ssl_get_reassembly_buffer_size() which solely computes the reassembly
buffer size, and performing the heap allocation manually in
ssl_buffer_message().
---
 library/ssl_tls.c | 43 +++++++++----------------------------------
 1 file changed, 9 insertions(+), 34 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4b64fe623..7eb1c89a8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3523,28 +3523,10 @@ static int ssl_bitmask_check( unsigned char *mask, size_t len )
 }
 
 /* msg_len does not include the handshake header */
-static int ssl_prepare_reassembly_buffer( mbedtls_ssl_context *ssl, /* debug */
-                                          unsigned msg_len,
-                                          unsigned add_bitmap,
-                                          unsigned char **target )
+static size_t ssl_get_reassembly_buffer_size( unsigned msg_len,
+                                              unsigned add_bitmap )
 {
     size_t alloc_len;
-    unsigned char *buf;
-
-#if !defined(MBEDTLS_DEBUG_C)
-    /* The SSL context is used for debugging only. */
-    ((void) ssl);
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
-                                msg_len ) );
-
-    /* NOTE: That should be checked earlier */
-    if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too large" ) );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
 
     alloc_len  = 12;                                 /* Handshake header */
     alloc_len += msg_len;                            /* Content buffer   */
@@ -3552,15 +3534,7 @@ static int ssl_prepare_reassembly_buffer( mbedtls_ssl_context *ssl, /* debug */
     if( add_bitmap )
         alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap       */
 
-    buf = mbedtls_calloc( 1, alloc_len );
-    if( buf == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", alloc_len ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    *target = buf;
-    return( 0 );
+    return( alloc_len );
 }
 
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
@@ -4516,6 +4490,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
             /* Check if the buffering for this seq nr has already commenced. */
             if( !hs_buf->is_valid )
             {
+                size_t reassembly_buf_sz;
+
                 hs_buf->is_fragmented =
                     ( ssl_hs_is_proper_fragment( ssl ) == 1 );
 
@@ -4530,11 +4506,10 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                     goto exit;
                 }
 
-                ret = ssl_prepare_reassembly_buffer( ssl, msg_len,
-                                                     hs_buf->is_fragmented,
-                                                     &hs_buf->data );
-                if( ret == MBEDTLS_ERR_SSL_ALLOC_FAILED &&
-                    recv_msg_seq_offset > 0 )
+                reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len,
+                                                       hs_buf->is_fragmented );
+                hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
+                if( hs_buf->data == NULL )
                 {
                     /* If we run out of RAM trying to buffer a *future*
                      * message, simply ignore instead of failing. */

From e0b150f96bfa4430d5d3b960f9d40153dfa13dfb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 15:51:03 +0100
Subject: [PATCH 465/578] Allow limiting the total amount of heap allocations
 for buffering

This commit introduces a compile time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING
to mbedtls/config.h which allows the user to control the cumulative size of
all heap buffer allocated for the purpose of reassembling and buffering
handshake messages.

It is put to use by introducing a new field `total_bytes_buffered` to
the buffering substructure of `mbedtls_ssl_handshake_params` that keeps
track of the total size of heap allocated buffers for the purpose of
reassembly and buffering at any time. It is increased whenever a handshake
message is buffered or prepared for reassembly, and decreased when a
buffered or fully reassembled message is copied into the input buffer
and passed to the handshake logic layer.

This commit does not yet include future epoch record buffering into
account; this will be done in a subsequent commit.

Also, it is now conceivable that the reassembly of the next expected
handshake message fails because too much buffering space has already
been used up for future messages. This case currently leads to an
error, but instead, the stack should get rid of buffered messages
to be able to buffer the next one. This will need to be implemented
in one of the next commits.
---
 include/mbedtls/config.h       |  8 ++++++
 include/mbedtls/ssl.h          |  4 +++
 include/mbedtls/ssl_internal.h |  4 +++
 library/ssl_tls.c              | 46 ++++++++++++++++++++++++++++++----
 4 files changed, 57 insertions(+), 5 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 70820be56..70dd4be2b 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3010,6 +3010,14 @@
  */
 //#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
 
+/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
+ *
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ *
+ */
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             ( 2 * 16384 )
+
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3a8dd21e9..29c139ed1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -243,6 +243,10 @@
 #define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
 #endif
 
+#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
+#define MBEDTLS_SSL_DTLS_MAX_BUFFERING ( 2 * MBEDTLS_SSL_IN_CONTENT_LEN )
+#endif
+
 /* \} name SECTION: Module settings */
 
 /*
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index bfc3a5a42..2c0684f3d 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -311,6 +311,9 @@ struct mbedtls_ssl_handshake_params
 
     struct
     {
+        size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
+                                      *   buffers used for message buffering. */
+
         uint8_t seen_ccs;               /*!< Indicates if a CCS message has
                                          *   been seen in the current flight. */
 
@@ -320,6 +323,7 @@ struct mbedtls_ssl_handshake_params
             uint8_t is_fragmented : 1;
             uint8_t is_complete   : 1;
             unsigned char *data;
+            size_t data_len;
         } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
 
         struct
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7eb1c89a8..f4ed28a66 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3665,7 +3665,10 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
         /* Free first entry */
         hs_buf = &hs->buffering.hs[0];
         if( hs_buf->is_valid )
+        {
+            hs->buffering.total_bytes_buffered -= hs_buf->data_len;
             mbedtls_free( hs_buf->data );
+        }
 
         /* Shift all other entries */
         for( offset = 0; offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
@@ -4506,18 +4509,49 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                     goto exit;
                 }
 
+                /* Check if we have enough space to buffer the message. */
+                if( hs->buffering.total_bytes_buffered >
+                    MBEDTLS_SSL_DTLS_MAX_BUFFERING )
+                {
+                    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+                    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+                }
+
                 reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len,
                                                        hs_buf->is_fragmented );
+
+                if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                                          hs->buffering.total_bytes_buffered ) )
+                {
+                    if( recv_msg_seq_offset > 0 )
+                    {
+                        /* If we can't buffer a future message because
+                         * of space limitations -- ignore. */
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
+                             (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                             (unsigned) hs->buffering.total_bytes_buffered ) );
+                        goto exit;
+                    }
+
+                    /* TODO: Remove future messages in the attempt to make
+                     *       space for the current one. */
+                    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
+                             (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                             (unsigned) hs->buffering.total_bytes_buffered ) );
+                    ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+                    goto exit;
+                }
+
+                MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
+                                            msg_len ) );
+
                 hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
                 if( hs_buf->data == NULL )
                 {
-                    /* If we run out of RAM trying to buffer a *future*
-                     * message, simply ignore instead of failing. */
-                    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Not enough RAM available to buffer future message - ignore" ) );
+                    ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
                     goto exit;
                 }
-                else if( ret != 0 )
-                    return( ret );
+                hs_buf->data_len = reassembly_buf_sz;
 
                 /* Prepare final header: copy msg_type, length and message_seq,
                  * then add standardised fragment_offset and fragment_length */
@@ -4526,6 +4560,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                 memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
 
                 hs_buf->is_valid = 1;
+
+                hs->buffering.total_bytes_buffered += reassembly_buf_sz;
             }
             else
             {

From 96a6c69d0c41df4b09fc43f05a83c556c5f96fa7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 15:56:03 +0100
Subject: [PATCH 466/578] Correct bounds check in ssl_buffer_message()

The previous bounds check omitted the DTLS handshake header.
---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f4ed28a66..17010b594 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4503,7 +4503,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                  * This is an implementation-specific limitation
                  * and not one from the standard, hence it is not
                  * checked in ssl_check_hs_header(). */
-                if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN )
+                if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN )
                 {
                     /* Ignore message */
                     goto exit;

From e605b196312edf5e20538386d7686d47eec13ec1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 15:59:07 +0100
Subject: [PATCH 467/578] Add function to free a particular buffering slot

This commit adds a static function ssl_buffering_free_slot()
which allows to free a particular structure used to buffer
and/or reassembly some handshake message.
---
 library/ssl_tls.c | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 17010b594..5ab172d65 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -170,6 +170,9 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
 
 static void ssl_buffering_free( mbedtls_ssl_context *ssl );
 
+static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
+                                     uint8_t slot );
+
 /*
  * Double the retransmit timeout value, within the allowed range,
  * returning -1 if the maximum value has already been reached.
@@ -3663,15 +3666,11 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl )
          */
 
         /* Free first entry */
-        hs_buf = &hs->buffering.hs[0];
-        if( hs_buf->is_valid )
-        {
-            hs->buffering.total_bytes_buffered -= hs_buf->data_len;
-            mbedtls_free( hs_buf->data );
-        }
+        ssl_buffering_free_slot( ssl, 0 );
 
         /* Shift all other entries */
-        for( offset = 0; offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
+        for( offset = 0, hs_buf = &hs->buffering.hs[0];
+             offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS;
              offset++, hs_buf++ )
         {
             *hs_buf = *(hs_buf + 1);
@@ -8564,13 +8563,19 @@ static void ssl_buffering_free( mbedtls_ssl_context *ssl )
         return;
 
     for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
+        ssl_buffering_free_slot( ssl, offset );
+}
+
+static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
+                                     uint8_t slot )
+{
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+    mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot];
+    if( hs_buf->is_valid == 1 )
     {
-        mbedtls_ssl_hs_buffer *hs_buf = &hs->buffering.hs[offset];
-        if( hs_buf->is_valid == 1 )
-        {
-            mbedtls_free( hs_buf->data );
-            memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
-        }
+        hs->buffering.total_bytes_buffered -= hs_buf->data_len;
+        mbedtls_free( hs_buf->data );
+        memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) );
     }
 }
 

From 55e9e2aa6b60dabaa5d461742cb73b1fff74324c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 16:07:55 +0100
Subject: [PATCH 468/578] Free future buffers if next handshake messages can't
 be reassembled

If the next expected handshake message can't be reassembled because
buffered future messages have already used up too much of the available
space for buffering, free those future message buffers in order to
make space for the reassembly, starting with the handshake message
that's farthest in the future.
---
 library/ssl_tls.c | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5ab172d65..d0d5d72c5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4522,6 +4522,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                 if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
                                           hs->buffering.total_bytes_buffered ) )
                 {
+                    int offset;
+
                     if( recv_msg_seq_offset > 0 )
                     {
                         /* If we can't buffer a future message because
@@ -4532,13 +4534,34 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                         goto exit;
                     }
 
-                    /* TODO: Remove future messages in the attempt to make
-                     *       space for the current one. */
-                    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
+                    /* We don't have enough space to buffer the next expected
+                     * handshake message. Remove buffers used for future msgs
+                     * to gain space, starting with the most distant one. */
+                    for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
+                         offset >= 0; offset-- )
+                    {
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
+                                                    offset ) );
+
+                        ssl_buffering_free_slot( ssl, offset );
+
+                        /* Check if we have enough space available now. */
+                        if( reassembly_buf_sz <=
+                              ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                                hs->buffering.total_bytes_buffered ) )
+                        {
+                            break;
+                        }
+                    }
+
+                    if( offset == -1 )
+                    {
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
                              (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
                              (unsigned) hs->buffering.total_bytes_buffered ) );
-                    ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
-                    goto exit;
+                        ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+                        goto exit;
+                    }
                 }
 
                 MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",

From 101bcba26fda95e166f0692ba5bbc120b647f40e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 16:39:51 +0100
Subject: [PATCH 469/578] UDP proxy: Allow more than one message to be delayed

Previously, the UDP proxy could only remember one delayed message
for future transmission; if two messages were delayed in succession,
without another one being normally forwarded in between,
the message that got delayed first would be dropped.

This commit enhances the UDP proxy to allow to delay an arbitrary
(compile-time fixed) number of messages in succession.
---
 programs/test/udp_proxy.c | 45 ++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 12 deletions(-)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 77eaa5d2f..0428d2888 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -556,11 +556,37 @@ int send_packet( const packet *p, const char *why )
     return( 0 );
 }
 
-static packet prev;
+#define MAX_DELAYED_MSG 5
+static size_t prev_len;
+static packet prev[MAX_DELAYED_MSG];
 
 void clear_pending( void )
 {
     memset( &prev, 0, sizeof( packet ) );
+    prev_len = 0;
+}
+
+void delay_packet( packet *delay )
+{
+    if( prev_len == MAX_DELAYED_MSG )
+        return;
+
+    memcpy( &prev[prev_len++], delay, sizeof( packet ) );
+}
+
+int send_delayed()
+{
+    uint8_t offset;
+    int ret;
+    for( offset = 0; offset < prev_len; offset++ )
+    {
+        ret = send_packet( &prev[offset], "delayed" );
+        if( ret != 0 )
+            return( ret );
+    }
+
+    clear_pending();
+    return( 0 );
 }
 
 /*
@@ -647,7 +673,7 @@ int handle_message( const char *way,
         if( strcmp( delay_list[ delay_idx ], cur.type ) == 0 )
         {
             /* Delay message */
-            memcpy( &prev, &cur, sizeof( packet ) );
+            delay_packet( &cur );
 
             /* Remove entry from list */
             mbedtls_free( delay_list[delay_idx] );
@@ -676,12 +702,11 @@ int handle_message( const char *way,
                strcmp( cur.type, "ApplicationData" ) != 0 &&
                ! ( opt.protect_hvr &&
                    strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
-               prev.dst == NULL &&
                cur.len != (size_t) opt.protect_len &&
                dropped[id] < DROP_MAX &&
                rand() % opt.delay == 0 ) )
     {
-        memcpy( &prev, &cur, sizeof( packet ) );
+        delay_packet( &cur );
     }
     else
     {
@@ -689,14 +714,10 @@ int handle_message( const char *way,
         if( ( ret = send_packet( &cur, "forwarded" ) ) != 0 )
             return( ret );
 
-        /* send previously delayed message if any */
-        if( prev.dst != NULL )
-        {
-            ret = send_packet( &prev, "delayed" );
-            memset( &prev, 0, sizeof( packet ) );
-            if( ret != 0 )
-                return( ret );
-        }
+        /* send previously delayed messages if any */
+        ret = send_delayed();
+        if( ret != 0 )
+            return( ret );
     }
 
     return( 0 );

From e35670528bc0d93021bba1d22cff63a03ca9ec1a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 16:50:43 +0100
Subject: [PATCH 470/578] ssl-opt.sh: Add test for reassembly after reordering

---
 tests/ssl-opt.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4b32314c5..8d4ffde77 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5757,6 +5757,20 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
             -S "Inject buffered CCS message" \
             -S "Remember CCS message"
 
+run_test    "DTLS reordering: Buffer out-of-order handshake message on client before reassembling next" \
+            -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
+            "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
+            0 \
+            -c "Buffering HS message" \
+            -c "Next handshake message has been buffered - load"\
+            -S "Buffering HS message" \
+            -S "Next handshake message has been buffered - load"\
+            -C "Inject buffered CCS message" \
+            -C "Remember CCS message" \
+            -S "Inject buffered CCS message" \
+            -S "Remember CCS message"
+
 run_test    "DTLS reordering: Buffer out-of-order handshake message on server" \
             -p "$P_PXY delay_cli=Certificate" \
             "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2" \

From e1801399a9a3513ed9189ba9399daca26338aac3 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 16:51:05 +0100
Subject: [PATCH 471/578] Add another debug message to ssl_buffer_message()

Report if there's not enough buffering space available to reassemble
the next expected incoming message.
---
 library/ssl_tls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d0d5d72c5..bb4c0000c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4533,6 +4533,12 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                              (unsigned) hs->buffering.total_bytes_buffered ) );
                         goto exit;
                     }
+                    else
+                    {
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
+                             (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                             (unsigned) hs->buffering.total_bytes_buffered ) );
+                    }
 
                     /* We don't have enough space to buffer the next expected
                      * handshake message. Remove buffers used for future msgs

From 175cb8fc699a1d755ba81976e53b91a131be445e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 17:00:10 +0100
Subject: [PATCH 472/578] ssl-opt.sh: Allow resend in DTLS session resumption
 tests, cont'd

This commit continues commit 47db877 by removing resend guards in the
ssl-opt.sh tests 'DTLS fragmenting: proxy MTU, XXX' which sometimes made
the tests fail in case the log showed a resend from the client.

See 47db877 for more information.
---
 tests/ssl-opt.sh | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9b416fbb2..ab53cc46c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5194,6 +5194,8 @@ run_test    "DTLS fragmenting: proxy MTU, resumed handshake" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# A resend on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "resend"' below.
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5217,11 +5219,12 @@ run_test    "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# A resend on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "resend"' below.
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5246,11 +5249,12 @@ run_test    "DTLS fragmenting: proxy MTU, AES-GCM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# A resend on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "resend"' below.
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5275,11 +5279,12 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CCM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# A resend on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "resend"' below.
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5305,11 +5310,12 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# A resend on the client-side might happen if the server is
+# slow to reset, therefore omitting '-C "resend"' below.
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5334,7 +5340,6 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"

From a02b0b462d2508e70e0a1f870597480e68edb7fd Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 17:20:27 +0100
Subject: [PATCH 473/578] Add function making space for current message
 reassembly

This commit adds a static function ssl_buffer_make_space() which
takes a buffer size as an argument and attempts to free as many
future message bufffers as necessary to ensure that the desired
amount of buffering space is available without violating the
total buffering limit set by MBEDTLS_SSL_DTLS_MAX_BUFFERING.
---
 library/ssl_tls.c | 53 +++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 23 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bb4c0000c..a1cf5749d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4438,6 +4438,35 @@ exit:
     return( ret );
 }
 
+static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
+                                  size_t desired )
+{
+    int offset;
+    mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+
+
+    /* We don't have enough space to buffer the next expected
+     * handshake message. Remove buffers used for future msgs
+     * to gain space, starting with the most distant one. */
+    for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
+         offset >= 0; offset-- )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
+                                    offset ) );
+
+        ssl_buffering_free_slot( ssl, offset );
+
+        /* Check if we have enough space available now. */
+        if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                         hs->buffering.total_bytes_buffered ) )
+        {
+            return( 0 );
+        }
+    }
+
+    return( -1 );
+}
+
 static int ssl_buffer_message( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
@@ -4522,8 +4551,6 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                 if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
                                           hs->buffering.total_bytes_buffered ) )
                 {
-                    int offset;
-
                     if( recv_msg_seq_offset > 0 )
                     {
                         /* If we can't buffer a future message because
@@ -4540,27 +4567,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
                              (unsigned) hs->buffering.total_bytes_buffered ) );
                     }
 
-                    /* We don't have enough space to buffer the next expected
-                     * handshake message. Remove buffers used for future msgs
-                     * to gain space, starting with the most distant one. */
-                    for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
-                         offset >= 0; offset-- )
-                    {
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
-                                                    offset ) );
-
-                        ssl_buffering_free_slot( ssl, offset );
-
-                        /* Check if we have enough space available now. */
-                        if( reassembly_buf_sz <=
-                              ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
-                                hs->buffering.total_bytes_buffered ) )
-                        {
-                            break;
-                        }
-                    }
-
-                    if( offset == -1 )
+                    if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
                     {
                         MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
                              (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,

From 01315ea03a142f232d218dfd14a07e963bf95a0c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 21 Aug 2018 17:22:17 +0100
Subject: [PATCH 474/578] Account for future epoch records in the total
 buffering size

Previous commits introduced the field `total_bytes_buffered`
which is supposed to keep track of the cumulative size of
all heap allocated buffers used for the purpose of reassembly
and/or buffering of future messages.

However, the buffering of future epoch records were not reflected
in this field so far. This commit changes this, adding the length
of a future epoch record to `total_bytes_buffered` when it's buffered,
and subtracting it when it's freed.
---
 library/ssl_tls.c | 37 ++++++++++++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a1cf5749d..72be09716 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4438,12 +4438,22 @@ exit:
     return( ret );
 }
 
+static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
 static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
                                   size_t desired )
 {
     int offset;
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
 
+    /* Get rid of future records epoch first, if such exist. */
+    ssl_free_buffered_record( ssl );
+
+    /* Check if we have enough space available now. */
+    if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                     hs->buffering.total_bytes_buffered ) )
+    {
+        return( 0 );
+    }
 
     /* We don't have enough space to buffer the next expected
      * handshake message. Remove buffers used for future msgs
@@ -4760,8 +4770,14 @@ static void ssl_free_buffered_record( mbedtls_ssl_context *ssl )
     if( hs == NULL )
         return;
 
-    mbedtls_free( hs->buffering.future_record.data );
-    hs->buffering.future_record.data = NULL;
+    if( hs->buffering.future_record.data != NULL )
+    {
+        hs->buffering.total_bytes_buffered -=
+            hs->buffering.future_record.len;
+
+        mbedtls_free( hs->buffering.future_record.data );
+        hs->buffering.future_record.data = NULL;
+    }
 }
 
 static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
@@ -4822,6 +4838,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
     size_t const rec_hdr_len = 13;
+    size_t const total_buf_sz = rec_hdr_len + ssl->in_msglen;
 
     /* Don't buffer future records outside handshakes. */
     if( hs == NULL )
@@ -4836,6 +4853,16 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl )
     if( hs->buffering.future_record.data != NULL )
         return( 0 );
 
+    /* Don't buffer record if there's not enough buffering space remaining. */
+    if( total_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
+                         hs->buffering.total_bytes_buffered ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
+                        (unsigned) total_buf_sz, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                        (unsigned) hs->buffering.total_bytes_buffered ) );
+        return( 0 );
+    }
+
     /* Buffer record */
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
                                 ssl->in_epoch + 1 ) );
@@ -4845,7 +4872,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl )
     /* ssl_parse_record_header() only considers records
      * of the next epoch as candidates for buffering. */
     hs->buffering.future_record.epoch = ssl->in_epoch + 1;
-    hs->buffering.future_record.len   = rec_hdr_len + ssl->in_msglen;
+    hs->buffering.future_record.len   = total_buf_sz;
 
     hs->buffering.future_record.data =
         mbedtls_calloc( 1, hs->buffering.future_record.len );
@@ -4856,9 +4883,9 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl )
         return( 0 );
     }
 
-    memcpy( hs->buffering.future_record.data,
-            ssl->in_hdr, rec_hdr_len + ssl->in_msglen );
+    memcpy( hs->buffering.future_record.data, ssl->in_hdr, total_buf_sz );
 
+    hs->buffering.total_bytes_buffered += total_buf_sz;
     return( 0 );
 }
 

From c99b12b158b7897fd91b821849358db7f695f266 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 21 Aug 2018 19:32:44 +0100
Subject: [PATCH 475/578] Fix documentation for MBEDTLS_HAVE_DATE_TIME

---
 include/mbedtls/config.h | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 18fbf92df..ff123560c 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -137,20 +137,25 @@
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
  *
- * System has time.h and time(), gmtime_s() (Windows), gmtime_r() (POSIX) or
- * gmtime() and the clock is correct.
+ * System has time.h, time(), an implementation for mbedtls_platform_gmtime(),
+ * and the clock is correct.
  * The time needs to be correct (not necesarily very accurate, but at least
  * the date should be correct). This is used to verify the validity period of
  * X.509 certificates.
  *
  * Comment if your system does not have a correct clock.
  *
- * \warning gmtime() is used if the target platform is neither Windows nor
- * POSIX. Unfortunately, gmtime() is not thread-safe, so a mutex is used when
- * MBEDTLS_THREADING_C is defined to guarantee sequential usage of gmtime()
- * across Mbed TLS threads. However, applications must ensure that calls to
- * gmtime() from outside the library also use the mutex to avoid concurrency
- * issues.
+ * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that
+ * when called behaves similar to the gmtime() function from the C standard,
+ * but is thread safe. Mbed TLS will try to identify the underlying platform
+ * and configure an appropriate underlying implementation (e.g. gmtime_r() for
+ * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime()
+ * will be used. Refer to the documentation for mbedtls_platform_gmtime() for
+ * more information.
+ *
+ * \note It is possible to configure an implementation for
+ * mbedtls_platform_gmtime() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_ALT.
  */
 #define MBEDTLS_HAVE_TIME_DATE
 

From a658d7dd9ddbf1dd7e00ccc9862eee51ba62f092 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 21 Aug 2018 19:33:02 +0100
Subject: [PATCH 476/578] Fix style for mbedtls_platform_gmtime()

---
 library/platform_util.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/platform_util.c b/library/platform_util.c
index e41f3c49c..68d2522b5 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -87,9 +87,9 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
                                     struct tm *tm_buf )
 {
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-    return ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL;
+    return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
 #elif !defined(PLATFORM_UTIL_USE_GMTIME)
-    return gmtime_r( tt, tm_buf );
+    return( gmtime_r( tt, tm_buf ) );
 #else
     struct tm *lt;
 
@@ -110,7 +110,7 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
         return( NULL );
 #endif /* MBEDTLS_THREADING_C */
 
-    return ( lt == NULL ) ? NULL : tm_buf;
-#endif
+    return( ( lt == NULL ) ? NULL : tm_buf );
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
 }
 #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */

From 3d183cefb5bbc3e37fa033c2c85fdcde127a296c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 22 Aug 2018 09:56:22 +0200
Subject: [PATCH 477/578] Allow client-side resend in proxy MTU tests

From Hanno:
When a server replies to a cookieless ClientHello with a HelloVerifyRequest,
it is supposed to reset the connection and wait for a subsequent ClientHello
which includes the cookie from the HelloVerifyRequest.
In testing environments, it might happen that the reset of the server
takes longer than for the client to replying to the HelloVerifyRequest
with the ClientHello+Cookie. In this case, the ClientHello gets lost
and the client will need retransmit. This may happen even if the underlying
datagram transport is reliable.
---
 tests/ssl-opt.sh | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f811789e6..8cf0c82a6 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5112,6 +5112,8 @@ run_test    "DTLS fragmenting: both (MTU)" \
             -C "error"
 
 # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
+# OTOH the client might resend if the server is to slow to reset after sending
+# a HelloVerifyRequest, so only check for no retransmission server-side
 not_with_valgrind # spurious resend due to timeout
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
@@ -5128,7 +5130,6 @@ run_test    "DTLS fragmenting: proxy MTU, simple handshake" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
@@ -5157,7 +5158,6 @@ run_test    "DTLS fragmenting: proxy MTU, resumed handshake" \
              mtu=1450 reconnect=1 reco_delay=1" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
@@ -5185,7 +5185,6 @@ run_test    "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
@@ -5214,7 +5213,6 @@ run_test    "DTLS fragmenting: proxy MTU, AES-GCM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
@@ -5243,7 +5241,6 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CCM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
@@ -5273,7 +5270,6 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
@@ -5302,7 +5298,6 @@ run_test    "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
              mtu=512" \
             0 \
             -S "resend" \
-            -C "resend" \
             -s "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \
             -C "error"

From c1d54b74ec756186e373a266e4cfc453225b0708 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 22 Aug 2018 10:02:59 +0200
Subject: [PATCH 478/578] Add tests with non-blocking I/O

Make sure we behave properly when f_send() or f_recv() return
MBEDTLS_ERR_SSL_WANT_{WRITE,READ}.
---
 tests/ssl-opt.sh | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8cf0c82a6..ec2717ad5 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5134,6 +5134,26 @@ run_test    "DTLS fragmenting: proxy MTU, simple handshake" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+not_with_valgrind # spurious resend due to timeout
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: proxy MTU, simple handshake, nbio" \
+            -p "$P_PXY mtu=512" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             mtu=512 nbio=2" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             mtu=512 nbio=2" \
+            0 \
+            -S "resend" \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # This ensures things still work after session_reset(),
 # for example it would have caught #1941.
 # It also exercises the "resumed hanshake" flow.
@@ -5321,6 +5341,25 @@ run_test    "DTLS fragmenting: proxy MTU + 3d" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+client_needs_more_time 2
+run_test    "DTLS fragmenting: proxy MTU + 3d, nbio" \
+            -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             hs_timeout=250-10000 mtu=512 nbio=2" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             hs_timeout=250-10000 mtu=512 nbio=2" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # interop tests for DTLS fragmentating with reliable connection
 #
 # here and below we just want to test that the we fragment in a way that

From 68ae351dbec53e8e6b5eae3ff1392952055f1a2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 22 Aug 2018 10:24:31 +0200
Subject: [PATCH 479/578] Fix some whitespace in documentation

---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 35f4d320a..090660733 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1398,7 +1398,7 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *
  * \note           This setting only controls the size of the packets we send,
  *                 and does not restrict the size of the datagrams we're
- *                 willing to receive.  Client-side, you can request the
+ *                 willing to receive. Client-side, you can request the
  *                 server to use smaller records with \c
  *                 mbedtls_ssl_conf_max_frag_len().
  *

From b8eec192f6c0150186c07ae1fbc2ea103cd38be1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Mon, 20 Aug 2018 09:34:02 +0200
Subject: [PATCH 480/578] Implement PMTU auto-reduction in handshake

---
 ChangeLog                      |  3 +++
 include/mbedtls/ssl_internal.h |  1 +
 library/ssl_tls.c              | 29 ++++++++++++++++++++++++++---
 tests/ssl-opt.sh               | 19 +++++++++++++++++++
 4 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3f144a7e9..fc4744101 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@ Features
      is controlled by the maximum fragment length as set locally or negotiated
      with the peer, as well as by a new per-connection MTU option, set using
      mbedtls_ssl_set_mtu().
+   * Add support for auto-adjustment of MTU to a safe value during the
+     handshake when flights do not get through (RFC 6347, section 4.1.1.1,
+     last paragraph).
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 18982f89a..6be684e05 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -307,6 +307,7 @@ struct mbedtls_ssl_handshake_params
                                               resending messages             */
     unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                               for resending messages         */
+    uint16_t mtu;                       /*!<  Handshake mtu, used to fragment outoing messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index faa9467e1..30c1a78f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -108,6 +108,15 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
     if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
         return( -1 );
 
+    /* Implement the final paragraph of RFC 6347 section 4.1.1.1
+     * in the following way: after the initial transmission and a first
+     * retransmission, back off to a temporary estimated MTU of 508 bytes.
+     * This value is guaranteed to be deliverable (if not guaranteed to be
+     * delivered) of any compliant IPv4 (and IPv6) network, and should work
+     * on most non-IP stacks too. */
+    if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
+        ssl->handshake->mtu = 508;
+
     new_timeout = 2 * ssl->handshake->retransmit_timeout;
 
     /* Avoid arithmetic overflow and range overflow */
@@ -7088,6 +7097,20 @@ size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl )
 }
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl )
+{
+    if( ssl->handshake == NULL || ssl->handshake->mtu == 0 )
+        return( ssl->mtu );
+
+    if( ssl->mtu == 0 )
+        return( ssl->handshake->mtu );
+
+    return( ssl->mtu < ssl->handshake->mtu ?
+            ssl->mtu : ssl->handshake->mtu );
+}
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
 int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
 {
     size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
@@ -7105,9 +7128,9 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->mtu != 0 )
+    if( ssl_get_current_mtu( ssl ) != 0 )
     {
-        const size_t mtu = ssl->mtu;
+        const size_t mtu = ssl_get_current_mtu( ssl );
         const int ret = mbedtls_ssl_get_record_expansion( ssl );
         const size_t overhead = (size_t) ret;
 
@@ -7123,7 +7146,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl )
         if( max_len > mtu - overhead )
             max_len = mtu - overhead;
     }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     return( (int) max_len );
 }
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ec2717ad5..9fc16bfde 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5111,6 +5111,25 @@ run_test    "DTLS fragmenting: both (MTU)" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# Test for automatic MTU reduction on repeated resend
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: proxy MTU: auto-reduction" \
+            -p "$P_PXY mtu=508" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key\
+             hs_timeout=100-400" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             hs_timeout=100-400" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
 # OTOH the client might resend if the server is to slow to reset after sending
 # a HelloVerifyRequest, so only check for no retransmission server-side

From f47a4afea327073aa69089d6dfca9ad843eaab55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 22 Aug 2018 10:38:52 +0200
Subject: [PATCH 481/578] Fix a typo in comments

---
 include/mbedtls/ssl_internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 6be684e05..7d4418e7b 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -307,7 +307,7 @@ struct mbedtls_ssl_handshake_params
                                               resending messages             */
     unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
                                               for resending messages         */
-    uint16_t mtu;                       /*!<  Handshake mtu, used to fragment outoing messages */
+    uint16_t mtu;                       /*!<  Handshake mtu, used to fragment outgoing messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /*

From aa249378536da468d9958852512fe208351dbf91 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 10:27:13 +0100
Subject: [PATCH 482/578] Adapt ChangeLog

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 975b3bac0..f5e5fa539 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@ Features
      last paragraph).
    * Add support for packing multiple records within a single datagram,
      enabled by default.
+   * Add support for buffering out-of-order handshake messages.
+     The maximum amount of RAM used for this can be controlled by the
+     compile-time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING defined
+     in mbedtls/config.h.
 
 API Changes
    * Add function mbedtls_ssl_conf_datagram_packing() to configure

From 98081a09e66f358eaa7aeb1cca1fe7b4d836c8bd Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 13:32:50 +0100
Subject: [PATCH 483/578] Don't use uint8_t for bitfields

Fixing a build failure using armcc.
---
 include/mbedtls/ssl_internal.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 3f595a322..4b4417a5f 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -319,9 +319,9 @@ struct mbedtls_ssl_handshake_params
 
         struct mbedtls_ssl_hs_buffer
         {
-            uint8_t is_valid      : 1;
-            uint8_t is_fragmented : 1;
-            uint8_t is_complete   : 1;
+            unsigned is_valid      : 1;
+            unsigned is_fragmented : 1;
+            unsigned is_complete   : 1;
             unsigned char *data;
             size_t data_len;
         } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];

From 11682ccc78fd739fca2fe5c6be3319401ea6c0f6 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 14:41:02 +0100
Subject: [PATCH 484/578] Uniformly treat MTU as size_t

---
 library/ssl_tls.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8cf7aa1ce..533e8490a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -109,24 +109,24 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
 static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
-static uint16_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
+static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
 {
-    uint16_t mtu = ssl_get_current_mtu( ssl );
+    size_t mtu = ssl_get_current_mtu( ssl );
 
     if( mtu != 0 && mtu < MBEDTLS_SSL_OUT_BUFFER_LEN )
-        return( (int) mtu );
+        return( mtu );
 
     return( MBEDTLS_SSL_OUT_BUFFER_LEN );
 }
 
 static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
 {
-    size_t   const bytes_written = ssl->out_left;
-    uint16_t const mtu           = ssl_get_maximum_datagram_size( ssl );
+    size_t const bytes_written = ssl->out_left;
+    size_t const mtu           = ssl_get_maximum_datagram_size( ssl );
 
     /* Double-check that the write-index hasn't gone
      * past what we can transmit in a single datagram. */
-    if( bytes_written > (size_t) mtu )
+    if( bytes_written > mtu )
     {
         /* Should never happen... */
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );

From 2c98db24785cb5683b8f63d5fae5a5793cb47d28 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 16:05:47 +0100
Subject: [PATCH 485/578] ssl_write_handshake_msg(): Allow alert on client-side
 SSLv3

In SSLv3, the client sends a NoCertificate alert in response to
a CertificateRequest if it doesn't have a CRT. This previously
lead to failure in ssl_write_handshake_msg() which only accepted
handshake or CCS records.
---
 library/ssl_tls.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 533e8490a..e54bb0e50 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3146,11 +3146,19 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
     /*
      * Sanity checks
      */
-    if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
+    if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE          &&
         ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        /* In SSLv3, the client might send a NoCertificate alert. */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
+        if( ! ( ssl->minor_ver      == MBEDTLS_SSL_MINOR_VERSION_0 &&
+                ssl->out_msgtype    == MBEDTLS_SSL_MSG_ALERT       &&
+                ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
+#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
     }
 
     if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&

From 551835d5e77a1b40566f6f89a12114e88e552e6f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 16:07:59 +0100
Subject: [PATCH 486/578] ssl_write_handshake_msg(): Always append CCS messages
 to flights

The previous code appended messages to flights only if their handshake type,
as derived from the first byte in the message, was different from
MBEDTLS_SSL_HS_HELLO_REQUEST. This check should only be performed
for handshake records, while CCS records should immediately be appended.
---
 library/ssl_tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e54bb0e50..cceb96fd0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3256,7 +3256,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
     /* Either send now, or just save to be sent (and resent) later */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+        ( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
+          hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) )
     {
         if( ( ret = ssl_flight_append( ssl ) ) != 0 )
         {

From 554b0af1953a6fd57d20c5914e72daf1bf985c64 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 20:33:41 +0100
Subject: [PATCH 487/578] Fix assertion in mbedtls_ssl_write_record()

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cceb96fd0..0ea7898cf 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3363,7 +3363,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
          * the remaining space in the datagram. */
         if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
         {
-            ret = ssl_get_maximum_datagram_size( ssl );
+            ret = ssl_get_remaining_space_in_datagram( ssl );
             if( ret < 0 )
                 return( ret );
 

From 65dc885a3b04572a32c32d708ee10adc9217d77d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 23 Aug 2018 09:40:49 +0100
Subject: [PATCH 488/578] Use size_t for msg_len argument in
 ssl_get_reassembly_buffer_size()

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2090e33b4..651d5a55b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3555,7 +3555,7 @@ static int ssl_bitmask_check( unsigned char *mask, size_t len )
 }
 
 /* msg_len does not include the handshake header */
-static size_t ssl_get_reassembly_buffer_size( unsigned msg_len,
+static size_t ssl_get_reassembly_buffer_size( size_t msg_len,
                                               unsigned add_bitmap )
 {
     size_t alloc_len;

From 12b72c182e6e9885f88e5cc5cb1c5e22e7c25e0d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 23 Aug 2018 13:15:36 +0100
Subject: [PATCH 489/578] UDP proxy: Fix bug in freeing delayed messages

---
 programs/test/udp_proxy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 0428d2888..258522003 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -562,7 +562,7 @@ static packet prev[MAX_DELAYED_MSG];
 
 void clear_pending( void )
 {
-    memset( &prev, 0, sizeof( packet ) );
+    memset( &prev, 0, sizeof( prev ) );
     prev_len = 0;
 }
 

From b309b92ee83a2f852f886815dae963ce2ab3bb36 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 23 Aug 2018 13:18:05 +0100
Subject: [PATCH 490/578] ssl_buffering_free_slot(): Double-check validity of
 slot index

---
 library/ssl_tls.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 651d5a55b..41803b609 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4493,7 +4493,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message",
                                     offset ) );
 
-        ssl_buffering_free_slot( ssl, offset );
+        ssl_buffering_free_slot( ssl, (uint8_t) offset );
 
         /* Check if we have enough space available now. */
         if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
@@ -8681,6 +8681,10 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
 {
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
     mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot];
+
+    if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS )
+        return;
+
     if( hs_buf->is_valid == 1 )
     {
         hs->buffering.total_bytes_buffered -= hs_buf->data_len;

From 55c11ba2833baac36dd80c824e3c9a6d7195fb76 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 23 Aug 2018 14:36:33 +0100
Subject: [PATCH 491/578] Correct memory-leak in pk_encrypt example program

---
 programs/pkey/pk_encrypt.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 400619c5c..24c5b566a 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -73,6 +73,8 @@ int main( int argc, char *argv[] )
     const char *pers = "mbedtls_pk_encrypt";
 
     mbedtls_ctr_drbg_init( &ctr_drbg );
+    mbedtls_entropy_init( &entropy );
+    mbedtls_pk_init( &pk );
 
     if( argc != 3 )
     {
@@ -88,7 +90,6 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
-    mbedtls_entropy_init( &entropy );
     if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                                (const unsigned char *) pers,
                                strlen( pers ) ) ) != 0 )
@@ -100,8 +101,6 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Reading public key from '%s'", argv[1] );
     fflush( stdout );
 
-    mbedtls_pk_init( &pk );
-
     if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
@@ -136,6 +135,7 @@ int main( int argc, char *argv[] )
     if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
     {
         mbedtls_printf( " failed\n  ! Could not create %s\n\n", "result-enc.txt" );
+        ret = 1;
         goto exit;
     }
 
@@ -150,8 +150,10 @@ int main( int argc, char *argv[] )
     exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
-    mbedtls_ctr_drbg_free( &ctr_drbg );
+
+    mbedtls_pk_free( &pk );
     mbedtls_entropy_free( &entropy );
+    mbedtls_ctr_drbg_free( &ctr_drbg );
 
 #if defined(MBEDTLS_ERROR_C)
     if( exit_code != MBEDTLS_EXIT_SUCCESS )

From bd336c1fac94d5d057900cb9b406faf3c613bf86 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 8 Oct 2017 16:44:10 +0100
Subject: [PATCH 492/578] Correct memory leak in pk_decrypt example program

---
 programs/pkey/pk_decrypt.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 00bd71ed3..ec82ca41d 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -73,7 +73,10 @@ int main( int argc, char *argv[] )
     const char *pers = "mbedtls_pk_decrypt";
     ((void) argv);
 
+    mbedtls_pk_init( &pk );
+    mbedtls_entropy_init( &entropy );
     mbedtls_ctr_drbg_init( &ctr_drbg );
+
     memset(result, 0, sizeof( result ) );
 
     if( argc != 2 )
@@ -90,7 +93,6 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
-    mbedtls_entropy_init( &entropy );
     if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                                (const unsigned char *) pers,
                                strlen( pers ) ) ) != 0 )
@@ -102,8 +104,6 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Reading private key from '%s'", argv[1] );
     fflush( stdout );
 
-    mbedtls_pk_init( &pk );
-
     if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
@@ -116,6 +116,7 @@ int main( int argc, char *argv[] )
     if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
     {
         mbedtls_printf( "\n  ! Could not open %s\n\n", "result-enc.txt" );
+        ret = 1;
         goto exit;
     }
 
@@ -147,8 +148,10 @@ int main( int argc, char *argv[] )
     exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
-    mbedtls_ctr_drbg_free( &ctr_drbg );
+
+    mbedtls_pk_free( &pk );
     mbedtls_entropy_free( &entropy );
+    mbedtls_ctr_drbg_free( &ctr_drbg );
 
 #if defined(MBEDTLS_ERROR_C)
     if( exit_code != MBEDTLS_EXIT_SUCCESS )

From a70fb95c824ade75a76317ce2be74f6543c26484 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sun, 8 Oct 2017 16:13:03 +0100
Subject: [PATCH 493/578] Adapt ChangeLog

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 0598cfa1a..77dbb486d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,8 @@ Bugfix
    * Replace printf with mbedtls_printf in aria. Found by TrinityTonic in #1908.
    * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
      and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
+   * Fix memory leak and free without initialization in pk_encrypt
+     and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128.
 
 Changes
    * Copy headers preserving timestamps when doing a "make install".

From ae513a539668cf27119db13746204c2e3e0839c2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 23 Aug 2018 14:39:04 +0100
Subject: [PATCH 494/578] Minor formatting improvements in pk_encrypt and
 pk_decrypt examples

---
 programs/pkey/pk_decrypt.c | 17 ++++++++++-------
 programs/pkey/pk_encrypt.c | 19 ++++++++++++-------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index ec82ca41d..6d3a1dc94 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -93,11 +93,12 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
-    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
-                               (const unsigned char *) pers,
-                               strlen( pers ) ) ) != 0 )
+    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+                                       &entropy, (const unsigned char *) pers,
+                                       strlen( pers ) ) ) != 0 )
     {
-        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
+        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
+                        ret );
         goto exit;
     }
 
@@ -121,10 +122,11 @@ int main( int argc, char *argv[] )
     }
 
     i = 0;
-
     while( fscanf( f, "%02X", &c ) > 0 &&
            i < (int) sizeof( buf ) )
+    {
         buf[i++] = (unsigned char) c;
+    }
 
     fclose( f );
 
@@ -137,7 +139,8 @@ int main( int argc, char *argv[] )
     if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result),
                             mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
-        mbedtls_printf( " failed\n  ! mbedtls_pk_decrypt returned -0x%04x\n", -ret );
+        mbedtls_printf( " failed\n  ! mbedtls_pk_decrypt returned -0x%04x\n",
+                        -ret );
         goto exit;
     }
 
@@ -156,7 +159,7 @@ exit:
 #if defined(MBEDTLS_ERROR_C)
     if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
-        mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+        mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
     }
 #endif
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 24c5b566a..22dedba10 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -90,11 +90,12 @@ int main( int argc, char *argv[] )
     mbedtls_printf( "\n  . Seeding the random number generator..." );
     fflush( stdout );
 
-    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
-                               (const unsigned char *) pers,
-                               strlen( pers ) ) ) != 0 )
+    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
+                                       &entropy, (const unsigned char *) pers,
+                                       strlen( pers ) ) ) != 0 )
     {
-        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
+        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                        -ret );
         goto exit;
     }
 
@@ -125,7 +126,8 @@ int main( int argc, char *argv[] )
                             buf, &olen, sizeof(buf),
                             mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
-        mbedtls_printf( " failed\n  ! mbedtls_pk_encrypt returned -0x%04x\n", -ret );
+        mbedtls_printf( " failed\n  ! mbedtls_pk_encrypt returned -0x%04x\n",
+                        -ret );
         goto exit;
     }
 
@@ -134,14 +136,17 @@ int main( int argc, char *argv[] )
      */
     if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
     {
-        mbedtls_printf( " failed\n  ! Could not create %s\n\n", "result-enc.txt" );
+        mbedtls_printf( " failed\n  ! Could not create %s\n\n",
+                        "result-enc.txt" );
         ret = 1;
         goto exit;
     }
 
     for( i = 0; i < olen; i++ )
+    {
         mbedtls_fprintf( f, "%02X%s", buf[i],
                  ( i + 1 ) % 16 == 0 ? "\r\n" : " " );
+    }
 
     fclose( f );
 
@@ -158,7 +163,7 @@ exit:
 #if defined(MBEDTLS_ERROR_C)
     if( exit_code != MBEDTLS_EXIT_SUCCESS )
     {
-        mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
+        mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
         mbedtls_printf( "  !  Last error was: %s\n", buf );
     }
 #endif

From 25d882b9162052f9237268a93cb0cd6835208539 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 23 Aug 2018 15:26:06 +0100
Subject: [PATCH 495/578] Fix typos in programs/x509/cert_write.c

Fixes #1922.
---
 programs/x509/cert_write.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 09a91e077..fa994613d 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -164,7 +164,7 @@ struct options
     const char *issuer_key;     /* filename of the issuer key file      */
     const char *subject_pwd;    /* password for the subject key file    */
     const char *issuer_pwd;     /* password for the issuer key file     */
-    const char *output_file;    /* where to store the constructed key file  */
+    const char *output_file;    /* where to store the constructed CRT   */
     const char *subject_name;   /* subject name for certificate         */
     const char *issuer_name;    /* issuer name for certificate          */
     const char *not_before;     /* validity period not before           */
@@ -770,7 +770,7 @@ int main( int argc, char *argv[] )
     }
 
     /*
-     * 1.2. Writing the request
+     * 1.2. Writing the certificate
      */
     mbedtls_printf( "  . Writing the certificate..." );
     fflush( stdout );

From a63c1c3a258758cac7f216268c6fa2255ac47bc9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 23 Aug 2018 15:56:03 +0100
Subject: [PATCH 496/578] pk_encrypt: Uniformize debugging output

---
 programs/pkey/pk_decrypt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 6d3a1dc94..1d8c959a0 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -97,8 +97,8 @@ int main( int argc, char *argv[] )
                                        &entropy, (const unsigned char *) pers,
                                        strlen( pers ) ) ) != 0 )
     {
-        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
-                        ret );
+        mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+                        -ret );
         goto exit;
     }
 

From 34aa187df6a914d94d56d8b3aeab5692a1a3d59c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 23 Aug 2018 19:07:15 +0200
Subject: [PATCH 497/578] Force IPv4 for gnutls-cli DTLS tests

Depending on the settings of the local machine, gnutls-cli will either try
IPv4 or IPv6 when trying to connect to localhost. With TLS, whatever it tries
first, it will notice if any failure happens and try the other protocol if
necessary. With DTLS it can't do that. Unfortunately for now there isn't
really any good way to specify an address and hostname independently, though
that might come soon: https://gitlab.com/gnutls/gnutls/issues/344

A work around is to specify an address directly and then use --insecure to
ignore certificate hostname mismatch; that is OK for tests that are completely
unrelated to certificate verification (such as the recent fragmenting tests)
but unacceptable for others.

For that reason, don't specify a default hostname for gnutls-cli, but instead
let each test choose between `--insecure 127.0.0.1` and `localhost` (or
`--insecure '::1'` if desired).

Alternatives include:
- having test certificates with 127.0.0.1 as the hostname, but having an IP as
  the CN is unusual, and we would need to change our test certs;
- have our server open two sockets under the hood and listen on both IPv4 and
  IPv6 (that's what gnutls-serv does, and IMO it's a good thing) but that
obviously requires development and testing (esp. for windows compatibility)
- wait for a newer version of GnuTLS to be released, install it on the CI and
  developer machines, and use that in all tests - quite satisfying but can't
be done now (and puts stronger requirements on test environment).
---
 tests/ssl-opt.sh | 52 ++++++++++++++++++++----------------------------
 1 file changed, 22 insertions(+), 30 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ec2717ad5..e89d3a981 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -765,7 +765,7 @@ P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1
 O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
 O_CLI="$O_CLI -connect localhost:+SRV_PORT"
 G_SRV="$G_SRV -p $SRV_PORT"
-G_CLI="$G_CLI -p +SRV_PORT localhost"
+G_CLI="$G_CLI -p +SRV_PORT"
 
 if [ -n "${OPENSSL_LEGACY:-}" ]; then
     O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
@@ -777,7 +777,7 @@ if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
 fi
 
 if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
-    G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT localhost"
+    G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
 fi
 
 # Allow SHA-1, because many of our test certificates use it
@@ -2118,7 +2118,7 @@ run_test    "Renego ext: gnutls server unsafe, client break legacy" \
 requires_gnutls
 run_test    "Renego ext: gnutls client strict, server default" \
             "$P_SRV debug_level=3" \
-            "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION" \
+            "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
             0 \
             -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
             -s "server hello, secure renegotiation extension"
@@ -2126,7 +2126,7 @@ run_test    "Renego ext: gnutls client strict, server default" \
 requires_gnutls
 run_test    "Renego ext: gnutls client unsafe, server default" \
             "$P_SRV debug_level=3" \
-            "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
             0 \
             -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
             -S "server hello, secure renegotiation extension"
@@ -2134,7 +2134,7 @@ run_test    "Renego ext: gnutls client unsafe, server default" \
 requires_gnutls
 run_test    "Renego ext: gnutls client unsafe, server break legacy" \
             "$P_SRV debug_level=3 allow_legacy=-1" \
-            "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
             1 \
             -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
             -S "server hello, secure renegotiation extension"
@@ -2145,7 +2145,7 @@ requires_gnutls
 run_test    "DER format: no trailing bytes" \
             "$P_SRV crt_file=data_files/server5-der0.crt \
              key_file=data_files/server5.key" \
-            "$G_CLI " \
+            "$G_CLI localhost" \
             0 \
             -c "Handshake was completed" \
 
@@ -2153,7 +2153,7 @@ requires_gnutls
 run_test    "DER format: with a trailing zero byte" \
             "$P_SRV crt_file=data_files/server5-der1a.crt \
              key_file=data_files/server5.key" \
-            "$G_CLI " \
+            "$G_CLI localhost" \
             0 \
             -c "Handshake was completed" \
 
@@ -2161,7 +2161,7 @@ requires_gnutls
 run_test    "DER format: with a trailing random byte" \
             "$P_SRV crt_file=data_files/server5-der1b.crt \
              key_file=data_files/server5.key" \
-            "$G_CLI " \
+            "$G_CLI localhost" \
             0 \
             -c "Handshake was completed" \
 
@@ -2169,7 +2169,7 @@ requires_gnutls
 run_test    "DER format: with 2 trailing random bytes" \
             "$P_SRV crt_file=data_files/server5-der2.crt \
              key_file=data_files/server5.key" \
-            "$G_CLI " \
+            "$G_CLI localhost" \
             0 \
             -c "Handshake was completed" \
 
@@ -2177,7 +2177,7 @@ requires_gnutls
 run_test    "DER format: with 4 trailing random bytes" \
             "$P_SRV crt_file=data_files/server5-der4.crt \
              key_file=data_files/server5.key" \
-            "$G_CLI " \
+            "$G_CLI localhost" \
             0 \
             -c "Handshake was completed" \
 
@@ -2185,7 +2185,7 @@ requires_gnutls
 run_test    "DER format: with 8 trailing random bytes" \
             "$P_SRV crt_file=data_files/server5-der8.crt \
              key_file=data_files/server5.key" \
-            "$G_CLI " \
+            "$G_CLI localhost" \
             0 \
             -c "Handshake was completed" \
 
@@ -2193,7 +2193,7 @@ requires_gnutls
 run_test    "DER format: with 9 trailing random bytes" \
             "$P_SRV crt_file=data_files/server5-der9.crt \
              key_file=data_files/server5.key" \
-            "$G_CLI " \
+            "$G_CLI localhost" \
             0 \
             -c "Handshake was completed" \
 
@@ -3758,14 +3758,14 @@ run_test    "Per-version suites: TLS 1.2" \
 requires_gnutls
 run_test    "ClientHello without extensions, SHA-1 allowed" \
             "$P_SRV debug_level=3" \
-            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
             0 \
             -s "dumping 'client hello extensions' (0 bytes)"
 
 requires_gnutls
 run_test    "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
             "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
-            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+            "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
             0 \
             -s "dumping 'client hello extensions' (0 bytes)"
 
@@ -5394,35 +5394,31 @@ run_test    "DTLS fragmenting: gnutls server, DTLS 1.0" \
             -c "fragmenting handshake message" \
             -C "error"
 
-# gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
-requires_ipv6
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_gnutls
 run_test    "DTLS fragmenting: gnutls client, DTLS 1.2" \
-            "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+            "$P_SRV dtls=1 debug_level=2 \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
              mtu=512 force_version=dtls1_2" \
-            "$G_CLI -u" \
+            "$G_CLI -u --insecure 127.0.0.1" \
             0 \
             -s "fragmenting handshake message"
 
-# gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
-requires_ipv6
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
 requires_gnutls
 run_test    "DTLS fragmenting: gnutls client, DTLS 1.0" \
-            "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+            "$P_SRV dtls=1 debug_level=2 \
              crt_file=data_files/server7_int-ca.crt \
              key_file=data_files/server7.key \
              mtu=512 force_version=dtls1" \
-            "$G_CLI -u" \
+            "$G_CLI -u --insecure 127.0.0.1" \
             0 \
             -s "fragmenting handshake message"
 
@@ -5524,8 +5520,6 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## We can re-enable them when a fixed version fo GnuTLS is available
 ## and installed in our CI system.
 ##
-## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
-## requires_ipv6
 ## requires_gnutls
 ## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 ## requires_config_enabled MBEDTLS_RSA_C
@@ -5534,16 +5528,14 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## client_needs_more_time 4
 ## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
 ##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-##             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+##             "$P_SRV dtls=1 debug_level=2 \
 ##              crt_file=data_files/server7_int-ca.crt \
 ##              key_file=data_files/server7.key \
 ##              hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-##             "$G_CLI -u" \
+##            "$G_CLI -u --insecure 127.0.0.1" \
 ##             0 \
 ##             -s "fragmenting handshake message"
 ##
-## # gnutls-cli always tries IPv6 first, and doesn't fall back to IPv4 with DTLS
-## requires_ipv6
 ## requires_gnutls
 ## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 ## requires_config_enabled MBEDTLS_RSA_C
@@ -5552,11 +5544,11 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## client_needs_more_time 4
 ## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
 ##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-##             "$P_SRV dtls=1 debug_level=2 server_addr=::1 \
+##             "$P_SRV dtls=1 debug_level=2 \
 ##              crt_file=data_files/server7_int-ca.crt \
 ##              key_file=data_files/server7.key \
 ##              hs_timeout=250-60000 mtu=512 force_version=dtls1" \
-##             "$G_CLI -u" \
+##            "$G_CLI -u --insecure 127.0.0.1" \
 ##             0 \
 ##             -s "fragmenting handshake message"
 

From c83d2b3e095e114d2cdaf7597bfc6cbb318ccf8d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 16:05:47 +0100
Subject: [PATCH 498/578] ssl_write_handshake_msg(): Allow alert on client-side
 SSLv3

In SSLv3, the client sends a NoCertificate alert in response to
a CertificateRequest if it doesn't have a CRT. This previously
lead to failure in ssl_write_handshake_msg() which only accepted
handshake or CCS records.
---
 library/ssl_tls.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index faa9467e1..d22b0e228 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3049,11 +3049,19 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
     /*
      * Sanity checks
      */
-    if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE &&
+    if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE          &&
         ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        /* In SSLv3, the client might send a NoCertificate alert. */
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C)
+        if( ! ( ssl->minor_ver      == MBEDTLS_SSL_MINOR_VERSION_0 &&
+                ssl->out_msgtype    == MBEDTLS_SSL_MSG_ALERT       &&
+                ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) )
+#endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        }
     }
 
     if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&

From 081bd81865881b82fc5d04847189b01fe4df8c1e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 22 Aug 2018 16:07:59 +0100
Subject: [PATCH 499/578] ssl_write_handshake_msg(): Always append CCS messages
 to flights

The previous code appended messages to flights only if their handshake type,
as derived from the first byte in the message, was different from
MBEDTLS_SSL_HS_HELLO_REQUEST. This check should only be performed
for handshake records, while CCS records should immediately be appended.
---
 library/ssl_tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d22b0e228..3a972a598 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3142,7 +3142,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
     /* Either send now, or just save to be sent (and resent) later */
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
+        ( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
+          hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) )
     {
         if( ( ret = ssl_flight_append( ssl ) ) != 0 )
         {

From 283f5efe7dac73a6ed0e12f495dfb10b3bdef846 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 09:34:47 +0100
Subject: [PATCH 500/578] Buffering: Free future record epoch after each flight

The function ssl_free_buffered_record() frees a future epoch record, if
such is present. Previously, it was called in mbedtls_handshake_free(),
i.e. an unused buffered record would be cleared at the end of the handshake.
This commit moves the call to the function ssl_buffering_free() responsible
for freeing all buffering-related data, and which is called not only at
the end of the handshake, but at the end of every flight. In particular,
future record epochs won't be buffered across flight boundaries anymore,
and they shouldn't.
---
 library/ssl_tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 41803b609..d8d256378 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8672,6 +8672,8 @@ static void ssl_buffering_free( mbedtls_ssl_context *ssl )
     if( hs == NULL )
         return;
 
+    ssl_free_buffered_record( ssl );
+
     for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ )
         ssl_buffering_free_slot( ssl, offset );
 }
@@ -8776,7 +8778,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
     mbedtls_free( handshake->verify_cookie );
     ssl_flight_free( handshake->flight );
     ssl_buffering_free( ssl );
-    ssl_free_buffered_record( ssl );
 #endif
 
     mbedtls_platform_zeroize( handshake,

From f4b010efc4b7f5056847810b4be4c960006b78cb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 10:47:29 +0100
Subject: [PATCH 501/578] Limit MTU by maximum fragment length setting

By the standard (RFC 6066, Sect. 4), the Maximum Fragment Length (MFL)
extension limits the maximum record payload size, but not the maximum
datagram size. However, not inferring any limitations on the MTU when
setting the MFL means that a party has no means to dynamically inform
the peer about MTU limitations.

This commit changes the function ssl_get_remaining_payload_in_datagram()
to never return more than

MFL - { Total size of all records within the current datagram }

thereby limiting the MTU to MFL + { Maximum Record Expansion }.
---
 library/ssl_tls.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0ea7898cf..37ba93baf 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -146,6 +146,20 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
 
     if( max_len > mfl )
         max_len = mfl;
+
+    /* By the standard (RFC 6066 Sect. 4), the MFL extension
+     * only limits the maximum record payload size, so in theory
+     * we would be allowed to pack multiple records of payload size
+     * MFL into a single datagram. However, this would mean that there's
+     * no way to explicitly communicate MTU restrictions to the peer.
+     *
+     * The following reduction of max_len makes sure that we never
+     * write datagrams larger than MFL + Record Expansion Overhead.
+     */
+    if( max_len <= ssl->out_left )
+        return( 0 );
+
+    max_len -= ssl->out_left;
 #endif
 
     ret = ssl_get_remaining_space_in_datagram( ssl );

From 1841b0a11c34e2c9bda4ccc5c72eb35313a226d5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 11:13:57 +0100
Subject: [PATCH 502/578] Rename ssl_conf_datagram_packing() to
 ssl_set_datagram_packing()

The naming convention is that functions of the form mbedtls_ssl_conf_xxx()
apply to the SSL configuration.
---
 ChangeLog                  | 2 +-
 include/mbedtls/ssl.h      | 4 ++--
 library/ssl_tls.c          | 4 ++--
 programs/ssl/ssl_client2.c | 2 +-
 programs/ssl/ssl_server2.c | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4bf4c8eb9..8f05896b7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,7 +14,7 @@ Features
      enabled by default.
 
 API Changes
-   * Add function mbedtls_ssl_conf_datagram_packing() to configure
+   * Add function mbedtls_ssl_set_datagram_packing() to configure
      the use of datagram packing (enabled by default).
 
 Bugfix
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c86a0f928..e7f7ea40b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1842,8 +1842,8 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi
  *                 are currently always sent in separate datagrams.
  *
  */
-void mbedtls_ssl_conf_datagram_packing( mbedtls_ssl_context *ssl,
-                                        unsigned allow_packing );
+void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
+                                       unsigned allow_packing );
 
 /**
  * \brief          Set retransmit timeout values for the DTLS handshake.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 37ba93baf..378137c7e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6477,8 +6477,8 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
-void mbedtls_ssl_conf_datagram_packing( mbedtls_ssl_context *ssl,
-                                        unsigned allow_packing )
+void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
+                                       unsigned allow_packing )
 {
     ssl->disable_datagram_packing = !allow_packing;
 }
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index cfcb27d1c..efd2b3043 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1354,7 +1354,7 @@ int main( int argc, char *argv[] )
                                             opt.hs_to_max );
 
     if( opt.dgram_packing != DFL_DGRAM_PACKING )
-        mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
+        mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8d414364a..070c00555 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2182,7 +2182,7 @@ int main( int argc, char *argv[] )
         mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
 
     if( opt.dgram_packing != DFL_DGRAM_PACKING )
-        mbedtls_ssl_conf_datagram_packing( &ssl, opt.dgram_packing );
+        mbedtls_ssl_set_datagram_packing( &ssl, opt.dgram_packing );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)

From eb57008d7d02d547b74a20fc5b210d25b9547f52 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 11:28:35 +0100
Subject: [PATCH 503/578] Fix typo in documentation of
 mbedtls_ssl_set_datagram_packing()

---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e7f7ea40b..da4b68828 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1838,7 +1838,7 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi
  *                 or flight retransmission (if no buffering is used) as
  *                 means to deal with reordering are needed less frequently.
  *
- * \note           Application datagrams are not affected by this option and
+ * \note           Application records are not affected by this option and
  *                 are currently always sent in separate datagrams.
  *
  */

From c92b5c8a0d913cf32586623e065ba113867593a6 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 11:48:01 +0100
Subject: [PATCH 504/578] ssl-opt.sh: Add tests checking that MFL implies
 bounds on MTU

This commit introduces some tests to ssl-opt.sh checking that
setting the MFL limits the MTU to MFL + { Maximum Record Expansion }.
---
 tests/ssl-opt.sh | 78 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e63d45faf..9ac80a5cf 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5038,6 +5038,32 @@ run_test    "DTLS fragmenting: server only (more) (max_frag_len)" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# While not required by the standard defining the MFL extension
+# (according to which it only applies to records, not to datagrams),
+# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
+# as otherwise there wouldn't be any means to communicate MTU restrictions
+# to the peer.
+# The next test checks that no datagrams significantly larger than the
+# negotiated MFL are sent.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: server only (more) (max_frag_len), proxy MTU" \
+            -p "$P_PXY mtu=560" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=512" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=2048" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5056,6 +5082,32 @@ run_test    "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# While not required by the standard defining the MFL extension
+# (according to which it only applies to records, not to datagrams),
+# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
+# as otherwise there wouldn't be any means to communicate MTU restrictions
+# to the peer.
+# The next test checks that no datagrams significantly larger than the
+# negotiated MFL are sent.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
+            -p "$P_PXY mtu=560" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=none \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=2048" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=512" \
+            0 \
+            -S "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5074,6 +5126,32 @@ run_test    "DTLS fragmenting: client-initiated, both (max_frag_len)" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# While not required by the standard defining the MFL extension
+# (according to which it only applies to records, not to datagrams),
+# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
+# as otherwise there wouldn't be any means to communicate MTU restrictions
+# to the peer.
+# The next test checks that no datagrams significantly larger than the
+# negotiated MFL are sent.
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+run_test    "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
+            -p "$P_PXY mtu=560" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             max_frag_len=2048" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             max_frag_len=512" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From 69ca0ad5c4e5dda5143793bcb114022edc18a473 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 12:11:35 +0100
Subject: [PATCH 505/578] ssl-opt.sh: Remove wrong test exercising MTU
 implications of MFL

The negotiated MFL is always the one suggested by the client, even
if the server has a smaller MFL configured locally. Hence, in the test
where the client asks for an MFL of 4096 bytes while the server locally
has an MFL of 512 bytes configured, the client will still send datagrams
of up to ~4K size.
---
 tests/ssl-opt.sh | 32 +++++---------------------------
 1 file changed, 5 insertions(+), 27 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 953afae55..211c8544b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5020,6 +5020,10 @@ run_test    "DTLS fragmenting: server only (max_frag_len)" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+# With the MFL extension, the server has no way of forcing
+# the client to not exceed a certain MTU; hence, the following
+# test can't be replicated with an MTU proxy such as the one
+# `client-initiated, server only (max_frag_len)` below.
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5032,33 +5036,7 @@ run_test    "DTLS fragmenting: server only (more) (max_frag_len)" \
             "$P_CLI dtls=1 debug_level=2 \
              crt_file=data_files/server8_int-ca2.crt \
              key_file=data_files/server8.key \
-             max_frag_len=2048" \
-            0 \
-            -S "found fragmented DTLS handshake message" \
-            -c "found fragmented DTLS handshake message" \
-            -C "error"
-
-# While not required by the standard defining the MFL extension
-# (according to which it only applies to records, not to datagrams),
-# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
-# as otherwise there wouldn't be any means to communicate MTU restrictions
-# to the peer.
-# The next test checks that no datagrams significantly larger than the
-# negotiated MFL are sent.
-requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-requires_config_enabled MBEDTLS_RSA_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-run_test    "DTLS fragmenting: server only (more) (max_frag_len), proxy MTU" \
-            -p "$P_PXY mtu=560" \
-            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
-             crt_file=data_files/server7_int-ca.crt \
-             key_file=data_files/server7.key \
-             max_frag_len=512" \
-            "$P_CLI dtls=1 debug_level=2 \
-             crt_file=data_files/server8_int-ca2.crt \
-             key_file=data_files/server8.key \
-             max_frag_len=2048" \
+             max_frag_len=4096" \
             0 \
             -S "found fragmented DTLS handshake message" \
             -c "found fragmented DTLS handshake message" \

From 6e12c1ea7d2aaa80b1d8265b0a181ffa3a5aa7bd Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 14:39:15 +0100
Subject: [PATCH 506/578] Enhance debugging output

---
 library/ssl_tls.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d28be2a39..ccd73996d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4487,6 +4487,8 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
 {
     int offset;
     mbedtls_ssl_handshake_params * const hs = ssl->handshake;
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available",
+                                (unsigned) desired ) );
 
     /* Get rid of future records epoch first, if such exist. */
     ssl_free_buffered_record( ssl );
@@ -4495,6 +4497,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
     if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
                      hs->buffering.total_bytes_buffered ) )
     {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) );
         return( 0 );
     }
 
@@ -4513,6 +4516,7 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
         if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
                          hs->buffering.total_bytes_buffered ) )
         {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) );
             return( 0 );
         }
     }
@@ -4622,8 +4626,10 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
 
                     if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
                     {
-                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
-                             (unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
+                        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
+                             (unsigned) msg_len,
+                             (unsigned) reassembly_buf_sz,
+                             MBEDTLS_SSL_DTLS_MAX_BUFFERING,
                              (unsigned) hs->buffering.total_bytes_buffered ) );
                         ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
                         goto exit;

From 5cd017f931d15f3b351a888061841082cb04fdd9 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 14:40:12 +0100
Subject: [PATCH 507/578] ssl-opt.sh: Allow numerical constraints for tests

This commit adds functions requires_config_value_at_most()
and requires_config_value_at_least() which can be used to
only run tests when a numerical value from config.h
(e.g. MBEDTLS_SSL_IN_CONTENT_LEN) is within a certain range.
---
 tests/ssl-opt.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c12ca6a8e..bfcc6342d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -156,6 +156,26 @@ requires_config_disabled() {
     fi
 }
 
+requires_config_value_at_least() {
+    NAME="$1"
+    DEF_VAL=$( grep ".*#define.*MBEDTLS_SSL_DTLS_MAX_BUFFERING" ../include/mbedtls/config.h |
+               sed 's/^.*\s\([0-9]*\)$/\1/' )
+    VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" )
+    if [ "$VAL" -lt "$2" ]; then
+       SKIP_NEXT="YES"
+    fi
+}
+
+requires_config_value_at_most() {
+    NAME="$1"
+    DEF_VAL=$( grep ".*#define.*MBEDTLS_SSL_DTLS_MAX_BUFFERING" ../include/mbedtls/config.h |
+               sed 's/^.*\s\([0-9]*\)$/\1/' )
+    VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" )
+    if [ "$VAL" -gt "$2" ]; then
+       SKIP_NEXT="YES"
+    fi
+}
+
 # skip next test if OpenSSL doesn't support FALLBACK_SCSV
 requires_openssl_with_fallback_scsv() {
     if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then

From a1adcca1dabf048d3e4152df26161c6534081494 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 14:41:07 +0100
Subject: [PATCH 508/578] ssl-opt.sh: Add tests exercising freeing of buffered
 messages

This commit adds tests to ssl-opt.sh which trigger code-paths
responsible for freeing future buffered messages when the buffering
limitations set by MBEDTLS_SSL_DTLS_MAX_BUFFERING don't allow the
next expected message to be reassembled.

These tests only work for very specific ranges of
MBEDTLS_SSL_DTLS_MAX_BUFFERING and will therefore be skipped
on a run of ssl-opt.sh in ordinary configurations.
---
 tests/ssl-opt.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 56 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index bfcc6342d..ff36e6c57 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5904,13 +5904,39 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
             -S "Inject buffered CCS message" \
             -S "Remember CCS message"
 
-run_test    "DTLS reordering: Buffer out-of-order handshake message on client before reassembling next" \
+# The client buffers the ServerKeyExchange before receiving the fragmented
+# Certificate message; at the time of writing, together these are aroudn 1200b
+# in size, so that the bound below ensures that the certificate can be reassembled
+# while keeping the ServerKeyExchange.
+requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
+run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
             -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
             "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
             "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
             0 \
             -c "Buffering HS message" \
             -c "Next handshake message has been buffered - load"\
+            -C "attempt to make space by freeing buffered messages" \
+            -S "Buffering HS message" \
+            -S "Next handshake message has been buffered - load"\
+            -C "Inject buffered CCS message" \
+            -C "Remember CCS message" \
+            -S "Inject buffered CCS message" \
+            -S "Remember CCS message"
+
+# The size constraints ensure that the delayed certificate message can't
+# be reassembled while keeping the ServerKeyExchange message, but it can
+# when dropping it first.
+requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
+requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
+run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
+            -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
+            "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
+            0 \
+            -c "Buffering HS message" \
+            -c "attempt to make space by freeing buffered future messages" \
+            -c "Enough space available after freeing buffered HS messages" \
             -S "Buffering HS message" \
             -S "Next handshake message has been buffered - load"\
             -C "Inject buffered CCS message" \
@@ -5960,7 +5986,7 @@ run_test    "DTLS reordering: Buffer out-of-order CCS message on server"\
             -s "Inject buffered CCS message" \
             -s "Remember CCS message"
 
-run_test    "DTLS reordering: Buffer record from future epoch (client and server)" \
+run_test    "DTLS reordering: Buffer encrypted Finished message" \
             -p "$P_PXY delay_ccs=1" \
             "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
             "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
@@ -5970,6 +5996,34 @@ run_test    "DTLS reordering: Buffer record from future epoch (client and server
             -c "Buffer record from epoch 1" \
             -c "Found buffered record from current epoch - load"
 
+# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
+# from the server are delayed, so that the encrypted Finished message
+# is received and buffered. When the fragmented NewSessionTicket comes
+# in afterwards, the encrypted Finished message must be freed in order
+# to make space for the NewSessionTicket to be reassembled.
+# This works only in very particular circumstances:
+# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
+#   of the NewSessionTicket, but small enough to also allow buffering of
+#   the encrypted Finished message.
+# - The MTU setting on the server must be so small that the NewSessionTicket
+#   needs to be fragmented.
+# - All messages sent by the server must be small enough to be either sent
+#   without fragmentation or be reassembled within the bounds of
+#   MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
+#   handshake, omitting CRTs.
+requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
+requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
+run_test    "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
+            -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
+            "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
+            0 \
+            -s "Buffer record from epoch 1" \
+            -s "Found buffered record from current epoch - load" \
+            -c "Buffer record from epoch 1" \
+            -C "Found buffered record from current epoch - load" \
+            -c "Enough space available after freeing future epoch record"
+
 # Tests for "randomly unreliable connection": try a variety of flows and peers
 
 client_needs_more_time 2

From 2f5aa4c64eb4df3758245a4be7199856795248cb Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 14:43:44 +0100
Subject: [PATCH 509/578] all.sh: Add builds allowing to test dropping buffered
 messages

This commit adds two builds to all.sh which use a value of
MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the
reordering tests in ssl-opt.sh introduced in the last commit.
---
 tests/scripts/all.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d7d5a8c1a..0606caae3 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -558,6 +558,26 @@ make
 msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
 if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
 
+msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
+if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
+
+msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
+if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
+
 msg "build: cmake, full config, clang" # ~ 50s
 cleanup
 cp "$CONFIG_H" "$CONFIG_BAK"

From 159a37f75dc1db92f32fc86259cf8a0f0afc55f8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 24 Aug 2018 15:07:29 +0100
Subject: [PATCH 510/578] config.h: Don't use arithmetical exp for
 SSL_DTLS_MAX_BUFFERING

The functions requires_config_value_at_least and requires_config_value_at_most
only work with numerical constants.
---
 include/mbedtls/config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 70dd4be2b..1cdff71f1 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3016,7 +3016,7 @@
  * DTLS handshake message reassembly and future message buffering.
  *
  */
-//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             ( 2 * 16384 )
+//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
 
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */

From 280075104e64a326985417c1e3f7dc4658586c8c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 09:46:44 +0100
Subject: [PATCH 511/578] DTLS Reordering: Improve doc of
 MBEDTLS_SSL_DTLS_MAX_BUFFERING

---
 include/mbedtls/config.h | 9 +++++++++
 include/mbedtls/ssl.h    | 6 +++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1cdff71f1..70770de43 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3015,6 +3015,15 @@
  * Maximum number of heap-allocated bytes for the purpose of
  * DTLS handshake message reassembly and future message buffering.
  *
+ * This should be at least 9/8 * MBEDTLSSL_MAX_IN_CONTENT_LEN
+ * to account for a reassembled handshake message of maximum size,
+ * together with its reassembly bitmap.
+ *
+ * A value of 2 * MBEDTLS_SSL_MAX_IN_CONTENT_LEN (32768 by default)
+ * should be sufficient for all practical situations as it allows
+ * to reassembly a large handshake message (such as a certificate)
+ * while buffering multiple smaller handshake messages.
+ *
  */
 //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
 
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 39c7bfaa1..5de911cd5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -243,8 +243,12 @@
 #define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
 #endif
 
+/*
+ * Maximum number of heap-allocated bytes for the purpose of
+ * DTLS handshake message reassembly and future message buffering.
+ */
 #if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
-#define MBEDTLS_SSL_DTLS_MAX_BUFFERING ( 2 * MBEDTLS_SSL_IN_CONTENT_LEN )
+#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
 #endif
 
 /* \} name SECTION: Module settings */

From 3f7b973e32dc659b7e0984ec4298e5d044bc0bbf Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 09:53:25 +0100
Subject: [PATCH 512/578] Correct typo in mbedtls_ssl_flight_transmit()

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ccd73996d..ceea17fa3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3037,7 +3037,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl )
 
             MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 );
 
-            /* Copy the handshame message content and set records fields */
+            /* Copy the handshake message content and set records fields */
             memcpy( ssl->out_msg + 12, p, cur_hs_frag_len );
             ssl->out_msglen = cur_hs_frag_len + 12;
             ssl->out_msgtype = cur->type;

From ecbdf1c0481a2a9caeb9e32f1c8e80967457ed04 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 09:53:54 +0100
Subject: [PATCH 513/578] Style: Correct indentation of debug msgs in
 mbedtls_ssl_write_record

---
 library/ssl_tls.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ceea17fa3..5f1ec0773 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3402,12 +3402,12 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
         MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
-                    "version = [%d:%d], msglen = %d",
-                    ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2], len ) );
-
+                                    "version = [%d:%d], msglen = %d",
+                                    ssl->out_hdr[0], ssl->out_hdr[1],
+                                    ssl->out_hdr[2], len ) );
 
         MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network",
-                       ssl->out_hdr, protected_record_size );
+                               ssl->out_hdr, protected_record_size );
 
         ssl->out_left += protected_record_size;
         ssl->out_hdr  += protected_record_size;

From f0da6670dcf2485da3f6aa2e08eb679d5e509c7e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 09:55:10 +0100
Subject: [PATCH 514/578] Style: Add braces around if-branch where else-branch
 has them

---
 library/ssl_tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5f1ec0773..4cb543ca7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3440,7 +3440,9 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
 
         remaining = (size_t) ret;
         if( remaining == 0 )
+        {
             flush = SSL_FORCE_FLUSH;
+        }
         else
         {
             MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) );

From b8f50147ee79024f07593542339330bef25a937f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:01:34 +0100
Subject: [PATCH 515/578] Add explicit MBEDTLS_DEBUG_C-guard around debugging
 code

---
 library/ssl_tls.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4cb543ca7..4777844c4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4424,6 +4424,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
         goto exit;
     }
 
+#if defined(MBEDTLS_DEBUG_C)
     /* Debug only */
     {
         unsigned offset;
@@ -4438,6 +4439,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
             }
         }
     }
+#endif /* MBEDTLS_DEBUG_C */
 
     /* Check if we have buffered and/or fully reassembled the
      * next handshake message. */

From 4f432ad44de7fadbf015d9576e3f657ef551faab Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:02:32 +0100
Subject: [PATCH 516/578] Style: Don't use abbreviations in comments

---
 library/ssl_tls.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4777844c4..425cdee93 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4505,9 +4505,9 @@ static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
         return( 0 );
     }
 
-    /* We don't have enough space to buffer the next expected
-     * handshake message. Remove buffers used for future msgs
-     * to gain space, starting with the most distant one. */
+    /* We don't have enough space to buffer the next expected handshake
+     * message. Remove buffers used for future messages to gain space,
+     * starting with the most distant one. */
     for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1;
          offset >= 0; offset-- )
     {

From 360bef3fe39b5f0b2887db4d39ca7d2e1636ea56 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:04:33 +0100
Subject: [PATCH 517/578] Reordering: Document that only HS and CCS msgs are
 buffered

---
 library/ssl_tls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 425cdee93..0703b6a7b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4710,6 +4710,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
         }
 
         default:
+            /* We don't buffer other types of messages. */
             break;
     }
 

From d58477769d355fd753afef5dc77c5447b13cedd1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:09:23 +0100
Subject: [PATCH 518/578] Style: Group buffering-related forward declarations
 in ssl_tls.c

---
 library/ssl_tls.c | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0703b6a7b..38d9d0296 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -109,6 +109,17 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
+/* Forward declarations for functions related to message buffering. */
+static void ssl_buffering_free( mbedtls_ssl_context *ssl );
+static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
+                                     uint8_t slot );
+static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
+static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
+static int ssl_buffer_message( mbedtls_ssl_context *ssl );
+static int ssl_buffer_future_record( mbedtls_ssl_context *ssl );
+static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl );
+
 static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
 static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
 {
@@ -183,11 +194,6 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl
     return( (int) remaining );
 }
 
-static void ssl_buffering_free( mbedtls_ssl_context *ssl );
-
-static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
-                                     uint8_t slot );
-
 /*
  * Double the retransmit timeout value, within the allowed range,
  * returning -1 if the maximum value has already been reached.
@@ -4287,14 +4293,6 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl );
 static int ssl_get_next_record( mbedtls_ssl_context *ssl );
 static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl );
 
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
-static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
-static int ssl_buffer_message( mbedtls_ssl_context *ssl );
-static int ssl_buffer_future_record( mbedtls_ssl_context *ssl );
-static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_hs_digest )
 {
@@ -4485,7 +4483,6 @@ exit:
     return( ret );
 }
 
-static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
 static int ssl_buffer_make_space( mbedtls_ssl_context *ssl,
                                   size_t desired )
 {

From cf469458caf74173c045e62b508a602016f02c9a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:09:47 +0100
Subject: [PATCH 519/578] Style: Add empty line before comment in UDP proxy
 code

---
 programs/test/udp_proxy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 258522003..46f7035b9 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -663,6 +663,7 @@ int handle_message( const char *way,
         delay_list     = opt.delay_srv;
         delay_list_len = opt.delay_srv_cnt;
     }
+
     /* Check if message type is in the list of messages
      * that should be delayed */
     for( delay_idx = 0; delay_idx < delay_list_len; delay_idx++ )

From bc2498a9ffc3d80816cef82055309eb5ab4f915c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:13:29 +0100
Subject: [PATCH 520/578] Style: Add numerous comments indicating condition
 guarded by #endif

---
 include/mbedtls/ssl.h | 22 +++++++++++-----------
 library/ssl_cli.c     |  4 ++--
 library/ssl_srv.c     |  6 +++---
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 5de911cd5..91101cd28 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1031,14 +1031,14 @@ struct mbedtls_ssl_context
     int renego_records_seen;    /*!< Records since renego request, or with DTLS,
                                   number of retransmissions of request if
                                   renego_max_records is < 0           */
-#endif
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
 
     int major_ver;              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
     int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
 
 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
     unsigned badmac_seen;       /*!< records with a bad MAC received    */
-#endif
+#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
 
     mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
     mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
@@ -1094,11 +1094,11 @@ struct mbedtls_ssl_context
     uint16_t in_epoch;          /*!< DTLS epoch for incoming records  */
     size_t next_record_offset;  /*!< offset of the next record in datagram
                                      (equal to in_left if none)       */
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
     uint64_t in_window_top;     /*!< last validated record seq_num    */
     uint64_t in_window;         /*!< bitmask for replay detection     */
-#endif
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
     size_t in_hslen;            /*!< current handshake message length,
                                      including the handshake header   */
@@ -1130,14 +1130,14 @@ struct mbedtls_ssl_context
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     uint16_t mtu;               /*!< path mtu, used to fragment outgoing messages */
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     unsigned char *compress_buf;        /*!<  zlib data buffer        */
-#endif
+#endif /* MBEDTLS_ZLIB_SUPPORT */
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
     signed char split_done;     /*!< current record already splitted? */
-#endif
+#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
 
     /*
      * PKI layer
@@ -1150,11 +1150,11 @@ struct mbedtls_ssl_context
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     char *hostname;             /*!< expected peer CN for verification
                                      (and SNI if available)                 */
-#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_ALPN)
     const char *alpn_chosen;    /*!<  negotiated protocol                   */
-#endif
+#endif /* MBEDTLS_SSL_ALPN */
 
     /*
      * Information for DTLS hello verify
@@ -1162,7 +1162,7 @@ struct mbedtls_ssl_context
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
     size_t          cli_id_len;     /*!<  length of cli_id                  */
-#endif
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
 
     /*
      * Secure renegotiation
@@ -1174,7 +1174,7 @@ struct mbedtls_ssl_context
     size_t verify_data_len;             /*!<  length of verify data stored   */
     char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
     char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
-#endif
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
 };
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d160c42d0..2c325aab6 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1101,7 +1101,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
         return( ret );
     }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
 
@@ -3414,7 +3414,7 @@ int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
         if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
             return( ret );
     }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
      * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 84c83e330..36ca0d69f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2397,7 +2397,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
         return( ret );
     }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) );
 
@@ -3385,7 +3385,7 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
         return( ret );
     }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) );
 
@@ -4264,7 +4264,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl )
         if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
             return( ret );
     }
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     switch( ssl->state )
     {

From b9a0086975fa966bf113db2d853bd978c4498475 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:20:22 +0100
Subject: [PATCH 521/578] ssl-opt.sh: Explain use of --insecure in GnuTLS
 client tests

---
 tests/ssl-opt.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ff36e6c57..01867e1fd 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5535,6 +5535,13 @@ run_test    "DTLS fragmenting: gnutls server, DTLS 1.0" \
             -c "fragmenting handshake message" \
             -C "error"
 
+# We use --insecure for the GnuTLS client because it expects
+# the hostname / IP it connects to to be the name used in the
+# certificate obtained from the server. Here, however, it
+# connects to 127.0.0.1 while our test certificates use 'localhost'
+# as the server name in the certificate. This will make the
+# certifiate validation fail, but passing --insecure makes
+# GnuTLS continue the connection nonetheless.
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C
@@ -5549,6 +5556,7 @@ run_test    "DTLS fragmenting: gnutls client, DTLS 1.2" \
             0 \
             -s "fragmenting handshake message"
 
+# See previous test for the reason to use --insecure
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From 3b8b40c16dbfb3df1c33025bd08c6d9bcf15a147 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:25:41 +0100
Subject: [PATCH 522/578] ssl-opt.sh: Add function to skip next test

---
 tests/ssl-opt.sh | 105 +++++++++++++++++++++++++----------------------
 1 file changed, 57 insertions(+), 48 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 01867e1fd..852597d9d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -142,6 +142,14 @@ get_options() {
     done
 }
 
+# Skip next test; use this macro to skip tests which are legitimate
+# in theory and expected to be re-introduced at some point, but
+# aren't expected to succeed at the moment due to problems outside
+# our control (such as bugs in other TLS implementations).
+skip_next_test() {
+    SKIP_NEXT="YES"
+}
+
 # skip next test if the flag is not enabled in config.h
 requires_config_enabled() {
     if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
@@ -5668,38 +5676,39 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## https://gitlab.com/gnutls/gnutls/issues/543
 ## We can re-enable them when a fixed version fo GnuTLS is available
 ## and installed in our CI system.
-##
-## requires_gnutls
-## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-## requires_config_enabled MBEDTLS_RSA_C
-## requires_config_enabled MBEDTLS_ECDSA_C
-## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-## client_needs_more_time 4
-## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
-##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-##             "$P_SRV dtls=1 debug_level=2 \
-##              crt_file=data_files/server7_int-ca.crt \
-##              key_file=data_files/server7.key \
-##              hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-##            "$G_CLI -u --insecure 127.0.0.1" \
-##             0 \
-##             -s "fragmenting handshake message"
-##
-## requires_gnutls
-## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-## requires_config_enabled MBEDTLS_RSA_C
-## requires_config_enabled MBEDTLS_ECDSA_C
-## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
-## client_needs_more_time 4
-## run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
-##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-##             "$P_SRV dtls=1 debug_level=2 \
-##              crt_file=data_files/server7_int-ca.crt \
-##              key_file=data_files/server7.key \
-##              hs_timeout=250-60000 mtu=512 force_version=dtls1" \
-##            "$G_CLI -u --insecure 127.0.0.1" \
-##             0 \
-##             -s "fragmenting handshake message"
+skip_next_test
+requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 4
+run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$P_SRV dtls=1 debug_level=2 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
+           "$G_CLI -u --insecure 127.0.0.1" \
+            0 \
+            -s "fragmenting handshake message"
+
+skip_next_test
+requires_gnutls
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
+client_needs_more_time 4
+run_test    "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$P_SRV dtls=1 debug_level=2 \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1" \
+           "$G_CLI -u --insecure 127.0.0.1" \
+            0 \
+            -s "fragmenting handshake message"
 
 ## Interop test with OpenSSL might triger a bug in recent versions (that
 ## probably won't be fixed before 1.1.1X), so we use an old version that
@@ -5708,22 +5717,22 @@ run_test    "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
 ## Bug report: https://github.com/openssl/openssl/issues/6902
 ## They should be re-enabled (and the DTLS 1.0 switched back to a non-legacy
 ## version of OpenSSL once a fixed version of OpenSSL is available)
-##
-## requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
-## requires_config_enabled MBEDTLS_RSA_C
-## requires_config_enabled MBEDTLS_ECDSA_C
-## requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-## client_needs_more_time 4
-## run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
-##             -p "$P_PXY drop=8 delay=8 duplicate=8" \
-##             "$O_SRV -dtls1_2 -verify 10" \
-##             "$P_CLI dtls=1 debug_level=2 \
-##              crt_file=data_files/server8_int-ca2.crt \
-##              key_file=data_files/server8.key \
-##              hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
-##             0 \
-##             -c "fragmenting handshake message" \
-##             -C "error"
+skip_next_test
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+client_needs_more_time 4
+run_test    "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
+            -p "$P_PXY drop=8 delay=8 duplicate=8" \
+            "$O_SRV -dtls1_2 -verify 10" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
+            0 \
+            -c "fragmenting handshake message" \
+            -C "error"
 
 requires_openssl_legacy
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS

From b841b4f107aa3368ade353de8845b10858aeaee8 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:25:51 +0100
Subject: [PATCH 523/578] ssl-opt.sh: Remove reference to Github issue

---
 tests/ssl-opt.sh | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 852597d9d..17629b41f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5289,9 +5289,8 @@ run_test    "DTLS fragmenting: proxy MTU, simple handshake, nbio" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
-# This ensures things still work after session_reset(),
-# for example it would have caught #1941.
-# It also exercises the "resumed hanshake" flow.
+# This ensures things still work after session_reset().
+# It also exercises the "resumed handshake" flow.
 # Since we don't support reading fragmented ClientHello yet,
 # up the MTU to 1450 (larger than ClientHello with session ticket,
 # but still smaller than client's Certificate to ensure fragmentation).

From 0207e533b21776e304c99b6bb9e2a2826cf2d421 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:28:28 +0100
Subject: [PATCH 524/578] Style: Correct typo in ssl-tls.c

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 38d9d0296..c123c7a32 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3280,7 +3280,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
         }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-        /* Update running hashes of hanshake messages seen */
+        /* Update running hashes of handshake messages seen */
         if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST )
             ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen );
     }

From eefe084f7299959b5138a80709aa1dc6f05f4885 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 10:29:17 +0100
Subject: [PATCH 525/578] Style: Spell out PMTU in ssl.h

---
 include/mbedtls/ssl.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 91101cd28..83849a564 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1409,8 +1409,9 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
  *                 encapsulation and encryption/authentication if any.
  *
  * \note           This can be called at any point during the connection, for
- *                 example when a PMTU estimate becomes available from other
- *                 sources, such as lower (or higher) protocol layers.
+ *                 example when a Path Maximum Transfer Unit (PMTU)
+ *                 estimate becomes available from other sources,
+ *                 such as lower (or higher) protocol layers.
  *
  * \note           This setting only controls the size of the packets we send,
  *                 and does not restrict the size of the datagrams we're

From 41038108e93f1176e7e62a67059e6dd816e484ac Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 11:15:32 +0100
Subject: [PATCH 526/578] Style: Correct indentation in UDP proxy code

---
 programs/test/udp_proxy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 46f7035b9..0165d3f6a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -152,10 +152,10 @@ static struct options
     int delay;                  /* delay 1 packet in N (none if 0)          */
     int delay_ccs;              /* delay ChangeCipherSpec                   */
     char* delay_cli[MAX_DELAYED_HS];  /* handshake types of messages from
-                                      * client that should be delayed.      */
+                                       * client that should be delayed.     */
     uint8_t delay_cli_cnt;      /* Number of entries in delay_cli.          */
     char* delay_srv[MAX_DELAYED_HS];  /* handshake types of messages from
-                                      * server that should be delayed.      */
+                                       * server that should be delayed.     */
     uint8_t delay_srv_cnt;      /* Number of entries in delay_srv.          */
     int drop;                   /* drop 1 packet in N (none if 0)           */
     int mtu;                    /* drop packets larger than this            */

From e604556febc8dd666f34e200b7ebc22061bfc6ce Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 11:24:55 +0100
Subject: [PATCH 527/578] ssl-opt.sh: Don't hardcode varname in
 requires_config_value_xxx()

---
 tests/ssl-opt.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 17629b41f..86bede893 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -166,7 +166,7 @@ requires_config_disabled() {
 
 requires_config_value_at_least() {
     NAME="$1"
-    DEF_VAL=$( grep ".*#define.*MBEDTLS_SSL_DTLS_MAX_BUFFERING" ../include/mbedtls/config.h |
+    DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
                sed 's/^.*\s\([0-9]*\)$/\1/' )
     VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" )
     if [ "$VAL" -lt "$2" ]; then
@@ -176,7 +176,7 @@ requires_config_value_at_least() {
 
 requires_config_value_at_most() {
     NAME="$1"
-    DEF_VAL=$( grep ".*#define.*MBEDTLS_SSL_DTLS_MAX_BUFFERING" ../include/mbedtls/config.h |
+    DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
                sed 's/^.*\s\([0-9]*\)$/\1/' )
     VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" )
     if [ "$VAL" -gt "$2" ]; then

From 02f6f5af2641ff1d1505fa3f3626583d0e08bfe5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 12:54:27 +0100
Subject: [PATCH 528/578] Adapt ChangeLog

Make explicit that buffering support is about DTLS.
---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index a97bfaa89..b9b873be8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,7 +12,7 @@ Features
      last paragraph).
    * Add support for packing multiple records within a single datagram,
      enabled by default.
-   * Add support for buffering out-of-order handshake messages.
+   * Add support for buffering out-of-order handshake messages in DTLS.
      The maximum amount of RAM used for this can be controlled by the
      compile-time constant MBEDTLS_SSL_DTLS_MAX_BUFFERING defined
      in mbedtls/config.h.

From 97a1c134b232b9a2145c1e1482548a6808f370c2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 14:42:15 +0100
Subject: [PATCH 529/578] Correct typo in documentation of
 MBEDTLS_SSL_DTLS_MAX_BUFFERING

---
 include/mbedtls/config.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 70770de43..052aed0d3 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3015,11 +3015,11 @@
  * Maximum number of heap-allocated bytes for the purpose of
  * DTLS handshake message reassembly and future message buffering.
  *
- * This should be at least 9/8 * MBEDTLSSL_MAX_IN_CONTENT_LEN
+ * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
  * to account for a reassembled handshake message of maximum size,
  * together with its reassembly bitmap.
  *
- * A value of 2 * MBEDTLS_SSL_MAX_IN_CONTENT_LEN (32768 by default)
+ * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
  * should be sufficient for all practical situations as it allows
  * to reassembly a large handshake message (such as a certificate)
  * while buffering multiple smaller handshake messages.

From dc1e95017048dbd2a5a242632ce6fa48e6dbb47f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 16:02:33 +0100
Subject: [PATCH 530/578] DTLS reordering: Add test for buffering a proper
 fragment

This commit adds a test to ssl-opt.sh which exercises the behavior
of the library in the situation where a single proper fragment
of a future handshake message is received prior to the next
expected handshake message (concretely, the client receives
the first fragment of the server's Certificate message prior
to the server's ServerHello).
---
 tests/ssl-opt.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 86bede893..7ea924567 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5920,6 +5920,22 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
             -S "Inject buffered CCS message" \
             -S "Remember CCS message"
 
+run_test    "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
+            -p "$P_PXY delay_srv=ServerHello" \
+            "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2" \
+            "$P_CLI dgram_packing=0 dtls=1 debug_level=2" \
+            0 \
+            -c "Buffering HS message" \
+            -c "found fragmented DTLS handshake message"\
+            -c "Next handshake message 1 not or only partially bufffered" \
+            -c "Next handshake message has been buffered - load"\
+            -S "Buffering HS message" \
+            -S "Next handshake message has been buffered - load"\
+            -C "Inject buffered CCS message" \
+            -C "Remember CCS message" \
+            -S "Inject buffered CCS message" \
+            -S "Remember CCS message"
+
 # The client buffers the ServerKeyExchange before receiving the fragmented
 # Certificate message; at the time of writing, together these are aroudn 1200b
 # in size, so that the bound below ensures that the certificate can be reassembled

From 7c48dd11dbee505e8bab82b2d5941cd3c190243e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 16:09:22 +0100
Subject: [PATCH 531/578] ssl-opt.sh: Add function extracting val or default
 val from config.h

---
 tests/ssl-opt.sh | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7ea924567..b0ee3d47e 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -164,21 +164,22 @@ requires_config_disabled() {
     fi
 }
 
-requires_config_value_at_least() {
+get_config_value_or_default() {
     NAME="$1"
     DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
                sed 's/^.*\s\([0-9]*\)$/\1/' )
-    VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" )
+    ../scripts/config.pl get $NAME || echo "$DEF_VAL"
+}
+
+requires_config_value_at_least() {
+    VAL=$( get_config_value_or_default "$1" )
     if [ "$VAL" -lt "$2" ]; then
        SKIP_NEXT="YES"
     fi
 }
 
 requires_config_value_at_most() {
-    NAME="$1"
-    DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h |
-               sed 's/^.*\s\([0-9]*\)$/\1/' )
-    VAL=$( ../scripts/config.pl get $NAME || echo "$DEF_VAL" )
+    VAL=$( get_config_value_or_default "$1" )
     if [ "$VAL" -gt "$2" ]; then
        SKIP_NEXT="YES"
     fi

From c573ac33dd2c74e706b80d05a665e3f7d18e035c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 17:15:25 +0100
Subject: [PATCH 532/578] Fix typos in debug message and comment in ssl-tls.c

---
 library/ssl_tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c123c7a32..7386fdd6e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4331,7 +4331,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
 
                     if( ret != 0 )
                     {
-                        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record_layer" ), ret );
+                        MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret );
                         return( ret );
                     }
                 }
@@ -7725,7 +7725,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl )
 
     /*
      * In all other cases, the rest of the message can be dropped.
-     * As in ssl_read_record_layer, this needs to be adapted if
+     * As in ssl_get_next_record, this needs to be adapted if
      * we implement support for multiple alerts in single records.
      */
 

From ef7afdfa5a8c0bd95d38091a722e826f9e35997c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 17:16:31 +0100
Subject: [PATCH 533/578]  Rename another_record_in_datagram to
 next_record_is_in_datagram

---
 library/ssl_tls.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7386fdd6e..f7663c700 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -118,7 +118,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
 static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
 static int ssl_buffer_message( mbedtls_ssl_context *ssl );
 static int ssl_buffer_future_record( mbedtls_ssl_context *ssl );
-static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl );
+static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
 
 static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
 static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
@@ -4316,7 +4316,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                 /* We only check for buffered messages if the
                  * current datagram is fully consumed. */
                 if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-                    ssl_another_record_in_datagram( ssl ) == 0 )
+                    ssl_next_record_is_in_datagram( ssl ) == 0 )
                 {
                     if( ssl_load_buffered_message( ssl ) == 0 )
                         have_buffered = 1;
@@ -4378,7 +4378,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
 }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-static int ssl_another_record_in_datagram( mbedtls_ssl_context *ssl )
+static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl )
 {
     if( ssl->in_left > ssl->next_record_offset )
         return( 1 );
@@ -4853,7 +4853,7 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl )
 
     /* Only consider loading future records if the
      * input buffer is empty. */
-    if( ssl_another_record_in_datagram( ssl ) == 1 )
+    if( ssl_next_record_is_in_datagram( ssl ) == 1 )
         return( 0 );
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) );

From 39b8bc9aef62d3672203b6edd0ea7ecaef7ffbed Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 17:17:13 +0100
Subject: [PATCH 534/578] Change wording of debug message

---
 library/ssl_tls.c |  2 +-
 tests/ssl-opt.sh  | 28 ++++++++++++++--------------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f7663c700..6fa32418f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4409,7 +4409,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
             goto exit;
         }
 
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Inject buffered CCS message" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) );
         ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC;
         ssl->in_msglen = 1;
         ssl->in_msg[0] = 1;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b0ee3d47e..3575429df 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5916,9 +5916,9 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message on client" \
             -c "Next handshake message has been buffered - load"\
             -S "Buffering HS message" \
             -S "Next handshake message has been buffered - load"\
-            -C "Inject buffered CCS message" \
+            -C "Injecting buffered CCS message" \
             -C "Remember CCS message" \
-            -S "Inject buffered CCS message" \
+            -S "Injecting buffered CCS message" \
             -S "Remember CCS message"
 
 run_test    "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
@@ -5932,9 +5932,9 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message fragment on
             -c "Next handshake message has been buffered - load"\
             -S "Buffering HS message" \
             -S "Next handshake message has been buffered - load"\
-            -C "Inject buffered CCS message" \
+            -C "Injecting buffered CCS message" \
             -C "Remember CCS message" \
-            -S "Inject buffered CCS message" \
+            -S "Injecting buffered CCS message" \
             -S "Remember CCS message"
 
 # The client buffers the ServerKeyExchange before receiving the fragmented
@@ -5952,9 +5952,9 @@ run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
             -C "attempt to make space by freeing buffered messages" \
             -S "Buffering HS message" \
             -S "Next handshake message has been buffered - load"\
-            -C "Inject buffered CCS message" \
+            -C "Injecting buffered CCS message" \
             -C "Remember CCS message" \
-            -S "Inject buffered CCS message" \
+            -S "Injecting buffered CCS message" \
             -S "Remember CCS message"
 
 # The size constraints ensure that the delayed certificate message can't
@@ -5972,9 +5972,9 @@ run_test    "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
             -c "Enough space available after freeing buffered HS messages" \
             -S "Buffering HS message" \
             -S "Next handshake message has been buffered - load"\
-            -C "Inject buffered CCS message" \
+            -C "Injecting buffered CCS message" \
             -C "Remember CCS message" \
-            -S "Inject buffered CCS message" \
+            -S "Injecting buffered CCS message" \
             -S "Remember CCS message"
 
 run_test    "DTLS reordering: Buffer out-of-order handshake message on server" \
@@ -5986,9 +5986,9 @@ run_test    "DTLS reordering: Buffer out-of-order handshake message on server" \
             -C "Next handshake message has been buffered - load"\
             -s "Buffering HS message" \
             -s "Next handshake message has been buffered - load" \
-            -C "Inject buffered CCS message" \
+            -C "Injecting buffered CCS message" \
             -C "Remember CCS message" \
-            -S "Inject buffered CCS message" \
+            -S "Injecting buffered CCS message" \
             -S "Remember CCS message"
 
 run_test    "DTLS reordering: Buffer out-of-order CCS message on client"\
@@ -6000,9 +6000,9 @@ run_test    "DTLS reordering: Buffer out-of-order CCS message on client"\
             -C "Next handshake message has been buffered - load"\
             -S "Buffering HS message" \
             -S "Next handshake message has been buffered - load" \
-            -c "Inject buffered CCS message" \
+            -c "Injecting buffered CCS message" \
             -c "Remember CCS message" \
-            -S "Inject buffered CCS message" \
+            -S "Injecting buffered CCS message" \
             -S "Remember CCS message"
 
 run_test    "DTLS reordering: Buffer out-of-order CCS message on server"\
@@ -6014,9 +6014,9 @@ run_test    "DTLS reordering: Buffer out-of-order CCS message on server"\
             -C "Next handshake message has been buffered - load"\
             -S "Buffering HS message" \
             -S "Next handshake message has been buffered - load" \
-            -C "Inject buffered CCS message" \
+            -C "Injecting buffered CCS message" \
             -C "Remember CCS message" \
-            -s "Inject buffered CCS message" \
+            -s "Injecting buffered CCS message" \
             -s "Remember CCS message"
 
 run_test    "DTLS reordering: Buffer encrypted Finished message" \

From cd9dcda0a0f47b556d0d0e6796cd97d49dfe1bca Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 17:18:56 +0100
Subject: [PATCH 535/578] Add const qualifier to handshake header reading
 functions

---
 library/ssl_tls.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6fa32418f..15e4aa6bc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -55,7 +55,7 @@
 #endif
 
 static void ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
-static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context *ssl );
+static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
 
 /* Length of the "epoch" field in the record header */
 static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
@@ -3481,21 +3481,21 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context *ssl )
+static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl )
 {
     return( ( ssl->in_msg[9] << 16  ) |
             ( ssl->in_msg[10] << 8  ) |
               ssl->in_msg[11] );
 }
 
-static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context *ssl )
+static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl )
 {
     return( ( ssl->in_msg[6] << 16 ) |
             ( ssl->in_msg[7] << 8  ) |
               ssl->in_msg[8] );
 }
 
-static int ssl_check_hs_header( mbedtls_ssl_context *ssl )
+static int ssl_check_hs_header( mbedtls_ssl_context const *ssl )
 {
     uint32_t msg_len, frag_off, frag_len;
 
@@ -3593,7 +3593,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len,
 
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
-static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context *ssl )
+static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl )
 {
     return( ( ssl->in_msg[1] << 16 ) |
             ( ssl->in_msg[2] << 8  ) |

From 83ab41c665611fbb75e08b521f6fcae0aaf37101 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 17:19:38 +0100
Subject: [PATCH 536/578] Correct typo in comment

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 15e4aa6bc..125f6bca9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3672,7 +3672,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
 
         /* Message reassembly is handled alongside buffering of future
          * messages; the commonality is that both handshake fragments and
-         * future messages cannot be forwarded immediately to the handshake
+         * future messages cannot be forwarded immediately to the
          * handshake logic layer. */
         if( ssl_hs_is_proper_fragment( ssl ) == 1 )
         {

From a591c48302977592b4c31148c36ec5c51cfb8a55 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 17:20:00 +0100
Subject: [PATCH 537/578] Correct typo in debug message

---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 125f6bca9..1354442f1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4433,7 +4433,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.",
                             hs->in_msg_seq + offset,
-                            hs_buf->is_complete ? "fully" : "partitially" ) );
+                            hs_buf->is_complete ? "fully" : "partially" ) );
             }
         }
     }

From f34a4c176c19f68d2dd2e3513e9805bd0433f53c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 28 Aug 2018 17:22:26 +0100
Subject: [PATCH 538/578] UDP proxy: Correct debug output for delay_srv option

---
 programs/test/udp_proxy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 0165d3f6a..41739d057 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -249,8 +249,8 @@ static void get_options( int argc, char *argv[] )
 
             if( *delay_cnt == MAX_DELAYED_HS )
             {
-                mbedtls_printf( " maximally %d uses of delay_cli argument allowed\n",
-                                MAX_DELAYED_HS );
+                mbedtls_printf( " too many uses of %s: only %d allowed\n",
+                                p, MAX_DELAYED_HS );
                 exit_usage( p, NULL );
             }
 

From 37029ebc63355dd7f228f1dbcc0fecf32ca909ac Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 29 Aug 2018 17:01:40 +0100
Subject: [PATCH 539/578] Skip MTU auto-reduction test when running valgrind

---
 tests/ssl-opt.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9fc16bfde..bc07a197f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5112,6 +5112,7 @@ run_test    "DTLS fragmenting: both (MTU)" \
             -C "error"
 
 # Test for automatic MTU reduction on repeated resend
+not_with_valgrind
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
 requires_config_enabled MBEDTLS_ECDSA_C

From 108992e7763cd6bb9993b2c33c83275ee0d69c55 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 29 Aug 2018 17:04:18 +0100
Subject: [PATCH 540/578] Add MTU auto-reduction test with valgrind

---
 tests/ssl-opt.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index bc07a197f..4104bb05f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5131,6 +5131,25 @@ run_test    "DTLS fragmenting: proxy MTU: auto-reduction" \
             -c "found fragmented DTLS handshake message" \
             -C "error"
 
+only_with_valgrind
+requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
+requires_config_enabled MBEDTLS_RSA_C
+requires_config_enabled MBEDTLS_ECDSA_C
+run_test    "DTLS fragmenting: proxy MTU: auto-reduction" \
+            -p "$P_PXY mtu=508" \
+            "$P_SRV dtls=1 debug_level=2 auth_mode=required \
+             crt_file=data_files/server7_int-ca.crt \
+             key_file=data_files/server7.key\
+             hs_timeout=250-10000" \
+            "$P_CLI dtls=1 debug_level=2 \
+             crt_file=data_files/server8_int-ca2.crt \
+             key_file=data_files/server8.key \
+             hs_timeout=250-10000" \
+            0 \
+            -s "found fragmented DTLS handshake message" \
+            -c "found fragmented DTLS handshake message" \
+            -C "error"
+
 # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
 # OTOH the client might resend if the server is to slow to reset after sending
 # a HelloVerifyRequest, so only check for no retransmission server-side

From b5afb972447d1bf3d40a275c38fe9430610942bd Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Fri, 31 Aug 2018 11:59:56 +0100
Subject: [PATCH 541/578] Revised and clarified ChangeLog

Minor changes to fix language, merge mistakes and incorrect classifications of
changes.
---
 ChangeLog | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c26974285..7575fd390 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,6 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
 Security
-   * Fix a potential memory leak in mbedtls_ssl_setup( ) function. An allocation
-     failure could leave an unreleased buffer. A handshake init failure would
-     lead to leaving two unreleased buffers.
    * Fix an issue in the X.509 module which could lead to a buffer overread
      during certificate extensions parsing. In case of receiving malformed
      input (extensions length field equal to 0), an illegal read of one byte
@@ -31,6 +28,8 @@ API Changes
      the use of datagram packing (enabled by default).
 
 Bugfix
+   * Fix a potential memory leak in mbedtls_ssl_setup() function. An allocation
+     failure in the function could lead to other buffers being leaked.
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
    * Fix a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails.
@@ -38,7 +37,8 @@ Bugfix
    * Add ecc extensions only if an ecc based ciphersuite is used.
      This improves compliance to RFC 4492, and as a result, solves
      interoperability issues with BouncyCastle. Raised by milenamil in #1157.
-   * Replace printf with mbedtls_printf in aria. Found by TrinityTonic in #1908.
+   * Replace printf with mbedtls_printf in the ARIA module. Found by
+     TrinityTonic in #1908.
    * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
      and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
    * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
@@ -54,11 +54,11 @@ Bugfix
    * Fix overly strict bounds check in ssl_parse_certificate_request()
      which could lead to valid CertificateRequest messages being rejected.
      Fixes #1954.
+   * Fix undefined shifts with negative values in certificates parsing
+     (found by Catena cyber using oss-fuzz)
    * Fix memory leak and free without initialization in pk_encrypt
      and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128.
-   * Remove redundant else statement, which is not readable, and the positive
-     path in the if statement results in exiting the funciton. Raised by irwir
-     in #1776.
+   * Remove redundant else statement. Raised by irwir. Fixes #1776.
 
 Changes
    * Copy headers preserving timestamps when doing a "make install".
@@ -67,15 +67,7 @@ Changes
      Drozd. Fixes #1215 raised by randombit.
    * Improve compatibility with some alternative CCM implementations by using
      CCM test vectors from RAM.
-   * Fix a miscalculation of the maximum record expansion in
-     mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
-     or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
    * Add support for buffering of out-of-order handshake messages.
-
-INTERNAL NOTE: need to bump soversion of libmbedtls:
-- added new member 'mtu' to public 'mbedtls_ssl_conf' structure
-
-Changes
    * Add warnings to the documentation of the HKDF module to reduce the risk
      of misusing the mbedtls_hkdf_extract() and mbedtls_hkdf_expand()
      functions. Fixes #1775. Reported by Brian J. Murray.
@@ -228,8 +220,6 @@ API Changes
 Bugfix
    * Fix an issue with MicroBlaze support in bn_mul.h which was causing the
      build to fail. Found by zv-io. Fixes #1651.
-   * Fix undefined shifts with negative values in certificates parsing
-     (found by Catena cyber using oss-fuzz)
 
 Changes
    * Support TLS testing in out-of-source builds using cmake. Fixes #1193.

From 4d075cd7d0a4c5ab7d562c833f1f9cbc1b43cc01 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Fri, 31 Aug 2018 15:59:10 +0100
Subject: [PATCH 542/578] Update library version number to 2.13.0

---
 ChangeLog                            | 2 +-
 doxygen/input/doc_mainpage.h         | 2 +-
 doxygen/mbedtls.doxyfile             | 2 +-
 include/mbedtls/version.h            | 8 ++++----
 library/CMakeLists.txt               | 6 +++---
 library/Makefile                     | 2 +-
 tests/suites/test_suite_version.data | 4 ++--
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7575fd390..fd03f1ae3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x branch released xxxx-xx-xx
+= mbed TLS 2.13.0 branch released 2018-08-31
 
 Security
    * Fix an issue in the X.509 module which could lead to a buffer overread
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index f695dd232..72abd2709 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.12.0 source code documentation
+ * @mainpage mbed TLS v2.13.0 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 317eb0dc9..43d6e6e72 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.12.0"
+PROJECT_NAME           = "mbed TLS v2.13.0"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index eaf25d908..17b8ba450 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,7 +39,7 @@
  * Major, Minor, Patchlevel
  */
 #define MBEDTLS_VERSION_MAJOR  2
-#define MBEDTLS_VERSION_MINOR  12
+#define MBEDTLS_VERSION_MINOR  13
 #define MBEDTLS_VERSION_PATCH  0
 
 /**
@@ -47,9 +47,9 @@
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x020C0000
-#define MBEDTLS_VERSION_STRING         "2.12.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.12.0"
+#define MBEDTLS_VERSION_NUMBER         0x020D0000
+#define MBEDTLS_VERSION_STRING         "2.13.0"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.13.0"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 5115b961f..6a280fe70 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
     add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.12.0 SOVERSION 3)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.0 SOVERSION 3)
     target_link_libraries(mbedcrypto ${libs})
 
     add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.12.0 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.13.0 SOVERSION 0)
     target_link_libraries(mbedx509 ${libs} mbedcrypto)
 
     add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.12.0 SOVERSION 11)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.13.0 SOVERSION 12)
     target_link_libraries(mbedtls ${libs} mbedx509)
 
     install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/Makefile b/library/Makefile
index ac88d4c3f..430c59881 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -35,7 +35,7 @@ LOCAL_CFLAGS += -fPIC -fpic
 endif
 endif
 
-SOEXT_TLS=so.11
+SOEXT_TLS=so.12
 SOEXT_X509=so.0
 SOEXT_CRYPTO=so.3
 
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 402c8b89a..49a614e9d 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.12.0"
+check_compiletime_version:"2.13.0"
 
 Check runtime library version
-check_runtime_version:"2.12.0"
+check_runtime_version:"2.13.0"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0

From c0a63bd0c1abad986c1c64190d03ec3e6d34e589 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 4 Sep 2018 09:54:28 +0100
Subject: [PATCH 543/578] Remove duplication of some entries in the ChangeLog

Fixes for #1941 and #1954 were listed twice.
---
 ChangeLog | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fd03f1ae3..37cf75052 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,14 +46,9 @@ Bugfix
      without providing a list of CAs. This was due to an overly strict bounds
      check in parsing the CertificateRequest message,
      introduced in Mbed TLS 2.12.0. Fixes #1954.
-   * Fix potential use-after-free in mbedtls_ssl_get_max_frag_len()
-     and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.
    * Fix a miscalculation of the maximum record expansion in
      mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
      or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
-   * Fix overly strict bounds check in ssl_parse_certificate_request()
-     which could lead to valid CertificateRequest messages being rejected.
-     Fixes #1954.
    * Fix undefined shifts with negative values in certificates parsing
      (found by Catena cyber using oss-fuzz)
    * Fix memory leak and free without initialization in pk_encrypt

From c2f948b6c6f1bea1bb0d4a1335ef6a9ea4780f6c Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:21:44 +0100
Subject: [PATCH 544/578] Fix grammar in docs for MBEDTLS_HAVE_TIME_DATE

---
 include/mbedtls/config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index ff123560c..ba7e5d3c0 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -146,7 +146,7 @@
  * Comment if your system does not have a correct clock.
  *
  * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that
- * when called behaves similar to the gmtime() function from the C standard,
+ * when called behaves similarly to the gmtime() function from the C standard,
  * but is thread safe. Mbed TLS will try to identify the underlying platform
  * and configure an appropriate underlying implementation (e.g. gmtime_r() for
  * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime()

From e9b10b21f11a84a8fbf74ce663935c7caea563fa Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:25:30 +0100
Subject: [PATCH 545/578] Define _POSIX_C_SOURCE in threading.c before POSIX
 detection

---
 library/threading.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/threading.c b/library/threading.c
index 3d7f61b2e..c22a1dadc 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -19,6 +19,12 @@
  *  This file is part of mbed TLS (https://tls.mbed.org)
  */
 
+/*
+ * Ensure gmtime_r is available even with -std=c99; must be included before
+ * config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ */
+#define _POSIX_C_SOURCE 200112L
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else

From 209960611f6212004f89215091246a1882e22fe9 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:27:56 +0100
Subject: [PATCH 546/578] Use gmtime_s() for IAR

---
 library/platform_util.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/library/platform_util.c b/library/platform_util.c
index 68d2522b5..e440e5a55 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -88,6 +88,8 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
 {
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
     return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
+#elif defined(__IAR_SYSTEMS_ICC__)
+    return( gmtime_s( tt, tm_buf ) );
 #elif !defined(PLATFORM_UTIL_USE_GMTIME)
     return( gmtime_r( tt, tm_buf ) );
 #else

From 8c9a620fb6a8cd5504d757abd19aabf8453531bd Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:30:28 +0100
Subject: [PATCH 547/578] Fix missing word in ChangeLog entry for gmtime()

---
 ChangeLog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5aa54e57c..dce8f5ff8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,8 +13,8 @@ API Changes
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
      MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined. #1890
-   * Fix build failures on where only gmtime() is available but neither
-     gmtime_r() nor gmtime_s() are present. Fixes #1907.
+   * Fix build failures on platforms where only gmtime() is available but
+     neither gmtime_r() nor gmtime_s() are present. Fixes #1907.
 
 = mbed TLS 2.12.0 branch released 2018-07-25
 

From ca04a01bb8599eeca77d6f426a65aba7e9b8b0a3 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:43:57 +0100
Subject: [PATCH 548/578] Document shorthand gmtime macros

---
 include/mbedtls/threading.h | 11 ++++++++---
 library/platform_util.c     | 13 ++++++++++---
 library/threading.c         | 13 ++++++++++---
 3 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 070715259..e613be9c2 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -100,13 +100,18 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
 #if defined(MBEDTLS_HAVE_TIME_DATE)
-#if !defined(_WIN32) && (defined(__unix__) || \
-    (defined(__APPLE__) && defined(__MACH__)))
+#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \
+    defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
+/*
+ * The preprocessor conditions above are the same as in platform_utils.c and
+ * threading.c. Remember to update the code there when changing the conditions
+ * here
+ */
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
+#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 #endif /* MBEDTLS_THREADING_C */
 
diff --git a/library/platform_util.c b/library/platform_util.c
index e440e5a55..2dd530d1d 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -75,13 +75,20 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
 #include <time.h>
-#if !defined(_WIN32) && (defined(__unix__) || \
-    (defined(__APPLE__) && defined(__MACH__)))
+#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \
+    defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS
+/*
+ * This is a convenience shorthand macro to avoid checking the long
+ * preprocessor conditions above. Ideally, we could expose this macro in
+ * platform_utils.h and simply use it in platform_utils.c, threading.c and
+ * threading.h. However, this macro is not part of the Mbed TLS public API, so
+ * we keep it private by only definining it in this file
+ */
 #define PLATFORM_UTIL_USE_GMTIME
 #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
+#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
 
 struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
                                     struct tm *tm_buf )
diff --git a/library/threading.c b/library/threading.c
index c22a1dadc..f7bca0fec 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -35,13 +35,20 @@
 
 #include "mbedtls/threading.h"
 
-#if !defined(_WIN32) && (defined(__unix__) || \
-    (defined(__APPLE__) && defined(__MACH__)))
+#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \
+    defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
+/*
+ * This is a convenience shorthand macro to avoid checking the long
+ * preprocessor conditions above. Ideally, we could expose this macro in
+ * platform_utils.h and simply use it in platform_utils.c, threading.c and
+ * threading.h. However, this macro is not part of the Mbed TLS public API, so
+ * we keep it private by only definining it in this file
+ */
 #define THREADING_USE_GMTIME
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && (__unix__ || (__APPLE__ && __MACH__)) */
+#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
 static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )

From 193fe893a696b624ce2348b608e458adb14c87af Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:47:33 +0100
Subject: [PATCH 549/578] Add missing _POSIX_C_SOURCE define in threading.h

---
 include/mbedtls/threading.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index e613be9c2..71538c07a 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -24,6 +24,12 @@
 #ifndef MBEDTLS_THREADING_H
 #define MBEDTLS_THREADING_H
 
+/*
+ * Ensure gmtime_r is available even with -std=c99; must be included before
+ * config.h, which pulls in glibc's features.h. Harmless on other platforms.
+ */
+#define _POSIX_C_SOURCE 200112L
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else

From 3c9733a0a3a18b1381dfeaa7e6bc07457672f9cc Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:52:07 +0100
Subject: [PATCH 550/578] Fix typo in comment for gmtime macro defines

---
 library/platform_util.c | 2 +-
 library/threading.c     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/platform_util.c b/library/platform_util.c
index 2dd530d1d..89f132ae9 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -84,7 +84,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
  * preprocessor conditions above. Ideally, we could expose this macro in
  * platform_utils.h and simply use it in platform_utils.c, threading.c and
  * threading.h. However, this macro is not part of the Mbed TLS public API, so
- * we keep it private by only definining it in this file
+ * we keep it private by only defining it in this file
  */
 #define PLATFORM_UTIL_USE_GMTIME
 #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */
diff --git a/library/threading.c b/library/threading.c
index f7bca0fec..0496b976a 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -44,7 +44,7 @@
  * preprocessor conditions above. Ideally, we could expose this macro in
  * platform_utils.h and simply use it in platform_utils.c, threading.c and
  * threading.h. However, this macro is not part of the Mbed TLS public API, so
- * we keep it private by only definining it in this file
+ * we keep it private by only defining it in this file
  */
 #define THREADING_USE_GMTIME
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */

From c29c34c1b4bc4f3036cf45a4fda3a044fd9e4efa Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:54:40 +0100
Subject: [PATCH 551/578] Improve wording of gmtime feature in ChangeLog

---
 ChangeLog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dce8f5ff8..093a42bc1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,8 +7,8 @@ API Changes
      whose implementation should behave as a thread safe version of gmtime().
      This allows users to configure such an implementation at compile time when
      the target system cannot be deduced automatically. At this stage Mbed TLS
-     is only able to configure implementations for Windows and POSIX C
-     libraries.
+     is only able to automtically select implementations for Windows and POSIX
+     C libraries.
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if

From e58088edb9c9bbea6c70ed40c88205c4de4a6774 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 11:55:49 +0100
Subject: [PATCH 552/578] Clarify docs for MBEDTLS_HAVE_TIME_DATE

---
 include/mbedtls/config.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index ba7e5d3c0..f4c8ecff9 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -137,8 +137,8 @@
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
  *
- * System has time.h, time(), an implementation for mbedtls_platform_gmtime(),
- * and the clock is correct.
+ * System has time.h, time(), an implementation for mbedtls_platform_gmtime()
+ * (see below), and the clock is correct.
  * The time needs to be correct (not necesarily very accurate, but at least
  * the date should be correct). This is used to verify the validity period of
  * X.509 certificates.

From 433f911e59162c6356955ff1e8ef8d28ab2a5ea1 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 12:01:57 +0100
Subject: [PATCH 553/578] Check for IAR in gmtime macros

---
 include/mbedtls/threading.h | 8 +++++---
 library/platform_util.c     | 8 +++++---
 library/threading.c         | 8 +++++---
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 71538c07a..dc724eee2 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -106,8 +106,9 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
 #if defined(MBEDTLS_HAVE_TIME_DATE)
-#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \
-    defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)))
+#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \
+    defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
+    defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
 /*
@@ -117,7 +118,8 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
  */
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
+#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ ||
+        * (__APPLE__ && __MACH__)) */
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 #endif /* MBEDTLS_THREADING_C */
 
diff --git a/library/platform_util.c b/library/platform_util.c
index 89f132ae9..9bcf15e6a 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -75,8 +75,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
 #include <time.h>
-#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \
-    defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)))
+#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \
+    defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
+    defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS
 /*
@@ -88,7 +89,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
  */
 #define PLATFORM_UTIL_USE_GMTIME
 #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
+#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ ||
+        * (__APPLE__ && __MACH__)) */
 
 struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
                                     struct tm *tm_buf )
diff --git a/library/threading.c b/library/threading.c
index 0496b976a..7231f2f9b 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -35,8 +35,9 @@
 
 #include "mbedtls/threading.h"
 
-#if !defined(_WIN32) && (defined(unix) || defined(__unix) || \
-    defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)))
+#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \
+    defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
+    defined(__MACH__)))
 #include <unistd.h>
 #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
 /*
@@ -48,7 +49,8 @@
  */
 #define THREADING_USE_GMTIME
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__)) */
+#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ ||
+        * (__APPLE__ && __MACH__)) */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
 static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )

From 45e30201a4c2c31bbc92d556817cdf4b092a4619 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 12:05:59 +0100
Subject: [PATCH 554/578] Document that IAR gmtime_s() is auto selected

---
 ChangeLog                | 4 ++--
 include/mbedtls/config.h | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 093a42bc1..1ba5f0e00 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,8 +7,8 @@ API Changes
      whose implementation should behave as a thread safe version of gmtime().
      This allows users to configure such an implementation at compile time when
      the target system cannot be deduced automatically. At this stage Mbed TLS
-     is only able to automtically select implementations for Windows and POSIX
-     C libraries.
+     is only able to automatically select implementations for Windows, POSIX
+     C libraries and IAR.
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index f4c8ecff9..cbf8f58aa 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -149,9 +149,9 @@
  * when called behaves similarly to the gmtime() function from the C standard,
  * but is thread safe. Mbed TLS will try to identify the underlying platform
  * and configure an appropriate underlying implementation (e.g. gmtime_r() for
- * POSIX and gmtime_s() for Windows). If this is not possible, then gmtime()
- * will be used. Refer to the documentation for mbedtls_platform_gmtime() for
- * more information.
+ * POSIX and gmtime_s() for Windows and IAR). If this is not possible, then
+ * gmtime() will be used. Refer to the documentation for
+ * mbedtls_platform_gmtime() for more information.
  *
  * \note It is possible to configure an implementation for
  * mbedtls_platform_gmtime() at compile-time by using the macro

From 94b540ac63c0c8d9d87edff9772dc7754bd4d220 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Wed, 5 Sep 2018 12:27:32 +0100
Subject: [PATCH 555/578] Avoid redefining _POSIX_C_SOURCE

---
 include/mbedtls/threading.h | 2 ++
 library/platform_util.c     | 2 ++
 library/threading.c         | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index dc724eee2..1b13deb3e 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -28,7 +28,9 @@
  * Ensure gmtime_r is available even with -std=c99; must be included before
  * config.h, which pulls in glibc's features.h. Harmless on other platforms.
  */
+#if !defined(_POSIX_C_SOURCE)
 #define _POSIX_C_SOURCE 200112L
+#endif
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
diff --git a/library/platform_util.c b/library/platform_util.c
index 9bcf15e6a..6a5feb321 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -24,7 +24,9 @@
  * Ensure gmtime_r is available even with -std=c99; must be included before
  * config.h, which pulls in glibc's features.h. Harmless on other platforms.
  */
+#if !defined(_POSIX_C_SOURCE)
 #define _POSIX_C_SOURCE 200112L
+#endif
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
diff --git a/library/threading.c b/library/threading.c
index 7231f2f9b..c1834bace 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -23,7 +23,9 @@
  * Ensure gmtime_r is available even with -std=c99; must be included before
  * config.h, which pulls in glibc's features.h. Harmless on other platforms.
  */
+#if !defined(_POSIX_C_SOURCE)
 #define _POSIX_C_SOURCE 200112L
+#endif
 
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"

From cfeb70c6b98d489dd3a7de5b1523abe44ccd5793 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 13:50:22 +0100
Subject: [PATCH 556/578] gmtime: Remove special treatment for IAR

Previous commits attempted to use `gmtime_s()` for IAR systems; however,
this attempt depends on the use of C11 extensions which lead to incompatibility
with other pieces of the library, such as the use of `memset()` which is
being deprecated in favor of `memset_s()` in C11.
---
 ChangeLog                   | 4 ++--
 include/mbedtls/threading.h | 4 ++--
 library/platform_util.c     | 6 ++----
 library/threading.c         | 4 ++--
 4 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1ba5f0e00..0a60f70fe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,8 +7,8 @@ API Changes
      whose implementation should behave as a thread safe version of gmtime().
      This allows users to configure such an implementation at compile time when
      the target system cannot be deduced automatically. At this stage Mbed TLS
-     is only able to automatically select implementations for Windows, POSIX
-     C libraries and IAR.
+     is only able to automatically select implementations for Windows and POSIX
+     C libraries.
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 1b13deb3e..a65eefa92 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -108,7 +108,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
 #if defined(MBEDTLS_HAVE_TIME_DATE)
-#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \
+#if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
@@ -120,7 +120,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
  */
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ ||
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 #endif /* MBEDTLS_THREADING_C */
diff --git a/library/platform_util.c b/library/platform_util.c
index 6a5feb321..c248cf529 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -77,7 +77,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
 #include <time.h>
-#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \
+#if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
@@ -91,7 +91,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
  */
 #define PLATFORM_UTIL_USE_GMTIME
 #endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ ||
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 
 struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
@@ -99,8 +99,6 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
 {
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
     return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
-#elif defined(__IAR_SYSTEMS_ICC__)
-    return( gmtime_s( tt, tm_buf ) );
 #elif !defined(PLATFORM_UTIL_USE_GMTIME)
     return( gmtime_r( tt, tm_buf ) );
 #else
diff --git a/library/threading.c b/library/threading.c
index c1834bace..9d5c4f104 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -37,7 +37,7 @@
 
 #include "mbedtls/threading.h"
 
-#if !defined(_WIN32) && !defined(__IAR_SYSTEMS_ICC__) && (defined(unix) || \
+#if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
@@ -51,7 +51,7 @@
  */
 #define THREADING_USE_GMTIME
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
-#endif /* !_WIN32 && !__IAR_SYSTEMS_ICC__ && (unix || __unix || __unix__ ||
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)

From 272675f4c665a0aa401b0ede5945424f83b64949 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 14:03:02 +0100
Subject: [PATCH 557/578] Correct documentation of mbedtls_platform_gmtime()

---
 include/mbedtls/platform_util.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 5f26fb82c..befd3344c 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -87,9 +87,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
  *              unconditionally use the alternative implementation for
  *              mbedtls_platform_gmtime() supplied by the user at compile time
  *
- * \param tt    Pointer to an object containing time (in seconds) since the
- *              Epoc to be converted
- * \param tm    Pointer to an object where the results will be stored
+ * \param tt     Pointer to an object containing time (in seconds) since the
+ *               Epoc to be converted
+ * \param tm_buf Pointer to an object where the results will be stored
  *
  * \return      Pointer to an object of type struct tm on success, otherwise
  *              NULL

From 5f95c798a321ca7cb8a754100bdae9ccd397685c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 14:36:36 +0100
Subject: [PATCH 558/578] Remove another mentioning of IAR from config.h

---
 include/mbedtls/config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index cbf8f58aa..226190de0 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -149,7 +149,7 @@
  * when called behaves similarly to the gmtime() function from the C standard,
  * but is thread safe. Mbed TLS will try to identify the underlying platform
  * and configure an appropriate underlying implementation (e.g. gmtime_r() for
- * POSIX and gmtime_s() for Windows and IAR). If this is not possible, then
+ * POSIX and gmtime_s() for Windows). If this is not possible, then
  * gmtime() will be used. Refer to the documentation for
  * mbedtls_platform_gmtime() for more information.
  *

From be2e4bddd5ed6df04f4dc50e76daaf362f27553d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 14:44:31 +0100
Subject: [PATCH 559/578] Guard decl and use of gmtime mutex by HAVE_TIME_DATE
 and !GMTIME_ALT

---
 include/mbedtls/threading.h | 4 ++--
 library/threading.c         | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index a65eefa92..9235a1e98 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -107,7 +107,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 #if defined(MBEDTLS_FS_IO)
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
-#if defined(MBEDTLS_HAVE_TIME_DATE)
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
@@ -122,7 +122,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
-#endif /* MBEDTLS_HAVE_TIME_DATE */
+#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */
 #endif /* MBEDTLS_THREADING_C */
 
 #ifdef __cplusplus
diff --git a/library/threading.c b/library/threading.c
index 9d5c4f104..1885efdfc 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -37,6 +37,7 @@
 
 #include "mbedtls/threading.h"
 
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
@@ -53,6 +54,7 @@
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
+#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
 static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )

From 6a739789f39da43f06f3681c9ef51aa86365fdc1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 15:06:19 +0100
Subject: [PATCH 560/578] Rename mbedtls_platform_gmtime() to
 mbedtls_platform_gmtime_r()

For consistency, also rename MBEDTLS_PLATFORM_GMTIME_ALT to
MBEDTLS_PLATFORM_GMTIME_R_ALT.
---
 include/mbedtls/config.h        | 22 ++++++++++-----------
 include/mbedtls/platform_util.h | 34 ++++++++++++++++-----------------
 include/mbedtls/threading.h     |  4 ++--
 library/platform_util.c         |  8 ++++----
 library/threading.c             |  4 ++--
 library/x509.c                  |  2 +-
 6 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 226190de0..0d5d9d017 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -137,7 +137,7 @@
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
  *
- * System has time.h, time(), an implementation for mbedtls_platform_gmtime()
+ * System has time.h, time(), an implementation for mbedtls_platform_gmtime_r()
  * (see below), and the clock is correct.
  * The time needs to be correct (not necesarily very accurate, but at least
  * the date should be correct). This is used to verify the validity period of
@@ -145,17 +145,17 @@
  *
  * Comment if your system does not have a correct clock.
  *
- * \note mbedtls_platform_gmtime() is an abstraction in platform_util.h that
+ * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
  * when called behaves similarly to the gmtime() function from the C standard,
  * but is thread safe. Mbed TLS will try to identify the underlying platform
  * and configure an appropriate underlying implementation (e.g. gmtime_r() for
  * POSIX and gmtime_s() for Windows). If this is not possible, then
  * gmtime() will be used. Refer to the documentation for
- * mbedtls_platform_gmtime() for more information.
+ * mbedtls_platform_gmtime_r() for more information.
  *
  * \note It is possible to configure an implementation for
- * mbedtls_platform_gmtime() at compile-time by using the macro
- * MBEDTLS_PLATFORM_GMTIME_ALT.
+ * mbedtls_platform_gmtime_r() at compile-time by using the macro
+ * MBEDTLS_PLATFORM_GMTIME_R_ALT.
  */
 #define MBEDTLS_HAVE_TIME_DATE
 
@@ -3098,22 +3098,22 @@
 
 /**
  * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime(). This replaces the default implementation in
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
  * platform_util.c.
  *
  * gmtime() is not a thread safe function as defined in the C standard. The
  * library will try to use safer implementations of this function, such as
  * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime() will default to
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
  * using the standard gmtime(). In this case, calls from the library to
  * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
  * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the
  * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_time() supplied
- * at compile time.
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
  */
-//#define MBEDTLS_PLATFORM_GMTIME_ALT
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
 
 /* \} name SECTION: Customisation configuration options */
 
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index befd3344c..ca42adf6e 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -68,24 +68,24 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
 /**
- * \brief       Thread safe implementation of gmtime()
+ * \brief      Thread safe implementation of gmtime()
  *
- *              The function is an abstraction that when called behaves similar
- *              to the gmtime() function from the C standard, but is thread
- *              safe.
+ *             The function is an abstraction that when called behaves similar
+ *             to the gmtime() function from the C standard, but is thread
+ *             safe.
  *
- *              Mbed TLS will try to identify the underlying platform and
- *              configure an appropriate underlying implementation (e.g.
- *              gmtime_r() for POSIX and gmtime_s() for Windows). If this is
- *              not possible, then gmtime() will be used. In this case, calls
- *              from the library to gmtime() will be guarded by the mutex
- *              mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
- *              enabled. It is recommended that calls from outside the library
- *              are also guarded by this mutex.
+ *             Mbed TLS will try to identify the underlying platform and
+ *             configure an appropriate underlying implementation (e.g.
+ *             gmtime_r() for POSIX and gmtime_s() for Windows). If this is
+ *             not possible, then gmtime() will be used. In this case, calls
+ *             from the library to gmtime() will be guarded by the mutex
+ *             mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
+ *             enabled. It is recommended that calls from outside the library
+ *             are also guarded by this mutex.
  *
- *              If MBEDTLS_PLATFORM_GMTIME_ALT is defined, then Mbed TLS will
- *              unconditionally use the alternative implementation for
- *              mbedtls_platform_gmtime() supplied by the user at compile time
+ *             If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
+ *             unconditionally use the alternative implementation for
+ *             mbedtls_platform_gmtime_r() supplied by the user at compile time.
  *
  * \param tt     Pointer to an object containing time (in seconds) since the
  *               Epoc to be converted
@@ -94,8 +94,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
  * \return      Pointer to an object of type struct tm on success, otherwise
  *              NULL
  */
-struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
-                                    struct tm *tm_buf );
+struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
+                                      struct tm *tm_buf );
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 9235a1e98..66f78f5b5 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -107,7 +107,7 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 #if defined(MBEDTLS_FS_IO)
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
@@ -122,7 +122,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */
+#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
 #endif /* MBEDTLS_THREADING_C */
 
 #ifdef __cplusplus
diff --git a/library/platform_util.c b/library/platform_util.c
index c248cf529..8bd53c666 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -75,7 +75,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 }
 #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
 
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
 #include <time.h>
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
@@ -94,8 +94,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 
-struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
-                                    struct tm *tm_buf )
+struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
+                                      struct tm *tm_buf )
 {
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
     return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
@@ -124,4 +124,4 @@ struct tm *mbedtls_platform_gmtime( const mbedtls_time_t *tt,
     return( ( lt == NULL ) ? NULL : tm_buf );
 #endif /* _WIN32 && !EFIX64 && !EFI32 */
 }
-#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_ALT */
+#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
diff --git a/library/threading.c b/library/threading.c
index 1885efdfc..3abb17c0b 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -37,7 +37,7 @@
 
 #include "mbedtls/threading.h"
 
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_ALT)
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
@@ -54,7 +54,7 @@
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_ALT */
+#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
 static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
diff --git a/library/x509.c b/library/x509.c
index c17697b22..52b5b649f 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -898,7 +898,7 @@ static int x509_get_current_time( mbedtls_x509_time *now )
     int ret = 0;
 
     tt = mbedtls_time( NULL );
-    lt = mbedtls_platform_gmtime( &tt, &tm_buf );
+    lt = mbedtls_platform_gmtime_r( &tt, &tm_buf );
 
     if( lt == NULL )
         ret = -1;

From 651d586ccf3ca396828bb7961307e2c820c62a44 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 15:17:43 +0100
Subject: [PATCH 561/578] Style: Add missing period in documentation in
 threading.h

---
 include/mbedtls/threading.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 66f78f5b5..2ec41a4f9 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -116,7 +116,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 /*
  * The preprocessor conditions above are the same as in platform_utils.c and
  * threading.c. Remember to update the code there when changing the conditions
- * here
+ * here.
  */
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */

From 48a816ff26e03cc0fa1685fb0ce262a82c7890e2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 15:22:22 +0100
Subject: [PATCH 562/578] Minor documentation improvements

---
 include/mbedtls/platform_util.h | 2 +-
 include/mbedtls/threading.h     | 2 +-
 library/platform_util.c         | 2 +-
 library/threading.c             | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index ca42adf6e..82b1fd05f 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -88,7 +88,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
  *             mbedtls_platform_gmtime_r() supplied by the user at compile time.
  *
  * \param tt     Pointer to an object containing time (in seconds) since the
- *               Epoc to be converted
+ *               epoch to be converted
  * \param tm_buf Pointer to an object where the results will be stored
  *
  * \return      Pointer to an object of type struct tm on success, otherwise
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 2ec41a4f9..6830bb42a 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -25,7 +25,7 @@
 #define MBEDTLS_THREADING_H
 
 /*
- * Ensure gmtime_r is available even with -std=c99; must be included before
+ * Ensure gmtime_r is available even with -std=c99; must be defined before
  * config.h, which pulls in glibc's features.h. Harmless on other platforms.
  */
 #if !defined(_POSIX_C_SOURCE)
diff --git a/library/platform_util.c b/library/platform_util.c
index 8bd53c666..f2f83e66b 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -21,7 +21,7 @@
  */
 
 /*
- * Ensure gmtime_r is available even with -std=c99; must be included before
+ * Ensure gmtime_r is available even with -std=c99; must be defined before
  * config.h, which pulls in glibc's features.h. Harmless on other platforms.
  */
 #if !defined(_POSIX_C_SOURCE)
diff --git a/library/threading.c b/library/threading.c
index 3abb17c0b..e7c8d9824 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * Ensure gmtime_r is available even with -std=c99; must be included before
+ * Ensure gmtime_r is available even with -std=c99; must be defined before
  * config.h, which pulls in glibc's features.h. Harmless on other platforms.
  */
 #if !defined(_POSIX_C_SOURCE)

From 4e67cca1d9285d099f12c8489bfddc85a717ea27 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:18:38 +0100
Subject: [PATCH 563/578] Improve documentation of MBEDTLS_HAVE_TIME_DATE

---
 include/mbedtls/config.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0d5d9d017..da8e7e4ae 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -137,8 +137,8 @@
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
  *
- * System has time.h, time(), an implementation for mbedtls_platform_gmtime_r()
- * (see below), and the clock is correct.
+ * System has time.h, time(), and an implementation for
+ * mbedtls_platform_gmtime_r() (see below).
  * The time needs to be correct (not necesarily very accurate, but at least
  * the date should be correct). This is used to verify the validity period of
  * X.509 certificates.

From acef292eac0fd03fe1b3fa5a2f10e4c843634c7f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:19:07 +0100
Subject: [PATCH 564/578] ChangeLog: Add missing renamings gmtime -> gmtime_r

---
 ChangeLog | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0a60f70fe..d0bd37736 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,12 +3,12 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
 API Changes
-   * Extend the platform module with an abstraction mbedtls_platform_gmtime()
+   * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
      whose implementation should behave as a thread safe version of gmtime().
      This allows users to configure such an implementation at compile time when
-     the target system cannot be deduced automatically. At this stage Mbed TLS
-     is only able to automatically select implementations for Windows and POSIX
-     C libraries.
+     the target system cannot be deduced automatically, by setting the option
+     MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to
+     automatically select implementations for Windows and POSIX C libraries.
 
 Bugfix
    * Fixes an issue with MBEDTLS_CHACHAPOLY_C which would not compile if

From 9a51d019846b2c0389be708f3620f791fe996c1b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:20:09 +0100
Subject: [PATCH 565/578] Improve documentation of MBEDTLS_HAVE_TIME_DATE

---
 include/mbedtls/config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index da8e7e4ae..439a1cd6a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -146,7 +146,7 @@
  * Comment if your system does not have a correct clock.
  *
  * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * when called behaves similarly to the gmtime() function from the C standard,
+ * behaves similarly to the gmtime() function from the C standard,
  * but is thread safe. Mbed TLS will try to identify the underlying platform
  * and configure an appropriate underlying implementation (e.g. gmtime_r() for
  * POSIX and gmtime_s() for Windows). If this is not possible, then

From 921b76d056c2520c50d674646c9bffa99a560559 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:21:36 +0100
Subject: [PATCH 566/578] Replace 'thread safe' by 'thread-safe' in the
 documentation

---
 ChangeLog                       | 2 +-
 include/mbedtls/config.h        | 4 ++--
 include/mbedtls/platform_util.h | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d0bd37736..d1e256e7f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,7 +4,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 API Changes
    * Extend the platform module with an abstraction mbedtls_platform_gmtime_r()
-     whose implementation should behave as a thread safe version of gmtime().
+     whose implementation should behave as a thread-safe version of gmtime().
      This allows users to configure such an implementation at compile time when
      the target system cannot be deduced automatically, by setting the option
      MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 439a1cd6a..17d08b2fe 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -147,7 +147,7 @@
  *
  * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
  * behaves similarly to the gmtime() function from the C standard,
- * but is thread safe. Mbed TLS will try to identify the underlying platform
+ * but is thread-safe. Mbed TLS will try to identify the underlying platform
  * and configure an appropriate underlying implementation (e.g. gmtime_r() for
  * POSIX and gmtime_s() for Windows). If this is not possible, then
  * gmtime() will be used. Refer to the documentation for
@@ -3101,7 +3101,7 @@
  * mbedtls_platform_gmtime_r(). This replaces the default implementation in
  * platform_util.c.
  *
- * gmtime() is not a thread safe function as defined in the C standard. The
+ * gmtime() is not a thread-safe function as defined in the C standard. The
  * library will try to use safer implementations of this function, such as
  * gmtime_r() when available. However, if Mbed TLS cannot identify the target
  * system, the implementation of mbedtls_platform_gmtime_r() will default to
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 82b1fd05f..66a822131 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -68,7 +68,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
 /**
- * \brief      Thread safe implementation of gmtime()
+ * \brief      Thread-safe implementation of gmtime()
  *
  *             The function is an abstraction that when called behaves similar
  *             to the gmtime() function from the C standard, but is thread

From c9468885a8086bb4525d31e4ccdb8e02ff51c29a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:22:10 +0100
Subject: [PATCH 567/578] Fix typo in documentation of
 MBEDTLS_PLATFORM_GMTIME_R_ALT

---
 include/mbedtls/config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 17d08b2fe..4f9f9a7aa 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3107,7 +3107,7 @@
  * system, the implementation of mbedtls_platform_gmtime_r() will default to
  * using the standard gmtime(). In this case, calls from the library to
  * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enable. It is advised that calls from outside the
+ * if MBEDTLS_THREADING_C is enabled. It is advised that calls from outside the
  * library are also guarded with this mutex to avoid race conditions. However,
  * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
  * unconditionally use the implementation for mbedtls_platform_gmtime_r()

From 9fbbf1c1f03e74deb7550b0ca235097587b12981 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:23:02 +0100
Subject: [PATCH 568/578] Improve wording of documentation of
 MBEDTLS_PLATFORM_GMTIME_R_ALT

---
 include/mbedtls/config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 4f9f9a7aa..214ea9403 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -3107,7 +3107,7 @@
  * system, the implementation of mbedtls_platform_gmtime_r() will default to
  * using the standard gmtime(). In this case, calls from the library to
  * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. It is advised that calls from outside the
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
  * library are also guarded with this mutex to avoid race conditions. However,
  * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
  * unconditionally use the implementation for mbedtls_platform_gmtime_r()

From 5a7fe145906a165e4755efb51f7d75e4614b0667 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:24:34 +0100
Subject: [PATCH 569/578] Don't include platform_time.h if !MBEDTLS_HAVE_TIME

platform_time.h includes time.h, which is not assumed to be present
on a system where MBEDTLS_HAVE_TIME is not defined.
---
 include/mbedtls/platform_util.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 66a822131..e62a3af4e 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -31,10 +31,9 @@
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-#include "mbedtls/platform_time.h"
-
 #include <stddef.h>
 #if defined(MBEDTLS_HAVE_TIME_DATE)
+#include "mbedtls/platform_time.h"
 #include <time.h>
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 

From 7dd82b4f515083fff9fbb1c360f058fbff0dca71 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:25:50 +0100
Subject: [PATCH 570/578] platform_utils.{c/h} -> platform_util.{c/h}

---
 include/mbedtls/threading.h | 2 +-
 library/platform_util.c     | 2 +-
 library/threading.c         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 6830bb42a..2e61b2e52 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -114,7 +114,7 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #include <unistd.h>
 #if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
 /*
- * The preprocessor conditions above are the same as in platform_utils.c and
+ * The preprocessor conditions above are the same as in platform_util.c and
  * threading.c. Remember to update the code there when changing the conditions
  * here.
  */
diff --git a/library/platform_util.c b/library/platform_util.c
index f2f83e66b..ddb56ed0b 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -85,7 +85,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 /*
  * This is a convenience shorthand macro to avoid checking the long
  * preprocessor conditions above. Ideally, we could expose this macro in
- * platform_utils.h and simply use it in platform_utils.c, threading.c and
+ * platform_util.h and simply use it in platform_util.c, threading.c and
  * threading.h. However, this macro is not part of the Mbed TLS public API, so
  * we keep it private by only defining it in this file
  */
diff --git a/library/threading.c b/library/threading.c
index e7c8d9824..f37049b8d 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -46,7 +46,7 @@
 /*
  * This is a convenience shorthand macro to avoid checking the long
  * preprocessor conditions above. Ideally, we could expose this macro in
- * platform_utils.h and simply use it in platform_utils.c, threading.c and
+ * platform_util.h and simply use it in platform_util.c, threading.c and
  * threading.h. However, this macro is not part of the Mbed TLS public API, so
  * we keep it private by only defining it in this file
  */

From c52ef407bad144109ac52cc25f1519cdd2f39520 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 5 Sep 2018 16:28:59 +0100
Subject: [PATCH 571/578] Improve documentation of mbedtls_platform_gmtime_r()

---
 include/mbedtls/config.h        | 8 ++------
 include/mbedtls/platform_util.h | 9 ++++-----
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 214ea9403..9a7905ae0 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -146,12 +146,8 @@
  * Comment if your system does not have a correct clock.
  *
  * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * behaves similarly to the gmtime() function from the C standard,
- * but is thread-safe. Mbed TLS will try to identify the underlying platform
- * and configure an appropriate underlying implementation (e.g. gmtime_r() for
- * POSIX and gmtime_s() for Windows). If this is not possible, then
- * gmtime() will be used. Refer to the documentation for
- * mbedtls_platform_gmtime_r() for more information.
+ * behaves similarly to the gmtime_r() function from the C standard. Refer to
+ * the documentation for mbedtls_platform_gmtime_r() for more information.
  *
  * \note It is possible to configure an implementation for
  * mbedtls_platform_gmtime_r() at compile-time by using the macro
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index e62a3af4e..9c8a93077 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -67,14 +67,13 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
 /**
- * \brief      Thread-safe implementation of gmtime()
+ * \brief      Platform-specific implementation of gmtime_r()
  *
- *             The function is an abstraction that when called behaves similar
- *             to the gmtime() function from the C standard, but is thread
- *             safe.
+ *             The function is a thread-safe abstraction that behaves
+ *             similar to the gmtime_r() function from the C standard.
  *
  *             Mbed TLS will try to identify the underlying platform and
- *             configure an appropriate underlying implementation (e.g.
+ *             make use of an appropriate underlying implementation (e.g.
  *             gmtime_r() for POSIX and gmtime_s() for Windows). If this is
  *             not possible, then gmtime() will be used. In this case, calls
  *             from the library to gmtime() will be guarded by the mutex

From 6f70581c4aa8753969caa3f79db155c74228bfe5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 6 Sep 2018 09:06:33 +0100
Subject: [PATCH 572/578] Correct POSIX version check to determine presence of
 gmtime_r()

Recent versions of POSIX move gmtime_r to the base.
---
 include/mbedtls/threading.h | 8 ++++++--
 library/platform_util.c     | 9 +++++++--
 library/threading.c         | 8 ++++++--
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 2e61b2e52..11f6341d9 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -112,14 +112,18 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
-#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
+#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
+       ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+         _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
 /*
  * The preprocessor conditions above are the same as in platform_util.c and
  * threading.c. Remember to update the code there when changing the conditions
  * here.
  */
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
+             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+                _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
diff --git a/library/platform_util.c b/library/platform_util.c
index ddb56ed0b..7e82293e1 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -81,7 +81,10 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
-#if !defined(_POSIX_VERSION) || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS
+
+#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
+       ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+         _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
 /*
  * This is a convenience shorthand macro to avoid checking the long
  * preprocessor conditions above. Ideally, we could expose this macro in
@@ -90,7 +93,9 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
  * we keep it private by only defining it in this file
  */
 #define PLATFORM_UTIL_USE_GMTIME
-#endif /* !_POSIX_VERSION || _POSIX_C_SOURCE > _POSIX_THREAD_SAFE_FUNCTIONS */
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
+             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+                _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 
diff --git a/library/threading.c b/library/threading.c
index f37049b8d..60dfd02af 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -42,7 +42,9 @@
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
-#if !defined(_POSIX_VERSION) || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS
+#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
+       ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+         _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
 /*
  * This is a convenience shorthand macro to avoid checking the long
  * preprocessor conditions above. Ideally, we could expose this macro in
@@ -51,7 +53,9 @@
  * we keep it private by only defining it in this file
  */
 #define THREADING_USE_GMTIME
-#endif /* !_POSIX_VERSION || 200112L > _POSIX_THREAD_SAFE_FUNCTIONS */
+#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
+             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
+                _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
         * (__APPLE__ && __MACH__)) */
 #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */

From a50fed99102150cd6e70a2d3c34aad175313959b Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 6 Sep 2018 09:08:39 +0100
Subject: [PATCH 573/578] Correct typo in documentation of
 mbedtls_platform_gmtime_r()

---
 include/mbedtls/platform_util.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 9c8a93077..38b85b82a 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -70,7 +70,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
  * \brief      Platform-specific implementation of gmtime_r()
  *
  *             The function is a thread-safe abstraction that behaves
- *             similar to the gmtime_r() function from the C standard.
+ *             similarly to the gmtime_r() function from the C standard.
  *
  *             Mbed TLS will try to identify the underlying platform and
  *             make use of an appropriate underlying implementation (e.g.

From 03b2bd4a062dc3ba5e14f3a5fee36690fa6624d7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 6 Sep 2018 09:08:55 +0100
Subject: [PATCH 574/578] Correct documentation of mbedtls_platform_gmtime_r()

Previous documentation stated that gmtime_r() was from the standard library,
but it's POSIX.
---
 include/mbedtls/platform_util.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 38b85b82a..164a1a05f 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -70,7 +70,7 @@ void mbedtls_platform_zeroize( void *buf, size_t len );
  * \brief      Platform-specific implementation of gmtime_r()
  *
  *             The function is a thread-safe abstraction that behaves
- *             similarly to the gmtime_r() function from the C standard.
+ *             similarly to the gmtime_r() function from Unix/POSIX.
  *
  *             Mbed TLS will try to identify the underlying platform and
  *             make use of an appropriate underlying implementation (e.g.

From 323d8019bf7e581c2b376b019e7ae59796fcede2 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 6 Sep 2018 11:30:57 +0100
Subject: [PATCH 575/578] Correct preprocessor guards determining use of
 gmtime()

The previous code erroneously used gmtime_r() to implement
mbedtls_platform_gmtime() in case of a non-windows, non-unix system.
---
 include/mbedtls/threading.h | 6 ++++--
 library/platform_util.c     | 4 ++--
 library/threading.c         | 7 +++++--
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 11f6341d9..49ecdc30e 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -108,10 +108,14 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
+        * (__APPLE__ && __MACH__)) */
+
 #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
        ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
          _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
@@ -124,8 +128,6 @@ extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
 #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
              ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
-#endif /* !_WIN32 && (unix || __unix || __unix__ ||
-        * (__APPLE__ && __MACH__)) */
 #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
 #endif /* MBEDTLS_THREADING_C */
 
diff --git a/library/platform_util.c b/library/platform_util.c
index 7e82293e1..ca4d03312 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -81,6 +81,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
+        * (__APPLE__ && __MACH__)) */
 
 #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
        ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
@@ -96,8 +98,6 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
 #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
              ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
-#endif /* !_WIN32 && (unix || __unix || __unix__ ||
-        * (__APPLE__ && __MACH__)) */
 
 struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
                                       struct tm *tm_buf )
diff --git a/library/threading.c b/library/threading.c
index 60dfd02af..8c1e25c17 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -38,10 +38,14 @@
 #include "mbedtls/threading.h"
 
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
     defined(__MACH__)))
 #include <unistd.h>
+#endif /* !_WIN32 && (unix || __unix || __unix__ ||
+        * (__APPLE__ && __MACH__)) */
+
 #if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
        ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
          _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
@@ -56,8 +60,7 @@
 #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
              ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
-#endif /* !_WIN32 && (unix || __unix || __unix__ ||
-        * (__APPLE__ && __MACH__)) */
+
 #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
 
 #if defined(MBEDTLS_THREADING_PTHREAD)

From f5106d54ebadd74fc9e6ba2483858523b99d8d7a Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 6 Sep 2018 12:09:56 +0100
Subject: [PATCH 576/578] Don't declare and define gmtime()-mutex on Windows
 platforms

---
 include/mbedtls/threading.h | 3 +++
 library/platform_util.c     | 3 +++
 library/threading.c         | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 49ecdc30e..8fdb63343 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -124,7 +124,10 @@ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
  * threading.c. Remember to update the code there when changing the conditions
  * here.
  */
+#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
+
 #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
              ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
diff --git a/library/platform_util.c b/library/platform_util.c
index ca4d03312..ca5fe4fb8 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -94,7 +94,10 @@ void mbedtls_platform_zeroize( void *buf, size_t len )
  * threading.h. However, this macro is not part of the Mbed TLS public API, so
  * we keep it private by only defining it in this file
  */
+#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
 #define PLATFORM_UTIL_USE_GMTIME
+#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
+
 #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
              ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
diff --git a/library/threading.c b/library/threading.c
index 8c1e25c17..7c90c7c59 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -56,7 +56,11 @@
  * threading.h. However, this macro is not part of the Mbed TLS public API, so
  * we keep it private by only defining it in this file
  */
+
+#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
 #define THREADING_USE_GMTIME
+#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
+
 #endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
              ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
                 _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */

From d2ef25478e0e20834edb712bd84cf2df8ba4949f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 6 Sep 2018 14:53:25 +0100
Subject: [PATCH 577/578] Don't define _POSIX_C_SOURCE in header file

---
 include/mbedtls/threading.h | 38 ++++++++-----------------------------
 1 file changed, 8 insertions(+), 30 deletions(-)

diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 8fdb63343..3ca3cd3a1 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -24,14 +24,6 @@
 #ifndef MBEDTLS_THREADING_H
 #define MBEDTLS_THREADING_H
 
-/*
- * Ensure gmtime_r is available even with -std=c99; must be defined before
- * config.h, which pulls in glibc's features.h. Harmless on other platforms.
- */
-#if !defined(_POSIX_C_SOURCE)
-#define _POSIX_C_SOURCE 200112L
-#endif
-
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
@@ -107,31 +99,17 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
 #if defined(MBEDTLS_FS_IO)
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
 #endif
+
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
-
-#if !defined(_WIN32) && (defined(unix) || \
-    defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
-    defined(__MACH__)))
-#include <unistd.h>
-#endif /* !_WIN32 && (unix || __unix || __unix__ ||
-        * (__APPLE__ && __MACH__)) */
-
-#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-       ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
-         _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) )
-/*
- * The preprocessor conditions above are the same as in platform_util.c and
- * threading.c. Remember to update the code there when changing the conditions
- * here.
- */
-#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
+/* This mutex may or may not be used in the default definition of
+ * mbedtls_platform_gmtime_r(), but in order to determine that,
+ * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
+ * With the current approach, this declaration is orphaned, lacking
+ * an accompanying definition, in case mbedtls_platform_gmtime_r()
+ * doesn't need it, but that's not a problem. */
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
-
-#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
-                _POSIX_THREAD_SAFE_FUNCTIONS >= 20112L ) ) */
 #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
 #endif /* MBEDTLS_THREADING_C */
 
 #ifdef __cplusplus

From 53546ea099f6f53d0be653a64accd250e170337f Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Thu, 6 Sep 2018 19:10:26 +0100
Subject: [PATCH 578/578] Update library version number to 2.13.1

---
 doxygen/input/doc_mainpage.h         | 2 +-
 doxygen/mbedtls.doxyfile             | 2 +-
 include/mbedtls/version.h            | 8 ++++----
 library/CMakeLists.txt               | 6 +++---
 tests/suites/test_suite_version.data | 4 ++--
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 72abd2709..b9f9ec1c4 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.13.0 source code documentation
+ * @mainpage mbed TLS v2.13.1 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 43d6e6e72..2a87ada6a 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.13.0"
+PROJECT_NAME           = "mbed TLS v2.13.1"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 17b8ba450..326b8bd45 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -40,16 +40,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  13
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_PATCH  1
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x020D0000
-#define MBEDTLS_VERSION_STRING         "2.13.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.13.0"
+#define MBEDTLS_VERSION_NUMBER         0x020D0100
+#define MBEDTLS_VERSION_STRING         "2.13.1"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.13.1"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 6a280fe70..275eda3bb 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -159,15 +159,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
     add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.0 SOVERSION 3)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.13.1 SOVERSION 3)
     target_link_libraries(mbedcrypto ${libs})
 
     add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.13.0 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.13.1 SOVERSION 0)
     target_link_libraries(mbedx509 ${libs} mbedcrypto)
 
     add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.13.0 SOVERSION 12)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.13.1 SOVERSION 12)
     target_link_libraries(mbedtls ${libs} mbedx509)
 
     install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 49a614e9d..c3542e559 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.13.0"
+check_compiletime_version:"2.13.1"
 
 Check runtime library version
-check_runtime_version:"2.13.0"
+check_runtime_version:"2.13.1"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0