From f096eeac4a21572fce5e9850958680498e006288 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 26 May 2017 11:59:29 +0200
Subject: [PATCH 01/71] Clarified documentation of mbedtls_ssl_setup

Note that the configuration structure must remain accessible. The
previous wording could have been taken as implying that it's ok to
change the structure but changes wouldn't be taken into account.

Also note that calling this function twice is not supported (it would
at least be a memory leak).
---
 include/mbedtls/ssl.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 1f885ee14..f2626c240 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -836,8 +836,13 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
  * \note           No copy of the configuration context is made, it can be
  *                 shared by many mbedtls_ssl_context structures.
  *
- * \warning        Modifying the conf structure after is has been used in this
- *                 function is unsupported!
+ * \warning        The conf structure will be accessed during the session.
+ *                 It must not be modified or freed as long as the session
+ *                 is active.
+ *
+ * \warning        This function must be called exactly once per context.
+ *                 Calling mbedtls_ssl_setup again is not supported, even
+ *                 if no session is active.
  *
  * \param ssl      SSL context
  * \param conf     SSL configuration to use

From 01dcea7f167c9e93fa8f27ad01d8c6fa108557cf Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 29 May 2017 14:49:36 +0200
Subject: [PATCH 02/71] Added changelog entry

---
 ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index fe5ce6535..383832cab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.1.x branch released 2017-xx-xx
+
+Changes
+   * Clarified the documentation of mbedtls_ssl_setup.
+
 = mbed TLS 2.1.7 branch released 2017-03-08
 
 Security

From 073a070590104cc7148d03b4d1969632f57cc5f9 Mon Sep 17 00:00:00 2001
From: Sanne Wouda <sanne.wouda@arm.com>
Date: Mon, 21 Aug 2017 15:58:12 +0100
Subject: [PATCH 03/71] Add end-of-buffer check to prevent heap-buffer-overflow

Dereference of *p should not happen when it points past the end of the
buffer.

Internal reference: IOTSSL-1663
---
 library/pkparse.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/pkparse.c b/library/pkparse.c
index f0a12f983..e21470b27 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -175,6 +175,10 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
 {
     int ret;
 
+    if ( end - *p < 1 )
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+
     /* Tag may be either OID or SEQUENCE */
     params->tag = **p;
     if( params->tag != MBEDTLS_ASN1_OID

From 19816762d271dd11d3c7104db1cec1c73c6f6831 Mon Sep 17 00:00:00 2001
From: Sanne Wouda <sanne.wouda@arm.com>
Date: Thu, 31 Aug 2017 12:57:35 +0100
Subject: [PATCH 04/71] Add test case found through fuzzing to pkparse test
 suite

---
 tests/suites/test_suite_pkparse.data | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 8c27708f0..c236c8882 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -226,3 +226,6 @@ pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":
 
 Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
 pk_parse_key_rsa:"301b020100020101020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (heap-buffer-overflow, unchecked access of tag)
+pk_parse_key_rsa:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

From bfdcfba05f2306bd2a26449ca9420643bb1f4170 Mon Sep 17 00:00:00 2001
From: Sanne Wouda <sanne.wouda@arm.com>
Date: Tue, 5 Sep 2017 17:00:54 +0100
Subject: [PATCH 05/71] Add Changelog entry

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 1d06476d7..be4a6bfaf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix a 1-byte heap buffer overflow (read-only) during private key parsing.
+     Found through fuzz testing.
+
 = mbed TLS 2.1.9 branch released 2017-08-10
 
 Security

From bd58a14ed939bd4492b12af22b5a518acf6a110d Mon Sep 17 00:00:00 2001
From: Sanne Wouda <sanne.wouda@arm.com>
Date: Thu, 7 Sep 2017 16:44:06 +0100
Subject: [PATCH 06/71] Rename test and update dependencies

---
 tests/suites/test_suite_pkparse.data     | 25 +++++++++++++++---------
 tests/suites/test_suite_pkparse.function |  4 ++--
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index c236c8882..7a060175e 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -207,25 +207,32 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MB
 pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
 
 Key ASN1 (Incorrect first tag)
-pk_parse_key_rsa:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+pk_parse_key:"":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, incorrect version tag)
-pk_parse_key_rsa:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, version tag missing)
-pk_parse_key_rsa:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"3000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, invalid version)
-pk_parse_key_rsa:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"3003020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
-pk_parse_key_rsa:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"300402010000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, values present, length mismatch)
-pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
 Key ASN1 (RSAPrivateKey, values present, check_privkey fails)
-pk_parse_key_rsa:"301b020100020101020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+depends_on:MBEDTLS_RSA_C
+pk_parse_key:"301b020100020101020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
-Key ASN1 (heap-buffer-overflow, unchecked access of tag)
-pk_parse_key_rsa:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+Key ASN1 (ECPrivateKey, empty parameters)
+depends_on:MBEDTLS_ECP_C
+pk_parse_key:"30070201010400a000":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 4f1a61606..59f7877fc 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -113,8 +113,8 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
-void pk_parse_key_rsa( char *key_data, char *result_str, int result )
+/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */
+void pk_parse_key( char *key_data, char *result_str, int result )
 {
     mbedtls_pk_context pk;
     unsigned char buf[2000];

From 996720d14213162d82cf9186d9f66b0ecf47660d Mon Sep 17 00:00:00 2001
From: Sanne Wouda <sanne.wouda@arm.com>
Date: Fri, 8 Sep 2017 10:58:37 +0100
Subject: [PATCH 07/71] Remove redundant dependency

---
 tests/suites/test_suite_pkparse.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 59f7877fc..94d25e7eb 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -113,7 +113,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */
+/* BEGIN_CASE */
 void pk_parse_key( char *key_data, char *result_str, int result )
 {
     mbedtls_pk_context pk;

From 9d5785be8ff5b681d7b0a0688c7fb91ce5634e9f Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:06:25 +0000
Subject: [PATCH 08/71] Clarify use of blinding in RSA private key operations

---
 include/mbedtls/rsa.h | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 6b2e54b49..8e34e6269 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -220,7 +220,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
  * \brief          Do an RSA private key operation
  *
  * \param ctx      RSA context
- * \param f_rng    RNG function (Needed for blinding)
+ * \param f_rng    RNG function (used for blinding)
  * \param p_rng    RNG parameter
  * \param input    input buffer
  * \param output   output buffer
@@ -229,6 +229,18 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
  *
  * \note           The input and output buffers must be large
  *                 enough (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           Blinding is used if and only if a PRNG is provided.
+ *
+ * \note           If blinding is used, both the base of exponentation
+ *                 and the exponent are blinded, providing protection
+ *                 against some side-channel attacks.
+ *
+ * \warning        It is deprecated and a security risk to not provide
+ *                 a PRNG here and thereby prevent the use of blinding.
+ *                 Future versions of the library may enforce the presence
+ *                 of a PRNG.
+ *
  */
 int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
                  int (*f_rng)(void *, unsigned char *, size_t),

From 41f5a0fe97ce46c9c596f76216b56ee91c0494aa Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:06:51 +0000
Subject: [PATCH 09/71] Ensure that RSA_NO_CRT gets disabled by `config.pl
 full`

---
 scripts/config.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/config.pl b/scripts/config.pl
index d8d6a20ed..7108f506a 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -31,7 +31,7 @@ EOU
 # for our eyes only:
 # $0 [-f <file>] full|realfull
 
-# Things that shouldn't be enabled with "full".
+# The following options are disabled instead of enabled with "full".
 # Notes:
 # - MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 and
 #   MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION could be enabled if the
@@ -47,6 +47,7 @@ MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 MBEDTLS_NO_PLATFORM_ENTROPY
 MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 MBEDTLS_SSL_HW_RECORD_ACCEL
+MBEDTLS_RSA_NO_CRT
 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 MBEDTLS_ZLIB_SUPPORT

From 929359284347a3b006cd16d9df216abbebeec849 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:07:09 +0000
Subject: [PATCH 10/71] Add test case for RSA_NO_CRT to all.sh

---
 tests/scripts/all.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6defcdc2a..cacb7caf0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -279,6 +279,23 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
 msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
 tests/ssl-opt.sh
 
+msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_RSA_NO_CRT
+CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+make
+
+msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
+make test
+
+msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
+tests/ssl-opt.sh -f RSA
+
+msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
+tests/compat.sh -t RSA
+
+
 msg "build: cmake, full config, clang" # ~ 50s
 cleanup
 cp "$CONFIG_H" "$CONFIG_BAK"

From a82f89181c90cbe8507b4d9d949c86ccf712b96d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:08:27 +0000
Subject: [PATCH 11/71] Verify result of RSA private key operation

---
 library/bignum.c |  2 +-
 library/rsa.c    | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/library/bignum.c b/library/bignum.c
index 52edd3def..4f94e207c 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1609,7 +1609,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
     mbedtls_mpi RR, T, W[ 2 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
     int neg;
 
-    if( mbedtls_mpi_cmp_int( N, 0 ) < 0 || ( N->p[0] & 1 ) == 0 )
+    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
         return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
 
     if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
diff --git a/library/rsa.c b/library/rsa.c
index 40ea642dc..70d95fa72 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -403,10 +403,17 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
     mbedtls_mpi *DQ = &ctx->DQ;
 #endif
 
+    /* Temporaries holding the initial input and the double
+     * checked result; should be the same in the end. */
+    mbedtls_mpi I, C;
+
     /* Make sure we have private key info, prevent possible misuse */
     if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
+    mbedtls_mpi_init( &I );
+    mbedtls_mpi_init( &C );
+
     mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
     mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R );
 
@@ -434,6 +441,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
         goto cleanup;
     }
 
+    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
+
     if( f_rng != NULL )
     {
         /*
@@ -522,6 +531,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
     }
 
+    /* Verify the result to prevent glitching attacks. */
+    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
+                                          &ctx->N, &ctx->RN ) );
+    if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
+    {
+        ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
+        goto cleanup;
+    }
+
     olen = ctx->len;
     MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
 
@@ -544,6 +562,9 @@ cleanup:
 #endif
     }
 
+    mbedtls_mpi_free( &C );
+    mbedtls_mpi_free( &I );
+
     if( ret != 0 )
         return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
 

From de0b70c3660169719c2fa761fd942328e32f175e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:08:53 +0000
Subject: [PATCH 12/71] Check precisely for the needed RSA context fields in
 rsa_private

---
 library/rsa.c | 35 +++++++++++++++++++++++++++--------
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/library/rsa.c b/library/rsa.c
index 70d95fa72..ae4e61657 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -408,8 +408,33 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
     mbedtls_mpi I, C;
 
     /* Make sure we have private key info, prevent possible misuse */
-    if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL )
+#if defined(MBEDTLS_RSA_NO_CRT)
+    if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ||
+        ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) ||
+        ( f_rng != NULL && mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 ) )
+    {
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    }
+#else /* ! MBEDTLS_RSA_NO_CRT */
+    if( mbedtls_mpi_cmp_int( &ctx->N, 0 )  == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->E, 0 )  == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->P, 0 )  == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->Q, 0 )  == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 ||
+        mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 )
+    {
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    }
+#endif /* ! MBEDTLS_RSA_NO_CRT */
+
+
+#if defined(MBEDTLS_THREADING_C)
+    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+        return( ret );
+#endif
 
     mbedtls_mpi_init( &I );
     mbedtls_mpi_init( &C );
@@ -428,12 +453,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
 #endif
     }
 
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
     MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
     if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
     {
@@ -726,7 +745,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     olen = ctx->len;
-    
+
     // first comparison checks for overflow
     if( ilen + 11 < ilen || olen < ilen + 11 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );

From 21f83753f5bb98086098b9d03b88abc3aac86369 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:09:33 +0000
Subject: [PATCH 13/71] Remove signature verification from
 mbedtls_rsa_rsassa_pkcs1_v15_sign

This is no longer necessary as we're now always verifying the result of rsa_private.
---
 library/rsa.c | 42 +-----------------------------------------
 1 file changed, 1 insertion(+), 41 deletions(-)

diff --git a/library/rsa.c b/library/rsa.c
index ae4e61657..0d698f750 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1207,11 +1207,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
     size_t nb_pad, olen, oid_size = 0;
     unsigned char *p = sig;
     const char *oid = NULL;
-    unsigned char *sig_try = NULL, *verif = NULL;
-    size_t i;
-    unsigned char diff;
-    volatile unsigned char diff_no_optimize;
-    int ret;
 
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1277,42 +1272,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
     if( mode == MBEDTLS_RSA_PUBLIC )
         return( mbedtls_rsa_public(  ctx, sig, sig ) );
 
-    /*
-     * In order to prevent Lenstra's attack, make the signature in a
-     * temporary buffer and check it before returning it.
-     */
-    sig_try = mbedtls_calloc( 1, ctx->len );
-    if( sig_try == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    verif   = mbedtls_calloc( 1, ctx->len );
-    if( verif == NULL )
-    {
-        mbedtls_free( sig_try );
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
-
-    /* Compare in constant time just in case */
-    for( diff = 0, i = 0; i < ctx->len; i++ )
-        diff |= verif[i] ^ sig[i];
-    diff_no_optimize = diff;
-
-    if( diff_no_optimize != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
-        goto cleanup;
-    }
-
-    memcpy( sig, sig_try, ctx->len );
-
-cleanup:
-    mbedtls_free( sig_try );
-    mbedtls_free( verif );
-
-    return( ret );
+    return( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
 }
 #endif /* MBEDTLS_PKCS1_V15 */
 

From e2ccaddf0a252ea8ef4a0214702b78daf0871f27 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:10:23 +0000
Subject: [PATCH 14/71] Ensure RSA test suite calls rsa_private with PRNG

---
 tests/suites/test_suite_pk.function | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 5fa8a693a..77b453cdd 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -43,16 +43,19 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
                        const unsigned char *input, unsigned char *output,
                        size_t output_max_len )
 {
-    return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
-                               input, output, output_max_len ) );
+    return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
+                                       rnd_std_rand, NULL, mode, olen,
+                                       input, output, output_max_len ) );
 }
 int mbedtls_rsa_sign_func( void *ctx,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
                    const unsigned char *hash, unsigned char *sig )
 {
-    return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
-                            md_alg, hashlen, hash, sig ) );
+    ((void) f_rng);
+    ((void) p_rng);
+    return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode,
+                                    md_alg, hashlen, hash, sig ) );
 }
 size_t mbedtls_rsa_key_len_func( void *ctx )
 {

From d43764f9d3620b44b5d977ec9c229e0bf41051c5 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 6 Nov 2017 15:10:38 +0000
Subject: [PATCH 15/71] Adapt ChangeLog

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8f7843dc6..6e96fcd43 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS 2.1.x released xxxx-xx-xx
 
+Security
+   * Verify results of RSA private key operations to defend
+     against Bellcore glitch attack.
+
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.

From 45a556501c9269d79a51d563f00e4d786e1cf00a Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Fri, 25 Aug 2017 17:12:11 +0100
Subject: [PATCH 16/71] Add macros to ASN.1 module to parse ASN.1 tags

The macros simply extract the component bits of an ASN.1 tag value
---
 include/mbedtls/asn1.h | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index e159e57ea..8d35c4245 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -87,6 +87,22 @@
 #define MBEDTLS_ASN1_PRIMITIVE               0x00
 #define MBEDTLS_ASN1_CONSTRUCTED             0x20
 #define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
+
+/*
+ * Bit masks for each of the components of an ASN.1 tag as specified in
+ * Information technnology - ASN.1 encoding rules: Specification of Basic
+ * Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished
+ * encoding rules (DER) Section 8.1.2.2:
+ *
+ * Bit  8     7   6   5          1
+ *     +-------+-----+------------+
+ *     | Class | P/C | Tag number |
+ *     +-------+-----+------------+
+ */
+#define MBEDTLS_ASN1_TAG_CLASS_MASK          ( 0x03 << 6 )
+#define MBEDTLS_ASN1_TAG_PC_MASK             ( 0x01 << 5 )
+#define MBEDTLS_ASN1_TAG_VALUE_MASK          ( 0x1F << 0 )
+
 /* \} name */
 /* \} addtogroup asn1_module */
 

From f6a6b82362adb14ef73ea8862a2cc71c68fadb04 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Fri, 25 Aug 2017 17:13:12 +0100
Subject: [PATCH 17/71] Fix x509_get_subject_alt_name to drop invalid tag

Fix the x509_get_subject_alt_name() function to not accept invalid
tags. The problem was that the ASN.1 class for tags consists of two
bits. Simply doing bit-wise and of the CONTEXT_SPECIFIC macro with the
input tag has the potential of accepting tag values 0x10 (private)
which would indicate that the certificate has an incorrect format.
---
 library/x509_crt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 8cb19239e..55293667e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -472,9 +472,12 @@ static int x509_get_subject_alt_name( unsigned char **p,
         if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
-        if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC )
+        if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
+                MBEDTLS_ASN1_CONTEXT_SPECIFIC )
+        {
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
                     MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+        }
 
         /* Skip everything but DNS name */
         if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) )

From 7d0306022886a6b6a8277319464637ec2e22dfa6 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Fri, 25 Aug 2017 17:17:34 +0100
Subject: [PATCH 18/71] Add ChangeLog entry

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 36696e6fd..7840da0f1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -74,6 +74,8 @@ Bugfix
      Found by nkolban. Fixes #845.
    * Fix handling of handshake messages in mbedtls_ssl_read in case
      MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp.
+   * Fix X509 CRT parsing that would potentially accept an invalid tag when
+     parsing the subject alternative names.
 
 Changes
    * Extend cert_write example program by options to set the CRT version

From 4b4744b197f59d01091c438b7fa4c26034c86039 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 7 Nov 2017 20:16:19 +0000
Subject: [PATCH 19/71] Add regression test for parsing subjectAltNames

---
 tests/suites/test_suite_x509parse.data | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 5731677fe..4807866b7 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1104,6 +1104,10 @@ x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ER
 X509 Certificate ASN1 (invalid version overflow)
 x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
 
+X509 Certificate ASN1 (invalid SubjectAltNames tag)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
 X509 CRL ASN1 (Incorrect first tag)
 x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
 

From a45d2ef9576e4b527fd295b829443d99016ac3ed Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Tue, 7 Nov 2017 20:21:56 +0000
Subject: [PATCH 20/71] Define ASN1 bitmask macros in more direct way

---
 include/mbedtls/asn1.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 8d35c4245..75b7b3dfb 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -99,9 +99,9 @@
  *     | Class | P/C | Tag number |
  *     +-------+-----+------------+
  */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK          ( 0x03 << 6 )
-#define MBEDTLS_ASN1_TAG_PC_MASK             ( 0x01 << 5 )
-#define MBEDTLS_ASN1_TAG_VALUE_MASK          ( 0x1F << 0 )
+#define MBEDTLS_ASN1_TAG_CLASS_MASK          0xC0
+#define MBEDTLS_ASN1_TAG_PC_MASK             0x20
+#define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
 
 /* \} name */
 /* \} addtogroup asn1_module */

From 92deeaa47f1148249c9bc106e1ca044ef7402813 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 2 Jan 2018 21:54:17 +0100
Subject: [PATCH 21/71] all.sh --keep-going: work if TERM is unset

---
 tests/scripts/all.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 8a4881af7..a26362753 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -284,7 +284,7 @@ if [ $KEEP_GOING -eq 1 ]; then
     start_red=
     end_color=
     if [ -t 1 ]; then
-        case "$TERM" in
+        case "${TERM:-}" in
             *color*|cygwin|linux|rxvt*|screen|[Eex]term*)
                 start_red=$(printf '\033[31m')
                 end_color=$(printf '\033[0m')

From 1cc67a0d0ecc46e4916a2a42a567c1f010ae3a37 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 17 Jan 2018 17:38:28 +0000
Subject: [PATCH 22/71] Add missing calls to sha{256/512}_{init/free} in
 entropy module

The entropy context contains a SHA-256 or SHA-512 context for entropy
mixing, but doesn't initialize / free this context properly in the
initialization and freeing functions `mbedtls_entropy_init` and
`mbedtls_entropy_free` through a call to `mbedtls_sha{256/512}_init`
resp. `mbedtls_sha{256/512}_free`. Instead, only a zeroization of the
entire entropy structure is performed. This doesn't lead to problems
for the current software implementations of SHA-256 and SHA-512 because
zeroization is proper initialization for them, but it may (and does)
cause problems for alternative implementations of SHA-256 and SHA-512
that use context structures that cannot be properly initialized through
zeroization. This commit fixes this. Found and fix suggested by ccli8.
---
 library/entropy.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/library/entropy.c b/library/entropy.c
index b45384dbe..d3c132719 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -68,8 +68,10 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
 #endif
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_init( &ctx->accumulator );
     mbedtls_sha512_starts( &ctx->accumulator, 0 );
 #else
+    mbedtls_sha256_init( &ctx->accumulator );
     mbedtls_sha256_starts( &ctx->accumulator, 0 );
 #endif
 #if defined(MBEDTLS_HAVEGE_C)
@@ -105,6 +107,13 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
 #if defined(MBEDTLS_HAVEGE_C)
     mbedtls_havege_free( &ctx->havege_data );
 #endif
+
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_free( &ctx->accumulator );
+#else
+    mbedtls_sha256_free( &ctx->accumulator );
+#endif
+
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_free( &ctx->mutex );
 #endif

From 4ecd34f86c9c829b2b48f71b9536955875509428 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 17 Jan 2018 17:45:31 +0000
Subject: [PATCH 23/71] Adapt ChangeLog

---
 ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ed7818e30..d853b226c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,11 @@ Features
      heavily-loaded machine.
 
 Bugfix
+   * Properly initialize and free SHA-256 / SHA-512 context in entropy module
+     instead of performing zeroization only. This could lead to failure for
+     alternative implementations of SHA-256 / SHA-512 for which zeroization
+     of contexts is not a proper way of initialization.
+     Found and fix suggested by ccli8.
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
    * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.

From 31b37f6edd54233cdf67665d10205d9b94b9cc2d Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 17 Jan 2018 23:09:20 +0000
Subject: [PATCH 24/71] Use free + init to reset accumulator in entropy module

The SHA-256 / SHA-512 context used for entropy mixing in entropy.c
was previously reset by zeroization. The commit replaces this by
a pair of calls to `mbedtls_shaxxx_init` and `mbedtls_shaxxx_free`
which is safe also for alternative implementations of SHA-256 or
SHA-512 for which zeroization might not be a proper reset.
---
 library/entropy.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/entropy.c b/library/entropy.c
index d3c132719..8125f644a 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -318,7 +318,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) );
+    mbedtls_sha512_free( &ctx->accumulator );
+    mbedtls_sha512_init( &ctx->accumulator );
     mbedtls_sha512_starts( &ctx->accumulator, 0 );
     mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
 
@@ -332,7 +333,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
-    memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) );
+    mbedtls_sha256_free( &ctx->accumulator );
+    mbedtls_sha256_init( &ctx->accumulator );
     mbedtls_sha256_starts( &ctx->accumulator, 0 );
     mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
 

From a1413e05e948d34334e1df1c7cc8ca50c4e0ed8c Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Wed, 6 Sep 2017 17:49:10 +0300
Subject: [PATCH 25/71] Fix compilation error with Mingw32

Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use
`_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by
Thomas Glanzmann and Nick Wilson on issue #355
---
 ChangeLog          | 3 +++
 library/debug.c    | 2 +-
 library/platform.c | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ed7818e30..80d4cf529 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -62,6 +62,9 @@ Bugfix
    * Fix issue in RSA key generation program programs/x509/rsa_genkey
      where the failure of CTR DRBG initialization lead to freeing an
      RSA context without proper initialization beforehand.
+   * Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE`
+     only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and
+     Nick Wilson on issue #355
 
 Changes
    * Extend cert_write example program by options to set the CRT version
diff --git a/library/debug.c b/library/debug.c
index 4752ab1a3..afa21cb5b 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -90,7 +90,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
 
     va_start( argp, format );
 #if defined(_WIN32)
-#if defined(_TRUNCATE)
+#if defined(_TRUNCATE) && !defined(__MINGW32__)
     ret = _vsnprintf_s( str, DEBUG_BUF_SIZE, _TRUNCATE, format, argp );
 #else
     ret = _vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
diff --git a/library/platform.c b/library/platform.c
index d634c6277..e90dc3c93 100644
--- a/library/platform.c
+++ b/library/platform.c
@@ -74,7 +74,7 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
         return( -1 );
 
     va_start( argp, fmt );
-#if defined(_TRUNCATE)
+#if defined(_TRUNCATE) && !defined(__MINGW32__)
     ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
 #else
     ret = _vsnprintf( s, n, fmt, argp );

From 998a4de3fa080287319052ee9b1d420bff960a81 Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Tue, 26 Sep 2017 15:06:56 +0300
Subject: [PATCH 26/71] Fix Changelog notation

Remove backticks, since ChangeLog is not in MarkDown
---
 ChangeLog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 80d4cf529..878b05f2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -62,8 +62,8 @@ Bugfix
    * Fix issue in RSA key generation program programs/x509/rsa_genkey
      where the failure of CTR DRBG initialization lead to freeing an
      RSA context without proper initialization beforehand.
-   * Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use `_TRUNCATE`
-     only if `__MINGW32__` not defined. Fix suggested by Thomas Glanzmann and
+   * Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE
+     only if __MINGW32__ not defined. Fix suggested by Thomas Glanzmann and
      Nick Wilson on issue #355
 
 Changes

From 1ac9aa70852d67b71797d7bbcd97152b11c26334 Mon Sep 17 00:00:00 2001
From: Ron Eldor <Ron.Eldor@arm.com>
Date: Sun, 28 May 2017 10:46:38 +0300
Subject: [PATCH 27/71] Set correct minimal versions in default conf

Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
---
 ChangeLog                      |  4 ++++
 include/mbedtls/ssl_internal.h |  3 +++
 library/ssl_tls.c              | 10 ++++++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ed7818e30..aa98f7f6b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -62,6 +62,10 @@ Bugfix
    * Fix issue in RSA key generation program programs/x509/rsa_genkey
      where the failure of CTR DRBG initialization lead to freeing an
      RSA context without proper initialization beforehand.
+   * Fix setting version TLSv1 as minimal version, even if TLS 1
+     is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION`
+     and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead
+     of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
 
 Changes
    * Extend cert_write example program by options to set the CRT version
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 0c93a748e..8bbe0b7b4 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -65,6 +65,9 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1   */
 #endif /* MBEDTLS_SSL_PROTO_SSL3   */
 
+#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
+#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
+
 /* Determine maximum supported version */
 #define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 860ae2937..942e08357 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7335,8 +7335,14 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
          * Default
          */
         default:
-            conf->min_major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
-            conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_1; /* TLS 1.0 */
+            conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION >
+                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ?
+                                    MBEDTLS_SSL_MIN_MAJOR_VERSION :
+                                    MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION;
+            conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION >
+                                    MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ?
+                                    MBEDTLS_SSL_MIN_MINOR_VERSION :
+                                    MBEDTLS_SSL_MIN_VALID_MINOR_VERSION;
             conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION;
             conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION;
 

From b61b9ccf8072c406eb45e2bb15fb41c0881ac6b2 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Wed, 12 Jul 2017 14:04:40 +0100
Subject: [PATCH 28/71] Fix typo and bracketing in macro args

---
 library/net.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/net.c b/library/net.c
index f08bbec51..e3aa2a993 100644
--- a/library/net.c
+++ b/library/net.c
@@ -52,8 +52,8 @@
 #endif
 #endif /* _MSC_VER */
 
-#define read(fd,buf,len)        recv(fd,(char*)buf,(int) len,0)
-#define write(fd,buf,len)       send(fd,(char*)buf,(int) len,0)
+#define read(fd,buf,len)        recv( fd, (char*)( buf ), (int)( len ), 0 )
+#define write(fd,buf,len)       send( fd, (char*)( buf ), (int)( len ), 0 )
 #define close(fd)               closesocket(fd)
 
 static int wsa_init_done = 0;
@@ -74,7 +74,7 @@ static int wsa_init_done = 0;
 #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
 
 /* Some MS functions want int and MSVC warns if we pass size_t,
- * but the standard fucntions use socklen_t, so cast only for MSVC */
+ * but the standard functions use socklen_t, so cast only for MSVC */
 #if defined(_MSC_VER)
 #define MSVC_INT_CAST   (int)
 #else

From 8ad5acd6da039ba4eb2f43da8cf1b07e6971135f Mon Sep 17 00:00:00 2001
From: Andres AG <andres.amayagarcia@arm.com>
Date: Mon, 30 Jan 2017 14:34:25 +0000
Subject: [PATCH 29/71] Fix corner case uses of memory_buffer_alloc.c

The corner cases fixed include:
    * Allocating a buffer of size 0. With this change, the allocator now
      returns a NULL pointer in this case. Note that changes in pem.c and
      x509_crl.c were required to fix tests that did not work under this
      assumption.
    * Initialising the allocator with less memory than required for headers.
    * Fix header chain checks for uninitialised allocator.
---
 ChangeLog                     |  2 ++
 library/memory_buffer_alloc.c | 29 ++++++++++++++++++-----------
 library/pem.c                 |  4 ++--
 library/x509_crl.c            |  4 ++--
 4 files changed, 24 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ed7818e30..65c5d65c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -62,6 +62,8 @@ Bugfix
    * Fix issue in RSA key generation program programs/x509/rsa_genkey
      where the failure of CTR DRBG initialization lead to freeing an
      RSA context without proper initialization beforehand.
+   * Fix memory allocation corner cases in memory_buffer_alloc.c module. Found
+     by Guido Vranken. #639
 
 Changes
    * Extend cert_write example program by options to set the CRT version
diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 545d5a2c3..0d3342dea 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -182,9 +182,9 @@ static int verify_header( memory_header *hdr )
 
 static int verify_chain()
 {
-    memory_header *prv = heap.first, *cur = heap.first->next;
+    memory_header *prv = heap.first, *cur;
 
-    if( verify_header( heap.first ) != 0 )
+    if( heap.first == NULL || verify_header( heap.first ) != 0 )
     {
 #if defined(MBEDTLS_MEMORY_DEBUG)
         mbedtls_fprintf( stderr, "FATAL: verification of first header "
@@ -202,6 +202,8 @@ static int verify_chain()
         return( 1 );
     }
 
+    cur = heap.first->next;
+
     while( cur != NULL )
     {
         if( verify_header( cur ) != 0 )
@@ -245,7 +247,9 @@ static void *buffer_alloc_calloc( size_t n, size_t size )
 
     original_len = len = n * size;
 
-    if( n != 0 && len / n != size )
+    if( n == 0 || size == 0 || len / n != size )
+        return( NULL );
+    else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
         return( NULL );
 
     if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
@@ -386,7 +390,7 @@ static void buffer_alloc_free( void *ptr )
     if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
         return;
 
-    if( p < heap.buf || p > heap.buf + heap.len )
+    if( p < heap.buf || p >= heap.buf + heap.len )
     {
 #if defined(MBEDTLS_MEMORY_DEBUG)
         mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
@@ -570,8 +574,7 @@ static void buffer_alloc_free_mutexed( void *ptr )
 
 void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
 {
-    memset( &heap, 0, sizeof(buffer_alloc_ctx) );
-    memset( buf, 0, len );
+    memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_init( &heap.mutex );
@@ -581,20 +584,24 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
     mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
 #endif
 
-    if( (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+    if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
+        return;
+    else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
     {
         /* Adjust len first since buf is used in the computation */
         len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
         buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t) buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
+             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
     }
 
+    memset( buf, 0, len );
+
     heap.buf = buf;
     heap.len = len;
 
-    heap.first = (memory_header *) buf;
-    heap.first->size = len - sizeof(memory_header);
+    heap.first = (memory_header *)buf;
+    heap.first->size = len - sizeof( memory_header );
     heap.first->magic1 = MAGIC1;
     heap.first->magic2 = MAGIC2;
     heap.first_free = heap.first;
diff --git a/library/pem.c b/library/pem.c
index 87401ba55..d726bd61b 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -423,7 +423,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
                       unsigned char *buf, size_t buf_len, size_t *olen )
 {
     int ret;
-    unsigned char *encode_buf, *c, *p = buf;
+    unsigned char *encode_buf = NULL, *c, *p = buf;
     size_t len = 0, use_len, add_len = 0;
 
     mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
@@ -435,7 +435,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
         return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
     }
 
-    if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
+    if( use_len != 0 && ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
         return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
 
     if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 91bbf05f9..33ad19ab0 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -257,7 +257,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
 {
     int ret;
     size_t len;
-    unsigned char *p, *end;
+    unsigned char *p = NULL, *end;
     mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
     mbedtls_x509_crl *crl = chain;
 
@@ -294,7 +294,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
     /*
      * Copy raw DER-encoded CRL
      */
-    if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
+    if( buflen != 0 && ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 
     memcpy( p, buf, buflen );

From 5dc2fe7467e3f800abb1ea7a8b8665d0cdd1304f Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 6 Jul 2017 10:06:58 +0100
Subject: [PATCH 30/71] Style fixes in pem, x509_crl and buf_alloc

---
 library/memory_buffer_alloc.c | 2 +-
 library/pem.c                 | 3 ++-
 library/x509_crl.c            | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c
index 0d3342dea..1cfc27ca6 100644
--- a/library/memory_buffer_alloc.c
+++ b/library/memory_buffer_alloc.c
@@ -184,7 +184,7 @@ static int verify_chain()
 {
     memory_header *prv = heap.first, *cur;
 
-    if( heap.first == NULL || verify_header( heap.first ) != 0 )
+    if( prv == NULL || verify_header( prv ) != 0 )
     {
 #if defined(MBEDTLS_MEMORY_DEBUG)
         mbedtls_fprintf( stderr, "FATAL: verification of first header "
diff --git a/library/pem.c b/library/pem.c
index d726bd61b..7b3ae8d3d 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -435,7 +435,8 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer,
         return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
     }
 
-    if( use_len != 0 && ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL )
+    if( use_len != 0 &&
+        ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
         return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
 
     if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 33ad19ab0..5ef174e69 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -257,7 +257,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
 {
     int ret;
     size_t len;
-    unsigned char *p = NULL, *end;
+    unsigned char *p = NULL, *end = NULL;
     mbedtls_x509_buf sig_params1, sig_params2, sig_oid2;
     mbedtls_x509_crl *crl = chain;
 
@@ -294,7 +294,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
     /*
      * Copy raw DER-encoded CRL
      */
-    if( buflen != 0 && ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
+    if( buflen != 0 && ( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) )
         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 
     memcpy( p, buf, buflen );

From aff799231e4f192753d29bd371e0cd1bfe0064e1 Mon Sep 17 00:00:00 2001
From: SimonB <simonb@redtangent.net>
Date: Mon, 2 May 2016 23:25:02 +0100
Subject: [PATCH 31/71] Additional tests to test stack buffer allocator

Adds additional tests to the test suite for
memory_buffer_alloc.c
---
 .../test_suite_memory_buffer_alloc.data       |  16 ++
 .../test_suite_memory_buffer_alloc.function   | 218 ++++++++++++++++++
 2 files changed, 234 insertions(+)

diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data
index a0b046010..8d3813a7b 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.data
+++ b/tests/suites/test_suite_memory_buffer_alloc.data
@@ -1,2 +1,18 @@
 Memory buffer alloc self test
 mbedtls_memory_buffer_alloc_self_test:
+
+Memory buffer alloc - free in middle, alloc at end
+memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:200:0
+
+Memory buffer alloc - free in middle, realloc
+memory_buffer_alloc_free_alloc:100:100:100:0:0:1:0:0:100:0
+
+Memory buffer alloc - free in middle, merge, realloc
+memory_buffer_alloc_free_alloc:100:100:100:100:0:1:1:0:201:0
+
+Memory buffer alloc - free at end, merge, realloc
+memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0
+
+Memory buffer alloc - Out of Memory test
+memory_buffer_alloc_oom_test:
+
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index 59b06431b..a36dbc3d1 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -1,6 +1,7 @@
 /* BEGIN_HEADER */
 #include "mbedtls/memory_buffer_alloc.h"
 #define TEST_SUITE_MEMORY_BUFFER_ALLOC
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -8,9 +9,226 @@
  * END_DEPENDENCIES
  */
 
+/* BEGIN_SUITE_HELPERS */
+static int check_pointer( void *p )
+{
+    if( p == NULL )
+        return( -1 );
+
+    if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 )
+        return( -1 );
+
+    return( 0 );
+}
+/* END_SUITE_HELPERS */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void mbedtls_memory_buffer_alloc_self_test( )
 {
     TEST_ASSERT( mbedtls_memory_buffer_alloc_self_test( 0 ) == 0 );
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
+                                        int d_bytes,
+                                     int free_a, int free_b, int free_c,
+                                        int free_d,
+                                     int e_bytes, int f_bytes )
+{
+    unsigned char buf[1024];
+    unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL,
+                    *ptr_e = NULL, *ptr_f = NULL;
+
+    size_t reported_blocks;
+    size_t allocated_bytes = 0, reported_bytes;
+
+    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+
+    mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS );
+
+    if( a_bytes > 0 )
+    {
+        ptr_a = mbedtls_calloc( a_bytes, sizeof(char) );
+        TEST_ASSERT( check_pointer( ptr_a ) == 0 );
+
+        allocated_bytes += a_bytes * sizeof(char);
+    }
+
+    if( b_bytes > 0 )
+    {
+        ptr_b = mbedtls_calloc( b_bytes, sizeof(char) );
+        TEST_ASSERT( check_pointer( ptr_b ) == 0 );
+
+        allocated_bytes += b_bytes * sizeof(char);
+    }
+
+    if( c_bytes > 0 )
+    {
+        ptr_c = mbedtls_calloc( c_bytes, sizeof(char) );
+        TEST_ASSERT( check_pointer( ptr_c ) == 0 );
+
+        allocated_bytes += c_bytes * sizeof(char);
+    }
+
+    if( d_bytes > 0 )
+    {
+        ptr_d = mbedtls_calloc( d_bytes, sizeof(char) );
+        TEST_ASSERT( check_pointer( ptr_d ) == 0 );
+
+        allocated_bytes += d_bytes * sizeof(char);
+    }
+
+    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
+    TEST_ASSERT( reported_bytes == allocated_bytes );
+
+    if( free_a )
+    {
+        mbedtls_free( ptr_a );
+        ptr_a = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+        allocated_bytes -= a_bytes * sizeof(char);
+    }
+
+    if( free_b )
+    {
+        mbedtls_free( ptr_b );
+        ptr_b = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+        allocated_bytes -= b_bytes * sizeof(char);
+    }
+
+    if( free_c )
+    {
+        mbedtls_free( ptr_c );
+        ptr_c = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+        allocated_bytes -= c_bytes * sizeof(char);
+    }
+
+    if( free_d )
+    {
+        mbedtls_free( ptr_d );
+        ptr_d = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+        allocated_bytes -= d_bytes * sizeof(char);
+    }
+
+    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
+    TEST_ASSERT( reported_bytes == allocated_bytes );
+
+    if( e_bytes > 0 )
+    {
+        ptr_e = mbedtls_calloc( e_bytes, sizeof(char) );
+        TEST_ASSERT( check_pointer( ptr_e ) == 0 );
+    }
+
+    if( f_bytes > 0 )
+    {
+        ptr_f = mbedtls_calloc( f_bytes, sizeof(char) );
+        TEST_ASSERT( check_pointer( ptr_f ) == 0 );
+    }
+
+    /* Once blocks are reallocated, the block allocated to the memory request
+     * may be bigger than the request itself, which is indicated by the reported
+     * bytes, and makes it hard to know what the reported size will be, so
+     * we don't check the size after blocks have been reallocated. */
+
+    if( ptr_a != NULL )
+    {
+        mbedtls_free( ptr_a );
+        ptr_a = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+    }
+
+    if( ptr_b != NULL )
+    {
+        mbedtls_free( ptr_b );
+        ptr_b = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+    }
+
+    if( ptr_c != NULL )
+    {
+        mbedtls_free( ptr_c );
+        ptr_c = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+    }
+
+    if( ptr_d != NULL )
+    {
+        mbedtls_free( ptr_d );
+        ptr_d = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+    }
+
+    if( ptr_e != NULL )
+    {
+        mbedtls_free( ptr_e );
+        ptr_e = NULL;
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+    }
+
+    if( ptr_f != NULL )
+    {
+        mbedtls_free( ptr_f );
+        ptr_f = NULL;
+    }
+
+    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
+    TEST_ASSERT( reported_bytes == 0 );
+
+    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+exit:
+    mbedtls_memory_buffer_alloc_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+void memory_buffer_alloc_oom_test()
+{
+    unsigned char buf[1024];
+    unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL;
+    size_t reported_blocks, reported_bytes;
+
+    (void)ptr_c;
+
+    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+
+    mbedtls_memory_buffer_set_verify( MBEDTLS_MEMORY_VERIFY_ALWAYS );
+
+    ptr_a = mbedtls_calloc( 432, sizeof(char) );
+    TEST_ASSERT( check_pointer( ptr_a ) == 0 );
+
+    ptr_b = mbedtls_calloc( 432, sizeof(char) );
+    TEST_ASSERT( check_pointer( ptr_b ) == 0 );
+
+    ptr_c = mbedtls_calloc( 431, sizeof(char) );
+    TEST_ASSERT( ptr_c == NULL );
+
+    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
+    TEST_ASSERT( reported_bytes == 864 );
+
+    mbedtls_free( ptr_a );
+    ptr_a = NULL;
+    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+    mbedtls_free( ptr_b );
+    ptr_b = NULL;
+    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
+    TEST_ASSERT( reported_bytes == 0 );
+
+    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+
+exit:
+    mbedtls_memory_buffer_alloc_free( );
+}
+/* END_CASE */
+

From e9cfe146b5b4690797973fa5734aeab14b670d1f Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 10 May 2016 20:57:03 +0100
Subject: [PATCH 32/71] Widens test bounds on memory alloc tests

---
 tests/suites/test_suite_memory_buffer_alloc.function | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index a36dbc3d1..04dd68bec 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -212,7 +212,7 @@ void memory_buffer_alloc_oom_test()
     TEST_ASSERT( ptr_c == NULL );
 
     mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
-    TEST_ASSERT( reported_bytes == 864 );
+    TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) );
 
     mbedtls_free( ptr_a );
     ptr_a = NULL;

From 9b9ae0d89718a4fbfb1f06e839d6dfdee4d2b35d Mon Sep 17 00:00:00 2001
From: Andres AG <andres.amayagarcia@arm.com>
Date: Mon, 30 Jan 2017 14:35:08 +0000
Subject: [PATCH 33/71] Test corner case uses of memory_buffer_alloc.c

---
 .../test_suite_memory_buffer_alloc.data       |  5 ++++
 .../test_suite_memory_buffer_alloc.function   | 28 +++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/tests/suites/test_suite_memory_buffer_alloc.data b/tests/suites/test_suite_memory_buffer_alloc.data
index 8d3813a7b..d59f1135a 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.data
+++ b/tests/suites/test_suite_memory_buffer_alloc.data
@@ -16,3 +16,8 @@ memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0
 Memory buffer alloc - Out of Memory test
 memory_buffer_alloc_oom_test:
 
+Memory buffer small buffer
+memory_buffer_small_buffer:
+
+Memory buffer underalloc
+memory_buffer_underalloc:
diff --git a/tests/suites/test_suite_memory_buffer_alloc.function b/tests/suites/test_suite_memory_buffer_alloc.function
index 04dd68bec..d0484cdf2 100644
--- a/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/tests/suites/test_suite_memory_buffer_alloc.function
@@ -232,3 +232,31 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+void memory_buffer_small_buffer( )
+{
+    unsigned char buf[1];
+
+    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+void memory_buffer_underalloc( )
+{
+    unsigned char buf[100];
+    size_t i;
+
+    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
+    for( i = 1; i < MBEDTLS_MEMORY_ALIGN_MULTIPLE; i++ )
+    {
+        TEST_ASSERT( mbedtls_calloc( 1,
+                     (size_t)-( MBEDTLS_MEMORY_ALIGN_MULTIPLE - i ) ) == NULL );
+        TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
+    }
+
+exit:
+    mbedtls_memory_buffer_alloc_free();
+}
+/* END_CASE */

From e39088a62b60cdaef862a154e283690ca5c05f39 Mon Sep 17 00:00:00 2001
From: SimonB <simonb@redtangent.net>
Date: Wed, 10 Feb 2016 23:50:28 +0000
Subject: [PATCH 34/71] Clarified purpose and usage of generate_code.pl

Added comments to explain purpose and usage of generate_code.pl
---
 tests/scripts/generate_code.pl | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 7b45d9c73..8ab68e0e6 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -1,4 +1,12 @@
 #!/usr/bin/env perl
+
+# generate_code.pl
+#
+# Generates the test suite code given inputs of the test suite directory that
+# contain the test suites, and the test suite file names for the test code and
+# test data.
+#
+# Usage: generate_code.pl <suite dir> <code file> <data file> [main code file]
 #
 #       A test data file consists of a sequence of paragraphs separated by
 #       a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF)
@@ -20,7 +28,6 @@
 #       parameter may either be an integer written in decimal or hexadecimal,
 #       or a string surrounded by double quotes which may not contain the
 #       ':' character.
-#
 
 use strict;
 

From 0284f58234b71b51afef855e8557bd551124b0c7 Mon Sep 17 00:00:00 2001
From: SimonB <simonb@redtangent.net>
Date: Mon, 15 Feb 2016 23:27:28 +0000
Subject: [PATCH 35/71] Added support for per test suite helper functions

Added to generate_code.pl:
    - support for per test suite helper functions
    - description of the structure of the files the script uses to construct
      the test suite file
    - delimiters through the source code to make the machine generated code
      easier to understand
---
 tests/scripts/generate_code.pl  | 73 +++++++++++++++++++++++++++++++--
 tests/suites/main_test.function | 12 ++++++
 2 files changed, 81 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 8ab68e0e6..284f6b1da 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -2,12 +2,47 @@
 
 # generate_code.pl
 #
+# Purpose
+#
 # Generates the test suite code given inputs of the test suite directory that
 # contain the test suites, and the test suite file names for the test code and
 # test data.
 #
 # Usage: generate_code.pl <suite dir> <code file> <data file> [main code file]
 #
+# Structure of files
+#
+#   - main code file - 'main_test.function'
+#       Template file that contains the main() function for the test suite,
+#       test dispatch code as well as support functions. It contains the
+#       following symbols which are substituted by this script during
+#       processing:
+#           TEST_FILENAME
+#           SUITE_PRE_DEP
+#           MAPPING_CODE
+#           FUNCTION CODE
+#           SUITE_POST_DEP
+#           DEP_CHECK_CODE
+#           DISPATCH_FUNCTION
+#
+#   - common helper code file - 'helpers.function'
+#       Common helper functions
+#
+#   - test suite code file - file name in the form 'test_suite_xxx.function'
+#       Code file that contains the actual test cases. The file contains a
+#       series of code sequences delimited by the following:
+#           BEGIN_HEADER / END_HEADER - list of headers files
+#           BEGIN_SUITE_HELPERS / END_SUITE_HELPERS - helper functions common to
+#               the test suite
+#           BEGIN_CASE / END_CASE - the test cases in the test suite. Each test
+#               case contains at least one function that is used to create the
+#               dispatch code.
+#
+#   - test data file - file name in the form 'test_suite_xxxx.data'
+#       The test case parameters to to be used in execution of the test. The
+#       file name is used to replace the symbol 'TEST_FILENAME' in the main
+#       code file above.
+#
 #       A test data file consists of a sequence of paragraphs separated by
 #       a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF)
 #       format. Lines starting with the character '#' are ignored
@@ -28,6 +63,7 @@
 #       parameter may either be an integer written in decimal or hexadecimal,
 #       or a string surrounded by double quotes which may not contain the
 #       ':' character.
+#
 
 use strict;
 
@@ -36,15 +72,16 @@ my $suite_name = shift or die "Missing suite name";
 my $data_name = shift or die "Missing data name";
 my $test_main_file = do { my $arg = shift; defined($arg) ? $arg :  $suite_dir."/main_test.function" };
 my $test_file = $data_name.".c";
-my $test_helper_file = $suite_dir."/helpers.function";
+my $test_common_helper_file = $suite_dir."/helpers.function";
 my $test_case_file = $suite_dir."/".$suite_name.".function";
 my $test_case_data = $suite_dir."/".$data_name.".data";
 
 my $line_separator = $/;
 undef $/;
 
-open(TEST_HELPERS, "$test_helper_file") or die "Opening test helpers '$test_helper_file': $!";
-my $test_helpers = <TEST_HELPERS>;
+open(TEST_HELPERS, "$test_common_helper_file") or die "Opening test helpers
+'$test_common_helper_file': $!";
+my $test_common_helpers = <TEST_HELPERS>;
 close(TEST_HELPERS);
 
 open(TEST_MAIN, "$test_main_file") or die "Opening test main '$test_main_file': $!";
@@ -61,6 +98,7 @@ close(TEST_DATA);
 
 my ( $suite_header ) = $test_cases =~ /\/\* BEGIN_HEADER \*\/\n(.*?)\n\/\* END_HEADER \*\//s;
 my ( $suite_defines ) = $test_cases =~ /\/\* BEGIN_DEPENDENCIES\n \* (.*?)\n \* END_DEPENDENCIES/s;
+my ( $suite_helpers ) = $test_cases =~ /\/\* BEGIN_SUITE_HELPERS \*\/\n(.*?)\n\/\* END_SUITE_HELPERS \*\//s;
 
 my $requirements;
 if ($suite_defines =~ /^depends_on:/)
@@ -88,16 +126,43 @@ $/ = $line_separator;
 
 open(TEST_FILE, ">$test_file") or die "Opening destination file '$test_file': $!";
 print TEST_FILE << "END";
+/*
+ * *** THIS FILE HAS BEEN MACHINE GENERATED ***
+ *
+ * This file has been machine generated using the script: $0
+ *
+ * Test file      : $test_file
+ *
+ * The following files were used to create this file.
+ *
+ *      Main code file  : $test_main_file
+ *      Helper file     : $test_common_helper_file
+ *      Test suite file : $test_case_file
+ *      Test suite daya : $test_case_data
+ *
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include <mbedtls/config.h>
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 
-$test_helpers
+
+/*----------------------------------------------------------------------------*/
+/* Common helper functions */
+
+$test_common_helpers
+
+
+/*----------------------------------------------------------------------------*/
+/* Test Suite Code */
 
 $suite_pre_code
 $suite_header
+$suite_helpers
 $suite_post_code
 
 END
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index db968e16c..54b7cc4a3 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -101,9 +101,17 @@ MAPPING_CODE
     return( -1 );
 }
 
+
+/*----------------------------------------------------------------------------*/
+/* Test Case code */
+
 FUNCTION_CODE
 SUITE_POST_DEP
 
+
+/*----------------------------------------------------------------------------*/
+/* Test dispatch code */
+
 int dep_check( char *str )
 {
     if( str == NULL )
@@ -133,6 +141,10 @@ DISPATCH_FUNCTION
     return( ret );
 }
 
+
+/*----------------------------------------------------------------------------*/
+/* Main Test code */
+
 /** Retrieve one input line into buf, which must have room for len
  * bytes. The trailing line break (if any) is stripped from the result.
  * Lines beginning with the character '#' are skipped. Lines that are

From 8bcd549a3ab4cadf04b06ea37bd2660ef44ec8c7 Mon Sep 17 00:00:00 2001
From: SimonB <simonb@redtangent.net>
Date: Wed, 17 Feb 2016 23:34:30 +0000
Subject: [PATCH 36/71] Refactored test suite template code

Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
---
 tests/scripts/generate_code.pl  |  2 +-
 tests/suites/helpers.function   | 40 ++++++++++++++++++++++++++++++++-
 tests/suites/main_test.function | 40 +--------------------------------
 3 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 284f6b1da..5846c0adf 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -152,7 +152,7 @@ print TEST_FILE << "END";
 
 
 /*----------------------------------------------------------------------------*/
-/* Common helper functions */
+/* Common helper code */
 
 $test_common_helpers
 
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 5c20f81ca..cad7072ce 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -1,3 +1,6 @@
+/*----------------------------------------------------------------------------*/
+/* Headers */
+
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
@@ -12,6 +15,10 @@
 #define mbedtls_snprintf   snprintf
 #endif
 
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
 #ifdef _MSC_VER
 #include <basetsd.h>
 typedef UINT32 uint32_t;
@@ -25,6 +32,25 @@ typedef UINT32 uint32_t;
 #include <stdlib.h>
 #include <string.h>
 
+
+/*----------------------------------------------------------------------------*/
+/* Global variables */
+
+static int test_errors = 0;
+
+
+/*----------------------------------------------------------------------------*/
+/* Macros */
+
+#define TEST_ASSERT( TEST )                         \
+    do {                                            \
+        if( ! (TEST) )                              \
+        {                                           \
+            test_fail( #TEST );                     \
+            goto exit;                              \
+        }                                           \
+    } while( 0 )
+
 #define assert(a) if( !( a ) )                                      \
 {                                                                   \
     mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n",   \
@@ -66,11 +92,14 @@ typedef UINT32 uint32_t;
 #define ENTROPY_HAVE_STRONG
 #endif
 
+/*----------------------------------------------------------------------------*/
+/* Helper Functions */
+
 static int unhexify( unsigned char *obuf, const char *ibuf )
 {
     unsigned char c, c2;
     int len = strlen( ibuf ) / 2;
-    assert( strlen( ibuf ) % 2 == 0 ); // must be even number of bytes
+    assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
 
     while( *ibuf != 0 )
     {
@@ -311,3 +340,12 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
 
     return( 0 );
 }
+
+static void test_fail( const char *test )
+{
+    test_errors++;
+    if( test_errors == 1 )
+        mbedtls_printf( "FAILED\n" );
+    mbedtls_printf( "  %s\n", test );
+}
+
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 54b7cc4a3..7fee3d876 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -1,44 +1,6 @@
-#include <string.h>
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#else
-#include <stdio.h>
-#include <stdlib.h>
-#define mbedtls_exit       exit
-#define mbedtls_free       free
-#define mbedtls_calloc     calloc
-#define mbedtls_fprintf    fprintf
-#define mbedtls_printf     printf
-#define mbedtls_snprintf   snprintf
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-
-static int test_errors = 0;
-
 SUITE_PRE_DEP
 #define TEST_SUITE_ACTIVE
 
-static void test_fail( const char *test )
-{
-    test_errors++;
-    if( test_errors == 1 )
-        mbedtls_printf( "FAILED\n" );
-    mbedtls_printf( "  %s\n", test );
-}
-
-#define TEST_ASSERT( TEST )                         \
-    do {                                            \
-        if( ! (TEST) )                              \
-        {                                           \
-            test_fail( #TEST );                     \
-            goto exit;                              \
-        }                                           \
-    } while( 0 )
-
 int verify_string( char **str )
 {
     if( (*str)[0] != '"' ||
@@ -203,7 +165,7 @@ int parse_arguments( char *buf, size_t len, char *params[50] )
         p++;
     }
 
-    // Replace newlines, question marks and colons in strings
+    /* Replace newlines, question marks and colons in strings */
     for( i = 0; i < cnt; i++ )
     {
         p = params[i];

From 60411a8b7f288d6969a0aacdefb2a880eb46eb56 Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Tue, 1 Mar 2016 18:35:02 +0000
Subject: [PATCH 37/71] Fix typos and add copyright statement to
 generate_code.pl

---
 tests/scripts/generate_code.pl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl
index 5846c0adf..17824c775 100755
--- a/tests/scripts/generate_code.pl
+++ b/tests/scripts/generate_code.pl
@@ -2,6 +2,8 @@
 
 # generate_code.pl
 #
+# Copyright (c) 2009-2016, ARM Limited, All Rights Reserved
+#
 # Purpose
 #
 # Generates the test suite code given inputs of the test suite directory that
@@ -138,7 +140,7 @@ print TEST_FILE << "END";
  *      Main code file  : $test_main_file
  *      Helper file     : $test_common_helper_file
  *      Test suite file : $test_case_file
- *      Test suite daya : $test_case_data
+ *      Test suite data : $test_case_data
  *
  *
  *  This file is part of mbed TLS (https://tls.mbed.org)

From fb023c18daa8efdb10e9c9984b554e83fd42c54f Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Wed, 6 Dec 2017 09:39:23 +0000
Subject: [PATCH 38/71] Ensure memcpy is not called with NULL and 0 args in
 x509 module

---
 library/x509_crl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/x509_crl.c b/library/x509_crl.c
index 5ef174e69..a0bf5da78 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -294,7 +294,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
     /*
      * Copy raw DER-encoded CRL
      */
-    if( buflen != 0 && ( ( p = mbedtls_calloc( 1, buflen ) ) == NULL ) )
+    if( buflen == 0 )
+        return( MBEDTLS_ERR_X509_INVALID_FORMAT );
+    else if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 
     memcpy( p, buf, buflen );

From af77213b72f198022d110d43a384859f6bfd98e4 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Tue, 12 Dec 2017 20:15:03 +0000
Subject: [PATCH 39/71] Change formatting of allocation check in x509_crl

---
 library/x509_crl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/x509_crl.c b/library/x509_crl.c
index a0bf5da78..bd6b5370f 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -296,7 +296,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
      */
     if( buflen == 0 )
         return( MBEDTLS_ERR_X509_INVALID_FORMAT );
-    else if( ( p = mbedtls_calloc( 1, buflen ) ) == NULL )
+
+    p = mbedtls_calloc( 1, buflen );
+    if( p == NULL )
         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
 
     memcpy( p, buf, buflen );

From 133ab2c8ee5873aed6a0aca52ec1a49272c8d599 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Tue, 23 Jan 2018 20:03:52 +0000
Subject: [PATCH 40/71] Ensure that mbedtls_pk_parse_key() does not allocate 0
 bytes

---
 library/pkparse.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/library/pkparse.c b/library/pkparse.c
index 9cad2cd81..47203e687 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1210,6 +1210,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
     {
         unsigned char *key_copy;
 
+        if( keylen == 0 )
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+
         if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
             return( MBEDTLS_ERR_PK_ALLOC_FAILED );
 

From b9e3c6d9c6af986fab79f88be256aec57862d480 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Wed, 20 Dec 2017 07:03:55 +0800
Subject: [PATCH 41/71] pkcs5v2: add support for additional hmacSHA algorithms

Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 ChangeLog                          |  7 +++++
 include/mbedtls/oid.h              | 18 ++++++++++++
 library/oid.c                      | 45 ++++++++++++++++++++++++++++++
 library/pkcs5.c                    |  4 +--
 tests/suites/test_suite_pkcs5.data |  4 +--
 5 files changed, 73 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a4218fb1f..e7b9bec06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 2.1.11 branch released xxxx-xx-xx
+
+Features
+   * Extend PKCS#8 interface by introducing support for the entire SHA
+     algorithms family when encrypting private keys using PKCS#5 v2.0.
+     Submitted by Antonio Quartulli, OpenVPN Inc.
+
 = mbed TLS 2.1.10 branch released 2018-02-03
 
 Security
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index fcecdafdc..d621c0754 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -227,6 +227,14 @@
 
 #define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
 
+#define MBEDTLS_OID_HMAC_SHA224                 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
+
+#define MBEDTLS_OID_HMAC_SHA256                 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
+
+#define MBEDTLS_OID_HMAC_SHA384                 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
+
+#define MBEDTLS_OID_HMAC_SHA512                 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
+
 /*
  * Encryption algorithms
  */
@@ -513,6 +521,16 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
 int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+
+/**
+ * \brief          Translate hmac algorithm OID into md_type
+ *
+ * \param oid      OID to use
+ * \param md_hmac  place to store message hmac algorithm
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
 #endif /* MBEDTLS_MD_C */
 
 /**
diff --git a/library/oid.c b/library/oid.c
index c71cd9bc1..f99e3b297 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -565,6 +565,51 @@ static const oid_md_alg_t oid_md_alg[] =
 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
+
+/*
+ * For HMAC digestAlgorithm
+ */
+typedef struct {
+    mbedtls_oid_descriptor_t    descriptor;
+    mbedtls_md_type_t           md_hmac;
+} oid_md_hmac_t;
+
+static const oid_md_hmac_t oid_md_hmac[] =
+{
+#if defined(MBEDTLS_SHA1_C)
+    {
+        { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ),      "hmacSHA1",      "HMAC-SHA-1" },
+        MBEDTLS_MD_SHA1,
+    },
+#endif /* MBEDTLS_SHA1_C */
+#if defined(MBEDTLS_SHA256_C)
+    {
+        { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ),    "hmacSHA224",    "HMAC-SHA-224" },
+        MBEDTLS_MD_SHA224,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ),    "hmacSHA256",    "HMAC-SHA-256" },
+        MBEDTLS_MD_SHA256,
+    },
+#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA512_C)
+    {
+        { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ),    "hmacSHA384",    "HMAC-SHA-384" },
+        MBEDTLS_MD_SHA384,
+    },
+    {
+        { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ),    "hmacSHA512",    "HMAC-SHA-512" },
+        MBEDTLS_MD_SHA512,
+    },
+#endif /* MBEDTLS_SHA512_C */
+    {
+        { NULL, 0, NULL, NULL },
+        MBEDTLS_MD_NONE,
+    },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
+FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
 #endif /* MBEDTLS_MD_C */
 
 #if defined(MBEDTLS_PKCS12_C)
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 44af9869b..2168b292e 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -96,11 +96,9 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
     if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
         return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret );
 
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_HMAC_SHA1, &prf_alg_oid ) != 0 )
+    if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
         return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
 
-    *md_type = MBEDTLS_MD_SHA1;
-
     if( p != end )
         return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT +
                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index bf1624838..9e8c35a28 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -82,9 +82,9 @@ PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208003001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
 
-PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA1)
+PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
-mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0208":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
+mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0206":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
 
 PBES2 Decrypt (bad, PBKDF2 params extra data)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C

From 6ae1fe0c2cb6de3df2d0ff54d448a3503edd6e8d Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Wed, 31 Jan 2018 23:23:02 +0800
Subject: [PATCH 42/71] tests/pkcs5/pbkdf2_hmac: add unit tests for additional
 SHA algorithms

Test vectors for SHA224,256,384 and 512 have been
generated using Python's hashlib module by the
following oneliner:

import binascii, hashlib
binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN)))

where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512'
respectively.

Values for PASSWORD, SALT, ITER and KEYLEN were copied from the
existent test vectors for SHA1.

For SHA256 we also have two test vectors coming from RFC7914 Sec 11.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 tests/suites/test_suite_pkcs5.data | 88 ++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)

diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index 9e8c35a28..1d617e66d 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -18,6 +18,94 @@ PBKDF2 RFC 6070 Test Vector #6 (SHA1)
 depends_on:MBEDTLS_SHA1_C
 pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
 
+PBKDF2 Python hashlib Test Vector #1 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA224)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c"
+
+PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"706173737764":"73616c74":1:64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783"
+
+PBKDF2 RFC 7914 Sec 11 Test Vector #2 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"50617373776f7264":"4e61436c":80000:64:"4ddcd8f60b98be21830cee5ef22701f9641a4418d04c0414aeff08876b34ab56a1d425a1225833549adb841b51c9b3176a272bdebba1d078478f62b397f33c8d"
+
+PBKDF2 Python hashlib Test Vector #1 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":1:20:"120fb6cffcf8b32c43e7225256c4f837a86548c9"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":2:20:"ae4d0c95af6b46d32d0adff928f06dd02a303f8e"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f7264":"73616c74":4096:20:"c5e478d59288c841aa530db6845c4c8d962893a0"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA256)
+depends_on:MBEDTLS_SHA256_C
+pbkdf2_hmac:MBEDTLS_MD_SHA256:"7061737300776f7264":"7361006c74":4096:16:"89b69d0516f829893c696226650a8687"
+
+PBKDF2 Python hashlib Test Vector #1 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":1:20:"c0e14f06e49e32d73f9f52ddf1d0c5c719160923"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":2:20:"54f775c6d790f21930459162fc535dbf04a93918"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":4096:20:"559726be38db125bc85ed7895f6e3cf574c7a01c"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"819143ad66df9a552559b9e131c52ae6c5c1b0eed18f4d283b"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA384)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA384:"7061737300776f7264":"7361006c74":4096:16:"a3f00ac8657e095f8e0823d232fc60b3"
+
+PBKDF2 Python hashlib Test Vector #1 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":1:20:"867f70cf1ade02cff3752599a3a53dc4af34c7a6"
+
+PBKDF2 Python hashlib Test Vector #2 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":2:20:"e1d9c16aa681708a45f5c7c4e215ceb66e011a2e"
+
+PBKDF2 Python hashlib Test Vector #3 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f7264":"73616c74":4096:20:"d197b1b33db0143e018b12f3d1d1479e6cdebdcc"
+
+PBKDF2 Python hashlib Test Vector #5 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868"
+
+PBKDF2 Python hashlib Test Vector #6 (SHA512)
+depends_on:MBEDTLS_SHA512_C
+pbkdf2_hmac:MBEDTLS_MD_SHA512:"7061737300776f7264":"7361006c74":4096:16:"9d9e9c4cd21fe4be24d5b8244c759665"
+
 PBES2 Decrypt (OK)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
 mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"

From b0fe7bea85b69c4d5a9657a8bec120d103d6ce2a Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <a@unstable.cc>
Date: Wed, 31 Jan 2018 23:45:09 +0800
Subject: [PATCH 43/71] tests/pkcs5/pbkdf2_hmac: extend array to accommodate
 longer results

Some unit tests for pbkdf2_hmac() have results longer than
99bytes when represented in hexadecimal form.

For this reason extend the result array to accommodate
longer strings.

At the same time make memset() parametric to avoid
bugs in the future.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 tests/suites/test_suite_pkcs5.function | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index ab53326d4..bb7d419a8 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -14,7 +14,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string,
 {
     unsigned char pw_str[100];
     unsigned char salt_str[100];
-    unsigned char dst_str[100];
+    unsigned char dst_str[200];
 
     mbedtls_md_context_t ctx;
     const mbedtls_md_info_t *info;
@@ -24,9 +24,9 @@ void pbkdf2_hmac( int hash, char *hex_password_string,
 
     mbedtls_md_init( &ctx );
 
-    memset(pw_str, 0x00, 100);
-    memset(salt_str, 0x00, 100);
-    memset(dst_str, 0x00, 100);
+    memset(pw_str, 0x00, sizeof(pw_str));
+    memset(salt_str, 0x00, sizeof(salt_str));
+    memset(dst_str, 0x00, sizeof(dst_str));
 
     pw_len = unhexify( pw_str, hex_password_string );
     salt_len = unhexify( salt_str, hex_salt_string );

From ac857f3744afc29e6a94783c31333aebfeb2de43 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Thu, 1 Feb 2018 13:54:13 +0800
Subject: [PATCH 44/71] data_files/pkcs8-v2: add keys generated with PRF !=
 SHA1

We now have support for the entire SHA family to be used as
PRF in PKCS#5 v2.0, therefore we need to add new keys to test
these new functionalities.

This patch adds the new keys in `tests/data_files` and
commands to generate them in `tests/data_files/Makefile`.

Note that the pkcs8 command in OpenSSL 1.0 called with
the -v2 argument generates keys using PKCS#5 v2.0 with SHA1
as PRF by default.

(This behaviour has changed in OpenSSL 1.1, where the exact same
command instead uses PKCS#5 v2.0 with SHA256)

The new keys are generated by specifying different PRFs with
-v2prf.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 tests/data_files/Makefile                     | 248 +++++++++++++++++-
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der | Bin 0 -> 728 bytes
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem |  18 ++
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der | Bin 0 -> 728 bytes
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem |  18 ++
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der | Bin 0 -> 728 bytes
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem |  18 ++
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der | Bin 0 -> 728 bytes
 ...sa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem |  18 ++
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der | Bin 0 -> 725 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem |  18 ++
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der | Bin 0 -> 725 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem |  18 ++
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der | Bin 0 -> 725 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem |  18 ++
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der | Bin 0 -> 725 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem |  18 ++
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der | Bin 0 -> 1312 bytes
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem |  30 +++
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der | Bin 0 -> 1312 bytes
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem |  30 +++
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der | Bin 0 -> 1312 bytes
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem |  30 +++
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der | Bin 0 -> 1312 bytes
 ...sa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem |  30 +++
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der | Bin 0 -> 1309 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem |  30 +++
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der | Bin 0 -> 1309 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem |  30 +++
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der | Bin 0 -> 1309 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem |  30 +++
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der | Bin 0 -> 1309 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem |  30 +++
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der | Bin 0 -> 2464 bytes
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem |  54 ++++
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der | Bin 0 -> 2464 bytes
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem |  54 ++++
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der | Bin 0 -> 2464 bytes
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem |  54 ++++
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der | Bin 0 -> 2464 bytes
 ...sa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem |  54 ++++
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der | Bin 0 -> 2461 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem |  54 ++++
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der | Bin 0 -> 2461 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem |  54 ++++
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der | Bin 0 -> 2461 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem |  54 ++++
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der | Bin 0 -> 2461 bytes
 ...rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem |  54 ++++
 49 files changed, 1062 insertions(+), 2 deletions(-)
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
 create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index d4aed678a..049e8cf00 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -234,7 +234,7 @@ keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs
 keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
 
 ###
-### PKCS8-v2 encoded, encrypted RSA keys
+### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1)
 ###
 
 ### 1024-bit
@@ -294,6 +294,250 @@ keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pb
 
 keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
 
+###
+### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA224
+###
+
+### 1024-bit
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
+keys_rsa_enc_pkcs8_v2_1024_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
+
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
+keys_rsa_enc_pkcs8_v2_1024_des_sha224: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
+
+keys_rsa_enc_pkcs8_v2_1024_sha224: keys_rsa_enc_pkcs8_v2_1024_3des_sha224 keys_rsa_enc_pkcs8_v2_1024_des_sha224
+
+### 2048-bit
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
+keys_rsa_enc_pkcs8_v2_2048_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
+
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
+keys_rsa_enc_pkcs8_v2_2048_des_sha224: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
+
+keys_rsa_enc_pkcs8_v2_2048_sha224: keys_rsa_enc_pkcs8_v2_2048_3des_sha224 keys_rsa_enc_pkcs8_v2_2048_des_sha224
+
+### 4096-bit
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
+keys_rsa_enc_pkcs8_v2_4096_3des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
+
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA224 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
+keys_rsa_enc_pkcs8_v2_4096_des_sha224: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
+
+keys_rsa_enc_pkcs8_v2_4096_sha224: keys_rsa_enc_pkcs8_v2_4096_3des_sha224 keys_rsa_enc_pkcs8_v2_4096_des_sha224
+
+###
+### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA256
+###
+
+### 1024-bit
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
+keys_rsa_enc_pkcs8_v2_1024_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
+
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
+keys_rsa_enc_pkcs8_v2_1024_des_sha256: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
+
+keys_rsa_enc_pkcs8_v2_1024_sha256: keys_rsa_enc_pkcs8_v2_1024_3des_sha256 keys_rsa_enc_pkcs8_v2_1024_des_sha256
+
+### 2048-bit
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
+keys_rsa_enc_pkcs8_v2_2048_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
+
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
+keys_rsa_enc_pkcs8_v2_2048_des_sha256: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
+
+keys_rsa_enc_pkcs8_v2_2048_sha256: keys_rsa_enc_pkcs8_v2_2048_3des_sha256 keys_rsa_enc_pkcs8_v2_2048_des_sha256
+
+### 4096-bit
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
+keys_rsa_enc_pkcs8_v2_4096_3des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
+
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA256 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
+keys_rsa_enc_pkcs8_v2_4096_des_sha256: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
+
+keys_rsa_enc_pkcs8_v2_4096_sha256: keys_rsa_enc_pkcs8_v2_4096_3des_sha256 keys_rsa_enc_pkcs8_v2_4096_des_sha256
+
+###
+### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA384
+###
+
+### 1024-bit
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
+keys_rsa_enc_pkcs8_v2_1024_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
+
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
+keys_rsa_enc_pkcs8_v2_1024_des_sha384: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
+
+keys_rsa_enc_pkcs8_v2_1024_sha384: keys_rsa_enc_pkcs8_v2_1024_3des_sha384 keys_rsa_enc_pkcs8_v2_1024_des_sha384
+
+### 2048-bit
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
+keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
+
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
+keys_rsa_enc_pkcs8_v2_2048_des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
+
+keys_rsa_enc_pkcs8_v2_2048_sha384: keys_rsa_enc_pkcs8_v2_2048_3des_sha384 keys_rsa_enc_pkcs8_v2_2048_des_sha384
+
+### 4096-bit
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
+keys_rsa_enc_pkcs8_v2_4096_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
+
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
+keys_rsa_enc_pkcs8_v2_4096_des_sha384: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
+
+keys_rsa_enc_pkcs8_v2_4096_sha384: keys_rsa_enc_pkcs8_v2_4096_3des_sha384 keys_rsa_enc_pkcs8_v2_4096_des_sha384
+
+###
+### PKCS8-v2 encoded, encrypted RSA keys, PRF hmacWithSHA512
+###
+
+### 1024-bit
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
+rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
+keys_rsa_enc_pkcs8_v2_1024_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
+
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
+rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
+keys_rsa_enc_pkcs8_v2_1024_des_sha512: rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
+
+keys_rsa_enc_pkcs8_v2_1024_sha512: keys_rsa_enc_pkcs8_v2_1024_3des_sha512 keys_rsa_enc_pkcs8_v2_1024_des_sha512
+
+### 2048-bit
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
+rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
+keys_rsa_enc_pkcs8_v2_2048_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
+
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
+rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
+keys_rsa_enc_pkcs8_v2_2048_des_sha512: rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
+
+keys_rsa_enc_pkcs8_v2_2048_sha512: keys_rsa_enc_pkcs8_v2_2048_3des_sha512 keys_rsa_enc_pkcs8_v2_2048_des_sha512
+
+### 4096-bit
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
+rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des3 -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
+keys_rsa_enc_pkcs8_v2_4096_3des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
+
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
+rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem: rsa_pkcs1_4096_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 des -v2prf hmacWithSHA512 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
+keys_rsa_enc_pkcs8_v2_4096_des_sha512: rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
+
+keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_rsa_enc_pkcs8_v2_4096_des_sha512
+
 ###
 ### Rules to generate all RSA keys from a particular class
 ###
@@ -308,7 +552,7 @@ keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc
 keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
 
 ### Generate PKCS8-v2 encrypted RSA keys
-keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096
+keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
 
 ### Generate all RSA keys
 keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der
new file mode 100644
index 0000000000000000000000000000000000000000..4d55a591130415c2fe32e3b9152471b3c9c5d8e5
GIT binary patch
literal 728
zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UmRshQ@;Gp-Q=
z0tf&w3<d})hDe6@4FU)S05B8=2r7n1hW8Bv2LuSI#I-Zk{WdfNf&zel`ZfdoIelBq
ztyrs)l^J}O`qY7tXYL)X^_%@PM>gmBIG`st_(NFpncKNK%a4x_6kDwR@_XtXQZJaw
z&-O|Gw}*kdOXWz?X4G$ni$U&XTx|*XzG*1wLqX9(kO!B{C}yEaZrh*7sIQd9BQ4L~
z>FQNEAJS!#FVi})RcG(;mRJk=1`X$GC7s#_d$|dO9wKINpuFejF;ZUh!`o7RzVf4-
zDED92{rGHXHg9D~fY_MTe;XEKuWFx+)%p(fFL@p=s@cc_!DhFNnVt+67on=NrmJML
zTQZ)H4u|aW*=RXuj~?R4TWH^pMJ{SlSubvRs{a^t=lMMx6@3W7C9tTra_+0Ru5hbi
zT$X>L3G2mw|Bi?krWsj3OX!Lrhvv)Ptp_d>AjWj;J}aL{y4s*C15-%p?_p_jPB&kd
zpOg8K9+rWxJ|TpR=dN|Hv6%xx-miqchQslXgpn{$lzoIhv|vjN<2XUbD+t)D@=b%e
zhE2>`^{<~qC88w`Nu4!7t}XuS*!bA1?83YXwTf8QCXyvL$b41=gm1#1X&;~zCTC+3
zHF%Lau?Xce!O=JXfFCN!RPj;aoGd^Yr=b__;=-q8dTC9y!kv8b;~5Gpb(*b`+c^!a
ze~opsFVK7Np4K$Y_;;5-JYd2}K=+`u8E!F(-LpZfnvy-Gea15iYN4aylyr$={Al^n
z<Q<=BA^UsJU5F|XdsTg9+=Ys9Cwd#O;I7s+9xXR8(OWTD=kbqA4!iKoXu}9NdIS7<
z4g9Ch&6i)7KG5_xKRSoFp2ZVVB)LYVooZFJ0!(Wt<OdU);uK{P#OO)`(~pOLefuI}
K4NO_vah~>5e_js&

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
new file mode 100644
index 000000000..b47b5e8f9
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIc1vbNC/8pHsCAggA
+MAwGCCqGSIb3DQIIBQAwFAYIKoZIhvcNAwcECLMkF/Djhb0fBIICgAg/jv44TuAQ
+yB+WMkHpvVS25ZLJabHUyHLS+vqhEkz2AqvJNETL/L6bIHRD1o4BJ8Fcrc339Bz+
+zuFHnK7JG0PzRKl9RcO/SY9lfLFNkXtyPxB6DtSXeYTV49NtAvWPV46LSBnMqnP5
+/Tkmk+sE3Lx+sBMqe/rpBeZM31fB9ShS9FgDGfE+ARvzcuQslYNazdT2KVeu+5Tp
+qSN1lhAW18Dwo3r1IpnhWGZ5r66TEEunhGI+mX9GdkDhhFiHHn3tUPiWSh9UAPH2
+W59/c7sY0Rn5AmqeHu6F2b99ScRaLhkt6aFNnBAcnrjHhqZJOl4UOR7OGL3WlNjN
+FXfCzJ3/+lA+NNEVWScb4xs6RNQRnJ9NHyfdSJuQQM/HXhaW1nSYoFS8nKDpenXA
+8hb3gbrGeB0MybmpGtiR4MhJD7FWnH0uQsA4dOrrx2XYaPUBZGtqzvrIDmzO6jv1
+ixmuSyw7nZSYqT554tPT97oBRPHhQVdz7fGBEqxrBNJR1cQjS35Q3oes6jarzTsu
+z8REC1QXZtgbWZvlm2m0iwKhQItqOfSnlNkL0IUJGUF8j3Ijz/fbNsfPOObpQCic
+ARz1Mnq9ZaDMrvMMpJHcMhYe3y75zuv9WODuPl9vNVc7KRRWgqVDmBHYZqHh4M2w
+T86WrEbnbNEHHPhXgSsaKYXvBD7zWocfQ3r2HEstHj9AmoqslxIDptqJv/8Lye9E
+kbv+d48oEkStDIfa032Ha95zsMp7BuvWStwnOG2q5sCexNpQdw3Mp7Y2oejVKRS8
+Vc/icnFu35VxZLq/vBEFEDjzbCQ0ayk+GKYWyAxW7gsmWtSWDskv0WaJ0cNj5u2L
++BsyzY8Hw7s=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..2ec275f143a9bcd1b9f17cb220140bbc17ff95d7
GIT binary patch
literal 728
zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UlY;ErM%$%NVh
z0tf&w3<d})hDe6@4FU-T05B8=2r7n1hW8Bv2LuR3kg^6#gGR9gf&zeWx!{GchDPKE
z>BtR;`W9zJI|G!laEfJ_H!|*Cm-l2p`RH`2!_XM<EsI13{&bgNiiwKOXcA)eqOfiM
z;;|1<_Xbf-@BDiO<;F|^MOkTN!+-BwBkmTSX60vRt#Gt%O_rJ<aoAOg)jsg2=t#JA
zq>k4~o3ci2pZXjycH4$nZ8@`B#winYFo=w5k1=PHeFC|u2{9HpVGXm74;h03D^Btq
zw}#aR+nl}1Tf9g2a{N(<OxoX+Hg+{5MYy5&3^>3&_8HUW%kXeyx*A`wbj*LIZxfH?
zfy0w}pa@HReT1;U6o{mzLHBc7uNX(_2ZK<mChmW(P*h0fI}o^Mh)^oL9Fcne!1u&v
zeq1HZ49bH2Wr4`qttnPlJ)jm~W3|PIc0(pr?iZhrQ^slC*Y%WeE%7M`o{`NHKGN;0
ze*7hA-2}-_L>eJKpOk!3lRJydc{T1SasXspCP0zQiuzMvlc{bd^{DDb99*VW(syC-
zj+=va7!K9qEc(s%pXdWKVsLROPWhR4g#cCO^4D>~l{?!>vVo*0FGvBUbh+8BbA&tO
zGT~(mhpEUc$k*y}pr$PitycW1U4_TgQ9=0S8*?9_ifH%|O8nABYYVOM{tLTkXi<**
zqq#<MY`L!{qrrN;%-s2Y1D=M#lvZG#*Yd^jwn)$ujb-TFbUBoo?s84V8{L}9ND1{g
zR$xsY5`WXZG0qrYmFO>Wjw;!j^jpSzrc-HM);*WEk|g`|wj^R%mzA~W(Xgiu+ea<k
z{o3twiYYg@BkqXA6|hz!g$(`|yjrGi_s&RdksCbaE{8KzR2!((>IEDbRLCEbnmQkY
KfKkKkx^K4em|dj+

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
new file mode 100644
index 000000000..959345483
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI9ROEj7BZDIsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD8QzMKCoJNPBIICgG/g7EGQ8k7c
+5j0huNkV3WdtH4a3b5w3xD5mzGy2LoTaM+iLdatb7JSA63v5KmWwYI9WDqGsbAfE
+gApGcoAkXtb2FlnMOb1azjDHVkHkMGkINKD8LvwGEb5/eqW6Qk1GS6WH2q7IuruG
+y77wsxkk2gLJcdO8+k0aLMZTQ5lyTm3d2ap2f5QA78NGo0n9zJJs6JAWsoXfdMZk
+ShrYwJWaAYDlFVn3vne55mC54Omx1wCqNM+0kkTvbCS1U96FYNzbvIZe1gaULxAc
+GkRIan8Mo5da+2jI0GZf6w9S5E3f8zi7lltGlfmcN4bMZR3fGwpAdPx7oW9j0GVc
+162Dmn8SS9tgT2pWeDb1DjjabeSc5YzMIJpblMJM6KB4g2GpKhuWNtfHLIxR0M+7
+YTvmwE25L4Oq6bOzuM4lX8rp1fTqnOQDmXHIB7PO3w+kh2nxUwOoB/9nXNlkdUw6
+CbsKOr0MV98Ab8pTvwhZUm3UhHzONInDkHH5POHqqWc5XCfpW1fekUuOIkr3yPrt
+F1lY0KBMq6FMcMm/aZDAaM6rB2yLzfe8ErtA7zwkfb3j44bYFFjo3WiaaBUnpmps
+oAHdDqJMpsfs2sQeEa7jMb6dGUjlUU/3S+nf9cpQAH2spWbDMhM5Sewc9JpGDk4w
+6KD9ICHr+FgT0sF8hTbBZifxAeuXuaq6r3LGaYNs6EvADC3MzSNu0dt2ZK4i804O
+y3LSXX/5zVqSbmtQ6NW5oL0bAR4SP+QLCJtXYLI0n7WWJwesFokW3ZWgvOJe40gk
+9oNQ8DyBRlK8ier9K/nyS0VVo6QGxPAKr2Th960ekBWleHr4UGnTUFM/iuTuOTJu
+l6dmAeTEdaE=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..106aa99de7e8238acfef03a40dcbf05d2d0123ff
GIT binary patch
literal 728
zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UkX_7#pQ_8xu$
z0tf&w3<d})hDe6@4FU=U05B8=2r7n1hW8Bv2LuSYIm8xwVMl8Of&zdp#!bd9MOM_>
zA|V}I@JRieAOg*4O-`E|X};Wd==p2=Gukmo@{-VwoIC^}vIldWf>tFnw|y6oFUJCO
z{11~q6}Cu-nCOdEraPy&i(ccG&J%9Pug~%`0dZv=?0kn!+Q;Xzf2->zDt$v(b9_w`
ztcela+b%f4^o#oy;PRS8?3T9jE&pS6OW?#H9mH@<>ML!$OJ;tkCJ*<g0l~(^duDld
zWc4g99C4QM=dK!&y56seU%@89LGtwGbOg}_{*3)J<pwI{@;q|39lHJp@DI_inV9`*
zNq`KP2a{h^9mG*GYGxviWAKH@{xLj<4tG&%5C_cbmCyfqK_@5fxphnS;Go6tk;!P_
zz&gQIAvZN6?W%Zu+yVgG`NK@6UmA~}b`FkVo^?R$s9oUobix<Wcy45Wx#L%DL$R*F
zx;XfC4WFZ~j?x{rm2qQo3mE?`=7>9+m{Q^pht^j+I(&+gr4XI=?`u+RO}{F`-`7Wz
zW)x)LLDHHSQNtuS%Zh{9)u}!bJZpx3Bl~v8Jf<1ioZy($*cFLpKTZVdB=PhDX*8Ju
z26GsqLIBec*>)8c&4f|FPozxFbPONn|4{5{EaA^$lw=gmLk?suJBxUKbvObA37wsj
zscr1hm;{9%B3J7J>?kyiqbHZ#dMwhEzX_jq`3_VnAv1JVKDQk>P?BIm_Bkh(=uuZi
ztJJ(K{|S^?MKK2!Xjom;`~YdX>T#3xt=q^QXGAoih*2x-M|T2A=^BF*+pd;ncvvPl
zPQEM_V%TVnM<6WT6&%SB@Wk6Su8j$CFy4f(&k$e%y$MPK-k>GN`-?vj^PVcdGQD9A
K`Vc1nEizwUwM>2h

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
new file mode 100644
index 000000000..3baddefea
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIwD3fpS8RxVkCAggA
+MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECOmyF+CEzwvIBIICgPFC3z4bUVPM
+EgLGuLP6CiDPSKuCx3VdAu5/G5WjjU+dDvEYDtOrVfbBpVhgGAYYuhXlI2bzoO2Z
+RPZLwmaVZMUUPqHjNZHND0BPsHnb54Lyw+xnhIvipYpt7m3+swL9JUzbK4bImhzD
+3UdVYaCwwnpnAcTy9gleqoQ2ikCX28Oc+bZ0VUUIX+KVbVOv3gNN4w5uTyUDRGgl
+AW2E2IKoNNW8oQzZYatdSMMb4Qu09HRevWpUkB//XGrCcC8aAwynxHrz7hSrJYbt
+SJVNsyl+djFRcKg8sudGUPua+mYWEecCs9/MVataWfpnT8hPtPUAQpyRpC9Yxa+c
+yYfl+7jHvJk54Lw92P9YAb5k0T57+G7Fpxi6MaXn6FAMqFHY2dJO7cxsg41qkF6A
+sc3nvcxAxj4gtCgV0d0vVLDjbgjcAevLbzOsJVDzB8y2i6V5l+2/ffV6DjjYO8Hb
+jVl6psDscX4VfX1zkEIyTF2P77luZ1gvXuFDw3+y+HpUAAE11vvFH1hmj7RR7uH+
+Y1Y7gUvUA9KSvIStsSzfdcQwaZTMNdfUNkPzKHMVZJNQ2KYkv8F4QSA7qpC07Kt9
+4iCj+D+8nMxS9s2xsZo3lgksB3srmn6ryQimEcLb/cFWbkTSGAah81UOIVtNJT1l
+Tmwv35rSTELD4YVWz7CHh9nE2JxeLg6WmtlzF5ALxi5L/grZUN8lx6jNeC8/O8fy
+twXR/LD1xmAn6wxcxraqnctBqzknpOP3Eize7pCDpOJR0Z1WaHvULez8G2CedEo2
+SvU8YqnJ44ceom2V3wDS4+005Xq3zKDY6xL2htnDHd2vOPstGLfHxEppNpjBqa9A
+qj22QdMCv58=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der
new file mode 100644
index 0000000000000000000000000000000000000000..cb158b59e3855c228ad6bfcf280904f87a26e0d9
GIT binary patch
literal 728
zcmV;}0w?`2f&$bqP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90Ul3NPR|`k?;2c
z0tf&w3<d})hDe6@4FU@V05B8=2r7n1hW8Bv2LuR**z+EGS(-ltf&zd?*Xu?3d*4yf
zdKYFeZ<?@CVI6-#7a6R!ntbsH)8S;>Kb>NmbbK?H&T*kc>;_L^5E1>6idd%d5sG%|
zDZwYjAm|0hRd0gw16$l`k1Z?vZ@~;cv39-n`z)-%13|*;?sd|gvrjh_kJLSBCpSo?
zMj*=Z4?n5ExksT7)r<9OkywX%(UNCsP!}x5^hlR8W$ccUn-tk+11{q8R<^PB2fv_n
z7nVy4-i@!(fwwZ25f3YZbXO;tjVNhgR3oU5T0#XD79l?^K+eW7<iir%+%Tduu$IOz
zi{MwO(Q%V$LWT~e5TE^b3Xez|g|^Q#Xad}QkcMpwAKFIZ$1-Wlr%+s4Ah@2To~2}O
zUe6=JT~p}Co4r98KSYp!^0V}HlUT0}X1&r3xa}o8nXu<)9{^N6e4tJfGV@xev+84w
zqyaV(&)=>+0enQiL~KbTY}|T0P%xntz|&oJ!dWqQPuT%>Z`MbtDMJUc+`iuUyYB-H
z)`2$K<WiPQhH?LQLRNq+6x8mz+=zf)4OK1AFffJv38{Y?>MgBo(%iauwddm@l=e84
z=VkYcot@CDYnj?E+bt0GbS=jA6x5Nn$SV=`x^R#<7H-CJ2$e%G36D{w(MU?PnG=9N
z`#n+hDbuR*x6ybM#bee~ncw3mm1o2i|LF(24cZ}=ca{#a&Djp;bVEQONL6XAz86%L
z!`KG)EQ5Z}25(<dVj$kSCBRTILIn=t75>hkJfDzIoj9#<kYJ^zL3VR3_UuPI8jA)@
z2{<uf%@GyO5z;EGF-iFkcINC%Op);lHX&;FZeK<fz?z3uHt}UiE~nDekCc>R_cE_|
K7fa|51{f%?KunPU

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
new file mode 100644
index 000000000..95d946bc0
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQINtUwWQJ0GUACAggA
+MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECADq8lFajhVgBIICgJfbFYo4Pk6o
+m0FhCL1/6VwE8oNU8iRbzYLs+ZjpHDKKs72N97M6FkPgwYQmcLBiJgYDfk+otjIy
+Sv2QOklnEi8Vu22c+5P7UQxbobSf26hGgRlvue9xwBWylnBj9VwvgUAhbKUKJDW2
+lcUryZBQM9vX3cpeJUN7DsRFA0gyYjuoNTm1+Y1G4UqZcQUJyIVqSHA/dKpitnhR
+xRNP/IkkY4GxTE3VXSoOm9KecA72iAnBdzrO3yMx7PkWUotZolMXK//5eacginYw
+dSQIZDCnodaC0ugH/7QuKbe3UUyMt9b/a7Fx6c8CiR3xA1sJt0N9xGK0M1+JFBqr
+cewSxvF7I+IRRE6buo1S5rqzBTZFfGArvyklBKgC0UmSFu9B25HcQzrBEXMPneG7
+W736jjfwclwKwboCXt/gHJBM69Pf2Y/Otjf1HGFcly9D+P8SPq8dkBSp49Ua9RpH
+gtXpaBiNZ9Q3DIXMu1U9wLYhYJZQxU+FQHuO4wGR7h1KdSzZCg84E/T232qDr1Rf
+7vLo7OHsAtQGU1pZGGorlTcY8KKwdeyo9Qk31jIZf4DwLKu+Zk1zICHrE1kuwNVE
+5dcIIKA86Pu4iw2i91At2GJbGJku9j173rSL4IHV4ESUKKoHMH2ncBfjcTtjBXXj
+FyauFwU6qFo71WXRMGKZpZgRenK2Lyr8/e1g/nEbHDfqN9ntgDlJhqku6ROP1Jns
+WzqnWRquSk93p0xDMZAXxUZSmCzGlBr5xPhCOmHp7YWZrLmKVdWXM/6MFWpj5KeW
+raxqwtiL0gU5wkKUkIxvIrjp0PqtU2q2dzwoL0blAXKEqU4v1nMeW2qhY30qz/rT
+wu95SzZgh+Q=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der
new file mode 100644
index 0000000000000000000000000000000000000000..d29a1e69c87016dfda7bf260d80a2b721bc56b4a
GIT binary patch
literal 725
zcmV;`0xJD5f&$SnO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90UkP{*EfDX^(&c
z0tf&w3<d})hDe6@4FU)S05A~-1uG5%0tW;LFR;%tG9fdT1cCy90-jyz)5)x<=mi!H
z02px8XL-h=d5keor$Pl}#Bm_HJmh+`3Xy4Dpn%G^|KRErWM^5%^rxm^;Nl6#p$kjk
z0-6QS8Gpc9f64tbuI9PWg>ikSmuYucgkjNL^8_S!!!$t@lKzZ?Q&su4^tGj(KiMcy
z>AieN0cZCBzLh?3`5lJ>4Xn`;1P076HZM0eo8_)iy=}2^#s?jP&h{Kda%*s|8YAXv
z3ZlN22OyP4pXH!J)4t_v*AP)N2P^=uJQssptRwPfN_%6W!`~LNHLS;V9IJ;Z!*ECt
zHPO&r8X038Qj}R4x6NIxsXkE^B4<6&KoyP(KVlDmJCu%E?^R6XJ<h2>@Ahzpo>#<y
zm7VzTHjIeHs*a#`#9qmd%jmTGPjr+7%<HIF-bk_zl(C0fb6k)N3c2Ti&FcSUX@Uz%
z&q-sY4;<AjG~wXZ+ZK09gc}r2X{gT7!$Q%m(us>Fp}wVx$N+d`grh7@@H1X-X?X0p
zcTKONM~r8UQm_u$9qOHK#&Ocph{A|0dlu#7>jc2e%Q6cF0huL-O#eMaxs`%R4ebij
zDZi0yN9qz5fusDQ7QAc_{fPHfxL{98k^mNV6$JvY#47rNxC(JKc>ky>La82F?30r~
zJ#RZbJ)(<?Spx(Gl?fqsDqArqZ9#-@x>$aZW4a#Z3qB&+uvKB+?<Y4J5zba1+%;P<
ze$T_M)5BY;;zTS)yfiO}wASSnAZm`!15ZZ32ZmALH(`8MCJAVm{>;R{x*ScKXtuIl
zMj1@AKGu^{V~L&knK$FehRq>N8F;F(EolHwm{T_(6Tl0c*O46blK~GwijE)lzjng0
H>vXWe(bq*~

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
new file mode 100644
index 000000000..9fd035c5a
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC0TBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIoN4P/1fEZkUCAggA
+MAwGCCqGSIb3DQIIBQAwEQYFKw4DAgcECJntwhGUq6HXBIICgB4ql0o/M9lv7Px6
+DUZBn1QFddPrr0slxLK7CoR1gabr9FI91o+dpyejeLHF2VFUYY3F56Q7f0P0b6Fo
++OekgX1ySvsM5EPGZBopXaAnAaoiYuZRSfiLeauHHCC/eJx5SH58pwqy0rY4j2ND
+U1dYB+AVsdpRVv/MOSn6MblqauywTo3rIleK8SsuywV7NqIDLb3CHWEkUQEHJoFB
+NfNb51u3GETcrYWf49V1WCbftPHj6YHlsfmUwivGCieAnNckJvUXa2TTXq+tWpO3
+8ar1cRHCFZSgx2chTgY+S5KoXcSmTp1ilNb0XADQYyWGVH3FUo1BBVk+iwNWM6vA
+d6yhtdAATsdaA8e26ehXsWDUV5OVxctgjX6NVem7hJJEmGxRLQIYfR1Z2bsJp/eG
+ZiweIIhsSMyKQI1jTBV10VwX8M2ovffHfAmtxbZKGVPVLnxW+ilBy6YMR6viZW/1
+EPVKeKjqlgZkhLVBNgu9WsIeP0I+RvNPMaRE8j028NW71WGdgwJ4Qb+Z3687Ob9q
+tgNwp32isZ0K99UX6fUj9sR+kEcF0yMaysE1PXJd56HNydftORdq9o0jetZadlE4
+WYEvIfUd6U4nHK6OcUsNVNLua0XB1hH+K1CcPgY6JV90apsE05fP6oncPwDQT25s
+8wzGpitug30N8CtH/fS+4WjJo5qa8To/JZibg3KhufeRMYKLyflfV0cp7nMtdbtd
+e1CI6KFhD+oBLzsSdG0BrwaSVfxsayQQGuz3FYx2NlcTRhgXeM13pmqmv/xoMYqE
++BC0kiRhZ0yIh7Xpzg/FZNjbuQpQvqbYmlqFdKsz6YjeKcqvGMI9iav9nRA+ag3Q
+qUmDliI=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..7f576bd16f29b70f450f515fae3912e520ce9c3a
GIT binary patch
literal 725
zcmV;`0xJD5f&$SnO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90UkwRi6V<Bizmc
z0tf&w3<d})hDe6@4FU-T05A~-1uG5%0tW;LjYG@2{U|-m1cCy9F!~k6wo!;$>L+AS
zhhqw|Y6L;U58(5&u~ZS60S>504z9S!{-M9I|A!jBMaw%2N7kZd`>oc`44(Ud>I6G;
zeibpq4KDm<&+^zw+BcWtnoysd{27%KB|nx4Trc}bL@ae%6v!%VxZ=mr*2$k?B7Qzp
z5C+baLOI{*NXzV%@KFqC3ug;8_PXsBJDorKG=IGuzIU#Y|Bn2lncj1;eBfq~KCX@m
zw4sHXVhol~t_%5eb{tK`0eD4D*l?2!aIta^FMM7)jY#3WY4H%X{ZX%j3O|LGP5RN@
zPj`ms2R0J6m=kYE0`lyK3yOuoq_ABF+pB^CcJI1_Thx-l4H=`u=HH@Wr!sk###k~@
zNuSChRwe-0c$r7nB%33AZ2Dh8w_peNurm)7!?e4vzi6o=DR$r#9JYYw+sLM^pLKPc
z4lmu{6VpwpCt1TN7qC}?meG0*p#LHQR302Jjkr)-F5KX+){F_eo4XpJb@HMnZ&>Xc
zr?|pri~>0B*E@*w)@s;3CFCs!@6cX6U}3xB_*dL{`1ykbDm{tVi4dL=`NNV}+_3JR
zoHdmN0snUCUlRP}bD|9gDrt(r3{}p{GB=mBv|Acg?N->SL(wvU^n(+-dT!A{Xd<gC
zx+sY^6BCY}G6l<3w8wB}CZP>s#UkpxB9O0-OH#+l5j^DZ*AG!&O!fuUj!Lm&5s4LU
zu|O85j?wavhPw1Y)&xJwN>sd*&<a$F^TvWYef~zIiDbI6nF>_1wTX_6>CATbRm|<J
zA&aIl&fPh}^q76$<N{6hQ}#Ir!G<-4|CL{>_{C%ldmM{qmbP#g0cFV5MA~xiBYr@N
HjSb}5LornW

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
new file mode 100644
index 000000000..22d39e3eb
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC0TBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIDhZ7Qmf2HYACAggA
+MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECHj4bQ/zjLVVBIICgOZGVB9PiB/MTUYA
+HdiMnbJ3ackg1x5NBk4Jxlae/4WWBX9Cg6uGMA5CP6XlzhlFSDji+L7+OatW51/A
+0nREuJWAoAAlayQujwuXN5YWOHzlf8007IHzKQqGtRTjhgGSa5kddXzfYvqLVsdV
+MAb+8UZgc+6wO0Ag27rEWjvx4HKUzS03sqVqF/Rl22oK0VMbVWU12PqLMMBpL6BA
+19MKsKDe6yO4fRbipT3aJ0fv6RW6RESWAXc/9dG/P/0kEZXvi4OwR0dkT0s9m2D3
+7r9Z+0AK5uSRU/ftcYIf5ARvIOLltfNN0TUo58I+f7CTKCDLUQbEfDLsHNuGaAfA
+YRLyZukS1fppZiog/JtwGQsIWMChxE4SVThmYhqJ4mCUA3I2SXKSaS4TMAPrEJm4
+onOG2NSgHQWdf9cHNMHeGj4Ey+qgDHMYUC49ScsZQecdd395j5T0znIJk4ysawGr
+34vt8HIn6iCxp2ZbHzqLm1qeV2Lgme+G9IxJi9+UR+eL0BZdaCt6tdyF9/4HXXTz
+hrcHC7vFVVe1HnK4B2AzO2uitGE3aEodRertqJbafWyOfip6Agjbx/Eu5IDFFrCU
+KxgZxV4agc3/zjwmwapVEZdTr9pyP/6HBxIhhd0KEX9cVMauCcOA83U+iezBaZHS
+frP3GVqBs+CzCx4nIXiCRacc/pf6tec9nL7mbrUtT+lQoCOPcJKcUAZyW305+5Nq
+mGho5y6i+AsF1M1l/Ar2gUGMN9//VscombNMRFXUE2Q8yL5//gJRS1rN7U3w5dRI
+3Bk6pbMp+RlbtzeS2zA9cuLGWtxvdblYCo90p2iam8zqfDKEZ4dFfJlPZvRw2hot
+7BkFp/Q=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..4445235c8391ac6a9b16a1999cc4b6e422272567
GIT binary patch
literal 725
zcmV;`0xJD5f&$SnO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90UlQX*^4p%k*Oc
z0tf&w3<d})hDe6@4FU=U05A~-1uG5%0tW;LoY+rR1`3q`1cCy9qE}`!g{;O9NBYYb
zkl7ql|G=a!Z$aF9nTsiQTy+#lz5pJpbTT2+JKai3rE3CcCN-6KYq1TPN{49=Op#>A
z>|>be$lU!@4zr56BT&_O-^jC)e6^{yur#KJ&I_H5kRCr&a0jeSF>*4*?9%XO;qvQj
zF83p9d2>=jYjsau9<BsHSCLi2t$*e33odDM<Cpm5i-;wo5KKE|Ig#W$KL^9kcNs(`
z`heDsf37DlG{anmG|oyOIcv%QLYw%oZ=Ymj<-4gBTOi{>FbBHM3OpqPZjdgl2nAz8
z<k11}1}oK1<qms_)zT9L#Cua0PXD3BJ-JS3HcH13BXt77$LC3|Ayj|>+`|7UV2DW+
zRI|Vj-Ua)H?0Pfk$fML{OA1%z%Xg{5QlqqQD|!j-!*7odE`)@pAi^Hlnsh|13uX>I
zfOg3Tcl(U&i7&(av-rA)98lFo+We*&beP2|!k@F!QQe2zQ)aqJ{ox?)4OVx<|Hlpq
zEru22&;q|QeE6@RvzG{Jr6#jLSN+VV>Lj(HqD0jxyY7bGbB7>^`9$87k$%2Bg6Y;8
zl#kCzeI5+pmtT{xdDiq<N;{;C(n_!7793(&8?^F3M~t<k*BTpn5~iLtg|w=<#p78&
zjcIn}t|!lI`|2qYpQ>5F+>}6iJsMH*usFLsjlC)K#p=r$Bp-xMsbgWtP1#WeEcr+T
zl!~w?eMG~3_;u(660^;g)^bv;YsszqWyo9lU(?2b)_57(O3_0Eg2AtDvMN6ix4M&w
ze|5Pw)p{<ul6Hf@HX@N7bC`vXwo5rec~Gd1Pcd1v8EUX|9Fi$OSUAPbiMvh#s(?+}
HMc#a1hK5h8

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
new file mode 100644
index 000000000..f8dbf40f2
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC0TBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIyjiH4pgiIocCAggA
+MAwGCCqGSIb3DQIKBQAwEQYFKw4DAgcECEdyE8cGZqBBBIICgIdIfRQNFFEOtqwL
+lB2vZybq9bcajUSLvYnl2q/E9Em2QzgmsEggebCdyRvPjNWfuoPIYO5ZQYhnU5YM
+V1uMIwAlg/6Jj8FVAMgZnaHyktx2usYCecTXXtfth0d+Q0EVqI2+nXZqUoiaORFs
+FsxHZTF9VHpv30edGR2wQ4cSUbRA7v7hMkpQVTLwNupHd327fike4dFqPV+irAPy
+YMV8SWxEicpB5wCqRqHIhtxv27XW0UK8Ki/GcpVO0PzS0vTJl2T79F/oMzo7ncb5
+rUvvq0xIfey0iCWbUfEuQrKS6WmAjKjTXJJnc2EuZVrG3PgDVOS/QO4VcHzXTS5r
+tHQ3uulMBQjZOjGTUbXn2MD7Z3oXjuKmyWamaporesEh1axNw45mgc0cHMB86UHc
+k+yChpETztRzdcJM5MRfhJOkDfU+8oD0QUHqi+0pEdqw6MPsFQewHQ801pZuWX5m
+fvDBFYYKtc3ujNRyB5yy6MusALEc4PhQT93sYR5k3jK7NzvN035syRf/Zu+LUJPO
+75x7Wmix0h6fes9Cv63en+PmBHVveLU+aSM6/wXoA+R0O7BSmUSI4PWb6PF5EIff
+Yqd0ZWNIJY+gC8ZwfteA/GW8Xi+DWxF43SeDUZKXCsVU7TXawuujtNyP+QOxxhBg
+ydIbM6/hQ62LhhQDmcCNlPh0qldvqbcvFrRjRKDXFDoI6F1z8gfMyAGTYAXPfyqQ
+BT93R1/RMRs+haLqUZJJwpaLjpQmd3AbmHe1mHfilbY1D3KzXOXfHlsDl5YAcBQg
+HpFaVulgHLrBus9ou5jgOpVnTizqDpv5YSW5gzjdZBPyF3s5jxLZfY11SdjOwVov
+h34eTTQ=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der
new file mode 100644
index 0000000000000000000000000000000000000000..400aa5d6de3e98f32d297ff8ac5d52242b351b4e
GIT binary patch
literal 725
zcmV;`0xJD5f&$SnO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90UmPfR3^TK>=w3
z0tf&w3<d})hDe6@4FU@V05A~-1uG5%0tW;Lt2cgs9=>!B1cCy9k1yIyRo$2Rqx`}d
z#_Fb}F-5QZq!`>&U_Kfekbb!h<B{1X<kq0Vp84>BNTTL>y;s?48oi~UEPWFNm-NsM
z_6~C`#+MiP*gANV86KKnJeWA3FDxPgvgdrT(-@*(u796YfE9hdXQ0yuuG<@`tXrMJ
znfGAUB*JG{d#dLIVy}e<F)dNMxRKoQC@fVPOo%DGluS|)NmK+|N*+9D072p|gVuTH
zT5!KJ=j|P0w2?eKWsgQ)klKo&eLruu@aFz&-hkD_t^~<)dO9k7pukIyE){fr|KUH>
z%<v&nqMY(?S?h+8^T1Hq(Pp)Xi46Z$?d5l<N`OfVIK?GDJ47nIc-2nV<Ng6YVjzh~
z_<KF7rGl&{Qet)^*xMy#;jP0(ckGY5O2`Mzf%GK!BX`jO^<%aJu{w&ny7G1epvxWe
zIDD&gvdMg#+n$0@N*Hm0_zBkDcstAl?-Y%WhiMPI|A?7Fu~Sdn2~*YZmXm%eA%NyU
zpJ3VBEJC!sya~;1aMDshWH3Jn>wBOXoivu(V9*PVUP`T~MzOu_&)QT_lvRMg+c~}{
zG%AL>5LS1VkVzNs6J*GEU%%k)Js=g5)OGJM0-~boX$j;QG4Mo*(8S05z*A-!zy4`L
zjv;x|ZLQ0D_8fHXT7o}Gw=qg*(w9ghtwwpF<*a>C9%ykwt4^NLsHvG<{qoxR3(lNN
ze_yVEJPB>NOIW_Va+9rV*;vs`M%n|bWL6vJ1M@Np8J{-xV~?$f1x{U|k0=*sp2uS%
z5CV3V*X2R@m&{b(*2ngpXRQDjU7^WLhzA#y9UjWS0)z-@x7@=%hZ)&OL_O`fs3CP9
HX^QSdO(Io5

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
new file mode 100644
index 000000000..12725abe2
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem
@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC0TBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIEfr61PLRSswCAggA
+MAwGCCqGSIb3DQILBQAwEQYFKw4DAgcECIis3kdV3MqyBIICgN8cVWWhMwix1YF1
+5atoT1U1EWGOUokVtb+oTlqJfMvnZeCHc6kYMwbWvTqga88AUhSssFL9WaXPb67a
+BlhYYkijNdOcu7m0V331RWdzxGAYHHv6Zb+43+/a3fx0hYwWsAKBLKnYXbxAckA1
+NSuItKnyrWCprvhelNLJRBY3aJG9EeqjIeh0MLFMbIhFJosnB7oMliYVu4DxnMNq
+JzWoiBHllgidjZm/vTTmfH9gL0ya6TwBgmj4gOvRu30P9wdBPxS7IZi0xj618SMm
+eOSVdRpuxvX4gzQ0TuWTzFIRdhCFx5fL366tVca/YZ+9qRO5oOqAucVKWZ5zcMVp
+yD1SOjMDP7x+3LBzIYAYb74kHol8ejIQM3IrO0nzANer5M/KWIRbXoDuyLzeiqrG
+FbzpL/kAQ37L7o+GS6gyYgN0lQoZxlgTt4t1+DCNAMWh4xmFTNJgXB6a846u6c41
+K4GQrwOXGAr0pYdNg44fB5fqw+594VKxHEa+7MpMvzos4wsISkrCjbFRVCuO78HY
+rwsD6pWtac02fg+8+a8cTmUXGkzoEKE80hTC0r1SO2w0RabyjTHxRQyZtcCgavkr
+E6Avbabq3GDdxT4IpTI6LiDKFaRUpxMnTyToTlGzsi7sjELHDqgOw4/PbTeNeyJH
+PPqoB71p9Djitpw0plUoO9MWQQPWB7ro3W0g+2lS1782wTk+9jWBDVdgDV8+FYJG
+cr4GxoADHFOt2viKf+7cq5ZP8HxvLfHF4kULslea2AM+3yTQ5TTAahCbGOPVJgaA
+tcqOZIGpIxk+aRceZRrKPerXRmZvRItbgZ+QUCw3kRxgzanOHB671jp+VORMFzJR
+jhpl0rs=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der
new file mode 100644
index 0000000000000000000000000000000000000000..56e17ea30dde27fecc6a96a819772e07593e7d20
GIT binary patch
literal 1312
zcmV+*1>gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UjmEypNdV`bk0
z0tf&w3<d})hDe6@4FU)S05B8=2r7n1hW8Bv2LuTIDX?+LO^~|;f&|EORA+lsW=PAj
zL6ryCUVX@F9p}-WmO2lLiOheWlgJ+c2D0vpsS(ngoNZ~h0`P}C9uvXV9*?67R|SSu
z)%lCpG9!?;ma<*^RGu<k9TEr{rvql<8LOJv?=v5BPQ=qvm!>|i(fyyQD+flhtUi@@
zOulBXzC0ixz1cpN5PXcXr4JLCKKm`G6|Thzl|Va32%EQ8TA9n5w2P!yQULQDYCJb0
zwTi}BX<Tk2cv~^_ixvt%8q9L8^F2wOv!T`Io=Lm1D(%>u)Tk7wb#p#CaO!T&>Xis5
z0kn&or^6du;RKZ)tBHB`6a(_<QKzu`$FzFa>(;%<^GFn1L+qI87x}h!JuyxM#e}wH
zvmAQM?DesX72Z2Wjt6BAe-Hxyb-YYQ?gG{eQFB1e6p*`uoW&Cxt}4`ZY5vG)Y?_0T
z>`8XXOyg3u?B8cXhTQoD*8=q%lFY8IJn5pQIT)!AoT`+u*+M`B&P8u{Bkg;ch`~?C
z3{ri<xC(32pT;fGiw#uj;XN%RH=~f(4L%60(a0vRk%L3=1rkYvQatnUBBfZ3Umc72
zU?p9a<(ZZBDxP6*g?yu<R`Y2hB?nsJo&fJ^Na42#x^1b%;v#fU4B~Vc&_hQjPMK8O
ziuW6Grr<D}WNHrd)Gr)^bRXP>(mM@^@-`DREhrIhkIdeavzr7*@isY2vKu8H%;c@Y
zC6~YF0^rvw*gada|2#hE4px#%O{v1<FdHp~Voa!z3;6{|`Tr39)N=hem_FU<_{_8n
z>j(xJRQeQBh>ziw|MorlWMdO*1ulArXcosc8XMA)+L-F15~W2c76Csr)w)GRdF!WY
zv7=1ydC~x0UVHwEtzpL=iM=aPJ|28)G>?=$$kU}{cBJH~GL+@&`#6}jEVTKRX7I7~
zV@gTeEG@Td=p<>XB!=11azoTHgGP^~aMA;&*&+fSinf<J4^);a1?mnf&rLQWEaS5W
za?06B00YS-%ZJ!c!vaa4NowySPCz`vF6pA$P+qa(CoY5o_R~E0BaU%VqN+z87FT7h
z49|+~{uSkP9E<RbrMx}_!>%esvWzZ~IwF>=9C`Y2o~`^Evsey;6u-ib`*mS#+!ogg
zo{WW|8$Ga)FvM(Yp!MPu<m2tN5w;thipq^FYfX_IB{)jAYG%LG$c`W&KwB)t3{>9t
zHXE1CH8a>^?)1=v!Dg_pp&!?Ypgqh+@(?Vw$~?@72-ZcipeE8#+ojr*nMfB;_7h{F
z9F(F5%Q1ugWN{54m`BaHiZ?28N|F7C!_t=7#f#cQD33;AyVfA_;(n+j9gwiltUr66
z&d2$hO8?ug7q_Ju&{E%qiJfjJltFR1eI_%*sE|j(a<4<<>VdI#TZ08oQ;%Ukk!MVr
zs%VlTie^!h86pQJ5xhMh#|$#5oHP$D1c+~I?<7PDI^-!ljaZY#7KqfI^-hX>pw*KP
zN6pGAEt8=rEH4>kYmtEr%|eFU-lR`x52v)qFr^s0t{OgL_XD%8sBZ|NK4FFR^?sN<
z{%1FU*v82^c4S!M9yXX8{wvGpVxGyv7Uho7?;Pz4V{b92LHg*LW}qvvH&4B|)wIXp
WhoI(N_@%t?rO{Ptb=-5^4%Ic2`EcO?

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
new file mode 100644
index 000000000..8ed64603f
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIur3B1wRZWJ0CAggA
+MAwGCCqGSIb3DQIIBQAwFAYIKoZIhvcNAwcECEnKPmr6wiNuBIIEyKNZuEXIk0Eo
+AC7KnJWaEhSDsr4zte/uGDTeOGRVT6MreaWUH3i/zwHXsavEBsw9ksLYqxXsIeJ9
+jfbn24gxlnKC4NR/GyDaIUBnwGlCZKGxoteoXBDXbQTFGLeHKs0ABUqjLZaPKvNB
+qt9wQS+zQ8I6zSQyslUfcDr3CZNgHADdmDFiKisAmT1pbtBgPgzmxLNSmx9C1qwG
+ejuZ/SJ0YYAdRPkDh1p2yEiAIfRVFTgWcjltcd69yDk7huA/2VCxWJyVDCGrEnlm
+UJyybUcXXofneBp/g0J3njaIbIftmYIC+763EKD/dqVIRXVxrkHyYcvZ2nVNUT73
+Uflk+JuHIjTO4jHXiPcaPdAEPLeB2D3Geq5ISYOvTzOeurfD16Y9hrN3IHi9gedm
+JTcEPkAx2hcb19h74XlV5tcQ5ImsPgLRl0euODN07+nj14AFxCQhuoGx+Yj04NkK
+dV/l1rLsbmLiqr4n+y5ezGr0GJARVinLCBehptzxaipXPzRW71IQSddbtlSl1rz5
+Npv0HlwGgwTacv7T0ZdWncaw0VjxjXAwHBD82fCiuH3qZAXEa0M4drxROeIncart
+MIky9qIRjfImr3oh6GLxNBB3FEFFf+23CO+Qt3vrh0j8sVYn3cpbgHcqv0q4fca7
+Sq2okw4RjxcDHyLgWiR20tUkqJT8FYQr0u0Ay+LT2YVVO7+EQVqvlraQcOS4Fkfa
+Vnggn6sdyhWWCV1rab0v81qZYBvRoUK/ynICKCbXaJ8d1mirdNGgs3FxpVAiUPZ6
+LYZ21Uwtj9OoeEQ06GPKq60xHjUmTsNiEkh31AIlSAgdsN/0+pUiD6f1lCWfiLUi
+8MuFUDXqkqXAvnJW2/mKrLvcx7Ebm02rkNw7AdAnUnEx9BGxD1B0TVZtRid6mPSO
+kXv7adNyBH7qoI9vGGQ1ptNRcNxhxqgGgtfwI+0mV6P6G8BJMl8urZYN8aAC7dJX
+/k9EICTUcOU6nIyFFe8tk4kkcjdo9BNkgB4JjANT4ptR2w950tYVqDMHBm1eKPBC
+bL3SnDDm4Cplsy7zAdUPsCe7/Zk3K2SJwUj/lDUTDGCTtq4RplfDEBWb218XWgA6
+rHgi9/EFH3YCZM8EiE9Mnx9UafdnfKhk3tm3I5nKo56C54os/EKL8W+lhXYdK9dz
+peehTsjEQjF0/1OE0097XlCShP8E0bdluoFkD8mKYC7mGv0muJLuHdGMEaCKzKoS
+LBKpZNYdOu2wlFfCkf8zSWO4eZYKbSUL88AoEM7A/kquQsQnb80FkciPFazlF9lb
+ihxh3YD+TNH58zpYvqgOZkBflW4kKIYbyWOm+ARMq+eVph1aNKMdzeW7Gmf1Fab3
+SQmfuEBAfS8u5ghW3J57q8gSJSGB8bpYWAmNGGeQE2g8C6HTxJ34kU2HoFLo8a1/
+cqrExWl0/lkhwqc7PpvJbKIMxVOOXtVMrzG2XBCkfQSmtwwOqH1g6AZv+6sXyLZJ
+PmvQ+R/23+eDqp/lymz0G6F6B10pldgqt5FHYxGaVEp7GIx6L+GtI6G2qGxpHJA9
+x//r3gdd21Fd6y7qHYOLO4fEYAe2sN0mJVjxFLsg9AhCzfxKEHsit5LMdTkGFRG0
+XGP/QsVNcWJaYyaKTXaTCQ==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..847de7a637e15dbd40950541ff5fbfb251255f45
GIT binary patch
literal 1312
zcmV+*1>gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90Uj-fseZxA@*<r
z0tf&w3<d})hDe6@4FU-T05B8=2r7n1hW8Bv2LuS=IirqT>@Yn9f&|FNIhn)_E9dY`
zp5IA#Zal1)@vtOnxxy;BbmTxQ01}Ya5+>nzV>(Y?(m7^?C<Ugl#;H2p-|WOh*?y2J
zTg6_i);<g@U00~<dKx0$jVWhflYk~<#CP=yejr*P6y{OX=*&7cXD?jG<e-GwGap@n
z0g7q7X25Yo?-pneoNZC;QhitfVR>(PU*LVhthb!rd)diuXobR$#L;YuS^BoIghj{H
zEn9YWg1Wa+E_v&UR#FcbBMAnukZ4Vl9^*QH909)9s?-qcj+l^UdagC~OaLyC)A@md
zG&J2;LsE11UN;oDeBuO8kUq&hLKP+(DgB0^y_Ey^ONH*xmNCx}Ysf!G<z<W|!L-kb
z&$YF)x1cKD7w|xB;+y%SWPpj{?XIyLh07i9P$#!D@ktiQs`qn^78Bs{UrE@0@dldK
z@gxJ0R9v#bs~A)c4l?B`G3R`O6Qo_W9iLV-YCG;;>?hMBJ7yqcAWCizgJWoN-W{(=
zk(lvMO)sivA_$bAe}|ZVeFY+`uA(L=(_t5}AP^Bh(EsZ8Wc5cgBxb0($N7cz&EYt4
z9Kc}cAzv7@qm@QI*R4qMZS=XueMG_zJzEis5}~vhU6WJ(jYUmS+2crQL7YKPNSD<;
zD0$b8=E9Qs^lx~Cc?&S~)GfdctPZ)cSw+!V$_?kKcl^#>Ibp%SDja~FOx3+pLF}Lj
zN86_Ina&4$Gi#09V!d5CVbmJzg$lY1D22d>D*mU1N$b8>$fsuYO<_cMn1G++7_5Lr
zxLf1hJp*TCQTL^)JA;7v!vlfyPZi7BS(%&}c!s!_D+LmR_aM(jK{pLCLIZ_{3MLIr
z>)2?d7*)6Wh&tIXYzA0)6!*XAhHS<VekASs?WkJ%k~5otf4dC^QBt%Zu?^sQDlW1f
zg56c$txzlWokgkE%y8nnE>{=W((4cvEbbYQWtQ>A!=pTkmUJ0<LFl<wef|{$H9}!p
znW>(~U<e|XzMSHEqr`_b^tG+Dgo5@kyV>*5n=<){RKnXKo#T76sl9%Hq+Fxf#1W*x
z!u3#41Xjq|RjA&9Djr_lG&1l2>Zsn(A-PaUYi6C@1I8%Be4S|>Twt^pV|_0k46~9w
zAt}OlURULK9CoOGLrO?uHaI~YUKvgrj`arT;;S3Qg}dc0(_bwm!EbC%_ePy}RV~v8
zteUnd>et&;k#LV+oImtGO4|CAwSKp%ijHjH%W1D|;)oq~UD;^pbGkBe#}BKUZ-XBw
z-iGPhfNjVuo|tnyQ&ZNfMX_yh#DZK6J^PCfq3!tE%&d6;^wR~GD04(0!s<&FnJ`p>
z(;C%gz_UydfW0{phP-8F+D8eCkw(jJ14KTvYR`<~!NFsPFI|vr6#@X$GPw9O$V5p}
zsM#|HO85Q|5_zwJ0hKVeCZ@8DS&j)Bwn=6EzzB1q_)mPVyMQvznrjxVb$1Da#N~L|
zqz-x(5fA~guC~*oL3vH(klZA3%Jo>-LLv8^IfLN&2GiBX$D`*AX+byg01=u*lxU)%
z;!V%n|Hicy17L=|*ipFp&dN6&#bKy&7*pVCaA#O#x*glfaI;w1V#Wg@H5HeLR>!kk
W;TSo@PCc5A#R2q^wKv(pKESQ$cy#6f

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
new file mode 100644
index 000000000..33a770e2f
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIv/X98EPvjcYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECO5EBOummZrzBIIEyG+qrKhGE4TX
+ch9QUfLBhcklrpcd4xOF0FfwVfaO17gWAOp2Ukdm1MBof1fF2wU0hNG+dX+wIMhM
+/MFZWx5J0PLULmAe+m5rEVqRVY13Kxa5UJ8W4oglXVfeRkTvyuWr0Ov8E4wrh193
+jmGXA+jAjMZaAgHWZzmHDX0NwEeoitkFEXJc3tt7WAaq93/QmtTYKH5eoae17M1o
+yiSAxI1uNzHryPRt+6hp1z+sCAcniIe0fF6GrmkS9KcFzO99yehhrxyojiFPLSDr
+Cfv8mWY7nUSFAW5UBR6KA6Ggp27FyKXKc/k9fvZzASJzyjxG90FHyIEdxw5KsWU5
+NAAO+P2Da8aX2xctAnKxY78cFB9Iu5RSCGc92pp+G7OcdFUjXsYXr9KEX9s5bObh
+TuYGtepHEKLajFZ9JvhjQm/t2lYa0GGBNH5j1wwmfdIqZZR82mYgsgVVhyp8NC+Y
+Yw7K/rjZDgpQYSrUHGxlPYoxZwAHvbTHuTuGI3N3mS6kK4Y2NY0OLQOrVnFGNT57
+ER2LK2PDUrk3tqTwpIcRKIqeMRayqNQ9MUsjjQ+v+yPcbwbZ78Ci2niq4vclq+84
+tReLs/JBo4WHfdtFdzCnIqLVx2K6mjkaGL5q7tKYQoDjHxaU7Rp8cqy4d3EFovZr
+W15EZaFo70vsxN6Dkr7lkJdBbDbeQCdkTyL4sLimYKselKZZLUl/gKw2hCC8vfoU
+Jjs7td4IQ0vhBtVT46PUdLnvxcqpGoYBMiVNlGYowP0ugd2MHISFeMYytSSq4Kqn
+0OnbqG262WnuxXIufm86KTs9c/x1+ZTrAKrk6XarmbF8I7pB0jBjObZntGmZ05bF
+vJgRUDAx9sheNwPPiIM/7ttCDoxU1escT+u4l675FkHMhZDUSLSRqVNvGmt/ES2F
+c/dIq4iDGgG+MZP85S09ah5KKruDE7wvZdpA7NTWzSN/FL6JokU+GsaWGt32Hmia
+OK8F/CRtUfHFUjLIk/+v5wzqYWqI3LjorXQSV9pWmtahp1cLQ5Wba9vsPP/Wvi+2
+m7FyBEJtgKP813YOND5ZG+NndlkUahwditGJ2XtpS4sDhFyQ50oQm6vVY3nxlkyi
+7gcCE8xOI8ufFS7CBl12pFys5XS6htkmBbMSncOoNo7P1kuu/n+CcjCnWAY1iFsN
+OkYOKDZlRdkbish4JqTe0LdRV2CcpGmDoZkMqAo/gacweT1OswgxPZqRAlaakDsk
+0z+wy1wNgJlLF6Mhub1zT15e1Q+/wHUNsAcIRbEsq4vfSVn562/umqqVZleHUfoB
+tAKAAIwee5aNB8fBcUFCqiNPFGnyuJdEy2QCu/xiFQ4M5EGGApPOoQpSCu40X8kx
+tIsIihquALlL2nx7jPvBIpasKq9SRRg54VYp+5WQBVxUSAY9EsaRSuNrkTJTG88q
+4WO5rHW3WFZOwfU2LGvjhz7SY+9H7B/A5aRuTuU9BkVnm5w9WtkS5pHU24WJ34MY
+LESH1yE99OtvHuz5PwX1kcoYKdGnd6OeNkRLWl72GeTiU8bTJkB8SHx9Ol4kVTuH
+fPsY/ekPh0rSuhj7L0kCTPJqU0+Xfl3rqWAKlpXLFzMKyIEhu9kGgGRAr7kB9ACL
+ocX/IfJDcGRqP9cpBI04aA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..5a7c60fe590ee880278ade7eccfce546bcc15bd9
GIT binary patch
literal 1312
zcmV+*1>gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UlC%Q{Y!e{4<y
z0tf&w3<d})hDe6@4FU=U05B8=2r7n1hW8Bv2LuQMi2Xqo-5S#bf&|DN&5pA2#~1WG
zDxk9kC!Gqckv5A8<j--G{D+SXXqY=<BK57!t8dVI{JSk5oS^mkoM3?G#AqHWq4*)S
zPA*Dijd1vs3P`oY9DrBkV+#Za`?N5ryl1g#D8~s0MC_!W^RAhr_v1<e;K+4n%NS#=
zs9Ps82T|cM@mX~)S%;l=hy=SWq^5aZ|BNa>MB0{=p!!Yqp`4SQ-}}lNLuPKwhOY?4
zNglW(sA9M}h~_=5oZF#93sRm#*2yPC9uDw|YcQpYFOoKC&p$q=R#a)Yn*Y~BDjQ;i
ztl!Rj%;X%O70|{{Jy3B<eERS!X76T~zRE!%!uVtH+vr*;EVr^Bis%P)YBOUHK!pTJ
zN}y+f`iHK7OM|sFGC9uh9H}4(w7fQ(#)Kjne!v;K-K4E-Aka_<qMhA~&gU{Wcewv_
z&HQ~28p;%G4n=d(zI9XoM7W3<Nu!d~?jIor8mBqYrUW<ot7(*m01^WSKrPX!Zr28E
z3KWuiLYn>rEE!5Phk^=SK$^5m1`c^)$7P!&w8b}nZ5vE}qvL1lZmvwv`y8B;S=UL>
zp#b-&VoDtl$bAfs-#ugfavEEt`uf+&--8a*%{Tw<Oh}x`0AW;^Swb%ewo!YpfIS+C
zgW_uA85?BWo!nHrDDYMQ1Ek;`(TPBA3J=?)p|w@PR@mlcWa~KV9wf^gtyhWNk&N~;
zSZArgpRUO*pW(J6x1YSBbxPam8RhHOl}Yn9t~}}2k$3cS2REae{>7^MtF&DE&hv1Y
zB#SWy(Y@HkuiN|T(JUSf7~a@&+}s8~Y*4^iw7kViBMZ*NE7zjTxNI|#@Tgh2x!TX!
zxDy&XuvlX)NDh41tBC$?l!+{n(;v7;(fyuAN&kFctVSD)Y#L|jCe>XqK=yresc~Sg
zry9JhHx94dW<|r{ZXwLA{lW|)+_h1<i!0IEov;|I&RW>LeARhVn0)scTU~2*7rm0M
zCXn;#+nfmh+IQ0tkpFHsnMSWeSWPD3i0N0D%%AHXOAxVPR>H0(fNz(#{W$ew8oc7>
z88W=rtj;XXJ+8+w(mo`E3h$=~`!Ap@eO*4m2I96#<75Wk9Cf{|e6dqGK1BwkT;mi@
zN=ba26A}HyQKuyDToTp#_rz3I&u{mxiw}FL!P_zzF){!BET`DK2lkze?DQAOI{nHG
zo1M({SIN-6<hU)qL@!(bU;6;qB6@jvFzCoE)C9g}jEV^P+l%<KqkJQ&KAqZiucF9H
z9TaJE`GiF2jSi)d{VQm<Mb=cL7WS1>1dN6!l)4f){?e$Ar?xi0(8>rsabWh1X{rsq
z5BedQsX>-By{%>bzozQrMv)QJujxLL7WXy0Y+2F1LV^LrSGH3Lmf$ExGf)rjT7eTw
zat0>n0yReol9_lmL)%T>?G6*UhJ;<IJ}K3RK3B88g$EM>BNc~RHJHzKe2vw^upIpG
zggLQu7)hglR)w`^@6^q4w-5;0X0K=&^^3fz%2_<0-4_cRedkp|TDC7kT<^YGDX3mx
z+32<Wh~2^`O7&dFcK?lQwrvv)8ZObnqpjsUw|`G+EB_#vD7Jt(4X_Nlu3<&bO)wO@
WKAM257dG0VJmP}c<B@1WB^LJ!)_?K<

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
new file mode 100644
index 000000000..0d1b587f5
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYFcs8Uhn2poCAggA
+MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECKCBLl+C+3nCBIIEyEnIPlXdh1e3
++cnyhX7dCRzR/NsygcRBJUPdwRUMAaOo/t+oZxFmHnblchxQ+pFoHrI9GVwg8uID
+meEHlzSSKt8kOTvJ3C148jRFJy61YH6k5GEN+z5ihS9uTszaXRUlEsGfP1/SzWY9
+ME+pX+0kwJ4az87mYKyNUwK4U5d65Ic30pvRJc4unvFtRz6wtwqU+EV283pXHfyc
+VNgQFjb1IPHEz/PSuE9p94mQvdIbVmuK2dRiMag/HcABvVhxzLldKyEHHhrHR0pa
+gc41+3HVjz0b6RPE24zNrxA9bU+1URGwlkIlh7Jpc/ZuYRj6LQ33xUdYZcMZw0b4
+pSFJcUgX+GUXLyWLqhIxxc+GIeL2Vt5G0ea5KEqxOvSj2bJV2/JA0KtmrcIjX5Kz
+d/9bAvxatcqIikVNVkQpUc1glKiIBfVrmyJ4XUlX9i5F3cgl18zrYUI4zPSBn8o5
+yxSfCuIMx+3zS4BiyugGNOclIbpLMjQuMrXxrt7S+QlXfdbXvyNfxa3qfqf7/P2k
+ykxl0z1bjvkck6XoFGXdb13isUEtY2NjujZKZe55BLGqr7FsIIQSTAHilwMpK+CV
+fA1EL4ck1+7FV+l8fJ0nN1Li1xOnDeAFuO2m91uibNMYPvRSoX9c+HQKXCdGfiuk
+5tfNaq8bbXeIJ/P8wTjMZqI2l6HZRuXvvmRHN2zZ4BSsT3+61xtvSTISEimDSm5T
+hYY583LG5lpFoOC0Y4EUw/ltmQpKW7AGkLg7SyC9oKvoeWM4c2t8HrL3iKPXtkwd
+A/iEfZTxzmR57u+ZMlbws0evPiZQml8voJnuT6qwbos7g7V/Pc3Rj+b84JZcI2Jz
+D89/VudIHfFDTXC/gcSRG4bd0glILJHT9FOCAlX5TEuRyeWasoVOV+m3Pi8vQM1u
+tCsjE9UdoIdhoI5j94VhzHApdD4fePcQW9DysYa2R10gWIZKUvhUHH3FWLR2X2gK
+Wiz5YkhEGXBRtDHd4cx8EM1bJMKwFyYXjXTPGfGlGiPt8b9u4F++IlsKcgGgPIvh
+2rIm4jHuN3LRRlFkJ5B0kuOOxZ6GBfxasS+Ix4DZoIfqZsGNI5Wu2ikGZOKxX7Ij
+G9RvcdpVV8C2Y+M9qI2+x93WAtQ+NRJo4/+gJ0O9bVUhjjAmIHu2bMtbvr9aPJhd
+OpB9VQxB3c5mEXkNOV52oOGnIGVjbJMb4e3/MRpWtTFVcX6r200Gn6Hn3MnWZXdd
+H7pOpAowTcTlFcbJ0WWjfZygj5HKKUOFzPYNnXKizjzQhF6yK0mphKFY+8tpFQqB
+mV/1HlWJTSsAmh/FN21B2qq+KRiwMdpzKIEKC47mK+dzzo1mrTqmExvbiaLG8upr
+KMb/lEnSCasiZKTh71J3+5vUE+Nw73rYNZcdh7fj+GBK9KJ3hdKwYc/9yyQx1Lua
+4aXnUM6vQAsV+OLYNQE8vXMRtuftbPbV9sqiBLPIc/0P2EJ9mbEye8FM+koHUCKo
+xtJe5SK36DMwAas6tjimouVgWTcAdbq9r8jQlCJ1WxXPUcCJdv6pFQUGKQ+34TMK
+uWOhErUNRdqel9DthU5ig5dZs2DqlzbRzWYosZc1B6Q4/nua2JiBi8IeqtPILr2a
+JYJ9DNzxn07lcFHiVgrJuA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der
new file mode 100644
index 0000000000000000000000000000000000000000..51d4cb0dd5395a72ec7cea43acc93bd5afe6e1e5
GIT binary patch
literal 1312
zcmV+*1>gEGf(0BfP6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UlZEa)UBEJ>CE
z0tf&w3<d})hDe6@4FU@V05B8=2r7n1hW8Bv2LuQPJ=}k{p$e7+f&|EV^!p{S*DoXB
zcPj`|NfpK%PkPcsvYZxlVK`4-7h;&(3NXs(^>?Q7#nW7FGvSTouMJ{j%o&M$T>MSs
zcZ!}KIi?eAOU><Kqh<Ol+wt^tFsitl;FhgZ7PVPc2~RlV=*MC0p`iF4&n>j>jhQ-B
z)5|mQ!lazCs=^k+D3vqvP+~eqLD>usN8+AtsRx1Eh9-b1;;LaMF@J!1`SKwjwD$}k
zBavcAJo>=Gob)=s8a}gVLt2g+Gb$FtL#Xv$(4=EI>)I&CJ`9zE-LV-ESyN8*8OaIo
zwqqAwd9HyRy(t>uVE!)ICFeuGuv85pAxbmwj0dVWIH9XVPkL9%AJY|Q5LBDG6D3xj
zhEkl#Mx>gT{p|@#kk*O<E$_0a(%Wk`sP43dSw~?h7<(9HBnc%I3mFzkqu>N$;RyJv
zbv{ZNi>zQ5{fEI^_DL(5$EF0@Of7O}pckuaes>^)4hfqJ$uYdE%>me4t12uq6pucY
zc}M|SAh=>oq$r@f1Ktn-3my0Mzs2H%^=XR@mblzl0;vs%K*woV2e^T^br#G3sO~A#
z^xP8P)2%*-W<Z#TcSc%AIz2Jn?Jz#X@Uzg5VslquF1|xdDM`)SmfV=qvaaT0C&xoc
z$%~d34_RM9Q)HY3JBSCAJGZDHiP-Z<;Nwp)%<A~Bvu3p;`#aHRU9NXDitS1XpV81$
zV}3KGR?ITm=IlDNCwmoKjl2nf+;4J5SQF<9LjRAyn?S7VKp9zP1D7*l<n9a|DSmwi
znO#x*YeySouyok(ZdnL<wD^_<(x<8zK9QVD_7_^7=T+tc9qNl9%W>mlhU18jmM4-;
zwCnS}(s5Ar0otJi9kYaA^3nA}-IIO_O|Fj#o}P1R4RTNdaPEpW4D1E(jqx_S=_^Z~
z1xRRQ;C^dJyBe2ez8)o3Ww6r;<;>0AUsZ-3{Z~jNQY16v8o;bQsll|LI9!L8jnQ1K
zD{4UTV>%|krENZ8FAl|)r{`%v>uJU%y+<ND?obJ~h%SaP+6UznQl`~9ITNLcGNII6
zw6gd>waN<75Q>-W&LpI{rbfs@Uli^TvJj6Iv+T%4ulpF)iwC24CHc7wvNa@lTBXjZ
zZm!=29rkWP5hvaLYVz-8)w;A3X2ehykybmqcbAQus+S7xCI)_2h=<xfxWHw-&)#x4
zLDo%!>oc~P_%EJ1Kjgw6&fFs?n^yoI5O{t<AuMCUrjARad&bk0kGw`mJnDUj?<<UN
z_cXjN8*SFxMos@u)~JoR%MSFKhO3XwbDmkSYaz4>=X221qT(*^eRevWi4dbG%Ai@)
zpg*UP;FRi~PX~}gv`HpYj~zPxMYG($FKO|1*I$}&I^ik<h#T+58%3C4B;KDU+Q#+I
zrF5lF+neVBrSsSP9KoI~V_$9fxeuq-s0e@0D5<=B*UEh4{;xPdYHm{ig?40I20juH
zbWDN44^zb*HOamGqeZN|jDPvP3p8JGq99on_+!%FUN*%N?s*+>kkz(#qNwEfJ3;_J
z;j>9IS1%OL%GPwCha`M}Fb-FzzjNxu5#gjhBFMgj%{wc4NV1l)cFR*0@pvu_;6Z1T
Wb#3`U=?D9U1ao!fEa9LXbvP}kJ8Uxm

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
new file mode 100644
index 000000000..dd9897b3a
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI9z8gVJbtqxwCAggA
+MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECCQqQHRFeFdeBIIEyMJpY0A21GrC
+pKBL07F7zOyuFIdwQT2f0wnL6lPWvUg02M2jlHCLDYlciCeUhE9fHUDA67814lvM
+dlZ8KgCsp+2mqkoZB/hRvvS+ZdUqkwSI1J3Wt5hz4dKq0cebJWpDAcY/+031+zTU
+9iCshfsWAGdlcAIBZOEXDwejNfIayp5cFKvQqg7kmED+KN71QmSVmVyKafh5m0SC
+2Y3CoZTQ1982VImx4ZOfh+r86XNkrKLj3KYC1K6DR64Uwq2yLNoypTjdUig81ste
+Dhqm+0YXVN4dxXCLF4desKWxN9v78VmCuHvYkRyunj9Q43GVp51cMQfFRBLWIqnB
+OrT8k020lne0MxO1xju2sr3GWA4Wn6MLqrxSdfTq+P7ZYcSh2BchkDPslxi5gNPS
+Hv5o28rkVW/K34UQw72Kur5JGMRNwJpye2rSPUbtLKb0z81nPzJMP+BCl9DttTr2
+zDkkn/AFBRuKH0uWrKv+9f7FDu4hxsdFFnLcD6kWlX/V37b5tYAcy9Atd7lykw8F
+K8wAoYZHyzYaIR5otYV5XgjMcw+z9U+5t4ouXSYght88Y10Tq1IYnIx0I55KaV44
+uCdrptsKnXXWvIux8h8p/SUwvJOrECc/nYxyfS42diH3V3VGV78fw6n74nDOYnLK
+ruIASg92TXUp3Qd8xdoiqdTfx8ZCgNy0mmrYycrP3cUciAYURuKWjjdTN++fk2Vx
+Rw1KTFgTf0Z3dxEMIKDHHDiGUbO9cE8oEMWCv0YJ9n97suoIN3vOcifxG/93RE5M
+1xe91IEY494/DdgsMqb0D4T0G5rbFHnNY8bTDKIDpvZKzcbnm9vnxPi7Q1S1kkJG
+230apDz1Rln0AFO51SAVS8QoF5wP69cL9vrC5miVh3mwqkDVoHnLNpJrT1o/XcVR
+Jl1j1t9lgFNJhVTltTPza4FydXRe2ZBCNKpDci1jFtD8KYZGOCc+PQtJ0Wtcx4qJ
+KVGO52gUT+DSxmaKd+3RyG7MsDw1CPT8inHkACa2G+GGQvqukbjLppQDkvmUPkTa
+fEotMYqnlvqznwiWURl962lyRJJsxClC6Q9R7Pe7pxohsthIHgZFMMuECenUdhYj
+3TdqtKKdbShoF2SBnwYUVScH2VR2ZE8ZLlldNIA+WswG4x242NoemE76JC6DyUQN
+WaxFLL813TmiLYtRq1QZsiqCqr2jRBMJA4cdCt4jMZXpLd8heviNtcPmf6uEpHV6
+VBQmun8dCQAUeCHKsrkOLnAcnrIl9gPlyR6qVAI8tnfs4IezjnvAh7+cN8cQ1AZw
+xRvoAHJfR7GMT7Rp/GTLrSYU+swlnjrDLQ7DwZ6seOVyzmKo1zRjysQ7qF5m6ELp
+hlu6ED1/VZZw2kSbv6BVzYmWHCGnuyl/n9zXImMR9vcM/uTogjc/38F4zBlSyz78
+wHy4EWMn2jWyRYYFfwwLvrxmU1IHkNUKYfaM6qeq7F8R7cqbZhZ1cCrAGcIhPrPy
+ig7iEmTblRw+ARmY+cjUuJtbU/a38kEfCMIbKKnUg4vUnO6s2XCGG9TpmcLR1Ti/
+80tOsEuvg5ZJB3FFGHhSH1gDMAKQwCkcP4wbP/YhzBhq9WU24AA82RtOsFV4xjFV
+ptyV+PmEpJl0DpDeIv0I+w==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der
new file mode 100644
index 0000000000000000000000000000000000000000..40026f98b436bb2da5a04dd12d8b9ca3ab7818cb
GIT binary patch
literal 1309
zcmV+&1>*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90Ukd<|>*gFq+f?
z0tf&w3<d})hDe6@4FU)S05A~-1uG5%0tW;L03-4nWoDoZ1cC&}ko}(15deMs6=j&G
zMXvKRH(3)%*N|oWbxt3T9q0d@ej1xMEJlDQ>aL~@X%DZ<j`%*9LG+95O+$jyNlMCv
z+KV^3!jUW6f`E4kJLe_Q{~RcxDOUM)?jz6h?m`MH1FOMaf|o#Ti#Up}-hRm1N#(k~
zf%YIno^SgnBtBstO`rWXi9h1S$+Pl}^D&8`4+#D5^J2<)0<ieTE(Ucc%EF#UJKMQg
zO*lpNowwE;YdHt1=z3u@*xETn_xl4Oq<MO)n<LN)4J?7u4F!!M#d%Nyqq638u~xvw
zcTnHYQh0MsH`x2p&mKGuWZ9hJ`05^rHJb9&#gTPDjYbXGpwom!nP{V+q(2JQUu*IR
zxxfk8)9vNte{`L2mJ(RQL+JTa)`^335;Aehtbo|&<l`&29x-wSY&vY1DdGlwWc>6N
zP*KA2!@$u20EKj011qhd)gn9IKhN+?3c~_}jfE=7_7<_ygXt~RWA{y^XHmauOn3K0
zrXj}9@bg6Ggpg~dN8H#_rJ7G3VO`yM7bZ~n7K5MB2Sln7Q8~ZsJBxZVBLC)3XJL}L
zpTDE=34pJ&P!-2<K;uo3+7+*(xZG(ZLpT3IKURTDp7@Uy?uDm+TGUj;4wW${^D2HE
z8F9dV^Iaax;UEhg4pMDE(x>W9lEUPaDKKD7#tD1ANC@J(ZV@b2=PC9Z>Wpzii=S5f
zO98X3IPwx%ms0<%o%Y^v_zQA3)6ugpv&rXno3g8-9-ma^Yr1?}1{j~Wk5;~#-F467
zr5^`U7J0C7gDPNy93E_pYx9T+aN8Q;h(&fX>IZoL@m`4QEgC*@_zaiE-D1>BvX=^F
z8SgsOoFE$xU%=oU|MQ+_Ljd%3FmHIKS!Tb%<ro=4F>Jt@yD@Fp0reIXp@M4m`G7pm
zzPwq=YhEGOldcHx-pq<;n8-YvB*2ub^|BnE+K)m1pqTv&7&>**LC85)5poj=x(a~n
zJ<0|2V73CIBhK1X2d0>Xkff2>Gordd=8C}=+GC+NX0Jkq-hTv~hvH9pQ-yCSE7lww
z1DU10CT2b+TxBr&|4uThr4G5sG<q6-1L7T))hFvU@-s))Nh0=7Y}jGHS@&0=T%0r}
zZ*vImzTZsdw(npo#>y9hnaEP#J<J2rfk&5(2IW1tj9RUTFWB2%sfec32`lOD$)8sn
z#^cTOGfvYnAUhj=BrN$2QLQ)0Q9SxI%r3qAiu@cP!!QKf+!kk(d~3A4Wzv-r-9nKk
zTh#i~oEJH-Jm2X9fiC7*!e|7ql=AJmX&iSyfGCC?_iMF=XCwsK2qZF<nWYo9=jfJ(
z;qgD9wx4yLjhhDaJtrgi5E6$QVh^}HO<0zXgAfwGplTnS(*|q>+Mne9AWk`$2@d0c
za?1g2PCB*VM4yhY(O7mjYkgBa#B{19y?iUFVa?|!xv!A^AzxViOu)&G)z_bhLFxVH
zK`qR6c0|;GULiWjvq(q1^?n3ppX#Tw(@|$w_Dlpf;`7h3*kLb)7e3{wJFl<+p?R#n
zrToXD!y*iuYZ7-b<G){C0B&mQqtlc1KZ8jKUu$Gt8RRRLCk3+3-T}`@QT*Ql4ub#r
TG~qw!_(_X)u8?^qui!=O8?$>Q

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
new file mode 100644
index 000000000..af4c4132c
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFGTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQI/++dnhs4VZYCAggA
+MAwGCCqGSIb3DQIIBQAwEQYFKw4DAgcECI5DLMkayM1pBIIEyEJHtZlUPIPn6DB6
+Z017kFJdaF29AqSatT5tukN862+b+0bGwoda5aR5lr4edgmmwMhR+1pTewsWyZK1
+xCYHwn0Jna1HXKRLfsoNdKCFPyvJkx9OdbNfop2uqbS/vrsriMKMloKV1KXUGqCI
+zZ7BVEgfgH4hZu7cX5HH0tMw2/CzrC5OjMhFq/OyRe4retfACxN34WVAqMM4/N0S
+S0ciNYR4C3vKu5+Nfk4R3GGMmmz1WejkYH0QMXFtq9IU8vbMUhAaBXIo7xwkAbQA
+UJF5lurXLJELCIR1KQVEjfYCXViH2ZbhAZuk2BV0B8qIKhh9GhvL+y2nporiEhN4
+ddE7PdAmZPgi9vJ34+jY8E2UiXpXDkSr/8LpLRVQ/UISttARVkW49cOQ7oOV9hOB
+R+0K9fyZWAJI7cZQSsuIPSO5DwDkXclWUFYaa9C0BcHRaz8ACkHu2vSF94LwG1th
+WBvVvm9kTqznq2tNoAk18b4RKN2nVUkfhBJeR2GaJhzsshnpTo356kYNKpSUIm+S
+4bg087Zovrsf0C+49mr+9uGNbDQ2EfG2BJ31faBJ4bwRNata7l3FvqlMLBFJEpUf
+l2EIlr4qX9wfF9OnkmT0gGuuxwB9njCpe7XHbvjmvKalo9s9iP1z5rd9f6UPzDQh
+XdV9pooBusM2Z/VjkrUxRdyurlewD+UQn2MLiRF7t4Rgx5+4g6nooIQlcV49JhEP
+4Of5uDkWzHQ4G6TbffU/sd7THcwTp5wTot0BT2IPuP6qgLFRSQYwx5zplraVfTOm
+GmXD8Y0I8DP3bymMVSuJWFQrSL/8X5b3snOhzF1J9o21NqetXY+YkGIZPfL80jUm
+7ZRSsjz7A4M3MGhsD2i/gwGAUdkJ0kacdnBYCZjfvhEiMtyJhrtpRDT7pSFHCN4z
+jCok/m94d+mPXcI7dSCfQ+4FUSMXDX6IKv7ivsoJ8wqI3YiR9cHdK+EZLWPKb0xE
+I9Y1H93K9pQFlew3U7TzoFEJcee0JHlyM7JGShPQP/mPEoPsHTRoGjYwYp8OHEol
+GAjRutyMS5/pEL3zqT0nWsr8rEEwtm8tpPKuMclPt/p2LCpVBVgTpuVF/Hfnr8Ab
+teL2bpC/D0W0OOOMU3MlfU822vlm1gC5Yh+I/+b3jsgd4xH84PZUBGDLO5+Wrslw
+f5BPuO/DHADonB+DeGqwSFol7zxqYWufdI1jb1YE5pWV7dO2e0vTD7463o6V907+
+Zfc4k7h5ohS/W+RGQDBM5lplssWcOPK5Rx8LpP/vXHFp6+EPnGJTFBg6I4fUYAZK
+HbJAnLkjWjfy7F4AEBkx8jBjYyDqNx3r4WLMU5ds06C5nzG0usTpAtoJk6k3G/Hr
+l/jMr/za+6TrtXyNBDGpZohgxP0wT4+hAMyLGymYnSWFlRVkkf0BANbtcJBszbAZ
+EvNvJaCecjVw2ZsnLo+rapA5V87wR6Rzpc5Yh6IxLQs/pNOcl8S9HhC+EzwcErLk
+J1LB5piJy64kLmzxC/wmJYvR5hY8GjMU8Q8cHOD5SVk0B87SOCt9LHuskl8j5/3/
+tLEjJ4T6nHSf8swXl4B2e0td8/5Cf6mnyqiuOyQK1yGhMjXbi6taYaxb2fNHBV68
+d6QDbGs8iCwGsp6ssw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..e25b4fb9c308623d9c7bdb0b8bebb48501c6be46
GIT binary patch
literal 1309
zcmV+&1>*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90Ulvi-eaBbXR%;
z0tf&w3<d})hDe6@4FU-T05A~-1uG5%0tW;L<W%v=`#!UO1cC&}B9jad>$K-<JMe}e
z4!UO%+E(RIr`<pK1SxJ7-n(l&hewj!MAP%{2OqBEHGkl9$HZCalODYk)$eEEv#POe
z!Zhsy>B+F7cPWJD#?kWM*0<y1@f;#59A4Ax!XXtZDTJUxfCDkL80o>`QxfEuJ=Z*u
zC|lSMhVlY3<Cjdd9dD(r`93I6y4+!AA3!BX;{5|p{ikd19V79?f)HFGmBhLw_<9g_
zt8YqI^9T}eqz1d}B~17-6n_`D$v-f^(#i9rOpfX{-ZAycf8qK2UQUC3YPxN9RxBH!
zxcnV0`qGsInKGU;YBC@3>Hn5v4*j}cM!PAx_5X3+D^h~1I0wJ##K?D}rnyNX*;Woy
zm{sf;2>xr&cKE*%SzL~p`^1&0QVy1gzGJaJu$kM~j5xYDmOy07RHcHY=DlgENR?JS
zn*N2@ks4L+r-%qLXI6|v^-_8DU-Wi1zO~P+*>vxFPq+sLr^M|utY-U(o<d}X1F9~I
z6{NasbiSiT@z{iC!Q&UuKWUamT_Z)dZz9rhY6MCi6fo<b7-2b+-sT=0Dzj2%GAd7?
zK*D&wqIxDaV%)>h_Q$&QUd(h?*Tsu?7?y1C?DVtE(j85j@SzBbl*`Q6)zw5RoZD-M
z!=PWIP~acCJU?y(9Fq!{AKtqi>U~m94P~<IyO<(607NP)V^WT%D%7V_$;cbGZ2fkH
zwPN94nCCsgKQBpPu6w7r6gFu^y7vHiuaI<3Y(f}QgC`4zb&z$jAU@3qpPl{)T)MFD
zsU3HsoFCkx3ZwAvqBqG4Kg@Pf`raOcV)#s*GG+9g3={Z9<N-Uogw$3(PAjktkE}aK
z(xGRKZnMWP;eJ9Tfp6_;{LYfILM5Sl2sws*DTah*5C0|6Xt9R3twXlqK_}YcBxm^Z
z8+ZZdQ;@4r+kjja7ujYkU5=(t@<9#s_whyCL%U$$a%~b2jT2~4emdEK&50^0GJ3)m
zB1J~NCD|=yaoJbDIMsEzH^PqP&dC0#)-4&ZOjdRo9A&s&NYET*yYTRjUrV)L(`3ee
z=SQgSN&Kvv|3*S>v%u6QCdMtr#JU>x1O<E?5kc|O6osOTTyVuS2YZ%jRJ}7;*9L!y
zA9`!A;A|qNyB2ixGwo$#IZaMez_U>8KOn$-TKYl)>&3NG@$p=5-@&=JWhYCQ`kIQz
z*EE{X^ug#30AM%0(ARhq(s<Q7+&l-E)6&w)jKQ`wu%u-53Ds|?jc=(ZJ*-R3G3?tQ
zBx{D#0*q1X2=|OM?EziPkReQO!xOfVOcW2WgJ5VB(PS_8&`COoS=&K9yVM34|Fmyq
zuM6icDnp$si9;0MVvxq!#i)f)1~wU%9~di%^Mz0*`B|H-YK9Xu?HXIE>v1pVsXEhU
zT$306K}H$MTB*+QKBoEiG3yPFvCoh+hXs*}ZD6W!<-dia6~q;f>LoZ9*h1znHYd==
z>fNa&m-*^rh&A<J>4V_$8`!!6UdWa^MmxM%q*X=T<BtNwGOxlStYHfkEwq#UM<Ytw
zB#T#ou8@-+4H$OH<M9lN$VB+cn(g~xn;cel<3ekzgML4Ht}y3C;$$OsZ>L^mY{Z_^
T$p#g`9VgTVL$n0dF>&=Da_4?b

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
new file mode 100644
index 000000000..717d3ffb6
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFGTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIkkRHl74lgxACAggA
+MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECAGUDJYAr+n6BIIEyOthlgMNgyfjvQd8
+ZqQYF52juYrlvEdk/NY2xlEfa7NKUdEBS6jvL0lHOaCcn0dRbykqs+Do9yiWsW2A
+cQ5BLrie7C/IeZSaF90Dh90QUe/aFvE/1fBjwuSdLj6Rf12MRXxtyCJb0WkStrUB
+Rgb6ReGUiUVz7fJu0ePZeNKqVtCa+LDenaUaqo82L7y05KLoQP+qrQb94UK2B6IS
+xUSORehQZnf6dpoXHMS5CFCv4Lw/C2VusBIZnAhEVWm3MljxMycOJz27YMLXiczj
+H//rm8BhZQ5X2jYTvo8S0BPgRXPnxasvIAYLbAFvK3KP0umX7THVoYsXpwBgphS3
+penm9HExXsyYLNbefq9jPL4LlatNDi2LAg1QOr30jxGC73xESbYsM1WYIB24RSNL
+ZKyhINxxsqcSkvuce5dtShWXkqD7P0nUNzygT1uSD4AJEKOaDL/YtA4dsTt/LCT7
+Ct8w9TR2+QkQdxgZri1S9+jSmPQgcg0BobPMncysTjTyC59Oh9KPcJCThR4BXitz
+cvocqt1CsiKiMGR51xHfMs+p06DwTTz2LRYiLdXco72D57O4lixOk5LqXF0qiBfV
+mN7LTqBIvuYiK9aEBZ53HRRurAhrOWBJ/UxM/VYi+lyCAUBhRu9XI02g0HA2UrlX
+9RnuB/a44Ce5mgQWdEYdQIkI7JB0Kj05ktWdiXeLCPtTG0ytfQ0Cv/EwbWCG2tu6
+PEEmayz3KqMR/Av9jqsnk2qU7kKqR7hySMfoTuaMGpjcxCpj3Lg6Tmo0Nrvn5svc
+NNChDlrgwyp4dX5ub1bwYYzibG8x23+fKKkil7NqZ3gqZ5ecmgX5XiU6VdBCz2kJ
+k1xGGiyt89+gDdmoc+HyjRTJgfChZWiI6EhV3LZOnMa0ZUpQiM4lmq0SlQ78zSmY
+ZyqG9dSEFWg6BMrOUpZbuY63wjvrxSHrHLAbCTlI9BRkFhmfwiyJ90FfMBUjBt6w
+yCPW2r5aFPIhngNS3EayJKhAwchGHN2XdfeDj9GFhWZAIQsXS8R7JuGDIug7+QMj
+WL77m1jy0K4PiGf3lt7PVy8KOqbiOHyzYQsuAuuMD7NZdV4+dVzznTe3HbXLWtxj
+itPFNuSudfFBotAWDV2yOF4B7XbcTw4CEGv9bVJoGatJdaubzidUHPJUozWYQX8K
+cw0LqdR8yxMtHOc9FYyawLbQMzcMzt/lijS75iO+vspT9TYXxf9rC5yX8xlSHHa0
+jlgvjnTDyEsrUnGHk9kNe906GV42YDO9MUJPvUmlv6/bAKA5iWX2+Jo5rwIWk6sg
+vW33g7NPMn0I0pwzaWDaLd1XNP3JpjODwkL/5n9F2x1+LsbPpuk48DOnXQi7MV0J
+2ZWSSxZltTLpObG8mI4dWrh5DXeswJIIta4ki1lSyFLu+hMY+PUVozyd6GVd4T0o
+cVepNU1rHqxvsLHVkMsixypHpZwnkQigrE8EYeuMZQKPq7luHwh1AkTASr3SJF0/
+uztq0vmtn/0+lg7rI0pW+oFAlscmcRMrcOCLaX/TkvgX1JvO5lspIjP6IdaXsYNJ
+14GImtXxQaPgAtWJ48o/AzF8KPez98DfnmpXKBM0K/kK5OGuxHvNCJ3eTDYS6X8I
+Sj6Qf6Z9cjwB2xRFkw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..6674c48a7ccdf918b248467c985a132cc019cc43
GIT binary patch
literal 1309
zcmV+&1>*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90Ul&C~s*CLpu5b
z0tf&w3<d})hDe6@4FU=U05A~-1uG5%0tW;LC(YxqW?v;G1cC&}yk0yDj}=MFmlof#
z(LY|pZ@B=)5e&b*!dhwUe?xg~sX0?~HCy_D`l|Oh8y}RNqxn*u+lWowTNWQT1%ck(
ztb}B?qT*YdF?}OofWQ8Wf^9hifoX*{tm%F~!8(>`RdZJiQq1TSxeJ`1`tPC44q1#n
zB4Ikf2R#QptSWJb{k~?9`?v9r=A6Y@SGm6wUAVI`=w)GOvpv5zzDqXi7r*5`j2mCI
z2W{&nMa!N?dv0=htZ&CVoB_mTIW9?Z^W&hlq1WC1qJ<1$Dox$Th<}<v2YmRc^NQA&
zqLsy2)nS9uTFM$w^K{L+vd1!ly<Ellhm1bGjH{h&3B1moL^;QF%Q_8ZJxc(!f#PI^
z98eV54U(CL0WZMTf?#q1-=QA^)@%v*Q@8%~nmS;Lg>9#=TwZFDSVxfFqAkNy4$=0>
zUA>azHFB{G{%zP~lZ*x5d-WCF(p<M5mZiKa&WoV{t;U|zMFQ>XMp)|{m#U&=h(dAH
z6ap!#3j#&<W?2_~3KVN`mTrvG16P~IBXie8G-VfQqTB1!@DcO;A%-R^V37jzI<r_3
z2X#8k8lc<Qu>@Rk!R2LNq+b!Dq1y3p@o$^Gw%`!Ou8vCSLa{zA93cix>}bdx-Znna
zcBbSb!7XJLV(S{B+OR*ST2`copwC=$K_Mwy^h7%=sTr?sv6`Rwb2*^M+W=L~7?xC(
zdYKroHA?SZ4E(4f?PrhwH^~d%8QAV(mU~;oD`6Ac>Iu-LRE<YlIy>EUB}=6gX<I(C
z30;2=f>b;s>kZHsVWbHH?1J~r_?R1D>!h;4;Be@#2c2_<95#Kc@V#}x)iz?jEv|W>
z`PT7i3zNSk+=i}kA$dRo5bn5cu|nHrttz`BN#ex@!xsJ3oslZ>@}Q}|M^37`wO=+K
zJW^2-hsj=n3K>D@`ETj22xlmI`ksht4+YF?s#rV5z?&v(!Q1A`w@IlN5>7JzJ7*O8
z=&|77E`;(a=iShPpcRXJro1qdk+v$`>_O}B%Jta#h<@$-1ZZ`&)YHHxa(etD8!wRr
z42#&%_`$iuJO7oJTOQzKbiB+xPe%fF)!6fIZLj^up4+}JIOlU-TK@Z|9(h{ZX1jWt
zt7i{?Bm5=g?)ldWBg$jPug{-ngz%6Id6X0ScAQvH{69+w|I|aB%hvGb!dP*^dxktQ
zSbB!qARZp;Ygqp1CNSA{(|+f4{{%z?0Xr)6ik>u<DFpTlyoMDs@sJc|qdtfLCYbrV
z3xQgJwXEZFYonVI#gS|)Lf@>T@NS_|;Dd)NE2nS4a7dl8bim!<aS?~ifKGNZgPERO
zpJ(T+Mqz)wowOYVa^f@)y%Z%8rj4cW9XjeX1g{a(6=Y{6mpYsr+e%uOk|}*Tm+med
zLBd*ksqcPGRrH^B6J7kw+z8fKc_(yMG0;wUxZ@{sFw2{J7@#2W$|K{f6R|jhixFds
zgaY=h&2J^dNbh`+l?&3;aoG8six}jYOZfIUpy=8J$Z|*trkEWid24hw#Mf~Sf;=5W
zOVg9)kP(sZ)&)UG;k`X;-=_ziNJ*LX!2vKQj%(jC{`F9NON76A5Q&B?did;sbP`PL
Tp2?pQN_0<I8zD~oG?R0E#)f*+

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
new file mode 100644
index 000000000..3c4c1d0e9
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFGTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQI8Cw9Sk5zfxMCAggA
+MAwGCCqGSIb3DQIKBQAwEQYFKw4DAgcECC+kVvp/AVLmBIIEyBFjgh+mM2+bo+8t
+sT+q+rntFVzZUpz4PtOqLCipiJluD20C18qg9Hy69npCFR/Lnw6UvYvCNL/YO9An
+Hm54eFCf5cPGxgRBmvxGroKg3LFyKQz7yDmLmUdrJ8XgdNcWBO0y5gcYaEhTpim9
+qZYC3rhleQY3Lx+C889/1k4kcC7PSmAi3BTZ/npnB9x/Kr4tYTtcd50WDP4fIfa4
+ROBGuvtmor2caSINPxHk+SetW55npIKhkQFGQM9o8MOGWvmTY0iLd0iIabCngKqS
+WHc1Fd3rCWAOZ+Sx1BP/uSi8iKQRONa1M8e7FkAtOI3T8qfF89k8G8VLzkyBSdnr
+jJFpohITjzIBV0d6oOApTSmHDWgtyrwKftg1kDyJZc79CgOAo2pVuDrWXmi9rphj
+IyJ+EK3f+SPD/X3wMabpdn5rwF1qRJ19IhJewzveiV8drQdlZAeES1qlxePQBmHY
+mTzl3vQ7DkElwzVJyzMHll6o3viHvROeQO80nXMIfzFd8ShXwfYOGfNB4k6fqduq
+BVj7s7lyWRHI7iP0ruVwit3tlFKzU5yQLqbUNk6HOuGs8R9IeWIV6/LXusvbPl5e
+n4N4ImkAX5JpP1KOjmLJZygHRsL6FMC8a3KgUAcqYoqrsukn7HC4By0PIERaD+z4
+NrVsaN4YGQyVdFosNUQqqjz9mB8JsL9zuT0KM6opskznD8gjT+vyT9A+UQDHv1be
+8M5Pp8Yf+kLlL/r4j3Bujk9QDhbwlNxH475TtqbAGZKw/oeGk3oxIMT/Eb4ike0/
+vQm4xkPYpPgGGVsneirnuxddqjWR9X70f19hPjmDD8EiI95QY+ibTdtDuHPO1bjn
+yWT4kzXsafQ6msOVPD5OncodbuiUzie85B3hebuVbDIMfQx5lyH1LjEByaxF/Afy
+pvalyLdVsDjUlqWM1qrx6gBbgQtJotwZWYdWv77vH/iPWuuwhpRXsWDcwRtIEaT/
+JFcGgGuoMeiZt4wwv21Mysxcg7p/wVBj9ZZ5qzVmNDb40lpFnL77LpF2oic0ymeh
+kOuz9u2C03F1tL4rCoN/wG3nGXzbKDNG2esHGVFHtopVTlLf2wumM/yo57xdDGe3
+IhhpyrEO9fSsP3z2thkJG0BMcy0lU/O4w3lV93IGZICDqBx7F9+H3UzpN6EW7TIy
+YvVgZogye6/KN3+nYKYBGK15l1jciQk3vD5zowwKtMa1sMnfOycKi+MOZV9gk2AT
+w4Zpr0nHZMgmH1rYrT1plRbnz1712dx5xjrZ0FIwR63xg0MkCWSIl1eiJCnXDGtv
+rUU46vuOS0TfS0Ax6ZneNOARvSE/WrSh9d6d2GyLBRFhrP/QHY3K/bfRhu3OB/qr
+GdSsOwBYE6SHQ6P8kAyW+8WfBWOU+rwDweJB51tTf1ZaaQpvM3TUoGCW8+8lveqj
+zecdMa6ETnTyfxT1rXOjE7qRpYgdhyb6f72RvjMffpIwSIcGqvYrx/fdUlT5ytVL
+2vNb1qnk/DxCF0cDm2OBY5tLbXwU0zw6hZeU2Etk1DzeQv6iwza4b9aftmJfuoZx
+D+pcrGCQ7e5I5g7Jznwv5e27ANMTW4DXK60kj4iElUZ/qPdHuu/AwUJCOGshtbsX
+1Sg132S1caBKWrVDjg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der
new file mode 100644
index 0000000000000000000000000000000000000000..2275254237f67579d1e9bb7d5b94dca562d6213b
GIT binary patch
literal 1309
zcmV+&1>*WJf(02cO9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90Ul=q}f&OAA`jL
z0tf&w3<d})hDe6@4FU@V05A~-1uG5%0tW;L=^M(zg@^EN1cC&}Lz#?$dkq)mT2AYX
zVU1EG0Js$krhz|Ew{O$n=BjHVW@9*{HYNABQ@Cgo9owwGo%;H%p)3JCENVjs8ijTv
zXsyOM&vCpOt@Ht9#%q#L4CsCPrk1U}4F0|W9Yx3yPUW`JJ=I?~+D6mX$yl1+gz3&i
zDd4Pa+Neaa&hoxXx)AlBZ}<{@j3^)c=xvu7FA~S^Se)K?62bm6za>9@EMx|aB7s_f
z^JOy=u`ZcrMG9{?H&S)V<3~%sIblXjGf*k_RzbvNiUDYMF<N5}=W;_aC?WsL_K*7R
zW&ZQ9w-?V~6AM^kLNC<o_z?I`)~gwRm0D2-kU|89WU&G>Ecg{JI9A|tHT1v;vTxB^
z?+56}D_*G>dbXDTn2Ae$hg2R?36*cDQ!*iI&!Nwdh%s8l6v374{7i7EW0{3tQKlR;
zJPM&dF7p)UH7w>GT&pai!4;7N+7(z;Lb#~oVCZsM=hotiA%;EFxmx4hYyNP9V9V20
zZ2IZ&ypmP)vmc%yv@1ka$8%axQ=qLgYZAUM#AVh)*vc;U%$g8>L=lFPQa0q<Ca}?q
zVi(N{zihrv^c#us!OVD(aX_Qk!}QHXmcaZ10^-QftMUMDdLZP<rw@PQGrtxw0T%L`
z&FNTY2<jEyLEh?MwC(=g@P79)!)SP%pDz=0555B0Sxk_!aP~D1<~DB1COwcKY6$Gj
z13-k{4M@^>(-EY6J^Cfg8A9Umyz>Xay%$_6w|$%5Bj>?h;c4bX<^P^}S-bakIzSn%
zw=xp8#RT&N`7+-q|5QI3Cx=)1uIb%QA;Y*Chj}Y4oEr~@g-3APvtzSYp9<CG_Glub
z`S29{tv=Jd{CE?CK=yl^iGncOqfB$lc~he*+xYiA>=(<>hg(_A{Tp*{Cc-x~di~+6
zzXe2OeJA`^WUVS=yy1Y04F{e-6I_PJpfsiq9nX!2o<)P6uNGfL*ekEaEg`>P!HPUi
z7gcY$F<%CmWgyznwjob-zzC`;+kqrn@satUiRF)Y2`D+QNFS4L2;j*Syi0ay7o_-P
z8Ja#No+#IU?(g{hn$)4GhBKv;%h<f9=sse0MbvD{YuY=1!!+LyT;z1fs4z6ocrol3
zd#3F0tW@YR!=Ne-lYab4;iY-VpgmiRkMjz-@BoVH^8;-y0(4vP4=Q;rD8)C4%bx2{
z(k`{JIf{hz<bX~&gJt=eQ!nm_J355yxp38xHHZt(;|rt5V~z{Exgl$Za>I_gL#g(N
zFP}SDckbc}jmx#=4eUtDP%r+n>T&)=2V%=^*j34Ofv@e14-*V^5xh+Q$|q@uC_O^&
zcLmB;t|S53wbcWqrQx(c+y8H@5&TmU_gMR02xz{R5Ozg11PA#cO0J00V?Pf8V&n;J
z-HfOjv>ZYe@=h)))li=vDGdHwN+h?K7MUZ3CV(tq;$!oSvrKYQNMA{blk=X|HU%W!
z8UCiX4@L8jsdhL3rYjN;(UItQi*(0_^>;?w5Oaq#Z3=KwN8llY=sW1u-4~7po;a^o
z=s%BOtLLc9@%{$00&3+FE<mlT^y!q~aM>5$_k@=nzuDt!cCm_|u{DWYBGj7H-{D(>
TNEhrykb)NZ27EFE-xwT~zU6qK

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
new file mode 100644
index 000000000..15521d435
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFGTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIzK6kx/qbJD8CAggA
+MAwGCCqGSIb3DQILBQAwEQYFKw4DAgcECD74OAvJ1+LsBIIEyOekZ0qcxeX6hEYZ
+4ONCHu41tmOKSvByGeUBZvenjJQ48AgTGYUXNoYri1ohnbQ3bcqiP0TUDfT4zRcQ
+ZFZLuzAtwV8ZfZcYRCQ7kKxGfkciZJhjeHeuBy3moEbznzg9TEPCVzoOD+k3f6+W
+7/bSycV7jk89CdaWU3FKU/W/RLZarpm99Uzat0Ecc2KOa/TckNTBvD9Ysj2j3D7Y
+UmdmfUGORvwQhJG0mwv7OpkLFbFbYBehWp8/Fk5izJVdJs+77c2qiQvgeend1D41
+ZUBKtbKCoc3Inp83cSkl2XonncCUxBKLiWHAzZxhPiIHwZXGXHjCOUqbs/sXEogs
+3HT5PHVQjqPGIbl5B8NYetelB1h1Udq4Py1VZqjLhZFH8q2SnjRxC9to4bXaiW9N
+451NL5S8bJrcaun6E5cD74p32F8IOjR2Ojr3ofEFHQFVUFlLPY3gQ+IZs34hQBNR
+QY75ffQDykZPBpLw0hIJkr1LoYfuEMdN0tPRRxYVO1lKAW0xbOAd0UEslFcsyXCY
+oUnQP50nVpG44TI6bNfLj5y07EyMFo6vB/XiDXh9/Az8jIfsPeYOGIVMYFSnourw
+3cjTPFrJnEQd8CHxjLLnB3ZeXIo4l03hZBy+qFOIF2Ezke0fmRtjO+OUVm8lAy2Z
+J1wSTThBlsWX2/JOzh7kiWDipX0fN8sTGeepazxI8nNANX7ALcxwuLrjvPOmTxfX
+ElpwebOvCxonwWR0C1gyZ0feOI8kh0dKwe0xi2fqxCwxWzPxN3EQZ+FtoUdtzPoF
+7QRBFERPefUpO6214t1PgJMWvLjjCsOFy4tnF46nWI/r1XLOQlLP5cwAIXZlnSXz
+ky6YqPm2OniXq5XqvyLOMy1RoLINJY1dhgBXFtC5I1ZQAmGJGmX9IxVjrRky9kKt
+362X98edUUMMmW48L8RcyYOOVLpFewAmU/fr3qoUDjusOtC8O66J/V4vjI3G8Ve9
+kNLiPxQqbyfHHdbC2Pp6rXZXcl7L5FW/fc2YaZRqCuFpuGXZQ+SKrMXKY8oLa4tL
+Emf4isvdlRQjuveXoebxPsoG9Ww3pz3nl7NQ40cnSxb1zxm/heQmAczPE0faDsOi
+pGAQP7jAefh2XwJ6RWRqzyuA3bDWC7E4ASYODIJ1IAogMMOlg940hlmCXZ/8993C
+aTncCQO10ibemZsWvD/X2+gL3LSgBi2Q6NjHqj4MPAe6yAOA2USc1GzwSW4WEpIg
++ttJpKZFnnnxzCfUU+pTz2ONGV7J5a50BiRLgslPawm0lbYl2BvjbSZJul9oqqy/
+7FI5Jy83OaHrqyMSRNKZbkPWy58zrhQNaiUaCrLE3C+hzj1k9BXrWm39AQM7olnp
+T0yi7pivXYEff0/d8tClqQAzy0DnKEW58xQODxhFkZm70X0HkUABD3QObHb2DSjG
+PE1XV9pXP/3pci+SFznuvn0p6CN3l+rIXW+pb6O4KW65go0LTo1evIuKTFjVtZyf
+KqbgDrdu/Fd0KJJy7S2cg/i02x7TfcSJE8C3EDyyESpGegE8XAH2NEltO1yt0+/z
+26d06Hr2livL87yVpzW8b4H1SlifZmPhy082InF65W1w4hAmmsWARfPmZUG0LWoG
+6zRPj13ojxpLPr8kyw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der
new file mode 100644
index 0000000000000000000000000000000000000000..52ac321438292452b55de644c0893a40c4027c22
GIT binary patch
literal 2464
zcmV;R319Xwf(e{3P6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UklbL~GWDau;{
z0tf&w3<d})hDe6@4FU)S05B8=2r7n1hW8Bv2LuSjvh(pT=P`H$f(b}~jPMT*yk`cJ
z>zf#JzW08QCe!zTM}0hvt-dVemYKeS*}+4Pf-99hgW*VS{j>!`s}UPPazuLYAkHk0
zILr@FnOj&vzVzQjdz<eci=EgpTIg|UTsyNIRx@XT6h(Ew?<1xD2?^RRyEJno;u>Q@
z@fL7i4OAR%Vbflzi~)ImbHci-UwVS`ii)wW05t}MP@MxY_XyGXvBwF$emCEM{6bnE
zjIiac2WhC;wExm$p7_BOPCQoqr<m*(W=Ln<VcN@a0%epde!^3sH@|>LX~RkH0sKgf
z{+J$5=LLmYFxW-hc^u!c&v#XCGp-cx7y#D;4NIB}RnHHdg5^Hjs2Q;2-vacONU$Ks
zzP&6<W|;)`a#<-^cAK;X{gAFt$ed-uh^mAbT|x$O`u@im{OxOk1M2dom&K*ruob)9
zDlBex-{UVZMsH7yIP6CtMN<Xu*n|Zkc6k(DL=xmN3b~ASP28YOki*D${{Tq@d-n`6
z+9?^*N6}f89^f(~1i^Bkrlg@_udTnQm@A(4Pl0|62_2Y;$q~-1)f9_|3m+z@(iiKg
zDYl<43x&@u(>uD{<tRrikKQ=?!Sb5}(@>QEbIAv$BCjUjjEEHdnqFXBoPn@=oPJ+A
z^#VPmG<QR_868JtigMGr>iWA9e)b(qaOdBjncsedb(ad60h%yh6}RNM(5+__N6zIi
z1;pBx6==3|7K}+3h3+LT5%#Q9pZpkuhM=9b(BsO14O}Czm{mj@f>BCh%POzPA9Y`!
zTGbQwMc}0js(OTbyt6#!cuov~UVwD(hx*I)1?L{*K7)M^Y0xByZimF?Iy>X<_GHbN
zK0y7(XI7i)#?=#G<f=?aPHA!<er2yXgy29e1E8XS1`NC7_!|v>?1FemmDym2Tr|^v
zni3PE8gQ2=?*-c@ToUQ**DGpxy+PZdCTQOYD=AFUcEj?J(R6KB@~j7S*FH~Tmj+Vg
zdQUVe0G~8Zb<UhBo7lNAH!eS-c1NbusCG>c%?(!+NLin*)Z^kg1U_C@tfZ8{;}q(u
z!YmUx`lxB9{EA5#Qm9?)5+^QoYyb_(B<2-F<%FuGC3%KGQmvcwazE-2{8<~J^`;p!
z47S966~#RE#c1T!h;yI$K3@xbY-muv{~ixHEvAxb815HjxZB<GXZZN<lujhAVY~R=
z_aS$<P1n`sw6o%d#n{O_u4wbmEa<`6Z9E>a(gQS*$&1K|VPBsR-KcYZt!f(K;3q%p
zywGn5YY`%)Ym5NL$0~}W+kJ***=x2yFSR-~DPWiitJMRQ6SU&yWes_?@i?hGiv@v0
zI3ULah(n98eRi!@La3$E)-gAXF|o`fxkZ$<-8vUKhY+{f9C*cBiYr5drB~9o+>TjG
zBH&aoljO2G7c=C_hnmgm!=k?%d9=74Vxku1kO9d@qgJt#iDp$eD{rUHY5ow6(G`FA
zy0u@cwpRK}r{Uu}a!prlL~)q+`eLb^tKF@MIv1@OVlKKP2-zMy8a-WNLCs+|7<-?y
zN#yo~M({67a7As?eCv;;5OZ@N#2C%W0RH#K2QeIZUV+1|&7?Ft!^(@(5MG!NTogj;
zz$gF}B_r5$ZAAIf!2&`izQ?_Ikh}NVU)5*oGu#i_Gx%<MTs&6wft<b9kW|P^g0~}=
z(ipJf7uJzAQke{edcT=+zd%R1v2<3RLy`7|d+1}HKAiF3I3vbO0Fh0qUeKH7Jk_m-
zV2b>uRX?mTw~~UecHos#EO|b>Q-=QkU7!dNr!zGpW}3izmpL=eUvN<1kBEoyEhJDG
zxseHOa2L3neHFTdhTg{?v>6*v-Qal(2g`^>@~SaTq?h|=#-{WBm8c7f{%cP|`F#!^
z0^4wN2c*qzuvm6&*PB7*>a+nmo6`lKJuZ5qhx3HfK=@!?pa53e*UtB-J#^nU?}V|R
z4jxuxJYr|oBTI8K40q_lp9fi21YNyQ89U2mC}hn40V7{>?y5oHYE@kr5B+?_|8iX1
zKx4f2m;Ai^a;`f}E`D0dCvY;X)AdECJ?ys3maq>)s|+q^p@El$P6jSU*?|E{0(3kU
zT*dM6I5bV(M_UTcV!9p`8{qHmiLmmj&D^KZ`2!!lDLF!htLmdgU@-}4e6YAPPO;Xn
z#|`L26<O*QmZUt|@3aT1-3z`xomI#hFLN_C96jeydnK;d55f67kdP%P)j2Coo&g9v
ze}Vam{dDK-U~MMwkd?ueCNr>>OZq+i%xIbJX+Q9-MCUYi$p$A2Sd7GT46x)%`!XyB
zkIJ}wnXT(?6Y4Wu_xDWEU!`NESjXG<wo(-gFsReA1s7lA9tU}&rh;dxKUmM-XckcZ
zQ6ySiOO{N$k8+ZH{D8UAEvm4bueiwcw_grW?$x)npe!X&weE)$?<l~vo~lB4Ft6?z
zZ8=~ERm5uFnG%<NH2|5fsIY%M)Ik2gNIir7QY3xH9<W|(#9HffsYa4XS*k~1W5I1H
zDiT*+Sp$^cxLKR(e)U2xKs^gKVpCE)f1)lDeFdX%_m089qLEN+6LV~Vu%^m#3>)FL
z5lZ(XHGDt;V9JHKI~pkm-xQD4+vq>*JQlt?>Zw44J|}=NW1Mxg|G67(agp%7LhgsD
z<&J|Q6&OYL71Vhbj^CT4uxK9Gw@|5SH;Y?ZgBtAV0De@nf9!s%w0Ah|4T2SFJcj&N
zzmGj>@<C?Mfr_JggciA0q{jx3GsN2~9Y}52UwH_$1MHBM&r-nm4p=IRladJ3hZpp_
zfBIa`tYm$wSE&zjK@iPx_P=?m;(3ENO^?FQpax?tS2+x!ZkDhXpWyBbD>TM@V)ACL
zC1l|@*EN;$KNF!e`N^)s=8|<VPq4Lc#=SopCy0&s!vl~w<rL4JVJ5;itJi;|r@qx1
z?{_5jz7eF#i4PM#RBb1zUQT-YUmPY$EP!B8Z&U_<l<AXU6QcGgN>2sC-c>MN5tF;t
zD|Cwzo~FHjCrs$>3Y`9?UM>Nk`y{cV!2r;1E%xqRN}`pAb*&)rs5E235D`gZ+^BlW
zfZYY5R}kAz>JVB;8SCp6^!Jcd3?4D&_P_YlCX>|1{dLi-bJ#BZnd5D_2#(`=)9^hD
e_tA4>9CWHIP~w<Dg@taC(#3*ow45Lzr<sSbUanmL

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
new file mode 100644
index 000000000..37ef346fc
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIRl88LFEpd/kCAggA
+MAwGCCqGSIb3DQIIBQAwFAYIKoZIhvcNAwcECO5zuB7UfA1kBIIJSKsBzUEGcl3o
+O0otMlmavjyeS8Py3hGQwvLZBLE/8F2Tuo/aUbijUfE6nhKCwCozqAEqIm3VGsqI
+Vl0lEsKpH//6vsvGCB2ZXd92nfVW8zJcCWAn6wCK6tjozH/l/M6z1cSXSEppvmZ1
+O3fmzghYUunK62isvZskV2K7mn+O6jhunSiWqkTBrUzno+jFF58RrMv+M/7SWH3P
+e8brU6OcovgcecbrLW3t5Ui4AJWftphU99ZohlMF/7j15Et6rx6OpHmTKFGabeQU
+vK27rZ1fziUHNebWG8nWlwPlAZyspT5w7uOH4YLfOYKbwem80ZVOiDMF1Vh3MvKj
+5duWTxAVYPt01+k+rM8hO8oILZgwIqfTOB1/kf4HWpV/Zn/87jC8jqj6xlO7O9wm
+CnB6NRSc1+qcpRJrqKGz6jVGgmVs3ZYWbLS3z2ZnEEemnfCH7lat4m0C2tSZ5D3p
+tBSkLONHj1lu0PSjiC+Qmfovgh8QWduZ9uFzviuwLaWpHyOKlIQzqSv8i1TPnaBY
+QROHQR5rHL40RJN0Exnt32wxz/h6DVCQOJ69ZRI6WAxC1PL5gZVrLXzr9E2ClmNO
+D4TCOwKACDjybF5SfQk8FFJ7hK03DrFaQ2apqkG+VfbdtWpbge+D8n7+KCm1l8Eo
+3RNBh67yKDVNvjTwaV3irkCq3R4sTKlwV4R7mjKcLXDFes50pXKWG+cPlO03Rdso
+YgKdt2a/yFcNYm8n1Mo2VW5m1Zb7jNvoWGnr5uMALeEQYvywvFyH7p71agpsXwBS
+EBHj7Cu10yQ66SVaiQEhxul+rZTEZ+XwmmEEvQaNaqrhS1pn2FX2rtZzDhguZZlZ
+20tsZWqT+4ekXWJ/kua/ur5g32GU9y5zz6r+dw8g+SMVZHHI6etqwRHfnQbjKqLh
+lPo+hrqh81gzYUPD1CzqQj1wFNLjaPw+vxqoRSL82rRMgvc9q9km5J5pQ4cBx//D
+Ath7L0UjEFg3Lpf5BmFwSapIJyX9eLnZelayw+K6FWbKxf/QfqqcHJuThAS4Mvg/
+nuunYjGr+co/7F/Y6T9++JfoXwRXJwtrYh46ZPCZh6uqrWJdtCkFthNjLkKDqbiL
+VGAObkZkc0/uaXrNmpBDjs6bHtayLcsegbJQ9lUUvSds/khmcrGvpi4BMDSRjmSP
+cm++WHJxytP0w7NyA34lmHYZf0d6jC486UB3dW2pATKhhckzBcInzmtO+QtnTZ8o
+gK1U97ergh0faxVDRhLt8M0Eeab2HtZLENpJfmyK5TN3V6jdXm9dNTrFhdzAAk9A
+FkyIcFvn9lziTRaVGLg52g+V6Dgj1Hnn8FmCbr5UcF7fn4TYN+XV6jc0Iqem2UiK
+rZgOyAUE5sZhDNO5g28wTk4J5tGNHWvl+aDXf73x/PGeI+136KC9BLk5kZZGFAxu
+bOusu46mI4dgWzivdKXWAfKZ27g8SdP7hMe3meFOewMESSgZrUkW53UypOP76RaW
+r45E5T5GNsa+xVyhBl5wSebw3DhrbJ3/Uw2YezrqN/Jtu+t9vO/AvnR6CxlSp2HI
+CBrFCVZaBNiWKGeHrC7GM9fNzfGpzxmB3bDvKOElttfoM+aapD5nHacjaC0w5nJM
+AR91RYOhqIuv5tVH+hqiOf8YDjSE3eQMJfsSVRyxSnxt/lSsaHgqqSsO5vRbGids
+/eRnXOgRhRzyG1p5RX+1MmihPsjyBAzLYgSQv4SxlVqLWu1I4jK5MR5qGPLEw+b6
+CxVVU6pPIRYgRHx5BaXEzgw0aiSJANpg47mH/SVyOot8WKDkzL5+GJ2zHfTjyjrc
+uWdTCK5zvBw1xIF6mKFmpy+prG/nXxMcEKMufIc1OtBABbhIUWOdPNUwe0RkI33C
+5EalHbVdavZUjz0EcQW/PQbYzxf0RD7u2uxRMhnSzjwGpvlI6JpQNihUMPXKBRlH
+Q/fQtj5CBapvYy6NI1p6QSKKHOonAPOXoZjHDgktKd/EThwSuWwgQl4KJG2dm2mG
+rDNqLwR6RGow9rfFRCQtFSsqV6W0Ws+JFKJYSuTXIRVNYLUiA8hldy6tu3fYkRpE
+Y3T+iR38E03QyHs77FLA0hDjJJNYrk9s5RLkHNsHfA9XuZqplcMBJEI4ABxHtiLK
+9PIULkHmHTzdHyNuQifnGHgUdn/ABOaqypgiJF8I8Ijthg9Jnb80qsnHPSCTZEWY
+6TNeUN7H6zkyQKthRmhWj153YqR/9YP9FtZJ6zq2X/lz6Tn/a7y6eg5djvj4yLea
+QBUWdFV4YMw5w4FtosVI2VQyal5y3UDsKU2zfRPtBpK8MCjereTnZ6NXJHLSp2ih
+CFdJrMlV/uifHHC3BV4w0VcOqqsg1Js4jDH4bVYsLJpGfrAtOKukLQU4TbEdGRNm
+PNgc/ZHAHCnst5ZoOXNI/z7ioznJL+xEj4YyBME6qE4oBOSzixjIFcnMAWTYs3s+
+N9PKIbi58j+FJxIobg+CW1/0POI93cNYkf+DaVn/lEXW/+8GCCoCvEQw//XLgbiS
+pORzGPw6dwtF9Bh/fA42beaiKOtYNYLa0O2fI2Y8HjUHU278jOkQy3MMD1/FlpVX
+4hS6mpnTLyv200vQz2MdHMDTdhG3ZGdeIiGoj09ixMEIZ3AUMhT1KuRgGyD9AEv8
+4nwe0vpXXKHkJMjPDFRO/pncpqttGAtOk7lZWIJol32+kX54my/Csw1FIcL464Rb
+XKwoajCCEwdk3HZmb0vcbJf9hOyt8dq/gKjAWRJhYVazZT/WXETu3oPMgagw7skr
+GqXdiAgCIRr5p096wpdVP9z3Wx92wW3IM3obiT6gtE1tU9J+pesGRefWcg4juoM/
+yWBFWflQgn6MplFUtu8BTTR/8rIWpoCgqGUFLehAshEWrctQXpKEMiy32KiZX3dl
+gYgu+JauYEPU93XZXYsqlwKLylvMvQSBcqM5O3PT1QI3pl+mPzh9gtN5ngS5t0JP
+ey0uyuPz1OXIANflAqBA893PXjWigm3D3f6yPluwgZYkCucXud2maN5RzsIGWnH2
+cuNfCLpqPup89ZvruEMWL10AYQe18LaXx5At5bPB/c7RmW/XD/XtsWtiVcDttW3M
+z7fhXBH89iS883zLmiU3UN+aso2nOevWkPVobKAq2DwCXU2+FosY4B244BRfBZjm
+UBjk3M7hAwb/9PuoNrLUsg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..fdf2ed2f622f34261399e7cd5af088b716c8ac7f
GIT binary patch
literal 2464
zcmV;R319Xwf(e{3P6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UmVz(!H58B4AL
z0tf&w3<d})hDe6@4FU-T05B8=2r7n1hW8Bv2LuSLjQ3bF<v_{=f(b~GjQY@_GJm9@
zda&F4FSAUsRx&@{27oSXKyYgq-f?ZE%Yhm%Tw#On1?#d3FQ^?8s_<0u@I5!;x_WA<
z3ZVgiUJxqFD`vB(L?)%YOX<q<Z~mX(AaM6G98Ff97*;uGhv{fVsjYfk#&GWXr~jLE
zbty)U{$#K@@O78&dVEu42m(=ac2gXjaAU`!mWCsOeO#Lc1+_@%`P^-14fbgNx_g10
zfeKR}jZeb748KLGJ+<wh*ANM-`nD8=waf>s-a5SVRdRD=Xeh5N>IJa#WUH18q~G{;
z({tM(Zr=U%4sK~~I`UQ&82?JM+ju4&SaLNfuOqqQBpk^+gv$$LlT}}}F_xnz^+R|?
z00S@v70%z)0WOr80YU_FIK|Bc^nk7^F6wy2tYmYjyB5c^d})@N9Sgs0o-0U>$Tyca
zyMidC;bmhz&9OgIKMD{}zeEym14MoB+SSQaui(T__SoI}<+3A)RbyWSljIuFk~QhS
zGer8|y=u2UB@l`Q$X)X+E2mEj)w?&2^#gf!31;<aP<h<e2dqOPLHcYDoA@gK$M@kn
zl5^S;%gw?@B;UMQb<})OD(YNn7Uy$c^lbH4EW9Mrds_NnKt2&a&PezAc(JlaVX-<U
zy5G+^M&8Lf-{E~6(fnT61T&iO>am#V6^;g?V@lDU3MjAA;0Zp<uv>IrS>Y96F4rpt
zUMB<S=@z4<4_rZHD1~a4EW3-CK99WRDE*Spc(CwdGG4`*-mNzFtA&x&P@xG79)Mad
zB#<!A*&c0C&0AiPAhru38TJ8mDy28bqKnk8rOt`SC@nrC`8E~2uV!M&H|ZW4e1tyo
z|CU=o!IIZfDtSKy0tD#7tB~=c>koI|ewF1!ugd4R)Su&I&=0$Q{VX|1=8bK!D?}Xb
zhn_Dl=X6fh;+3P=8Os}H8c1QzOYAtlp(j`w^|}&<QW%*wCL%6qI6H~<_b!4iv|}_A
zAq~8Sy=YM-G#d*b^vB?EN7gTOwgFWJ8nt}ip!eag8{9prnqWO{hT%pJ%9_G;HV+_}
z+TzDD!xVi=HrUrh$${VkX=dcI8nK)i@+7fB0f6v(gOA~O^1`ChF&!duI&!E6O=@8p
ziwY9OP4DSqRi`Xtw;rHYU-O1~-R4aL^LRchBu_R{I@lNmsiyqsMoQp<C|Xr>Bhha7
z*F2{1R>F}N_r}Fodl(WKzcE#1hq>b{855s*$0<qze>3XOy&;t?t$mZNBs`GlHBtv;
zlph3dH3G1>C(pV`=YlO4c8-OxFErX<>I8ZfK*f2%b8iG{S%;e>@Q;t?k&@*v^9kt#
zf1N^yO6YM|`uo4y87*Mj*pelH^SMAf4Y2_s%F7;`;GVJ?{POziy4Z172NTrlY2_OR
zLsK8J$TU)c^M3HNoC`INjMincOJEmVJ}+H>2zI7BUl=D&>f%G?4mv@iX>F-6aDd2{
zy{Hco#fV9ku-x}dpWh^=AY=6|p=M3*z+S=~#aas12HbhC{#v#xm6fOYmdL9agsfe}
zV{4lXghf64YsP8S1(0mvkuLly+Imr}Qxef}Rfy`nirD4vgdx;y;Rb;r5L37?n|L+U
zD6JZBgpOl8$-Enu8HaY3I=iMM?6PrRUIywF0NosR?dHb;`fm(fzvV06Di&RF5R<WH
zVra(>4t;H6JqBDG!Tg{S-spvzB-|oyp-?&3P<L($(j_q>?C;x~7q~6qI?3Hl_zP`0
z<A1I9=dFb0k5r2oyAs)<rSn^iEz>R!h`Su|rLR6v=1jTg7}{_iO9Q3Gz;O|=FLYon
z)ED3W&ItYVOs??3Ni6X3zT*U-=r0}5Jw2`%P!SAjdrB{@Jc4b7bR}~2^eO;m!5L4X
zVYnb_98(iY;v3Lfh?_1qp);g<N5Ni`oLJSfB}Q|hnfJF<=NfGG2yMh>dT2j3OCyWq
z720-moX6<G$be=ir8WNQ51W7>CbXbDNB8y_%RbdT<@J`8?4QoO8FOCiVv4Z}?L**U
zLIt%rg3ZK9B1kk4iUoJZA-PQW5Y%}BiVt$>uW-Zq=7YXK83%@*%fh*h0o|7>a^e<Q
znLZRZmi5>ouG0ieqU<pG>Lf(}43SvZCDM@Jh~{Zq2u`WS7FcdM)wA-=g|l=K{^()0
zc_oif17?d=ni@lJuGFw9p)h#9lzp;VV@B}*%#@`l=MS0{p>o+h`9xHa+UFh_f%HNm
z-VbQ>ZMl1$CNE7e#QqM_#piVJC3oE1Uz2@Lt^kF}3@TmYUSMt{QuV4_kr_eKUL2#p
zGN?vnz=kNraDipK)mN`bkZNxqh74$EaPDsPZ3HI>Go0LXsW0A$X>b8e``5Ltm|kF$
z_&>x4jd8e#X0FVK5s053wS5F)nFP;pDlrc?U~=Ve`E61K@cTX|!ZCrP*nybmk|Em5
zWt8{iOCGsiT%pscYr1I=m-_HFeWbakzulj)4Fz%OF$Lkrdv=h^;eVBas%1Jl=fL4p
zw~y(n3aK5`i0iHQ&PI55zP7XkRJ>(F<(CBMU8ZbHtPEOaQ)w0py-{SfUY_N=;g`)o
z$RBu(Fxw<|Y5&25C~a6rMBF$#mGA44lJklb-7s$ZBbX-*l(`sljc)wJZ8ACqG<z|f
z6WYG*jhNU@!uRsxB(DS?x#7DbjV=W8@=d;^+ZCe7UaibC7h32Gi^kuqy7a)xnGX*K
zBFACehU)-{l#>Qu2kZ9?G)PB0mr}<dbOe5HgkuU0O0>($0n9#g^<dozoqcuF`CNir
zREN-rtli~aQ1K8svlnLo#)bw)=*+1@WmKK*tDj<T<=`tOnJY3u_#c=5%-W!tD4Izb
zE4Jo;n&VjO>FLEr3SJtPz2}F^zukoRQ?KEqe5iinS5!Pe#TFJHY~KW83EI7~X|I1s
zo2GHp-K+QD9$0z|Y`5skMq=v|NFF&yoo-(d8Io^2PBt;UAIEyGJ(maFtP_WR5Va4c
zY}YJ#RCj0{-sk|14=?kiPJ{^63u(!(jYjvI0<BZLLYj&GJ<3sr@m0p;C|0?l^VNLk
zOIxQgPoVBXe7mwn_{q_zR?o@`{NI1UHTMoP4b$5(H2=!w_R~E<?Eh&ST#Ag}{7J>x
eeJBLQnG4K@p@xW=*%a(SGm`(}4;`;~T>;)MrLfTe

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
new file mode 100644
index 000000000..c3c0635ad
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI/PTNX5reUuICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNepsPdfwKiMBIIJSHRy7kOzfWTH
+O9Lp0TcHFXh2dkB3d9v8HDTquWY5brLGRVquXKEJo7DOK3MY/0Kaq3/s2hmwsAtG
+XzsC7nKuYfeAaL/vC4065g8LWxXoCczkwLyJ8wl+i5lB9UYZO7UQ17ZQOvQquvYA
+KKqe+IxFBJP7QLpI+iSYh6RGoqltU2CVW6rnVpA6mB1J5fR/w913bfkq/F8eLD3k
+HIiUvKf71zu9YZNX1eMo4kCQJh5gV83D0oXo18RRe7uzcBq9ZVs90oKSuMKArqKp
++yiawCBmzUU8NVelWfpfdTAxRDgIj+5EzLd/Y94MHeie0GCPk8V4uDuoqnT8z9mG
+IQPRe1x5IYpK+/6hcvEj3SSJlW7WVOkKxQfaTTxNVhXaSnfCwIUfHO+gYvGjN0HX
+6P9gF9+LNlnHRA0dCdHpGFlvw/N5TZ/rmFmzqxLGmuLfocbVmYG5t2lZtBb7oEnl
+D3Yx7tk2GtKg5uWXCLN1tGf22syzyLsNuHoUFLce8QzIgW8MJbeTu29vBTV7YJRY
+akmJDkl1SX8GmkbemxN7jSRGQD0c8vHjnGdVevoc4z011gL+bEhzJu+dGlbpzLB2
+VGmhptvc0iTHFHVzeYJhvRfdG60lB7P1/XbTUVmZ5bPsrW+FgGNr0Vs670csFXIS
+khTIC15Ey3kvyuB9BNoYE2l/kKyd1FeHqS+ISHriG2KGHO44Bak62Ol10DBv1/ks
+YV0/3AQes39hoxGSqrTXxAoJDa3kttRz4/7lyrTCjRZoB66FD/q+hV93rzBBwPCU
+PWva8LxcsYmF3VAIIudxfW68CuV8oq8p8+pJ1JjdZ8uyr8j+YuuX60o0vHRQAr6v
+n4/zph9ssbThv22pN64MbGkZGpfC1r/8SXqMdmEu8mjvwLiC+S6+CDdUkZB1jPYa
+JX6oEcextSvIivTlMC3AAff1ZZLDjotlchu/Ky3/ugu9oNC6zhzPWug69aUctumO
+ahXbhAOjswkTjBp0TPvsIIylTNDwWNEfB9q16Tfj3I0d3VKCZOaJM7iDll/rM8M/
+AWBJ0L4dDuhvsM2TjMzJ8p4JXaxfX9OjgR1+cuRe2YzQPUDBeOt+mz2SCjgOCW6j
+r1k76ilGmUD1JQby8T8MScSp9H2zi3RIuaDVJwHMPu5KooUR8eF7w4cTqsS0FhdI
+n91M+o0TDcOzOjmDj0vH2tP2HPMlqMOHUut+Tm0J9flTtxQoAlftPq3bXhFjT7Wp
+ry8JPZuzQDUMdQvi2+J4yXnc0+ElWAdSkaqpEpkOekgY0lTj3W/+GuxPPPqAxLF5
+GaZ5fCLFJF/ioQ55J3cnChfZRXrlQw08zsQiLdCyFq4Tnbx6Hmgt48jKhPddvxhu
+b/StlvaRV+UaMdlnl3Mr3DwWjwIVgOEe8/c6T0TA7rhlh2muoO4dT1t42stGQZAy
+rB5PoKJwLtzoyQKdk+LCvgrrdLmIQmK0AB14OhEAoWwnOyz9XZ7QM7Zi2j/msZXj
+ipmzwdxn2+Zfl4g83dn3pXy0+X8MugcXLUfgRtNEk6ZAk8P1PaQZtiOT2DS+Khuj
+WvnalHKoNYSeOfq1MJJkZ5kG6wriJewXtyRZtyXolTW0WbKNpcs/EtHbPxCceONe
+CcYPPXnnQQ4Fwl8jNxUUs9vO2uLXOs4yKPkwgX7KBmGIlYLBjM1isNhi88fVXBvd
+RTLFblxlnRHhjQmBQaLdkWwR7hN3TwdcxtobaRw7w7A3Pg76ktY+Y1jAuqu3HqTi
+q+k7dicH29LFKs/ry5dAFJPgpG9EHPVemS/PIMKHp0wRLlHmP5+LvdRgSNKLUoyy
+wlz+aZJXKobk5MIcLRZRAm7KF/hHfwldLMybrzobwwteTl8MtvQYpHc1cqAFtqEd
+V49YwFCX0SNQLOcdJZyRoltcftiINsnoTzOKDN4y4NaHpU69lO8AA9TUx1UyH83o
+jGUGAtAHQwUwmwygr+NRzq+1OHGA1JKLLfdwGKct2SY2smicjnOOgjF/x0wiSwyo
+HjuARsdR0pc9ancPQ0KnD/6eqc2AcHXiCFi/xu7rCTwsmO5crSXRL1U/5CF8K29g
+olCXV8cS6X7gqyARQMHXWN0Qx4vN6TqT7vuzLaaiC8cYiiKvDo63GPyT6qRZ5uY4
+u05ZLr18xzRM4hjUbxZaDyefOkL1DE9CO3rJDGX6njSLh3IxSNQVXNh6lu0Tx8CC
+HA1S3a8eR9Da/tBD8PLwaQ0xvpHHQWsdX58Nb3AFu+W+ee4NFq0ZrPqlhLpSOGRn
+bW+U25YFdIMsO41VhafsFKSd+/l7VwJqOSZzMgxLEr3p9ASFBbuzQeDVWr0kMYum
++Wf6ISkwu/s7hpnMibSACV3x1Fawwie8vH8zH6rg1aw2AITfb5RuIdA3h0uX7r/o
+6MTUEgy21T14z/KPDfhJ5jP6ZNuVzpQJGgQfAsJzPKVZg2DramRvgSvdLw+/LB7J
+FedNAXSgdeSJyLiwy9glD+1dWVj7gc0cj+HBQzAwSMdwoX5E7Rk7UX0O0S7y1+Q6
+w+Gd8yxl4NDaM/5PH9TSKC5oroPot4qH+oTUw/y32Kl5TXfJvWHaKDcluIQyB+4Z
+ABvuEaxz3NR3yI5Xe+KDtprRtfI9IK8p0tFVYpZfFUULzjK+JGKi8g1CcDnqIM+S
+1HdSJP/qsMMlb1iL619nXhWqO/hcVZvIffhYzKZJFAurqcEkc393zxnxkiA1ZaY4
+1sCBLnQWsmLeSKQ3rmzr4iPlG34Is5GsuV57s6w6NvmU11BTFh91psdpJ0iQLJm0
+jrUvZCTShcaV+lAGkqvnx5AIbPdZYSec6/J7J0OpmSypEfXITXO0Ihr8c7LMzPmL
+AIHef/8cqJqJnM0pIZcptrdya3OTItfjZbOJ39Zkm+Vs0h6rpkpn5sfTBPONYti+
+JnB9yq6lWqo2wW4p9pyE5XXWcABMeq0uPoGXrZPY9It/aPB9RUCxID020Ehz7J1B
+Y4yZjEx3Vii+LAg+AykB/0FL1Xe4SIn1/ShmEzan2wPxt3oNdCF5+6t/hgU1z+zE
+hwpGnZfL8aMTSk4U2q1SJs3MQk9BlTmbKsOvajN+Cj8ZLa0X2oHjEV4o5Qc4Ggs5
+EZ/BJxGBwOFWkN41XE2DUW5E4Kq3AYShVAqmq24KIh1rOxrXebzEdn9+Jt+VWz4s
+WqDsuRKobaoDpFFCQBLvQA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..5dec3c8b3c5da6dc9cc4009dce20a08b77d6898c
GIT binary patch
literal 2464
zcmV;R319Xwf(e{3P6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90UmJ`u9=H99wS!
z0tf&w3<d})hDe6@4FU=U05B8=2r7n1hW8Bv2LuQ<fdEvi?xHmWf(b}z$U0}(m2Tnk
znlnMsAglf00L;jnt_2W|OO7z~L6&>My>{W-d$o+TFUy)b3zyHOu!WJ9_*et!Q-f`#
zV~M7%bR4|Gp+SUQENPpvC)683y*njoZH809Mm>pTPr8+k{I+c~C$u_#k@+Zi(fM-?
z18a0^mJfWK;VU&Mo%YDB+H1Gb)I}%m_a#BM4d7)>OVAPq)vN+pB4P02{WXFl0-si@
z!g^9qw;Ko_UD((nUzK<knQU~C88E9sZ4YWmqPc(~-_*K?$-Z0yEY$!`)t&Ehk;qNC
zQ444pnlxa8u-Z`7L$`AqKL%h_tU$l#o@=63CW!RXuNdoQeu*7KbxAi3H<3U3;Qf8Q
z62BD^)a;0C;xAUI3Ug{{R>H2sCtV(Z5@*str=tCPpJ$H7O_2=eE7d+R1bj3SA|!mk
zW)c&)IO^1cLemc-?v<@FJmU-Nn11UOvL=%#&vnQ?Ol+s#5I=%x06i?gWF>G)Na;Gj
zF@n~m@l@)GEbw|Q@Cqc_0>BXF&^J~TfKjY75SmVF7*cKkE+~(wMnkiLXo>(iqRyYd
zVxxP>zo5y~I^1@(UM6!Uci`4%n2A-QHzJ`eIkvVzqECcDf{I-?6$wz$xO%gMVH?3?
zVI<1{;bOgK%bDQ2-dy;&ebisdL38boEp#(kYXK*`+$gh32*ofYAGH)D2eboy;gCYQ
zR6wZlT;(WRX+NxLhDOxsoJ0M!tI(kZB5fNj$sMm`rrJ2!L17z~D?|5!s~)^C;4zMH
zb~<nt7RU|MYIxQ9c)!P5-1WStUBRJTUyf7bl#mgRpaU3Q+b;>})G|IfaaoZDu_Ch;
zM-h9D$c0vsw{wmX(gT6S>fy-op3zc*QEw3s!nWFST?zD^XnMyD9Xns5ts7tIq8#$=
zHCy&i0tmt$+wuq;Q&Fa-zj1-UYX$$?KvJfgMcE{cf0bQ}%FXa1YCP}3OF)g9jfM*c
zaG_kNghpSTYm|GIEixk<ctSa~-cN0(WZmw`Dm?r%9&K)9dx_}gR#f!^J~|o@Pc1Jc
zgElltpux2*(p-5?pqA0P@H?ifw#uXxi+sC>#}GdMx8BlPLBB*PZa#%E9U1ykj2HJh
zLZ90RYvP^}j`1XC0N<7Omc6LZvb{@q*!pe2LU^fro)ooYt+zcutSj4FzQQt|o;Vy3
zK_#L^2pCRElbXkc>ENH?wlE=_pFqGp|AU@@-?nkHAoNiA|N7!rsLM=?z~EvdG8nON
zP|vF{UHUJg^mysQ)iYBR`pjKYAdzNG=>>=p@v7QJuZd&d3i}|xyUr1;Gm~z9*1TD>
z!Pnv8<>lr0x(8b=-JS|Tq?b7~=ZM){44&hM`5?z2^m?ri?HHx`2sNRtYpuY5lPzN>
z(<JD5bwd?!0oRdlKhq;>>eWl&O#%dNMBmJ25wS4{hQf9OO3B%+lVX<pzmb#T;?!J~
z^KAjy%iO|xNk30KfHW)3%&`J{I$-<=Idh4B#1IB?c$V9{$q5Xa9;lEmA$v_uH~eEs
zY(yJRC_~eL!@%ysM)I$*QgLbQz4|kdu?jV<SF~hhJY<A*_J3z<G|qh{JN5P>4qH3<
z(MjyTxZ*y`jNfSSphT2A1U?mru+69r#!rS>WZU{~=E~@_d4&duGTY=-t3m73FLdv<
zGX73%ZDNRnfZ)6jiJBqLtP*^FL~m9sr2vI4;L~>o)V$wUn?^EH)x3=jPoX<k&+o6G
z9hb*V<fbza)Y2If!1$pHlK)dtmk=Pvju$G>j7UjIKpK>>RyuP$ttA%8u*rA#$EpT%
zs;MlhqdnnNUB`!Ekm3hbd^CxVbuVZggXWxxoZbf65P$`U3Z-osNFYhNNk~P^8<*|_
zcuL%0PvO#z^Ci*K+-7{Xf^N&+S~j=9HI&8On*D58b2?pgbxS!o9Z^P-&*dd_+hJ&;
zz(pxf7;#Z9`V+5=zmmd|L2%BCTiI+m0ar5}qcKV0f1~?+9jE{AJ6Y-RNzSRbup05P
zyKR$f;Q%wlI~0K6##3HFUjnaJQw{^hoCYes=uuur7qLW5X;1u*t?fq`?OcE5%lhQv
zm`Q9zORjx1X}~c}ee4=U7rIL;9?Qhh-I!~~YTs^}bDJ)5m0rm*!>WfrbUOpyyGo;g
z+%b&6f8{!|a;sJwgOL}!1dXp|r+#r21kcX_FI1f*Pb7qMK7|sSKITo+tlP+BvoUAm
z{C?Z$T9%sr2o2HkA0$O-(Wb}cats95DH3NlV;`rDHu+S3$rF5JVjgJ8Yl1Q{$@9p_
zBI08vb}VMv&Y9?cbF=?l!8?Ct(3a2SJu8zbMl_u&&PX#CH?f5%NvH^3iha`=OuQ#O
z#W^rlje@1;4bL>w#PaViN-$~^YxQ3MMVBgSo`?l>-u<LyGLn51zd8n4aQ0`wfEM2i
zGR@robR0%3IeVO7gpRAx<-;?-jMlP-+80Z96+a^zt4!#h`l+*EQL~}oeTxMUV9s|a
zP|hA-JhLtu)yXO-j~jx9l4x-)SN2#Ue55RGB-_f9X0M)W8C%7{8wGWC_`jQEtD*@D
z@|NHSzp}xqg&T4$8x)xVzLG`Tya^5pzzq1gFL#Yb6n}J`f;)kT$5P!jJ#(dH3A=X1
znQKOn3Vt~`T<Jt4nOI0P6hRWM?O<P`6J|D~I?Ft!>DViOV!AQdVyx~;Zwo~;Z(1L*
zEo5cIIIjq(aov9Mw!e|09IZeLGVkwT{*p+v+63o!3n0s${VV;?U<g}me7xWTQ3+fW
z>9z7thk@@;<smg0y@}Xmq_Coc;$<PubY-Ns0kjy=BFuwra_FwhT3Kf_@U9;(=7+DK
zMN>gVzoay}tBQfQ6I6#fn=)bdT`bT}sqTFPY3EEj1M%5_7U+EPOt43hQHojXPP-%i
zl{-$?OCY=JQ~F(8uXt>748}t)K{tgujt`$u2IcgGK+szN`dGJva7Y&S>Hxe9HeDJz
zh0QC`|Lg0(cJl15Qur44VjkZ`efjQx1&TPhiUZiymZAhj=qx45z*Ajgio?8<m@$0z
zQ<m!FWdm{n<jrX9AlwH84Gn*f3a}$ylOq^b{`Wfo!bgG)Hdc3=q-d|2zUXmWQjG%l
e$Ds|8$qG7KDCq5{@&f~KWx*KXcQ9S)Y8TYImYN^{

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
new file mode 100644
index 000000000..1fa0d7f81
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIVgqE2qHcvS0CAggA
+MAwGCCqGSIb3DQIKBQAwFAYIKoZIhvcNAwcECGKk4ACuW0MdBIIJSHQF+Aj8c5X/
+6jHvWF+R+49XZYsWssnwBFbEIPJVTNUN6qMedRUhWMmMGDpkvJNIDxvRgTfRaypg
+rp1/Cdn+Mow/dQhLnwNSf3rUJ5caonLMhQZJOu1yCxUfKJ6sPiOBKDNs7LDoXmca
+98O8Ivlwd6kM+ThKzyB5BVoRAjF/TLa4RWBxhVdCYb6wmKnrn4T/r9jT218T8kMg
+uZBkH8CUEE85GaLAhDSfCGSgidXPkqrUaYWhcUjv3N82+nHnnJy0enKppFFEYgCv
+WvwIR0Ay0eWJfC4JSQXgPOX8+CLI8epHEUXnqp8e1tmG2WZAmOXZLbUvENRTkviV
+ZmQQ/OE77gvQer/sZ0ZU1oMuUshQrWVzMiItACsMAgbywM3psdBemXK79jqB7/Fm
+r4QVHGb8w7dNJ0cLbM4ytVuV8JbrVSbDlRZgtvGbBQtA5fJK+aGrJ9Dgxo0o7oZg
+nI5Yvrj1UmjWfHOWL6SpKKUih00bcbzgXgFzt69186wdznVvdkNqjI9RORHhumtQ
+VlgsR+5xVCo/RZ/UOYtLRRxF1MHSoUa7l7UAq17ZpNNaN8Yv4ndrp+8VO2UrIDXE
+Sr8shbltIUFO3KbYB4rBpT8m0DCxYANDMMiQQvNq3CVaUwxboiaj6lPG+Vlzx880
+6UiZRwNLvjLlUPv7UfIiB8m7CfcQ3ngpiKVxqgi9vubgQx1/ify1PNijhZh40K5/
+qvMto38iojhCudgQbeCAH8judkbWoaL0v3jMhXC+hROaizAEDzR4iWLTpblCD6sE
+yo+1+jcpmtJzux9bi1sgOSIzU5dYPe8k3Lti612BNVTPbwAva9REF/dovML1TWog
+y4IZHDyfK3p9VF9ZZ6xiiijp9pkBB0PuksGns4+14HAEyNj9lrIc8kZgSedWVu7J
+E63z514VZLiHxj4LC9U5AHTwT5Qh1WKt5YJaNn7CpZXg0fdK3AznqHfzziO0s6jk
+XFwrIzsG+zNPSYie5Avhsb9IYsAhm7j0anuEHyGS4Of8KEGIgPgzGHMfd40hOjkA
+tOCzqRmF/ir6IO/7c8wiSyoSa/YHkzHB9hgPvpkqbOPelARzMqD9z1nnpklPyJJI
+ssRgcSoE13/IhfLjbIpXCUGG9dIAwOIWddRWrw4bmoZWZaUwA/zxGfesQRGD3BzG
+X9fCFPx1oAwBha1/VnujQRxtMZTj0WgxlFWWKMyB4z+TGP8R78roJZr+nwRIoJv2
+yE/1VK8Qs1lXlKRO4MdTVJ26DeKuyFYfLwY6bSSDBMX00/H/mrnT2GS8nHQRelnz
+CfD90GIiSfcKcDq3c6Zn8LE3sG21rfFpww+YDwtvtbU441PB84KEix6R3HJrCeBc
+QKj8cA7rnE2E3qTd4vjfl5sWB4Dnbic5ft6/+cdyWahik68xQLhO+EnMSHPO/0G6
+uJAFdRHV5LIestOGWzXpnNvvdi4Lum7aZVWYYwKHIHofBRFrgXaHMqh1qyMSpJDV
+A9uKe2ZBvBEm9kwMqIMjECE/Irv1JTxUKwdzq2Ri1btNRQwy6ftFAeKZWrVtC4tr
+q+RhXrEkFmERjL7mSNASoYL0zeVKvzMre24S9lZvTIEqtli7MgkVz0ocw+FAs3Ir
+J9ti3Tm7qW7l3fab6D0/fF+Hs4VfDXGFlkCf09iFs3IXz9j6E0nPdUp1sy8tz75I
+c+vq7A8b6eT1s8ZZRPKiqcLDEE8gnQFcWG39+nF8q+cXPCCDqq3iKq7IdUxEyzkr
+eubINvE2Fjm5Jow2KbuR5J+xbbuG7p9FDcjpjn23halDyliRUf9JF4gi1PwA4RwC
+JVUV/akKRtm2bpVTeNPbN394LWmp/he+tjH/zjc8dmfxYM83v4+fDHPo4KBMwz4V
+dZ9Lj+XKuh8EZynO3abtDmjWbR8fFmUZ+R7Wg6pFlv4e0NXWPxsobXO8wa5fRWxW
+LEoJPcV7B5HmPFL9nQInhJdU/kZx4QpndHl00w9UMpgVpf5lWbRCCxLemVyVE35V
+iQAfpsvZBRmGIpaijwY885yMWhbr9wkya+u5FQwgUFcmE9WqlRdHnTR3IDQbcwZM
+RsBldIuxhReW2UcksSs3k7SeiEkIv9x8dI5ICCL2mmDvdFierH4GAQnLgCBbndI4
+AuWzFxBPalxDCtPghHM6xkv1no20iYmnAdDC2I0EfRaHAnYj43QHpi+mfUgGaOPb
+cQQUI7VPECOlR0w04Wz+Bkbecf90aULctkEOnHW0AaILW4hQRrww4TaIHyWEg86K
+At3wtHA5NnfZJEioEVdzpNspRDgtCDcaXMLE2RJIS155w/A3CRta03Jc04ypCdqA
+4LXCa/Lgk/bWzTVATQxVeeix36wNjXO5e9QotUP4qEDf3ASHw3cnDMM5TtM4SQp2
+KQkUK+wNutiliOml8sltGmomcPBQb///i5XOqE9C/IBLO9xHu+BwoaiKjOo9NGed
+cYx90Lja35E1jU/m9oMe863WSmE2frptxttUtVhqnL8CYiic4IMQ8pV61+GusdCy
+Xg5rh1uVdwOQ3MBNHz3yNV0p5zfHCOgDFcfOqu6A6bym+7Xlbe484sPYAde9onUL
+MTsKHye3sMmyZite2iMBMeiGU83OofXOyk5mX0fOhAhXoC5kVpyCslhPPmOnCFwj
+1j2SEdsDiUuBX2Sd7TmNd+PK1GXAnjKxUDIky0lLZVSD1u470az0B2RwtsU44Bld
+4w+E2sArnIj3HbnsiiZhKmiFkPVM3HTTypS939683/ltJh/e5jHxELkknp4Cryn0
+qvdIdnR7u4SvQH1HBYWRLDGNfdGsEKyzTRZmk/1Va6b3Z80Bf6EUmJEKQrbhNz3D
+OTPxrT7TAhO8EEPmzFveUQCtwUXpyg+Rk9NA2WMPkSB+Ie4SQukqo51mx53mtOkX
+zRKvbJjsNUQ5N/MbRMy6Ie7S1FmBYYLtsmGMGXnm0t98LhOME9hVoqgPvcfTG3J3
+jHTZ4vghJDKmasDS0Wd96sM4sbw1DJts+8YmUIqs5Zijgy+30nVbo7aTEtRqIEu0
+eKSuHsHgkUsmoaQ4EQTPgboQMcehjH3tAL3sQnmxrqrGXi5hzaoddAT/lCzXTyx1
+C1TTWXAVNESWnJ2qqv4YHfnbHwQORRcfdtzVwFBAfEtWEvko1xTm0JG/kFX1Hhxn
+ytLnH0e5Bl4+Jc72C7FDAQ==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der
new file mode 100644
index 0000000000000000000000000000000000000000..71f125cf67ba435586182cbf60e6f425df6635dc
GIT binary patch
literal 2464
zcmV;R319Xwf(e{3P6i1ohDe6@4FLrWFhMXW1_>&LNQU<f0R;>&90Uk%_<SM@#5=tL
z0tf&w3<d})hDe6@4FU@V05B8=2r7n1hW8Bv2LuRMOiN<fUjRo0f(b}xsbAma(!Q2R
z$SE}&tgeb99Q!iQ&3P}_Pa(V=IXzM0M#V?imx8U+_sK+&IR0xgnS(;l5c-u>7`Zhv
z&G3*KQCUaP^_nbiXRyXwF1{7J$|(46Bi6`qs-HBYP%%u9T<YU(%Q(rc8_HgCy2IiM
z)Mu&^!&VPIO#h--zrNYhM%8Lde~^ly8bc0wV<cnNJO)y}%bhSIl6(@J!-~xfb5;*#
zw9Pd+JBfQ;d@Yzgtx*8Pyu8Poe7dPFO~Nb6coW<=a!U|sv~DRKI4=*^^lcfY<HtBg
zM%Zdp2Z8cP5?2nlj2_^S6_e1l_cuHB@1K=QMB14QB#YS;C7Wrbk7=5{^f5<68v}y3
z(#icQy^OFy8pgRsj!u(1E1}@}v9@R&Eox*Su_K);TUOtUSJdLe@HCA?m9H0%RM)vd
zaDp<EU<!Mteqgexid|71`d~2WKZ%(Pc{KC~95So8lQuilUQJNK-^m@UPS)J9yU-AM
z3iZBu`u;8R$y)$-(dF6&!+2chtvq!-8ybhYf}R0q!r6HtP^uj+!5#@SxoZ9w9RK7w
z0g6%9k_<4G{=a5@xwSLYwLsyq@KY23-ZBdk+dn@h`7sD&2vWftl5}u|JD{azn977?
z-?{Uz;HU(LWU)E`-Zd-%y9~e(u=S5bnyzQiixR=9>LjNk0gh2%I5HKdOTd@SN<h_N
zK5eF#(&wt+&52m(<N^FLJ))LicFR8{F6D_%>a`h?bkdAhW>elC+_8_&6lr6hv>hHY
zYQR~q&9<Rxgxm;AuNZbPr^jmbMqF|n(WGln(I#6E`!{G$ext25G(AU`Nr<=($=y78
zT(Ja|Vzu3Sz!qyOIQx*-k0oQV{d+#lb+SWyS8MGX5&N;;06t7~3txdt12GcQRg82K
zL6JG4*{d327T4Xfo-<*V9L9$*0;1#{ru1-t+cR!A4o>0LS2>-LDdK$YG!*C}*I_p`
zj)zkp6x`;*izL>$Rl}63A}nb|9)#8;kc|<gzytDTJ#Sr8ia#G>nL2gJ30lr$lc$=~
z<Bc<R$9yv{lS^I$YEtXnSo<>=sWHrJ*vk!s6(~?ZLf5pFdH^5b%Cz9kVTcx_!Q_5H
z+k%ioc0h`U!jAvP(;m#7@*Ln15h_nD4`}OY`&?9)7gBtYMrq#NKAI5_-`$6X^~sI4
z?8fGUrqK#+*CwsT%d6hVLXmn2;W#^p?siq_09kw}9ZkH_FdG}33ulA~9JDp9#Av%k
zopVFS&2Uwd4{ab9Mfjav!s6tnq|mGK*6uvP@A^to3NV0OXAuok<o8#OXE9b#O%keQ
z$q|rYJ_JH}p_LBnci$IL`6a*9Q97lgq>UT+%z|#}4K#-@n^tbC^Ap3gK5fg+2zQBe
z8ijA~0(`ilp{j$_j2Kohx9>fx{T(ENq9p`^8p0MEY(T;oKZtY7B(br8a#IP+^+-fr
zIgW%;pju#r!!*h6ZA+9*DA&dcYq^6A5S&c}53q;|LJD(|acETCOmADF)@_2QO{ADM
z6A5<2v*7BC-6<{V=ax|LfF3O>Ht$NS5`%^oxxvjRzA&AS|2F!|(tNfc%ZK;W;AMRY
z%j@BB%m#5Gt4ci?x?Q@|)(wW=rfZcrTu$ttWBX1M1CQeWrJ=|H?YCI(M4u9-#DxpG
zPU-#&oXaBGXTK?-zL<)P>p3Q2VLHms%r5b5d2G1=9b(caZ|rY5%(d?}HAy6zO*w9#
zm``)~ak5BOV@PP5$z&xN)=U{HOk!5Sr-S*>w5yIMmwy|-laIXVEnw=!`kuAkJ<X6&
zt3qm>zoK)ZN0u(?^*=NsQQ82qxz-$}7m!|}y0)u0vZIjeGCy*jQ7Fo#S6iSAKAG|Q
zycuF}N^k480&ol97cEo$?*hVgJ}KP_d1dgNv<)f{WF^@^`CXeP3i4BVL`#<{?J^I~
zX<YInq9|XrZG~*)bbF57oRn~>j<XEEQY>*okL~~->t++P6v^Xe2>rYkbCN}6=Sud!
z#hHAWo+93u@*>{~5b){U_(3XoT#hjswYMH9P@@*-&~Y^0D&-+quN~E{>3(G9meErf
z!B)fDxX!sVACJBHE|qCM+oj8Nt%!6*2MlQ+T3j~O3#wU@7@yz$q@@z<T~O!oG#L3z
zn}&Gh52r&54f{_Sl$KBZ>|KcTZy{JM|0#r#{h&E2y||jJHB$&6W!7V?lIE3{C4um^
zLD%VqGQroR#cBJ>Fl}7z*?-_9F%CjK=Oy<fS}APdp1_ypp}r-ZY=;0Rn(S*VWvKSH
za9X?KNa(=G1|t+2Fs=Xo2Aa`n(4CYA&;`_!TVl}4;OwUt(lh&2y^qJ)11jXEC5&7_
z-dGn^u%fH=o3A+MQeSek;scsvw8^SWDYqKh)aEAaYZi6t<W@hG7F02u|5q|@i8a5a
z5Nbn^2H{k_w`Q;puc+#j#lroZa@sSv_9*_^Fl*H3>7W~{Q8%BHexLYW(j7D4G@<Hv
zX^x=8<)YJBtDWsXsEbxuuGl9^)8GJ%SFU9I?)lHF1wSX<_n%640F!uFf96!w7%shP
zj==2V5w`sJEfO$WYd^#<GQQZ__U*b#_r_y=vgK;ps`8<>b|tqKrh@U|pAv@{s~r|7
z@rFLBKMsW1Iy7`eMxXg8TH(meOn`iU&(6{Aloau}E;Im!l?r<)XhqZqk4L9ZRS}l?
z9zWV!N4<Me^ekMNW{F-8S>JCVzRnZq#|jS*?X4kHDH(m2-Rh&S0q*l*fx)}KkYW$7
zK13nR^$5}M_)bgmrZ(7BLcJZ)(Mhx}!N3zSjhPS6)CSM|z)ud%kMU8}F=dJ6mHi`m
z&}{8LhaLY!T4X3Y^JfC5hExt@h+N!YG31j<fT|p5KWyor3>J?3PMlMO)nkU#r~l_f
zHsx_XEq1uA9O_(L0CG4GRV($yTKFPOqlrG&e$0EsB1>$4fq^9^5m!7hksbCBFvbax
zzNH9pQ225`<0aT30qBOyD!q=ohSLyvqjcz5Tr~><zy+-qvnk_t@^e--(?`$O3PoRo
zNPD|b2`1G+>||K>Ei?L3-?|7fpTmsO+1c?`^>&m2n{b%DWY9%DE#|2Tl0EG(RFvPc
e{6Tu9c+Zhuq%Ff|0yiDFj-7}y3{5}ZgZP}Xt*&4I

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
new file mode 100644
index 000000000..194a89527
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoWPVdNPvfTECAggA
+MAwGCCqGSIb3DQILBQAwFAYIKoZIhvcNAwcECLYc1CA1Gf4IBIIJSG4dPOE6vprB
+zPJLrO1hdLj3za2tdK/QlDbqMScFUC2mXq5cJ9rwwa7AyKtL0U4Q1O07Vw5GB92L
+FVbY4hIRC0XtutCwhqlr0kUaIqH/IjyY6jy62Keu5KYYvkjPMFBkYBQD1UA/BT48
++yIPH/RSXbpKU6z1KaW9FiEtPoXfw7kxyXHIglAEQtPaN+aeEvpuDiRAN38SU8Ci
+j+Ub7spft4D7X5oARaAgQCNuhO7Lr9FD4OuxhurWoiFb7NJPuwTr35PK6wWYfjwC
+kpd4iRCAhi4cl1z0ZofSmTyS21lz7uc3xJy6ztVMqOo52mIr3lFHatpC75/c0L3d
+Cwcz0UNvkMOR1u1Z5iZhoqsFaysrKeddM/6iBWP2osuz7lTZ7z95hgksBF1wnPSh
+5goSu7ZVbYnsn3WZGVQyDKbCcz2BzPj/RLzSYwjrr48h0ROj1acvZTdfFVioiiKg
+t0w97W5h6DgnDZO0/yiN5Q/GLD+Laizawu2HD8e8dlkaMCD3rEl4RL7iigh4Co+F
+8Raw+UPma/rdHX1mZttnk/bkOrpNVcrEL+ZxmQFn5it0Vn+U75sNHem3c4A+Hhzj
+JaQtCPwChYTb8AZmNw/vFrKkUtNpMILHB/1sBHS7TIo0sEXJwWDEtrPLJDLvhojv
+JIIpGQmoCqDHZpsYLGqI/kHtWRl3jAXGmVlqkt+QgjbkDxxr7kSBAcqEouuFcKKa
+m2My3XxGMJrOP8iWuWpZx1p77oQcpIoIvnF06eq66x1H1oJaqYTgn4W/WBd7qScv
+ILCTh3ceWYCh5Co/S+MonwqM2Ppc7JWIVinnrpduFWbuvvB/sugrjEoSAFNh+cqT
+jTxM8+1tAVv7xyuOdFbR3TgiUeEfsK6E1+1Y6YKsqtiXpYN9PMpaLg+Gbw4+5esx
+z4Mn2JSsYSejohhSZikrUMHE3Z8RgxMn2WkQ3hMNjaFetD45xUTla2v5yRgYd7yr
+AQK7Chej4wtLx6yi5sTaiebxrrAunL4jBe2JpBeYg3J2dJjjPDr9Ym+YSSoc3s90
++yplLoPxszvMfFaEAKrBI2lm3kemij7chtzSNAnkW/x02yxKcgwriNGHppojUQR6
+j4Bf9kvfZX1opyA/JSysGRDj99FHop4E4lHriwFNWMfoYj63BKluQFfmsCOptokf
+9W/nAw+XTSFu9ojlXTSPtlyn3jPsSflYtO3UjMJsm9DHuRA/ZLpQ7Q11pOvI0hqj
+XfLuQ4dhDTHpFE7Lfla4tOwz/lAOSqeuqUfYKqa9heH/LlpUBbsAQM+XSLqh2cVE
+M5FXvRTcqdU9yJlMVo5+Asq5iK1cb18e3BSgAaHloJ3UaxiOaR8Ad26ryZsjAQXk
+vKlqGQ2nvYmn7i9z7hYcVZRbXnDYsyA7tFHSYLTDUlOjtC4YjdmnAjRojezRHUoz
+l1bceyBUGSKASMF08fHdMu3U1ffvze/GYr+uj5XyR4gZn1w2lkVYCC0GWAYuwdD/
+4xVR1qxDb1trdui+FNS/ET6FzlMtHHEO9f/veEPV8hsIgAouUVncN0bW0GKS0Fsp
+N72r3bNHfv8tE9W5HPF+/ATh6zD0InHqOyX2wc51wFWnSWdC00DluZl5KS5wPi3S
+MsLsRK6STboeOXgr8MhsmASGX1yUBWEs/G6jLAUDexM3FCQgYWCgCdPnMKvtesXn
+3qOhdi6On1BPqvATyXndyQ4D2SLYv1mJ6CLTPO7PTyuCWobL9Is+S+D923+CpuI+
+1POOKOLgex8sflOa4bSkpWo36JvQOOp6dXYJ+5IUlA1MZphgtKzInz+WYar2hdHR
+o6fuGzdne79XZrKSveK9L0r3H3h4n5JEZ9A6cd8bDAiYQp6w5yl7vXU7P0NL9HwR
+XiSGHaoHlRIOr4wbIqNTnX681hq62S8dPtajukz8QOhgOox/gLULgTpSDMXhTN1q
+NV/Bft6+lU9+PC0Dye3YesJWykuQFt2hM3Og4eWB9Ha/ACsGmzbgTAMtNLCD0Mud
+m2DYCO/GpUDL6dDHJDzB2qBao5zSq+zoeYpP7d9Qs4amVxFwenLPf90BI0IV+D8N
+0kh6rh9e1j/rmPv1qKzj2WvTqdBWmqOZvU5TBwAozeRI58JoSRiQLs1DfZ9o6V2H
+bRvmVxdPHTryevrFqL8jEMypBNgB+A9x5VzhnD3y1z7rxKr4+7WW3Yu60EP5irVa
+EjoKBE2hoGCuFfLGJn4xkpOzjN12SVGzL8NfXRtbkC8IBsOr13njFLNVLwzy7EwA
+LFM9QN04KV6Z9AEX8d92NqT7w/9Su2ZgFe5aPTlPW/23uwL4o41U+FFrZU53/Pyu
+e3vNy1AAh4INqP0urpy9Gnp4LP/u/AwrbdzmvJt8yjnKk03AaKNjNgFuprdplvqY
+9TUFlr7sCf/TQ4w3BTZYI1VQNrduur5FwZblI9Q6obGunMPy3IYGeV6CcCchYkXp
+u9vbe4hFFrsPlpOz5DHZT/5gI0g1ZYFJq+H73Ku78syDrWHiTGYJinj1s+Aceiak
+J0sId66GMtunyojveJOUwfxliIKXUn37TqH8HLjEYk09Uy1yXBZVLaMhXIShGMs2
+aSL3nXv2KmGDGSFTBto1R69DPsHsb/oVDLUwgF5xyZFum2UE+D17mCK1RMczsWFz
++RIHc5SYwipdn1jBfJa/r3Gg7l7bM6/Fy2oAdrhcdB2oPV9cXF/Afyfu1yyXZfVu
+Z6MWhorqZGvJ7HY+G5JFxumubE3u2x1EkrqAaFIjDc7NQQwHKxGyMTKg9I04WQew
+8wcbSuvCcI4NVt9HMy0fR5+3QkSeZnoKI6CwqRqLEsexNO6N6l3V7dFgDUOFqe1b
+Yl/81bS6b072jskkIsbFXTn76S95G3UYrEiYdn22+6KPLyOWQLczmVvztdVh6sOw
+WRoiKYXdW2UnO2AYOXCQyUxUjW06m6BJ8F0NLJ3HVuJazKouF7iZsLpHBzI8luNz
+VF4t0NLX60wv5G0AZLivVmVAadB4JIyT17ufud6sH0oSyVRid42zfBNzfn7L9rIv
+vmjfhI7SeoT2MsE7l/QtQy9hJFSh+DpdWw2taJmxP210qXA8tgGgLjDqHJ+k0wvE
+laqHGOzY4J/y4OPsGN2fiW8nRCoravNz26Ff9PZ0S35WJ46qxcMH3pIfxvIdtXZS
+HESFHzL1ejv9Y4y0O56l+w==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der
new file mode 100644
index 0000000000000000000000000000000000000000..efd8b5c98f282ee9beb9b90e6e0a7d2691da2cbc
GIT binary patch
literal 2461
zcmV;O31apzf(e;0O9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90Uk-v=6{XhaepS
z0tf&w3<d})hDe6@4FU)S05A~-1uG5%0tW;LioXGzJ-j$_1cC`jix*T-WK``(Msd^H
zl(<Ml?tU>qza|(a(0bR<YQ-50j!fCJ&L#!`Lm+oPGsXr73t2-YJeh}5{;K`wb?pQA
zqC2JgDjVgy5E~IeqAkYFr6866;oO-iE={oke;|ah{ns~1Aar_aCia5ZVRJ>?ZJnY}
zN6F@+l55<o?L|b3HaNsp(TpRt(wEPRlP3osN*F&Cc`vG=_PGD!F(CuV8ljWiPV!Z6
zI{Bh8g({Yb2K?z_BrtI8VKYw`-Mb*ig=K++9oo#RQP7gWD(KJtGG|!>rJg-#c$rPi
z=yIaX<5XFGv!|JOrBl5rc`BgKoIp~j5=JqvEyv{PEt;0M5@Nqf&FO5|)Q8S8HMWv9
zhl~IlZsZABy#lHnHYXqr+Q>>KZs<3J81;!Lq)Rt0r1soU1|8L}B2p-vS@olXX79F%
z9~&GBNZGiiCWHjT){6D340&%VByy=N#5;V==>Zrp!I?uW8vid8t`h*$cXJ05`hRbF
zF1Ir?E2?Flf&KMZne5M+gA4<j<sjVPvf#QcpWNE9zqI?COf<P0X?&o7QaX7^nG%7-
zW%_@BWP@pOZc}guFY9nx4AWR-&0?zHu37b>Vqxpe0q>x0?Fn4@sf(T1sbZlnOgT+G
ze>9vpEXD(hQbFAN-*~#;&h&|OHrH!t%%*&}X9rNW6Llsni!?nj8W+A$%V4JQ<2D31
z&wJ`cVEO)VkFH$yU^X4ZaB|qWxVCEn{jL8`z!;`;)o_;xm%`n96hV0sw4X|I%!}%H
z)k^k7JFSy2anEqQ@E*3Y-YP05<`{w42Zke&PF~=FfElbCF-g5dR_rm#g=s5940s__
zZaStFnrA=Vg4PtMNHe72&e4%2-bZ7%8FTlGkl&A{X!zd$scMbBdDD@4kO`Yn`lNBf
zgVHrdNW5b0Jg-u!sTdb5Nn;0kFkLs$^beC6Xf&5I$f31zU0;Xx!OcO%`#r@|I;fsH
z5g$tY$%?MCE4PU)WyIXw17{|q{6n?IL6F1xa|g;h3x5Xj3JFK}8zMu)J7a?tRTjEx
z!YZxfvU8}jZyI_yEZ<Q&@Gn|eeFW~d^{#&Edos?*v1`nZXR!$KmUDGYOgx|1hW<s$
z->D;Fdhj^fz>Iq}n4Gi%vpZ+7X3pVBJN9P&kjH^st6Z<)_lQqKv?7)fEOYk{)$f!w
zl48Yz2+-nCbk{MLrH3|`s3-e1z}t&|ay<rDXB(#GH75(M7TEkYCLg5isSN^cCC36O
zBRCb(I_(f<jwVBjeLVFUleJIHJ8_x+s`ZtOy&;r(3n{h><~_0dQs^{OG?j?}DB%6A
z_ICIKn)qHn@*(szTgUOIH9Y1U;*j#hyYx|cxJW(~JlW-6jEVQGI3Ydt7Ue4RB5cl+
zV$BDSESQm|B~I_kCk#VB*o|9<I%SD`zJ~-qwDWC6jkVrv{l^K2C<WLml6I|b3b0~V
z=8PL6PF7rqdJScTB3;KfUB>##M1{```2@nq)q)zU!Wi-f2a&r5Be<}GSJi}JiD*xv
zlRUpuq6z6!2eI8`^J55?n^n=(C=7s@!mCw7JQLNjY<1(L5N!<It$3L!!gEC$X9S*+
zDHjhSlXtF*uKhV}YGnWZ@uOa7WN3czkg3!}5D>azdQ>IyKkK~dal9EY9!)i?tCj^f
zmW$O%DN3#4om0=}NLSt3Ql%*``;$d?_ZpLsAwK4pY|n{h(Zt4-tb9<TDK$A0q3s$2
zo*&qav9`;otleNK`z#{;Fsqb(U<Gz+5Oi@rXB1nyNni8fF`1)%aFk|&SZob=IovU}
zxN)rMpL|=8+8<ZYqUu7$B|zW$k54K0?sqD2N5)4aGsCVKQS_P>>$|2#+9hbEsLbt+
zyqH1j9Ud4d84i(RK&tzIrGW`#Zsmhq7+vGF(H@u{BWGvrmo>J@C+=7i)a@_E?(Ld?
zhIHnb9tJAGXPTeUEG!jQ#z!v-60>)zL|uhYrjba9?Db66Q^6(r+`WJRXVcq5?)!V`
z8C%^=%<o;TDDolYB*(7AtyJhcZ;1dW_sLd)dA)&637=AHq}o^>FGnvW%e@jm$-Fci
zIv$|XW!2!FDv$nscT94!1WJezs?Qjhg6)8BF6;`2*P>%1^X1zvR1E#CDz|if*5deP
z_G;wu2;-m2i7cCZEe58Y)Km1Rc&1E+P<{b|W<VLKA6e=2rG3|=$_N6S4dWPI)a1+!
z6(|9oo$rc%e&U<kiyTufv7vPv@9nTc$CL8Wzo@I>T^R$}h+0KASd$24A+c#qi?7VN
z8~(N+s5u$NoPnpyHJ^WweCFHZw}~2r^_V`VcWqQDq%y%AWZ}i*+HKmmjb!$24A6(K
zfIkcL><npW4b<dVb=zobW*d}IUw7itKhJ&ZK=y6$?Il#6@(A)6Uywg!1uk<Yq;ttC
z?ePE>&~~2t2LJbl!5N6JjS)!g?nz%F?U2%9W>o6#NWs+Ew||o$=UL5QL|vQaqlUTi
zn||nh%w6Wn_FQtNUAJ#4x&qzkS?@V4vK<K3NcYJJtsCznKSPMH29`)Uu*_9D!n)`N
z-SKaKrm}DZxlYju{RDZGin7>hBFmeJVZ`x^g7ehw>OJ`K51=RGHYa$%XC0u~@mo{@
zQnu8wE9=)p$6pLq>;0yIarD;!8OnLCw`XbG>G$6J=uo+1YDT}DMTA^5k(lGsj8Gd$
z7Td{+9a^@rosAa;-T7+9{MQz6D&01tH+zY$;!U$jyvKb+aC@K+)fyoiLH4~m0Dhbk
z;!xrEU)vs;b9g~qTI@kgV8+8+t*9$cpCFh({szEZ@s|lh9J61Pe50P~Exc5TejXKu
zHvn8$ZhIj|o20Fic5J*cm(BE1_g9(>aF^@*(d<nBQ~%IY>B}huc`CTnIpmK!&{K7z
z2@ni;9W;wYsC_0bVc0@T9a9;xqq<?sxu?B9*i=3Eq^&V|X+>_dVgBT!ODqO{#O&tJ
z=nMX79Fd(BNtD_anv21Q_ERM3$n}H0{GfregQRsub=|oc34^1E1-Qk+Bua}}9)_M$
zAP1{i;0_sVwG|t~L25LK?UfI-q+ubx*MXPCTHN`NP$&<^;0;!UgRcWsVKpZHa~tv9
bPsEJav4jTW#X4ZBiEWB47NnWeA!0cUWns1?

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
new file mode 100644
index 000000000..16b13a450
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJmTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIVI1x10/M7+ACAggA
+MAwGCCqGSIb3DQIIBQAwEQYFKw4DAgcECPtdOOUMWuSbBIIJSAksArEUkFkTphQT
+0c8tc3j45tJKHXFXhtt4V4pX26Ydh4cjenAveKvrawKhmpSW7O0n6A81nwwOxUH5
+VaPDrA20Uz61+S5BbC8bDa7U6IhA2g6nr5qERb9rCl4eUvm3RWyzEqbLeiUER1Rw
+XrxiMva7wIZhZJNMdq5Bb9yhI1XMLlowf2WvNJGCgGC4aKbr1hp3AqJ3O79iRckF
+XP0fyLt5u8CSU/1NWGAUkQbnqAXYpE0gN7tzDLbBcAyRet7njaplj0XaZlOdOofT
+JQ8db7bavSGe7PeGjC2EZUNElgbHUbb2P31rNN76YR6JqN9cvj8gCGV1DETjEbgY
+theTtptT7/f7UWzR2xrts1iieYRy0luPo5xPOa4UDvbYcHtUVgSkrblw4A0Id9R2
+8dRN8pW/7GPeaV6eqgUYVrqx76zVu8l7QtiZuA05tH2eVrTsMe9DnsvFV/kZIVpb
+8fnkokxp5OZOIIsUxIQdA4fxHA5k3Dw6/0bXVgYHXJTpdIlA8yHFgAkOFkhi9Wl0
++d02COhFQUMB8vqsHc61aFAvKTMwMIs8/ui34rTSBnBLsmMQlNxgNzc14Dz3fGcj
+LU1lHosX+l9M+vEtiMD+lp3szj7b2+o1apc41L38CWo8XXVLyZ2lmQSHXz+PRWSl
+afjR1chBzlulvELqIMZkjsBazv4jHJOD7Alwcg9pb/i0QqFTbZzDyRmHW2Vfjn7f
+ZzfXZvnW0KLjH4BvRiSpkum/9PbXxQnxryMC36MHmEFUS2vwi5UUjSM9Ak1sdeUH
+b3D00kcERPREb8Pru9+aqK7fBmV+QTAhG5UqJ1E+Zx1YZp5791At4oC7udTud7eE
+n/1zKs1JWh/u8QZkLzHBkBZDIaRSCN6E/zSDmx4VjwCRv08fJK1ChkJJKs6mtCSA
+mQ5noc1kqy8Osaj56FpOxV6Jgr6vpEO7vYpBnQ0DGU5lkE1ij3puyaODR0CMgWXO
+DdoYWW1F53Sewu9MSpSf0/AZZZ4S2lQGhsH7Kfco/hXKV+/9Sj/8Mw82MDVojPvT
+vCc23ORArMRzWFItdDR0jkFVj3sV3csjvjG7/uuRtnapHqqhwiNbfRYoW8cL0y3O
+NO5179OE8Xmo0hHKYaDs3Nr+3dnFwQJ9HEJnKrH5MM2G1qUFknBYFqYEkmCXO87G
+ZtEIywtFEGElGymGWWhlg6tJxEcObN8sNHf0hqv7kH/jN6JuEFLQlfLz1b20XNka
+3rv5WKj7lMrpII9agGO7VR+zbpJ2RYv0a4N+D46SZGIoWKjravmrMzFhXju54HMR
+OKrL06njAoRE0TfpqGzv3InPJg7L8Bb9FtXMdficQ8BM5f62b7u8xcce7VLyhz+6
+1cboaTywfD9mbGteysdoooFihVThc49/DPSi01jqZ4PE937tGDlt5GWFiIOaobF/
+zfWxJq3BWA1LaVj44r9P4jORcP0fWvabcgzlD7vewvSk7cp+g8fGYipN8t4oqynp
+DGXYVCTzckllwNnVlCRcOpwYgdaz/2dEMqh4UH5bPI86Lu2J6Mr9iTuQ3CL967Lg
+hEVmb7HTO2Tr5mnAIkAUveJbLXqPGynh6d3k39m56h5DyPKDPBidjkXFnLlSJwO4
+RPoAyVB3JOMEJ5Am/pXauj7NXErNTKRuWVQVspszi6ycoaiPGfXWYypZXy9W6hJ9
+NWif4SKTpVVYBWH39YXBfyHwnSHeggsvUpmVzRldXuLRags82i4bVd6AjXZRQLfg
+SuvH/RPshm1CUwt+TArl6FM9MjdIOQM/8YUbyk/BcZsdM9ChHa+1soMXAhjz59ge
+T19BzvZWeDIuw9uatqSL/QWAENQcKalo1zFphkFLkHCQnvs3+cwPLo8AP9ES1W4G
+4KyiO+5e/04XqFDOg2iRYoaHEhM0zGTJpU9TDJQ1AQAmHj8TJ4eL6s5OaSzWN3dP
+C4d4V9Ay2y4VFNacVuOTAI945+yi6GN+63sL4FB723Jkruma9vhOhqGht5WOltXl
+yBjcMFmxhsvk9yErnPN/lUIpvy/BlAfPkTmSzTcam/ZfCOgIfFarbR5Hahynf6u4
+x2ECWJtELt5jhxs1gnepZRh71WJbjo25SJO/PSI13uMhd0cBIlhu0iiVtGzucgeU
+PzUC6PO1gB2WgkFXaF839TO/dVpgbK2sBjRUjzqnYs+YMSVwiNY8gc2VAnXQu+oV
+NdNaPEF79JTp14Tq0rmhcjczdVQ7gCNUD5g8ehovAkp6DkKCoMmbKgagP9MnKrhS
+0tkaZwpLxRYiz7vZJhZvz1i64C7auy90fJxVAmsl0sC97dWsbcLaQoIKuwfn0kO8
+q2Rx4xRMixI5uoWDYamNL5RAo1nmsvCQCWO/E5pKzEyykFZfQ+iX5/cFgjXmMBcJ
+1PRRrQcHvtAV51GhPXxPnskltHDUEV1xovYGH0yk20NZPEIVLf2OVGpcQICDzLyB
+IwxufeHMkakAcQO1ngz6czBMMPFhEqaTBDafybw94ObpVrpjO8bEuj96nmFh5hc0
+o/dnMsU8q7syRIinjZTMcvwYLE1C6BSdY0j9TwDdFvH0IhmPaKgCxgoKuyiS2UtD
+G8JPZI9ymOKMnzaqLc5F56j2LSsOIf1o6svHWG2nGGCLCMgLaDCl1rkVYOhQ56Bf
+/a/iPfzkz1IYCO6zvq7AfImGHS7HLCk2Iusc2Oicf3fpjJ8TuMDwgUauGx9RKN2b
+znBUQeI1d6PWflz/Xl1L8GTDc/YI344axYvi3F9HND+gcOEpfcw8jxy/yMYHv2RT
+S4bGyRodGrVZDg7AjFyzLuwapM+GS09Qxdr/4cdEzLT+cuD+K9NsOr/TSvZD7YO8
+09yVbXWBIHOXoVKPz8PSg6bb+Wzk73btacNRgaWlqa2EhT2g5pwSAcDwrTqN9GG7
+0MiyEsWd2uCET8LBXmLPC4U0iHg85X0jC/fdM7xpRAKayuh5omYwyxxunZhAZ18H
+1meJbao8mCqDopih6HYgDbH3sQvk2BUIr0wX3MC7ITLAiIiziJdvXWYaIrDf+y61
+gCf+0REpAKV0uaH1/PkOp7vmjeOHdUdSOOSH5AkyqBt4jNJDwi2yth3XJoyH+b+6
+XGuzvCFDuwIZa9PPsAXkg7lb7+n9L0LSddUChVZQ0NVirNRGTek8p8Y8SYPJZHk3
+ZuoG/kXvaiCSaP0ceg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der
new file mode 100644
index 0000000000000000000000000000000000000000..460fec89132938172b51bcda4afe83ff843b8ba8
GIT binary patch
literal 2461
zcmV;O31apzf(e;0O9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90UlMC7T~<qZ%>-
z0tf&w3<d})hDe6@4FU-T05A~-1uG5%0tW;L2Oj^Ib<2K@1cC`jW6NN7tV*Or<-@$v
z&V-aBqDn`O$O3=3F~yDJn_k5{xW@x}q91N^RE7pTI9q4FQ2LUGw@Y?}cEUX3R$W-h
zt`Kzr#R6M{Qo(6I(964kvMEVzI}f)$7#1M&w_SjhaFAvkHG^_ydgd6KFi(D}5C>m^
zr{$Ny<8nj!Dy|+O<Dq#(>Mn1|Tfj5Kt8v1!R>8tFWkk1%`k{$+jJwWLE!b$8Q~K0H
zLeVxt1Xfn!o$8L0nVDazUfw+BDV+jxV&!KN_6@Ots=_;Z8oXyP_^zw_K3U!phj<I(
z!>8*nLi{uN+8jd8#Un}>(PjCf=iWdK2Z~1_-g|RS{1&jyVuVsi18)tP+MYt$6)!{l
zKt>1~pp=WLhh9OOnkL{`EXTded^;Ro3*qBWUAd&Y&}Gblmm@eNz4dgNW$O=e*g%A4
zt1<uGQ@1}Mp86yZzO-_y^`7D>o!xM0xK!m%=q^P@;tmL|pHyt(1$PLen1Z&w&M#!_
zlgeR1`VeamsHnMcl~LB9J}gPwV3+6*W4OGW6=YP@)n?(LXO$Pw9Gi0Wdc|6?`@kNt
zCNkv1RoRM59jck$`dyr5${^i~(*OES#5nj8o)mY)V}2tCT?VFMALJ>lb&fUQQyX;F
zZUAPCVNAad-3!xP&u>g{wx3Fb-q-Sg6mGy|qC&<QqcGP)F5yjp0Dq<bK!3VgLKuOk
z)hQ8{tD+Du&4Ww}@e&!y(;Ixn7Q<`-NMz8T_`}TnC~`Aa_E|Lx@$Q8pPE!JM4)i12
zQ)2IcoZ`fua#Y0*#hIJYT7tO<Vxx`^!0|Psse4s*yu=ZF>mxOYam(-4@;R?c0hqD9
zO6MD6+|}v0dy;mrCESA4QW>m9XwrY6c61O!j;Wa|F~M(g>PR?KJjTnL2D=4L8U(l!
z4U7x&nHQo&AqHMSG$9f1k%@Gu8Vb`2>*^wdPp$=fS#RZCSF=^SiPuxD0Ne|;gzh<0
z4hK-UxiXa{g$B#ULzkBnAwf42=YbA8#uba_?UTU>xpOGgW0iQP|7=t?pFqX1vI~yX
zcfdoigQ0!*O<xwJuSCedkuR7h6z5xjEHNQ253cgg$cbqIG9%sv40s_oJEh*Gh9wfn
zlOF$(G6s&%+U^c34rnWtl|f98IrPYyvchraXkv#$q*@%GQ1Brp)rdYh1|AdrBO*Ai
zW<WjGMk}71zm7-p40D_}jB`OYK1pJ8OEmE6_0W7IQKV~<4t;mz<coKj<+iDOuROQZ
z49W553S!$zI)`>pc4mq5XWM%;lA=Vkq~<86o5oy?Ql59@FS|O#s?tmSKxR)3JD!2`
z7dH;12VEQ7eC;cWj<_#tDpE*ke+}amX0jQ>gwl8ml>Kt8!I3Z$4LFkH_Rk_r4pjwY
zMR7YR8`s0w;BbBQ1vGmB8MZ~Q10j;!heK5nPuvdG)X%zXiddXyJ<eCGM~T3u$vo(j
zO@i1_P&K|dGA%iMq3CwJ$5|PQEGH>mpcHit<{AS|+D8F^GAuIo?DzWfVOS*%ZQ6Pg
z{kBW-yPtcvg7lNh$njs!Lpl)1<H{OF7%7qYQg#ooOG(Ulzz9CfiOkS@2q3m1g3;%;
z-YT5b2NAlI>TE@1+wW5147#p7oh1$+ALPIViwIBHNyZ~5eOy&+sHdl*NCTcc2E@xd
zAHRhIEw0P?FQI;Iq2>k9jb5wY9wI<<$0xri5-wTqL3&qa17m&AvkvqndSJ+dj!!G*
z3lByR2w_4+XtOO4>V4teZs;XoL@F%Q!{(ixqMm_3PJy%BjKsR^_G;&xn>}(+fd<K7
z@@!SOPjl^vgO6vwSqDB>li1a-K_<O#lZ>oS&n!GJ^BjM+A7{p%SMoATeuGtI?(>Kj
zlQ*&t-+m`AHr)|}s?4K=st1?{4)<6SXZ4@OvrPKxZ*~rUHD&MGUh~q$I)LZwJ63l&
zOSWAmv2(QCOa-TfY)t-IxMMj4Iiz3Om+I8a(LL-&L(x4W7qLGWX|il4UN<&2HV1pS
zB^3wb&n8*n^j<MM_EC{`m!;1K&kO8}FF)JrkuqNfg+?c`3E#p6W7*%A4d=bC@L#Bk
zz)lQq>d<Bo7F^76g1qV+T&Wrnz5*$>ti(%o4^Bp_n2+=iuTnPGV`8|jxa|{zvvjbv
zh4sbJ;`yqBsW1dbdFgXakvDsgk1|ag&!*JcAg4HnElNvu-UpVSU`-0*f>n+B0M{O|
zpa-}W0%WU9Ho<8k3Ysf5R0d4UVwh&0<Ez#AxV7#uRXn*kNUR;_MpaJGTpUz;?0pid
z-DOujOXy|R?h-*bo3Z!URt~4Oal;TpI4i*0>rDN6WcV7`cCG6D1YnGFx3RIApWD%U
zDUYyT@0<O(yn|h2^Oe1oF?tTWw7ik_1oV1i+`zq|9r4F{36=%+EKUjW2kr`0RFNUm
zr`s5$el9?Xr27Rxp++_a7#9b5C<bHHcwy~`7ZOGHc2<EygF4NmPO9mKdwS-`kbMpn
zpk^PcAVXV*FoZ!y_%B<lW9fw3=N6kE&dt(?hD8B}SBUcN68pXBSuRpLC-xls=3IZ-
zEx0+|$m>RBo=DDY7oyWM`5BP+U7eR#!!(PNL12=-#~|5N@V3#v#*YRB!+=0but}DD
zy<B`6=zj;ZA0VvXC<17soCDmqM8zobD#BcN8CKBV*<mu-$&ft%xNcK=aSe4!B_dxF
z*}?9>5J|UFnjv*=TFLYTH~ZSF+wsdOL={Y}evgU$Q&azcts*kzx|{BN*FOkUC*lrZ
z{|1K!Nvs>OV@5@D9xqC-cFx?h4ShjdAbr~RH~=)*1rCb>5TS(^6!u?n{Tg6LJ&qmR
zmYQ6IaJwRFtnG&=XeT4j#W|G_F%w|jod%*MWbChhRZLx|y|>>g4I#9&jT4RP<`(Pj
zR(y<=q5(MFA(M8qnqX_>je7uNSq<x5Dlz97y`)3AT1cpK^XTTs-w(^Adyz*#-n?1<
zW)^6|46IFOeEyLT_pAqYw9~7|WJTEL63V<li(wRcNR8P7OuxQ)ny+5yhkJtU5n*{I
zF9G-Vh3Z56D{`6*-vKX*B|lB*Y)ZhNLTHiOE)!pAAmE5lhito?jW3PQ&<P#%e4TqG
bwymwrWoGIc)tsywt(gyP+snlp!1f~T#IKgq

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
new file mode 100644
index 000000000..fce0fa489
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJmTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIeGIEeTeMjjUCAggA
+MAwGCCqGSIb3DQIJBQAwEQYFKw4DAgcECAVqbN6bg9XtBIIJSMsnr6bHptgBKqX3
+4QknOpx4J8Z3yp5PjEAgA2FAehZspTmAEF1vMYZqle3VOzBH5MqCk4UA3Ep5eK5m
+d8xYHiqjCCRqVfy2DTgiXgqAiknHFrHNMW29pzNiG7NP/rQhmR2EOIH8376N0HY3
+OgEW5bFVwgkknWzb7LQ4Uhcbd/fb2NC5WGJrpVNb1fQXjbvzPairSSz54tO+0MmW
+3sjv+4LR2CqQqsurcUmcC0OQUL+srOLbbDV2ENuQEH5MwPpoy+xFcgMHX8KyjYBq
+WIolLU9EGxeRfNVBLGD2aMMmKC3o91S75pqz/2VQ6agChtzBIihi4BV3CWe/m0Wz
+0Ikn5PgcGnUOHq9xByWA+ZA407Rzmpc1yj8y94VmFveMFiqEz/0gCaoSh70CAjsb
+lmFg10lOS2N6jQHz5RcZG5mkZbSW9aU0x5HkJWBKqo3uJ1iG9PzkJ46xrkyoW8MD
+UGAUSNAraFrFJBDHQCRsgINMvvbPS9aTSzKDOC+X6qtrTbZRd4mkkRcxW+sUtEcm
+MS5xKgXK5aFyJMqcaPtHgFqB6I1mQzzF+mXpq5atp1own/oQRSfacLGuZ2w21Y6B
+Wc4/Hw22H3QXBGxWHS2/R9KFGvoekUwe0472jA/jPKKx9N5PKahiwrMoD3UmdGNh
+7greULvNAdAS3JWBZMk9dRPgD4NS3b2mcbjDXX/u6OZ/dai86xF1u1chanFF2+6I
+6Jntv1lJf+taNHxKbzzX6n+0IrYiFtyQZFwLNeN9XjrSUe2r3yfkPsfFC/Pant9H
+pbG8tnuDfB4FfeDuBfJrr3Jn6+S3TG1H8vIvkNxs8QE/1DPvIblnNZieO68FJask
+7gQb5wYMIcnYznTrmYSFjj2Pz78O+XwEA86v6n8HuzgwzQxkbPAry4ODkIcoD4A7
+ZqPCrJqENkdOamfHO4cPwnaYiuE/+ySz2EnAYr3460PLktbBt3yQN5ICr2tHDOpF
+uK+2HQ/n9nwHhb7y0I+y02wfE5pK/+Qlnnwa2k5qecjlW2ArM701T96NAugm3+5B
+nmytXOOEo5ihc3lwPHQCY4u1p42kZhTwhw6Avbym0MTpL08AspYUK8zesbhtkSVP
+lyPqWFO98TqkyaHDfqwbbNsPzoelf/Abpl90Yr+NTXqpDIt+DaDEQITicsHcOTlH
+fyVG36Fp/A/BePMYEaJ4CH9rcQ8UeVuPM9I4TkLY8DD/uNoD4wzp9KXUmbOke82C
+JNpIzWcgTzSmn93ZrEIPLcdHEwe4SqVquzX5JHszm8OsJKupgYD72yWFJoYrxo47
+QQ0m/hgqgXb1NYurTAmBNUsZSG3LwY2p2whz3JEdqWMnfZX3SQFduSWow2FGEoJj
+EHBkduWt2yena6kKqE6GStKun3Z48BR48tHHZKHgG8fKiBNZfnyXRXy58d4FJtF0
+mq906Xxmphxv+xtAchyUabgQxVdaNODMCeY2UtP95elNYz9K+8HUl4THdx8eWHRn
+umlXSiIDNJ/kesHsBhtHuj/nk1vyLzTnMyGgZToQXKNSjnrWHH4aLWaglvJrsLi/
+huzz5wVB7Ihhc1aB50kKCHmtjUiCAV5c7MtPiGFSI/8Z5T/i249e6qfbBoiXkbAH
+wc6rvWCf4dBgXaOEI6yBA/maszl6iGhz9N8/lInWvfS9LVoW6ZlwQHQ/nfc/06oy
+ZKT0T8ynjfuOGOuuEcLuwxH9FMdpjAyUzoa7EGAjvUANX6A2N2QkOUi1Smg4pm7B
+ZG6zHDUDv2Cy5sFQmN8MWtY72uTobbMKuCd9xDZ/FJjAqZg0IaLU+yvS0DL7ReUi
+k8E020LmR3m8rga018lcGJM38z65M7HN0drkc3lzuY4yHH+tJTNQ2JqfreT7wVbH
+pQ/xqzkZ9hO5u6+KFQDj1etq32XTsLiFpJBmbl91gUm4DVRTN4M18U9LNT64prc1
+9QYqCxlDq9rwgWqlaKnnJ8iPICmWkwLI6CAkqisXvOiW77BUGoE8pjzN4d59S96h
+vz/Ncgf2AA/EkH0qbMmxLms5q3vYfjBNjbvhwj7sdNBIWnMukMKs2pqamDL64DkH
+5usjm0YGcLkPE7IyEpxv8hqUt1YcIlGuK/RiODTPYPoGmu/Qag/CSjd/QJv4yDOT
+fyJTlfmn9s1jsVerDazKt/IcPnIOkhyvmucSznPBgo4uJRjl0e7D75it6Vp0ki2K
+aHBY0O5LSIz3IlNo64o4Q9Be+848SG5s3CTekXePlf3ZqFccozmU5kimv6FFL/5y
+GDppveL1Oe+JRCgZiBXCGM4vzI6RW+WGUeHNY78vW9p4WzMh0c/vYL445jBN6utk
+xg8jtY3YhWJ4xCnXD7GfIXGBzCYH/DHbtb5Vro5668NVjoSgCmf1DG1zRILYteYx
+fL8o3CyZridfLCl0bQG8kAXkqikGzFsnNE0UNvGI3uxF8kV2PV3LEM3IHqUcB3mt
+JM6/IoLMigIec5QHGwigrrQu2fQU0ESrVbImulwRdN8C65hNJXRasRSRoQXogSsA
+5FJmp0m3LD7txOZuGEpI7nV/JMZYsGS63Asw/5DOWbSTwoJaBX8o6U77sDSdGa4Q
+pryCldJRd8951JDd4YD/mfezuPD5ZrL092Ljx3ei9SoCLiBUHhI/T7MYAMOrzQOY
+X3whFHiZpLkaBeF2ZOJL6MTS4eS7tzDUiL7DvcSPnFX1X/Ei2GC/RmbUZirKCYDF
+GxwinAWMYAyiIfj2BeGE3uiGXnUFTtdzKzPaBMvA0RlebuWWFz7ohyz/GJGnzAwp
+rN+ueyUIAa5k5MMZu3FLdkdIwHBJVRqmyRnx03SUFRXawyGO5hv4Xr9XvzCKcQ6A
+QQFjln6Oh2b7KOKyUseFlEa45Dopx46SVWkYMzzuG8Du53z7rnepzepOK99/QUCv
+HTSJ7J8ySCnstBPp8Cghl7BkgsStVZEq9bydDHwezhy5XuAwMgLWaVg0qYApFTYo
+R5fMh6XGR83aDvoGTOXBbwCTP1I4VX9C0E6hKjwCuqbRCdb2fNZbHWb9qhbLxg30
+9ne4p9v+X03UacKxXRj1vcZPK5u8Zy99bR8hf85iXQEJJRBed07FbiYEO0LFlaCF
+D0st72u3r/V6cr8tj4nL0+Vdi/REnch0dCb30113KvLjU6jAO/rU8maTYZ0JYDlk
+CFOA3zlwA7tyo7+qTg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der
new file mode 100644
index 0000000000000000000000000000000000000000..c78ff2e7051a5ff9225717806ae2c4297be57932
GIT binary patch
literal 2461
zcmV;O31apzf(e;0O9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90Ukfd>gP-s=TEF
z0tf&w3<d})hDe6@4FU=U05A~-1uG5%0tW;L%dw9!Dm04&1cC`j+h{3xeLuTq<BuGT
zl9Rgc=IY?#Shubd;-{E73HRV%Q|UUr*7J!mF1&$&4>0);2uZtdzVR<w#EX?%Oh};l
z6Co2`>%lF|5+^1Ie)Q>mP}jD37A4&q{Ceq4xYuW}hgDbkYhu`>sDV&R0mxH^D5EWY
z>Or*S)JU(x(v5xkx$%vxbV<)CTU51)MokvMq6|c>qzO@iqE$Tv81MLuZHC!i7g)th
zIEQ7kEbXEQ0Nwu6!6tXUDj-Bg@31jn^H$G?0!=;7_qG#!52_G#D43`TPi`o(OulDx
zRziR{fvxn{2DsZBGn64SvK*1t+Rba~?rTdazZ3bEest6c%Xu%?I(JS5zMwIkT7~pG
zAl%GWa%Zp}Rh+l`2MVOPuo@Oi$NTEpN@xL9jB^m7D*exI0!0fC$%mc=T?nUMiY;`L
z|4zU=XnWGiZ6*SI^2492&nXl}V-@t}k+g@dq<0t-0vI7Uw?5|b33iGs4d%h=Zx{l@
z)~_y_iB;@rnp~UY^O{V%=oDMZ#5QjU88b_iv;cBc^U9tkjJIJoSVqX1>WbDffT_aa
z+u}U-*}c@Cz*`l9*|b`xK*Wj*Km4$W`w1qj!q$lt|BiKXc$G|co5Znj5``bt&<dZy
zyc5i%W!NdhHmVlqHa)QcM%`HTppiwedpzAO2w#j3Sjv=hBK-n@xC$NwX?v+dhz{p;
zj=APBfcTNvY-g5>M!s`I{f9lz)l3Jq{Dq@lY0u_%^FhtIfmIPQ#40k%yo})zsi2ph
z8$z3d-v(&w>upisv8wgje(_ShU;ilVWDsUnr+^AnZx;tolGM93S(r)+XAzRzr|>N@
zxX*7YFD0ZcE~|<xV~$IlIH4)%QyK7Q01p=Rq&}AF_C)PXe(DbP52L4BsrUIuJ+=f}
zyvK+N(6`JGs?rS^&<0-9N63eowZiuNxp-EKKYmX`qPEjuhI>mKjMX2z3&Y0J6uT`I
z7RGc%!A!vK;~&D9zk73rClHV3Mq=|yAc|axf7pNTu0T;ubz)OeQV=%htfmi#kT$lw
zBnxenh@wx7X?A-<0KLI8LVt`wiN%IV37nAf5Zar9Gu@gd?}pTwl0H*(`hJT>?2T_$
z1&}gpP5Yx#&o}~3Ou-RykhS>If|LNfHfsWFc1{Y@H_-Q~)w~l}x$i}GuS|4nW<aqJ
z?i4IMX%snzty0N_od|by?T`w2%4W2EN)o;;{a=0E96eXQQ-8j~e8SD3p<+xOOPiA?
zd!N2X-OSta>k;hCL5LisY<ywCi(I^@pXL^te<QR7_aumOJHMPGyXuHwJT53n5|U9M
z%0T|*?qA3MQwZ)~_I+4%-vTD4vTWjj|Lt_g3@Pjbk{CQ4wfmOlzPIc>(R7Y4qR_nD
z!)AE{qFb0FrJ`0)?MJalV-E>cql>pW1tV9g0CA;Qynwns_5*9@Dw{Nik$1tTkUdPD
zrGw7iiXZe;OG05~Ku7jqu^a(cW8hk6Pl6TNK@=W}PJnzMpV>9Lz_foLrFHP<8Pxi0
zT`E+}d1c9(VdkRO54p1i+bwmw?`QQuAD$q}zl)K$B2UZKhc%1!erjcgmr~K~gknh2
zqqA|1QfBjw7`qn%2q#t~)hk|moU*91EgJaH?pm#%k&PYftMU+izn*n>h+ztS6VMfI
zNk-z=1{UMC<<a^xFK5u6e{AXAqWEjS*h?bd63;$e7_D6$+7$2!tZU}7rURqwlG`WA
zaj2|+PBAbVIzVkR2;OGx{f_-nYf618z$=53hL_Bc#}q!c=+lU`myjZ*CgdVso3oqO
zQShzAJK!`o;-Gk%CE`mK{Z24|GhW5~2u&$__92jP40+d8jpy(S5q~SHkX5HiT|JSU
z=t(ark*D~zY@cd$enHaR4K)JY-DvwvvJ(Ifq?Te<**oBmXIt}(^`$moLVAo(CKD`M
z^);YdSrO0U<uUvX5RM$j=iK?fA*X^npiW|bvN3=J5g5PEfaHYWy%+7pO<VU*6VnJh
z3$6$Xrc&gwD1Am<EtuEND`KP);AZz;LdoeB8Ov@nv%OEX5@c$c;=EXU7oqE^j83X!
z2C?!EsZWT6T4d(7!_sF+sk#Y_UIm|&jw%#>SgC3F(j=WC&uGQaW{VylKhrPfqkE-X
z;2!W1J8dVUH(kPyso;W^FVCrOsc3aSfqURL{nH2%`~TUaPTs|I&#}=SVSZiRH$&(x
z{2w0dHlt`Pi+9L)T4bl+lIQ#i#X`rXM}8#t#$f_tVit_dxt7XG*c)ERxan~^o3?G7
zEcNW=ivfl9!&#emEvC%)FjV3*Ekm6Rmr8z{@5Qjz>fLCY1f+UH_KowCO;vB{7N!=g
zD*eVFOCin5s?mNQLuVh1sbW_tNrUO1iZ$iw<MG7NQqy8VWHtTyQu!QhK_H`0KlRuY
zXyb^Q@h{+m?$ay2Lh_&~4%Zf<ajUEQ?|Fh~Cn%xAWn53%s@AfGF-Hpo;yMfL6(gsG
zK(#6PiMs{r4{*TT{mS-=Msjd28InHfSd|uoqjL=GWDbQ5Ued6SrL9kNi$tn<>L5%j
zC5iNZ43BagH@LzsQPj)!B6>uot$`D$LA5%bCqXOz59l>6qRY%aNUar!#ww;JA}sAA
z#`6YmNf`aqW^z=QGa^6{CC$C5Us0DX9UczYDBoY<1*dJ5BxYrOH@|?{F9mKl!JL0R
zM>otoFFHDwVB%Z~gJd3!fvj*6I&cPU>X_UF|Bh^bjCc`I&Ip%q8~y0rLA(%rfBL_L
zSkW^vynN>2`|*}Zvu^MrRL@Kv4QzSk0@H?(bhmu}A$?gzh#o76wkV#0TW`;ulf;w8
zXch*qyx;M{LumP{X{M%K>##<DUM`uK7)k-EfKK`d9~87({LtztKIV496WYOwpyj@U
z&ih{h@gfvekC!@`u%S_awQUpzmb!?PT9C1<*3698pmZhVEwxtI+0Qf6(C=q=C_}TL
zjtoycJc@UjStRdbqe1$51BD$u=G~5fm~6vhU-WaeK4<6u;p^gd{-HmpnV73W5Dz6*
zUQ~z}JfI65+!<nm>@n?+x?NPWj+WG*acS87=!v?*X-eyRZ>Eu`5Lrlq4p^et6}_Ru
bSm+*sM*?^b>6<nl56gSxn-kYvwJDz$9%ize

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
new file mode 100644
index 000000000..53251e420
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJmTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQI/44xqqStiVUCAggA
+MAwGCCqGSIb3DQIKBQAwEQYFKw4DAgcECISKMFVzj/gJBIIJSDl8mpZz2qwI2/bA
+G+i8Eem50G7EdQNLsIkCG8Qgu/IplVx7MyGLd3FUmPpSVnEsxvfk3rRJb8NDnm9m
+YcJRy09H3CFv+q/nqyrXR20jVFNVshho6+Ky6A5x+jSrlzlgY7IHFXcRSfaNX3oL
+vg+TpJfG5Ls9oDwEzG0C5FZlblrSXVL8dKEKwF74crYCm8zhqUJGuaZsSkpq7LiL
+9wpvPkA4VmI/qqqeINwyhHP9DYGUEGCAieL6Qbk3hzHnvZybnhmyLjnJdyWNg2aF
+E1kgBo6ePj7LeMvFI7UaJY+lqVkOA2vlqmU6La8IP0OaFQHhYwLbgEJE0jPihMnD
+7bysQvcoQrPc5vaj5RFuAcsjvx7uCFyFk5afaMyWAxUzxpfzl7tTIuFkjmTz74S+
+nFThzKCEoyxGYOAP25nYSLhKmWCmQMskhacvYc7MCuUkZvj5xTCVDp1i6yN9TcyN
+SDq7EhHir+DbFBYtd6P7pL0oz0aMEJoNMpk2PFQTr/d7iid06GwWccsjuhdfKKaR
+Dkh3hldz+SHZ7eLvrp5sKF9v3hPhX8qAfKn+72ri2JNBtiJvcn0zkHK+4WPv7giy
+ZTohABGs5Ju+C2tMC4QCWuHx4onKHoqAM6okVOQmdOWVOGlC1n9MykGU2vIyYcXt
+ih9abRsYm39XRocSqosqU1Vh0Wxt2cPcwqQ3Ym0RevV+LirLpVrS74fskH05f8kO
+6mhv9ybBPNCXbbMlO5He6v7ck+RALOzpR1hkwdn+2K1vZG7gF7PUrF7ZF0OzDDaM
+0iB5kRRr/gdyFP2cVwEUl80KHqUTTscSS1ZkASIMX9Z3spFdDHxFo7j6QFl+nW9t
+IYoyJI9QmcIxgpL984hTKEexoJdQfmi1CKkNoJTmk7ypgAKqiTc7o7iOtXjz8lyf
+SFVRJQdfDbqlaHqOzxW7XkcD8qTTzgSMcnJEM6+FbJg9WVOU8yDc2KNKv1kmbP9u
+a12AzFDRTCA+D9+g0UUdTZhjcVEULLpa0Wshoi2NdcnB2Tn/FhSJZctflqr1u3TH
+np85NxayNRisEh/gCVkHlv9lmH2xjLGEz/AlRT0f682qgt9SP1nzcTIxY/i1T8Oh
+BmiY/lsEKUSKOhsBO/tm2VPOE9dUOSATlNzxRhItqTAl3xbRGbt8rdQ4nQE6MAd8
+ofwPTjRheJmBFfh3vZVPpKxgScpQ+OmJ7Jx8McgMCMwv4Wj+thIPFGWqrS+m8HsJ
+IxvPF+QuJ4ECqISCzetUJKI0MknWxlWsE7tgZSjLyQbMLaiKLocBwGZUlOOOp+lR
+7GY56oAbANqXhjbA+AoBFqe5GrizCvjEVYKg5Rj9OeHHEIxLK7vPeND6tvSfmK+C
+lZ7xv5Zo20IT87kg9oqhe9cLoNOk+NeWd39xMKUCBoxYK180ylX4yPWJGn/AIIxZ
+8wNCYhtTO1ZYwx2pf2KWm8SlvC0BtvIU7umwyB/M7M2h/XBgO9nhrk5uVKfsSsSk
+BrJVeKA1rnw8YNpPy6ncVwRJDVJDxxfctxZdp9tkZi5h3MZWgBeQfYhlJMTWQp6N
+5cfdhwprGwyjlQU+NGE1wBvno4c/wq11/jcIEizepJmo+J35uoNTYXuA/yvmG7Ov
+N+8Qvv7qf52mCN7wfON49bEcMpAg8/HF2F/ojT+PRUe0escWxvASKRSQ4fTMgiPV
+AIhR1N0Zv+434S3UdaYx0RQjjuaZAil+UcdV3RViILfvsZNzc2SnUQ3WJsWctrvO
+tr0q0EOCG3xbBLQs2KWnDu1bHDhGzk3D3FDk4EXQtvZE/uB2Y0AoxwtmPWnkSmSR
+IDVZIb1gN/5RIx7E7O2QY8vPrk1mOw53QGIWU8XthSOlX5fdhWIDwSVHnK9ReCwp
+gOE9AvO2RtGCHNzejhRYEAkwf+AbmQewAd+HpKcu+pev7kaHpFBQkC5YZW173OWF
+CwJ4iAkjZpr+FMgcG3J5ztxgYKuz8fRa58RZAdcGtFd5LLWG2KL3djYH146z4ofk
+m7NWrFWGlhXcQn6/ylv7GYyCZMN+UTcwSP4LaihXK9PlfosKEhpR7+FoSBquPook
+Dr9tfUlKIWFUru4mJTvGGEHG8Kc6ey1yyHJGNcWQr20eALqrK7bCyo3U7R2zNQ3V
+NtrKD7K1jEZfv8a7G+XhgIPTpFydUhIfMhIDvo95kA9oRAiPqe94Ycdb7RVmUtv5
+xceKm+wOpwGcntKiVSWWejkm7fw2lk9CHci5s0gfacZvAhkWGCuT73/K2reo8wQ5
+zHtEeS0ZEjzjzDukS+wIhZ1unlHK6ZYSsweNdky9frLHTs6gLzu6Ac5YqKqqImOI
+VeR7oKrhopTLxLwWkbAZNau3h3LoWwPatgwmPX4OBAge9xGeo5BAm23DQGLtokYj
+hISAoYzc6qhr0ScHFOBxEg3EoHFVUNVYLpAAIHVDVnZYxeiekBSOoILM9CK8JxwS
+BsSXjZIJqg+Kg2HXvDewIXA7OrDxXBhxPSsF7oTY8ZlutCZQI8BURpxTaQP4gqxH
+ckw37M7hsEBNorNfL61z6DhyWk6R1AvQ/6jUbFo3tNPRexzwZlYSyl0IgAwBgmW+
+/JcJgbOIXWPF5r6R254CZ3uX6xi+2UwPtYsPRLKwQsCLwK7Gvcq5dYkFJ1OeletT
+7tlqSOIW3UakmviM9u9uM6DW1ZRCWzAmNci4YrQGIMmmEBbaqe3dwhcOmHaUtMKu
+dOUV+lBezeGsx4yVxEJkflkcg0SXSh2xlKM4gxuf8EiTeTq9BI6ZOtSW/nUzYmiM
+Yqc9BElBrWN/xRxxPgnE3oE0KsEIK7E/go5eaobwYTZV5K+Tot0fVmR6WHPwR/4Z
+RJTHXJlJ0RxacHFLWKz+6/MWp4LPnwd/0GUYMCi2FUptjVdEGa4mCFfsO2SHpHWr
+p9W6/wdy2FXcvSJGou87z0V/uYGxVh7ZDb743p+/f6UmzJLUF+LrZbpdJZrxVNEE
+Di2EypkPFJiqekDbQaBv+rFuRoFAniE17LK1kuWPthnKHjajQJbdMusXJ9FWGjn/
++YoVfrw49WAc3e1w0FeHo5NKSEnB5c3JFquSUFF8AxJn/+EDibhprr5viq89Q4OH
+I4zc1PJ1a/1b5ihSBhgCihowIyp1jeQLCYxHtur6zMyr+ksuYnwlCAActmJF1Nj9
+iYasACAfY+b76HC5aw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der
new file mode 100644
index 0000000000000000000000000000000000000000..4d38a0fc4bd8d5150a1d31d64d02b8f8ae330f36
GIT binary patch
literal 2461
zcmV;O31apzf(e;0O9lxlhDe6@4FLrWFg`FT1_>&LNQU<f0R;>&90Ul(W|R5lgs$ZR
z0tf&w3<d})hDe6@4FU@V05A~-1uG5%0tW;L=j!p*jds+A1cC`jc-|mYj$)2h(xkDO
zSiDVRTV}y{xDhqGD2<)(C}hvs3s>k)74gr*hPTEhw{;BX20s@JZrB34{{>hzz6}L%
zn=6JPWzl%~B<=c31?speFn)D$ySTX%YM957Z6{@w5vEA20k*sIxu1$MacjPW$G31g
zejJgx<QAN^W36I&5Y<v_K*cfdQET9a0SDH-F!kMI#x8>hd0Cnhlu!+=uWfKQeAHN$
zcTZ!Ul7NNHk4T)<2xYGAV>FC~%@dT=>}4&)c{Hgdnw^Bwe&QSu-(I)|;B*`;g+VA%
zey#CjaTQ@IJ7tMpr3?{~Oa5^AF2=_(YFKTb^IGqZoA4iIrgFQ-z+RPG!mZ}xOUOvA
zZz+(f(bIqpVwCoq_Uv6RAHGZOfC6WI#4M47-5}Z?5VKw}G&WI(W0>RzuEKES6;Q^e
zFjcwtwQ|sr6En*jH8902xfWY9*_-&}-dG_ka&MJVEhSKwrTX_G%bMzAkOXBV{MzDu
z#p)u@#1YI*Io9aPfByxjf>E`5A=3wfCR@BGrvU@1we*9Gbucy7A+|Q$pVrO`5t9hx
z{Jq`F=d}hO!b1_3)8ft}7r2F!Es&Ee@9Nxy-~J{cQLt`S<$*n;OKk2?T@#>I7DsTU
z%Fr&Gl)y^6roi|$0{YmoU6!CBulUPw2y+7@CxHPXRw-R(4aSL_eOlkqji1iCu1!O7
zdhC6+NWhWRT}Z3`2*UWZ_^y@Q2xY>pi)VmmQUZyiG{}+MGHHncbldKsP?0wivxS&p
zyS_d0l%Dlb4<$FOa`oKsWq=NtzJVQ>s#7JY@)<n^c8<jfcWlygE;CQXu6gya1qkAB
za)keDvIWw6x(W~QNN+-^F=vaimSo2B)H%9{W%8sU+2^cGTOiwnOU_vN_0#L3PqFf6
zBY?vZECfj6u5xDi<&oM&3NS<P*!awOx*>_mG~KzpeQp}osE}>?WJMK@w8|-nKT7dH
zadk$<b486r=;>qwvG?MOf0cC7_$rc6jF{6!+_ebroQ6@(hQ_E6jp%}G)J#HLFQDr)
zhW5J$3w(_V;Z%~w@8AkTn!OQ2<`6b3kMK}clbYTWib|ab2L>OJZk*tbk0a^t8y`yJ
zK%crYXUyz2cum?wrpHGW6;Q!GCPA(4ea%BKQ=mXqHb=m9Oiidje|EhSQUJ-r#!Ihi
zZTp&EGtgV)D4Qf>&}J6aatRZ3wP0aH)VOwu0Pv}WGt^u<mEs6Pf||8wH6#<c>$f5z
z==k{eE1HQ0^Ly3LF>XFveeD~JC0RbSOIb_f0oOK!h<%!8G<&8u?di&u!3=)^8f+Ml
zxPr=%pH51S5~G5~{GQLi=x9}=OMLR!QVw|?!y-o_IP7*Ai5MueNf9OfpDHnk{JGGL
z&Qm*rEqf=+eslMhE+A!<jK6o+%8mK1{P2no8Qm@Ebp3Ofb9aqET^eMF=Hk1}=RPY!
zl*DSjWbNhsGMcy*!JxnK4bK<Mi~s<&{RIupxgTF3py|wD5#+i@df3A+-9}s1M|`ts
z$AEd;I_iDVwuoiN1Oxit@AYGsB*BSBM4U6d_#g99#$?c|K^nkMO{o0vm9X|`udV?0
zV4~P$^QyG(mVBtokUEUN`EsjP{a_G9rm$Y#^nqh7#dKjBh;LA8e}nH%LDT<dnVOUa
zfgIg~3;^%~-b|>+f4TvJjs+Y_Xf;*;5xt^L#{YapFWIA|LPp#bUag#>!TY>^*TMtt
zk?98H(g*P#YRRe~Q70%WIAiPa&gT-|A^SDjATGQ1p_YB?f-QVpq~)%D^>$S6H<hTW
zyn6HP6C$UqvjJ!;G;z-V{(F<?qqF_+!^|8OglL6ehL6U>3fQpqQSsfamy}q76!;AI
z0QG(~giSZJPQFXF{php`+t*9zgWI?Vx%=;`RrQSax^ZI&7F7t$ppS&C_+sCJ>oz`-
zX@hzR+FLDQsAkYuZzV`GE&<4AYP4)#<gBbQpn55bkWYNZ2OR{n*stz1mfyv>=7Et2
zMxZSqibR)W41AiE*wB!*c3*_9$7P!zmzYu}0D!_;2PTa-qjF33hGckuOb3#ew1)MA
z(B|ZF-s**H5a6YD%G;<Y$5|WKudqb#UUgeO%oLx%91y7VBG6Ed@=wRAhft8xWT#t`
z{+V3kflZ;i?quntsO2ef;`A}b((R2(690?^BeoCTg~@)o#3dZlIl>kvt91O-%WKlA
z%*MIn#x@?&K4sQ;9Xu6&SMv(Zsw~iUe%({MKrsVIU6Fu+@v4p)O3{%p38BNL$9;BA
zAA3sa6JSR^L9Q3ximkDIXeg)FV#u}`Iw%N|Uc5hD#G3bK?UED>wmRTGUpls$xn*{Q
zfW`kY3}$wC!L*A@0@|>f;K1lyeEhuE6YuXPn;UVaRV%BffvmygLr%0+4}zlheoIpj
zLA!UpkGnDS>pKLg%<a(;WCHzr8^I#3=yCeQlT~>PMd)SDgywWFxmRDKD~BJIXbC{Y
z8#-7M-24LT)M2hXILppKs&#6C$}OletU_bUe-i<!+qPpMTi^P>k7Tr%cNV~g%uNh7
zaOaA>H^9#y_=))N)jcWW5RKryzTA#F#8}mNyF!$d7~chQc!Ly^NM<bq+{d-ppEyLQ
z+Lh(y6*gN^&UP-t{O;C#16<b<V1)DjVtKXSc#OsFHZ$eA!G?tqyXn!XKgIrlBLZjX
z+Rjr<V{1Pv;z|_K!#T5qRz7%Od^3MlXp^N0@Rh5R%4Vp#nFi(^Z;JiSOkFX;f*V&B
zpOJYg^O$pzR7D`UK&b(PbG}}kZnH(*gxi1en;Y<StWq@rvG#+GBVQS*DRN;3EkuD&
ze3KZ0O)>dv&_d_0A5}J8c=av|2P_8(+3S@>2dl^&Sxl?;brbK7^=SCO#K3DIk@NAW
z45y?~VN+OWLNj2|GIuECiB7Bv_e(}|CpLm&kocOJEbkch$K5D5tZYy3ehkxEXTs34
zBMDQ@Q;ToXBv8dqvklzjqf^4-G2oj`43QU)t~jk?^AaY8(a(4WQWdTwSQNqbi_Pdx
zzJNjWuQHByvS(i`6|M~3%YkC^Evw*RZk@1{N*3RR*nLB!_{y_s{=~DoTp5)iEa<=H
bj>dCj?&mAXi&F{ARYpAz$k=4#E_aPOF5T4#

literal 0
HcmV?d00001

diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
new file mode 100644
index 000000000..11504a6c9
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJmTBLBgkqhkiG9w0BBQ0wPjApBgkqhkiG9w0BBQwwHAQIGOnVLKvKgHACAggA
+MAwGCCqGSIb3DQILBQAwEQYFKw4DAgcECIGG28/TJRaGBIIJSFh6ZJN8xJaH30k1
+rH+L1DyTH4CELsRd164RoqfUq8rp6+XcNG/S41PdI3efK28iyLx85AcqFArqHHUM
+7yGA6vmuSVz39ZXdu1CVMi7OQ4dTdg3KBXaz96cnyZ1EsoruibQDn6mQq1D0LG1u
+5phVLsnfQLDiOFUFm6X4q9FdJj6NUJdOY5XRJZEu6q3wEmVXDfL7zYXJl2gZuiGO
+eDp/d0IVcYFd1od0V8qI90nWPCeZziMcnR8wAloV2p8xiqHuVhV/4+I53ENqbqxo
+v+0aObO3JsaxLVML6JGhabd2k1v3QAZLawMVGBNa/7IEOBVeD4j6VSiZPdKN473i
+oXxRsya6HqCD4kx+zbofbL4dEZliLDmISoHRl9ipQfr1+Y//JYhEf6gLzmdFqP3q
+N92+rVwdRWfmVdIsgdLiinJWO1xZ1dUnWvGOYZNjurGVHqv2IrDBd8FDjl/yMU6z
+osnOynXspoSA53kQ46ZvArln8QGzWt1bD466nu86dXOkrfbAmS59VaNY4Y1D033l
+p+d94eEjRwFUsQbRWv8mvb+KPn+nYcWZFNCg2RhTUKnU0Od1SHY5f9jfGFUyobYp
+/tg6eizo7T+rU9PZoTkGnCf1qOwNPpbSh5FcLVajeDiYokoyc17VQJcc1xzKeIOs
+tcU7kK/jA1GofCVhH3S1OPYqdjGvvoTVAYyXH3SuH04a8UJvFsRl8XdTNYOyecqi
+tH17PADDa2UTvKE2dLhxxVUoO9dZVeEorNiFWCQ/rsl5M1eT9KXh2lvZRM+Yxo3+
+NPP1/CGa5sDYx9aZQPoJc6aTJicmqx/srRtMR/RuwBUUH/1AENHdNLBL2IPfYjsL
+xKU/ox62cs2sCIywkBkR9WHPTqaU7HU6rlD8phinfljA5rMj3P3zrNk8XqfHNTpV
+BVA2Eczf1HNizvLxE3+vp/eGYCecuLfnqwRj5zAjiYPcy8s1vETDkXSWdc9vQf2c
+zky7tdAMS2WLFIulBIqYFDhicdlp9LTaeUOiwNIbPLVMzKy8zzW3UhMXyVi9EBCt
+IDhkUTdaLmiHB0F14NISRK6/isa4Vfe+/Z9ML/z9iFm8eC6LMy+/YgWZD0vYIwow
+JKHuEuuUuDR7gkHgZ/cvjMsyOI26uiW/W8qfAk7OR/qlZXMgWCQTgVBEcgmZio8U
+BcVDRPKFqLCKOINQ4poxt45Ez+xRlYdwExPnSRD7ZMFPYcUllO+S72JYGsYdGs60
+i529HgXKp/bS+1JKK/zxQmjApZ5kWGmc7kAUU76zprd7NKmdpWv1nbDJBtNU1bmW
+nzE/GXyNMYVGuxGnu/9scKSRATLzvLXtviRKoZVFm+6m7gR8J4GVSu8TxaXlYxg9
+NR+UujQJeoChR2dHvAZXc5g3j9rjQXZYlMm6M5rq0CbMlfeAFSwyG3Gm6D/cRxJg
+MHPaU7HpeZL5r7rJwNfUt/c/cuQ5C8CadgTgDd1NW50uEUoJh3QGE2K3Jq+0wG9h
+sk72lnVzH0bnMbJDXEV1btrs2qnnSots74+8F24gQb9PRQliuk50LGNddgrGoSgB
+b9eaBl7cgcy7T1XUv4I+aEW+sfa8bGBffIF2nk3oCrkW9Sbdeh8qSE9uthewpGvK
+WxBhCn6zUryHmt5ppiC6JrHJridCSu4RNbYL2umAM4DNh4lE5rBvFrCHaqet7hdy
+wheQGRQnRzNru5alCxfNWXXuOp9naFmF5RFDWvSXukn8qfxzRcjMhvNS+z21O9nK
+LPRaX9AICLGC+1C++Ka4pjVJVT/WhElXVap313Oj/Rc6KvRCdGpqMLVxPIrPFvbj
+vzNFa/YEU3RK/wjO6/kQPtlcfwMzZFkDHMWiYMCUoi6Dpvze/mKSTA9G9lmc+/BF
+sgqLZM7yltTmiGKQUDSlUOs08ZmPw1+HSOu2DZKWQ+2XoHSMih5ezu7GZ0xvUt4T
+BHV95sRDCAvUywGTIPhx5xa+gICVeL97DOUCS+Y+WJYmeSlZ5r+dyg2V7+CX+qjr
+ENMpouV8bIMpN05qXez8MuO4vJdDDsjqxq+y5kwN/ugb+DOq5okeRIaWRPWdyceT
+NCayiE+5nnfdPMQAAJqZ/LGSx09fyamJqhcG3RJosFfrVPjj7aASUWi1BFjxIe1L
+3fFSU9UDh9hfJczZx+hNKb56vhgrO+DaIbDMNMQqh6C2zdCirBT6M1NXhWvHKjkj
+/MNyLBwnCWTUZ7gufn/0MAr1DaeoE6TzcwDCpW6ntXF9tG7L4DVbA8Cqy+M0HnQL
+Pi2BCh4KrRiV1G4N8xDDCQw6IkfKRGGO6wCJ1HTnA2xmKqCzE2Ul8S/3+aEEpRNT
+3FrcrEi+nzAkzBBkPcHaxayx3mR00Wv/mwcI7SoYKKfuidESQy+VBAHqekTmSELw
+YRTdrXTKNWYlyms7pKMOgdqZAhFVOYxKBVaiuUeOGtvCNZ2qf7TOG/pT3nqTAbAg
+UeP7kvf2BaYlKoFog3uvRypcWLomQqY6hwvWW7IwquHwxeFdCHHeNrr9CoBrF2lz
+Z162/inTRzSbUhjumhLGEiJSzZyrEErjBjF5jE07TioEgmnXyCFWoc4nBnZ2+KXb
+J7/QWMsCJwb/CsvQxegd8X6SwLDfH/28py+UAqSTi/HA2GY/68Q3PQ17V7fyg5l0
+h6FShhYOKmForUNwqn2TwGPH+0swtOU2fKFq0NMHPSvta6U0wpaRZMCojw8AV3y+
+lUdKesz2siioxfeIxhD1Rm1KZ5p1N/FgyAEu6wpWj8okQjxRiGe+GQLheQpsL/ZW
+HsljSq73o9v/F7xNE9xqIxEGnUDYIAQCX47CiQOTTR9Lz6N/t36Eew1+KjiI4Xda
+VCu207ipFQPpNkvc13z2NWC/4NeRQg82LCYep4y+ZblcyqLqvMwOhJro2Kxoe1e1
+rv1Mwzd0ShUosb/2CChCRdirLJFXaXzm+PzBZoCyJEWcSxi56By58jh6H+XeUxCj
+0fl7eXLHb4sv8kf7P0KJGCxNY7ik3TLJjncsA9gLmFAeRcYWKq5SuSEW3DmfDSXZ
+CC1pSsvFBvV60ZFm2r96xqFHKFHOb15qm9DBXphr870nZQB7+QgRwp+jd+xdXUDS
+PelVGau5uoRN2tFPNvoeGyww9lkuNAJWK4U+LdLwHsQOUIKTf1rgwz5C077omOh4
+3u+3zMTCMRDNhiJb3g==
+-----END ENCRYPTED PRIVATE KEY-----

From 0a63f9ea40fbbb91b0ef3330ce10fd0529632a07 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@openvpn.net>
Date: Thu, 1 Feb 2018 14:03:36 +0800
Subject: [PATCH 45/71] tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1

Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 tests/suites/test_suite_pkparse.data | 576 +++++++++++++++++++++++++++
 1 file changed, 576 insertions(+)

diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index f6a206de9..0b0f316e9 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -362,6 +362,582 @@ Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
 depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
+Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0
+
+Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0
+
+Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #62.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #62.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #63 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #63.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #63.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #65.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #65.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #66 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #66.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #66.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #69.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #69.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #70 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #70.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #70.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0
+
+Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #72.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #72.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #73 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #73.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #73.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0
+
+Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #88.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #88.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #89 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #89.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #89.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #91.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #91.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #92 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #92.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #92.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #94.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #94.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #95 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #95.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #95.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0
+
+Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
+
+Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #97.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #97.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #98 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #98.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #98.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0
+
+Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
+
+Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)
+depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
 Parse Public RSA Key #1 (PKCS#8 wrapped)
 depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C
 pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0

From c0577f393128b5ddd463427611564de4cbd14eda Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 14 Feb 2018 11:33:30 +0100
Subject: [PATCH 46/71] Note in the changelog that this fixes an
 interoperability issue.

Fixes #1339
---
 ChangeLog | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index e7b9bec06..51202151c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,7 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Features
    * Extend PKCS#8 interface by introducing support for the entire SHA
      algorithms family when encrypting private keys using PKCS#5 v2.0.
-     Submitted by Antonio Quartulli, OpenVPN Inc.
+     This allows reading encrypted PEM files produced by software that
+     uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli,
+     OpenVPN Inc. Fixes #1339
 
 = mbed TLS 2.1.10 branch released 2018-02-03
 

From cabc098a0f9d662f7f47ec20c1e0d34702e56e44 Mon Sep 17 00:00:00 2001
From: itayzafrir <itay.zafrir@arm.com>
Date: Mon, 26 Feb 2018 12:02:10 +0200
Subject: [PATCH 47/71] Test suite test_suite_pk test pk_rsa_overflow passes
 valid parameters for hash and sig.

Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
---
 ChangeLog                           |  2 ++
 tests/suites/test_suite_pk.function | 14 +++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cf6331f34..9d9e4812e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Bugfix
    * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates
      with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
      In the context of SSL, this resulted in handshake failure. #1351
+   * In test_suite_pk pass valid parameters when testing for hash length 
+     overflow. #1179
 
 = mbed TLS 2.1.10 branch released 2018-02-03
 
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index fbe522d69..f291c2aab 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -421,11 +421,15 @@ exit:
 void pk_rsa_overflow( )
 {
     mbedtls_pk_context pk;
-    size_t hash_len = SIZE_MAX;
+    size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
+    unsigned char hash[50], sig[100];
 
     if( SIZE_MAX <= UINT_MAX )
         return;
 
+    memset( hash, 0x2a, sizeof hash );
+    memset( sig, 0, sizeof sig );
+
     mbedtls_pk_init( &pk );
 
     TEST_ASSERT( mbedtls_pk_setup( &pk,
@@ -433,14 +437,14 @@ void pk_rsa_overflow( )
 
 #if defined(MBEDTLS_PKCS1_V21)
     TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
-                    MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) ==
+                    MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) ==
                  MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 #endif /* MBEDTLS_PKCS1_V21 */
 
-    TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len,
-                    NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+    TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
+                    sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
-    TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0,
+    TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
                     rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 
 exit:

From ca4efdd0ad6a6c0a25913ac928e90bb20ebc5886 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Thu, 8 Mar 2018 18:16:45 +0100
Subject: [PATCH 48/71] Refer to X.690 by number

It's easier to identify and find by number than by its very wordy
title, especially as there was a typo in the title.
---
 include/mbedtls/asn1.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 75b7b3dfb..86b50e6c8 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -90,9 +90,8 @@
 
 /*
  * Bit masks for each of the components of an ASN.1 tag as specified in
- * Information technnology - ASN.1 encoding rules: Specification of Basic
- * Encoding Rules (BER), Canonical Encoding Rules (CER), and Distinguished
- * encoding rules (DER) Section 8.1.2.2:
+ * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
+ * paragraph 8.1.2.2:
  *
  * Bit  8     7   6   5          1
  *     +-------+-----+------------+

From c3342fa6d305edf154bf4b7be2adf2854bc3d044 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 26 Dec 2017 12:52:53 +0100
Subject: [PATCH 49/71] Improve cmake usage notes in Readme

---
 README.md | 39 ++++++++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index c43edba13..559a10944 100644
--- a/README.md
+++ b/README.md
@@ -82,9 +82,10 @@ In case you find that you need to do something else as well, please let us know
 
 ### CMake
 
-In order to build the source using CMake, just enter at the command line:
+In order to build the source using CMake in a separate directory (recommended), just enter at the command line:
 
-    cmake .
+    mkdir /path/to/build_dir && cd /path/to/build_dir
+    cmake /path/to/mbedtls_source
     make
 
 In order to run the tests, enter:
@@ -93,7 +94,7 @@ In order to run the tests, enter:
 
 The test suites need Perl to be built. If you don't have Perl installed, you'll want to disable the test suites with:
 
-    cmake -DENABLE_TESTING=Off .
+    cmake -DENABLE_TESTING=Off /path/to/mbedtls_source
 
 If you disabled the test suites, but kept the programs enabled, you can still run a much smaller set of tests with:
 
@@ -101,7 +102,7 @@ If you disabled the test suites, but kept the programs enabled, you can still ru
 
 To configure CMake for building shared libraries, use:
 
-    cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
+    cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On /path/to/mbedtls_source
 
 There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
 
@@ -116,16 +117,40 @@ There are many different build modes available within the CMake buildsystem. Mos
 
 Switching build modes in CMake is simple. For debug mode, enter at the command line:
 
-    cmake -D CMAKE_BUILD_TYPE=Debug .
+    cmake -D CMAKE_BUILD_TYPE=Debug /path/to/mbedtls_source
 
 To list other available CMake options, use:
 
     cmake -LH
 
-Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, e.g. (using GNU find):
+Note that, with CMake, you can't adjust the compiler of compiler after the
+initial invocation of cmake. This means that `CC=your_cc make` and `make
+CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables).
+These variables need to be adjusted when invoking cmake for the first time,
+for example:
+
+    CC=your_cc cmake /path/to/mbedtls_source
+
+If you already invoked cmake and want to change those settings, you need to
+remove the build directory and create it again.
+
+Note that it is possible to build in-place; this will however overwrite the
+provided Makefiles (see `scripts/tmp_ignore_makefiles.sh` if you want to
+prevent `git status` from showing them as modified). In order to do so, from
+the Mbed TLS source directory, use:
+
+    cmake .
+    make
+
+If you want to change `CC` or `CFLAGS` afterwards, you will need to remove the
+CMake cache. This can be done with the following command using GNU find:
 
     find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
-    CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
+
+You can not make the desired change:
+
+    CC=your_cc cmake .
+    make
 
 ### Microsoft Visual Studio
 

From 4b080228599ddd89dbe7b50694944bbe2e301ea2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 28 Dec 2017 09:14:47 +0100
Subject: [PATCH 50/71] readme: clarify CFLAGS prepending/overriding

---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 559a10944..7e9411c20 100644
--- a/README.md
+++ b/README.md
@@ -74,7 +74,9 @@ You'll still be able to run a much smaller set of tests with:
 
 In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if the target is Windows but the build environment is Unix-like (for instance when cross-compiling, or compiling from an MSYS shell), and `WINDOWS=1` if the build environment is a Windows shell (for instance using mingw32-make) (in that case some targets will not be available).
 
-Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
+Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; compiler warning options may be overridden separately using `WARNING_CFLAGS`. Some directory-specific options (for example, `-I` directives) are still preserved.
+
+Please note that setting `CFLAGS` overrides its default value of `-O2` and setting `WARNING_CFLAGS` overrides its default value (starting with `-Wall -W`), so it you just want to add some warning options to the default ones, you can do so by setting `CFLAGS=-O2 -Werror` for example. Setting `WARNING_CFLAGS` is useful when you want to get rid of its default content (for example because your compiler doesn't accept `-Wall` as an option). Directory-specific options cannot be overriden from the command line.
 
 Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
 
@@ -152,6 +154,10 @@ You can not make the desired change:
     CC=your_cc cmake .
     make
 
+Regarding variables, also note that if you set CFLAGS when invoking cmake,
+your value of CFLAGS doesn't override the content provided by cmake (depending
+on the build mode as seen above), it's merely prepended to it.
+
 ### Microsoft Visual Studio
 
 The build files for Microsoft Visual Studio are generated for Visual Studio 2010.

From 1ac5dd43f0eb3008d8f9367c7f5f241810a4b711 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 2 Jan 2018 10:49:46 +0100
Subject: [PATCH 51/71] Fix typos in previous commits

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 7e9411c20..cf82da296 100644
--- a/README.md
+++ b/README.md
@@ -125,7 +125,7 @@ To list other available CMake options, use:
 
     cmake -LH
 
-Note that, with CMake, you can't adjust the compiler of compiler after the
+Note that, with CMake, you can't adjust the compiler or its flags after the
 initial invocation of cmake. This means that `CC=your_cc make` and `make
 CC=your_cc` will *not* work (similarly with `CFLAGS` and other variables).
 These variables need to be adjusted when invoking cmake for the first time,
@@ -149,7 +149,7 @@ CMake cache. This can be done with the following command using GNU find:
 
     find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
 
-You can not make the desired change:
+You can now make the desired change:
 
     CC=your_cc cmake .
     make

From fa839bee3961ae0fbcba3d73b5b170da77e1b3a6 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 9 Mar 2018 14:24:36 +0100
Subject: [PATCH 52/71] Show build modes in code font

This clarifies that it's the string to type and not just some
description of it.
---
 README.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index cf82da296..38a7d9b6b 100644
--- a/README.md
+++ b/README.md
@@ -108,14 +108,14 @@ To configure CMake for building shared libraries, use:
 
 There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
 
--   Release. This generates the default code without any unnecessary information in the binary files.
--   Debug. This generates debug information and disables optimization of the code.
--   Coverage. This generates code coverage information in addition to debug information.
--   ASan. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
--   ASanDbg. Same as ASan but slower, with debug information and better stack traces.
--   MemSan. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
--   MemSanDbg. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
--   Check. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
+-   `Release`. This generates the default code without any unnecessary information in the binary files.
+-   `Debug`. This generates debug information and disables optimization of the code.
+-   `Coverage`. This generates code coverage information in addition to debug information.
+-   `ASan`. This instruments the code with AddressSanitizer to check for memory errors. (This includes LeakSanitizer, with recent version of gcc and clang.) (With recent version of clang, this mode also instruments the code with UndefinedSanitizer to check for undefined behaviour.)
+-   `ASanDbg`. Same as ASan but slower, with debug information and better stack traces.
+-   `MemSan`. This instruments the code with MemorySanitizer to check for uninitialised memory reads. Experimental, needs recent clang on Linux/x86\_64.
+-   `MemSanDbg`. Same as MemSan but slower, with debug information, better stack traces and origin tracking.
+-   `Check`. This activates the compiler warnings that depend on optimization and treats all warnings as errors.
 
 Switching build modes in CMake is simple. For debug mode, enter at the command line:
 

From 15967a85017593a61cd3e198eeb1e58767711f94 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sun, 11 Mar 2018 00:15:56 +0100
Subject: [PATCH 53/71] Fix grammar in ChangeLog entry

---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 9d9e4812e..9c21273a8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,7 +10,7 @@ Bugfix
    * Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates
      with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct.
      In the context of SSL, this resulted in handshake failure. #1351
-   * In test_suite_pk pass valid parameters when testing for hash length 
+   * In test_suite_pk, pass valid parameters when testing for hash length
      overflow. #1179
 
 = mbed TLS 2.1.10 branch released 2018-02-03

From b1e6efd55df2988a65b88fef6dc68f3792c94a94 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sun, 11 Mar 2018 00:35:39 +0100
Subject: [PATCH 54/71] This fixes #664

---
 ChangeLog | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index aa98f7f6b..a6664f7ab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -63,9 +63,9 @@ Bugfix
      where the failure of CTR DRBG initialization lead to freeing an
      RSA context without proper initialization beforehand.
    * Fix setting version TLSv1 as minimal version, even if TLS 1
-     is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION`
-     and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead
-     of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
+     is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION
+     and MBEDTLS_SSL_MIN_MINOR_VERSION instead of
+     MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664
 
 Changes
    * Extend cert_write example program by options to set the CRT version

From 681f5aacfee113f135ef7c51ed779d1aa17da80a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 12 Mar 2018 23:50:18 +0100
Subject: [PATCH 55/71] Align ChangeLog entry with 2.7

---
 ChangeLog | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d853b226c..e76f646e7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,11 +20,6 @@ Features
      heavily-loaded machine.
 
 Bugfix
-   * Properly initialize and free SHA-256 / SHA-512 context in entropy module
-     instead of performing zeroization only. This could lead to failure for
-     alternative implementations of SHA-256 / SHA-512 for which zeroization
-     of contexts is not a proper way of initialization.
-     Found and fix suggested by ccli8.
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
    * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
@@ -67,6 +62,11 @@ Bugfix
    * Fix issue in RSA key generation program programs/x509/rsa_genkey
      where the failure of CTR DRBG initialization lead to freeing an
      RSA context without proper initialization beforehand.
+   * Fix the entropy.c module to ensure that mbedtls_sha256_init() or
+     mbedtls_sha512_init() is called before operating on the relevant context
+     structure. Do not assume that zeroizing a context is a correct way to
+     reset it. Found independently by ccli8 on Github.
+   * In mbedtls_entropy_free(), properly free the message digest context.
 
 Changes
    * Extend cert_write example program by options to set the CRT version

From b81fcd00e64b7c6e534fe56eb23a1c58a1cbd408 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Wed, 3 May 2017 15:09:31 +0100
Subject: [PATCH 56/71] Correct memory leak in RSA self test

The RSA self test didn't free the RSA context on failure.
---
 library/rsa.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/library/rsa.c b/library/rsa.c
index 0d698f750..9324f45eb 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1790,7 +1790,8 @@ int mbedtls_rsa_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( 1 );
+        ret = 1;
+        goto cleanup;
     }
 
     if( verbose != 0 )
@@ -1804,7 +1805,8 @@ int mbedtls_rsa_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( 1 );
+        ret = 1;
+        goto cleanup;
     }
 
     if( verbose != 0 )
@@ -1817,7 +1819,8 @@ int mbedtls_rsa_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( 1 );
+        ret = 1;
+        goto cleanup;
     }
 
     if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
@@ -1825,7 +1828,8 @@ int mbedtls_rsa_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( 1 );
+        ret = 1;
+        goto cleanup;
     }
 
     if( verbose != 0 )
@@ -1843,7 +1847,8 @@ int mbedtls_rsa_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( 1 );
+        ret = 1;
+        goto cleanup;
     }
 
     if( verbose != 0 )
@@ -1855,7 +1860,8 @@ int mbedtls_rsa_self_test( int verbose )
         if( verbose != 0 )
             mbedtls_printf( "failed\n" );
 
-        return( 1 );
+        ret = 1;
+        goto cleanup;
     }
 
     if( verbose != 0 )

From 41b6189ef71615cfe9e7c3085dba2b3b7e51d8c1 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 13 Mar 2018 10:31:56 +0000
Subject: [PATCH 57/71] Adapt ChangeLog

Add note about fix of memory leak in RSA self test.
---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index 6e96fcd43..027c560f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,7 @@ Security
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
+   * Fix memory leak in RSA self test.
 
 = mbed TLS 2.1.9 branch released 2017-08-10
 

From b0661769ab840dd9ebce35539f1e8e093303b498 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 13 Mar 2018 11:53:30 +0100
Subject: [PATCH 58/71] x509: CRL: reject unsupported critical extensions

---
 ChangeLog                              |  2 +
 library/x509_crl.c                     | 57 ++++++++++++++++++++++++--
 tests/data_files/Makefile              |  3 ++
 tests/data_files/crl-idp.pem           | 12 ++++++
 tests/data_files/test-ca.opensslconf   |  9 ++++
 tests/suites/test_suite_x509parse.data |  4 ++
 6 files changed, 83 insertions(+), 4 deletions(-)
 create mode 100644 tests/data_files/crl-idp.pem

diff --git a/ChangeLog b/ChangeLog
index 0eb070212..639422893 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@ Security
      implementation allowed an offline 2^80 brute force attack on the
      HMAC key of a single, uninterrupted connection (with no
      resumption of the session).
+   * Fix CRL parsing to reject CRLs containing unsupported critical
+     extensions. Found by Falko Strenzke and Evangelos Karatsiolis.
 
 Features
    * Extend PKCS#8 interface by introducing support for the entire SHA
diff --git a/library/x509_crl.c b/library/x509_crl.c
index bd6b5370f..275d90e54 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -95,17 +95,23 @@ static int x509_crl_get_version( unsigned char **p,
 }
 
 /*
- * X.509 CRL v2 extensions (no extensions parsed yet.)
+ * X.509 CRL v2 extensions
+ *
+ * We currently don't parse any extension's content, but we do check that the
+ * list of extensions is well-formed and abort on critical extensions (that
+ * are unsupported as we don't support any extension so far)
  */
 static int x509_get_crl_ext( unsigned char **p,
                              const unsigned char *end,
                              mbedtls_x509_buf *ext )
 {
     int ret;
-    size_t len = 0;
 
-    /* Get explicit tag */
-    if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0) ) != 0 )
+    /*
+     * crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+     *                              -- if present, version MUST be v2
+     */
+    if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 )
     {
         if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
             return( 0 );
@@ -115,11 +121,54 @@ static int x509_get_crl_ext( unsigned char **p,
 
     while( *p < end )
     {
+        /*
+         * Extension  ::=  SEQUENCE  {
+         *      extnID      OBJECT IDENTIFIER,
+         *      critical    BOOLEAN DEFAULT FALSE,
+         *      extnValue   OCTET STRING  }
+         */
+        int is_critical = 0;
+        const unsigned char *end_ext_data;
+        size_t len;
+
+        /* Get enclosing sequence tag */
         if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
             return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
+        end_ext_data = *p + len;
+
+        /* Get OID (currently ignored) */
+        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
+                                          MBEDTLS_ASN1_OID ) ) != 0 )
+        {
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+        }
         *p += len;
+
+        /* Get optional critical */
+        if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data,
+                                           &is_critical ) ) != 0 &&
+            ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
+        {
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+        }
+
+        /* Data should be octet string type */
+        if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
+                MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+
+        /* Ignore data so far and just check its length */
+        *p += len;
+        if( *p != end_ext_data )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+
+        /* Abort on (unsupported) critical extensions */
+        if( is_critical )
+            return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
     }
 
     if( *p != end )
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 049e8cf00..5740b1163 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -46,6 +46,9 @@ test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
 	$(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
 all_final += test-ca-sha256.crt
 
+crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
+	$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
+
 cli_crt_key_file_rsa = cli-rsa.key
 cli_crt_extensions_file = cli.opensslconf
 
diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/crl-idp.pem
new file mode 100644
index 000000000..a229e7d6d
--- /dev/null
+++ b/tests/data_files/crl-idp.pem
@@ -0,0 +1,12 @@
+-----BEGIN X509 CRL-----
+MIIBszCBnAIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDA3
+MzE0OFoXDTI4MDMxNDA3MzE0OFqgLTArMCkGA1UdHAEB/wQfMB2gG6AZhhdodHRw
+Oi8vcGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEAs/vp1Ybq9Lj/
+YM+O2uBqhRNdt494GYSYcZcltbQDwLgDwsFQ9S+q5zBtanhxiF3C6dyDoWS6xyY3
+dkdO9kK2YAQLNaFBCsKRrI9vGKuF5/1uIr0a8cQcqVzyRI9uK0KgGEk9/APGtqob
+nj/nt2ryGC+yEh20FmvwFn1vN5xaWK3uUIJCNDTZe+KQn150iAU/mWZG2xDdSXgm
+JtpTrY6toBgTwDGyus2wIDvAF6rBc1lRoR0BPuTR1fcUPMvr8jceZqG+xuH+vmkU
+j1B4Tu+K27ZmZMlhltfgwLzcgH9Ee1TgWPN2QqMzeZW/vNMyIIvWAWk2cFyCJj6r
+16/9upL64w==
+-----END X509 CRL-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 12835dfa5..6ca661330 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -11,3 +11,12 @@ commonName = PolarSSL Test CA
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints = CA:true
+
+[test_ca]
+database = /dev/null
+
+[crl_ext_idp]
+issuingDistributionPoint=critical, @idpdata
+
+[idpdata]
+fullname=URI:http://pki.example.com/
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index d95f25b94..e83fc4370 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -202,6 +202,10 @@ X509 CRL Malformed Input (trailing spaces at end of file)
 depends_on:MBEDTLS_PEM_PARSE_C
 mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
 
+X509 CRL Unsupported critical extension (issuingDistributionPoint)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
 X509 CSR Information RSA with MD4
 depends_on:MBEDTLS_PEM_PARSE_C
 mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with MD4\nRSA key size  \: 2048 bits\n"

From 85f36ae0a1f37f7ce63eb713dc869df352a6327c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 14 Mar 2018 11:34:29 +0100
Subject: [PATCH 59/71] x509: CRL: add tests for malformed extensions

This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
---
 tests/suites/test_suite_x509parse.data | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index e83fc4370..cc43a800e 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1188,6 +1188,21 @@ x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b060355040
 X509 CRL ASN1 (invalid version overflow)
 x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION
 
+X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121)
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30300603551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (extension oid too long, crl-idp.pem byte 123)
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290628551d1c0101ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (extension critical invalid length, crl-idp.pem byte 128)
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0102ff041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRL ASN1 (extension data too long, crl-idp.pem byte 131)
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff0420301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131)
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
 X509 CRT parse path #2 (one cert)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
 mbedtls_x509_crt_parse_path:"data_files/dir1":0:1

From 74b8ae89c6a04181239e884a1b5c8272c2649751 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 14 Mar 2018 12:23:56 +0100
Subject: [PATCH 60/71] x509: CRL: add tests for non-critical extension

The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
---
 tests/data_files/Makefile              | 4 ++++
 tests/data_files/test-ca.opensslconf   | 3 +++
 tests/suites/test_suite_x509parse.data | 7 +++++++
 3 files changed, 14 insertions(+)

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 5740b1163..df4834d13 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -48,6 +48,10 @@ all_final += test-ca-sha256.crt
 
 crl-idp.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
 	$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp -out $@
+all_final += crl-idp.pem
+crl-idpnc.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
+	$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_config_file) -name test_ca -md sha256 -crldays 3653 -crlexts crl_ext_idp_nc -out $@
+all_final += crl-idpnc.pem
 
 cli_crt_key_file_rsa = cli-rsa.key
 cli_crt_extensions_file = cli.opensslconf
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index 6ca661330..571d96ee4 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -18,5 +18,8 @@ database = /dev/null
 [crl_ext_idp]
 issuingDistributionPoint=critical, @idpdata
 
+[crl_ext_idp_nc]
+issuingDistributionPoint=@idpdata
+
 [idpdata]
 fullname=URI:http://pki.example.com/
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index cc43a800e..05ea9fe18 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -206,6 +206,10 @@ X509 CRL Unsupported critical extension (issuingDistributionPoint)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
 mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
 
+X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
+
 X509 CSR Information RSA with MD4
 depends_on:MBEDTLS_PEM_PARSE_C
 mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version   \: 1\nsubject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using  \: RSA with MD4\nRSA key size  \: 2048 bits\n"
@@ -1203,6 +1207,9 @@ x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060
 X509 CRL ASN1 (extension data too short, crl-idp.pem byte 131)
 x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
 
+X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
+x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version   \: 2\nissuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update   \: 2018-03-14 07\:31\:48\nnext update   \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using  \: RSA with SHA-256\n":0
+
 X509 CRT parse path #2 (one cert)
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
 mbedtls_x509_crt_parse_path:"data_files/dir1":0:1

From a566dc4d455cc5e137903785a253ef1cd40217d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 14 Mar 2018 14:08:57 +0100
Subject: [PATCH 61/71] fixup previous commit: add forgotten file

---
 tests/data_files/crl-idpnc.pem | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 tests/data_files/crl-idpnc.pem

diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/crl-idpnc.pem
new file mode 100644
index 000000000..0ebe480ee
--- /dev/null
+++ b/tests/data_files/crl-idpnc.pem
@@ -0,0 +1,12 @@
+-----BEGIN X509 CRL-----
+MIIBsDCBmQIBATANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+ChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTE4MDMxNDEx
+MTQzNloXDTI4MDMxNDExMTQzNlqgKjAoMCYGA1UdHAQfMB2gG6AZhhdodHRwOi8v
+cGtpLmV4YW1wbGUuY29tLzANBgkqhkiG9w0BAQsFAAOCAQEACsszsNwAMkmUrbti
+H1wpWN3LIb32MTZkBWZeFWWQ1MyzSFslgnOcu6tesJuTQJVJMGCSXZv7jkVHeeiK
+x+BAoHCrR2aRVPbmiaP43Qp/dFOOfHVMM/VVWmuEYuCQaCAeVLQgGbgAYHE9aHQN
+vBg8m7NJ95av2svLHMFIhirZlKWsAXM+aCyzoudEIhrP4Ppwt01SCtDl5gyg1Gkd
+B3wuOckjTk0xwXdlOSMH9o0SD2fkc41AFDqOZTK2NTQzNChDNFbKXl8sr9SavJCm
+k72l7wNJs6UOEhQMygyXEvqp8JbIi9JI+3TD4z4wUt0EnPkw0U48grLXFhjwBLWi
+cxyjQQ==
+-----END X509 CRL-----

From 7040553a02ac1454a6b73044f9abd36274d34c08 Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:31:13 +0100
Subject: [PATCH 62/71] Add bounds check before length read

---
 library/ssl_cli.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 94c521dd9..7bf9933cc 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1850,6 +1850,12 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
      *
      * opaque psk_identity_hint<0..2^16-1>;
      */
+    if( (*p) > end - 2 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
+                                    "(psk_identity_hint length)" ) );
+        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+    }
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 

From 0e0afacbc502c01a39ab4322dca6ee8bc93066f9 Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:31:53 +0100
Subject: [PATCH 63/71] Prevent arithmetic overflow on bounds check

---
 library/ssl_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7bf9933cc..5bfcb9535 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1859,7 +1859,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
     len = (*p)[0] << 8 | (*p)[1];
     *p += 2;
 
-    if( (*p) + len > end )
+    if( (*p) > end -len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
                                     "(psk_identity_hint length)" ) );

From a7a8332402c9d894c26cf4f4c47f72b0d6f29642 Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:33:28 +0100
Subject: [PATCH 64/71] Update change log

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ed7818e30..33f2f8652 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -446,6 +446,10 @@ Changes
 
 = mbed TLS 2.1.0 released 2015-09-04
 
+Security
+   * Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a
+     crash on invalid input.
+
 Features
    * Added support for yotta as a build system.
    * Primary open source license changed to Apache 2.0 license.
@@ -481,6 +485,8 @@ Bugfix
    * Fix unused function warning when using MBEDTLS_MDx_ALT or
      MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
    * Fix memory corruption in pkey programs (found by yankuncheng) (#210)
+   * Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that
+     could cause a key exchange to fail on valid data.
 
 Changes
    * The PEM parser now accepts a trailing space at end of lines (#226).

From ce0d3ca1282dc599a5c65038a8afc058238d605f Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:50:18 +0100
Subject: [PATCH 65/71] Add bounds check before signature length read

---
 library/ssl_cli.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 94c521dd9..a126b79fe 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2236,6 +2236,13 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
         /*
          * Read signature
          */
+        if( p > end - 2 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+            mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                            MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+        }
         sig_len = ( p[0] << 8 ) | p[1];
         p += 2;
 

From c86b880411191c3e56105ea1bcd45314a73d77dc Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:50:54 +0100
Subject: [PATCH 66/71] Prevent arithmetic overflow on bounds check

---
 library/ssl_cli.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a126b79fe..b607fda71 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2246,7 +2246,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
         sig_len = ( p[0] << 8 ) | p[1];
         p += 2;
 
-        if( end != p + sig_len )
+        if( p != end - sig_len )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
             return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );

From d3cec993774f638540051501ba8617bc1e37cfbb Mon Sep 17 00:00:00 2001
From: Krzysztof Stachowiak <krzysiek.stachowiak@gmail.com>
Date: Wed, 14 Mar 2018 11:52:22 +0100
Subject: [PATCH 67/71] Update change log

---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ed7818e30..acb533012 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -446,6 +446,10 @@ Changes
 
 = mbed TLS 2.1.0 released 2015-09-04
 
+Security
+   * Fix a buffer overread in ssl_parse_server_key_exchange() that could cause
+     a crash on invalid input.
+
 Features
    * Added support for yotta as a build system.
    * Primary open source license changed to Apache 2.0 license.
@@ -481,6 +485,8 @@ Bugfix
    * Fix unused function warning when using MBEDTLS_MDx_ALT or
      MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
    * Fix memory corruption in pkey programs (found by yankuncheng) (#210)
+   * Fix a possible arithmetic overflow in ssl_parse_server_key_exchange()
+     that could cause a key exchange to fail on valid data.
 
 Changes
    * The PEM parser now accepts a trailing space at end of lines (#226).

From 82712a9c979eeaa15769409da24e87be4165b53b Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Mon, 28 Aug 2017 13:55:55 +0300
Subject: [PATCH 68/71] Write correct number of ciphersuites in log

Change location of log, to fit the correct number of used ciphersuites
---
 ChangeLog         | 7 ++++++-
 library/ssl_cli.c | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0eb070212..76bf082f6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,9 @@
-mbed TLS ChangeLog (Sorted per branch, date)
+mbed TLS ChangeLog (Sorted per branch, date)
+
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Log correct number of ciphersuites used in Client Hello message. Fix for #918.
 
 = mbed TLS 2.1.11 branch released xxxx-xx-xx
 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 94c521dd9..e95c8f3ac 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -811,6 +811,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         *p++ = (unsigned char)( ciphersuites[i]      );
     }
 
+	MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %d ciphersuites", n));
+
     /*
      * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      */
@@ -837,8 +839,6 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     *q++ = (unsigned char)( n >> 7 );
     *q++ = (unsigned char)( n << 1 );
 
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites", n ) );
-
 #if defined(MBEDTLS_ZLIB_SUPPORT)
     offer_compress = 1;
 #else

From f71ce5229e123215f38caecb5d299cbb0a4898ee Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Tue, 5 Sep 2017 16:09:53 +0300
Subject: [PATCH 69/71] Add log and fix stle issues

Address Andres comments of PR
---
 library/ssl_cli.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e95c8f3ac..30daf6d76 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -811,7 +811,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         *p++ = (unsigned char)( ciphersuites[i]      );
     }
 
-	MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %d ciphersuites", n));
+	MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
 
     /*
      * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -820,6 +820,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
 #endif
     {
+		MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
         *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
         *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO      );
         n++;

From 329e4d572b5faf4f186694a318c9223ecad7c255 Mon Sep 17 00:00:00 2001
From: Ron Eldor <ron.eldor@arm.com>
Date: Sun, 10 Sep 2017 17:03:50 +0300
Subject: [PATCH 70/71] Addres review comments

Resolves comments raised in the review
---
 library/ssl_cli.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 30daf6d76..6d86f260b 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -811,7 +811,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
         *p++ = (unsigned char)( ciphersuites[i]      );
     }
 
-	MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
 
     /*
      * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -820,7 +820,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
     if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE )
 #endif
     {
-		MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
         *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
         *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO      );
         n++;

From 1c986a9859f9456af999d16ba5056914669689fc Mon Sep 17 00:00:00 2001
From: Jaeden Amero <jaeden.amero@arm.com>
Date: Fri, 16 Mar 2018 16:29:30 +0000
Subject: [PATCH 71/71] Update version to 2.1.11

---
 ChangeLog                            | 2 +-
 doxygen/input/doc_mainpage.h         | 2 +-
 doxygen/mbedtls.doxyfile             | 2 +-
 include/mbedtls/version.h            | 8 ++++----
 library/CMakeLists.txt               | 6 +++---
 tests/suites/test_suite_version.data | 4 ++--
 yotta/data/module.json               | 2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9a40ead87..45c07fe04 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS 2.1.11 branch released xxxx-xx-xx
+= mbed TLS 2.1.11 branch released 2018-03-16
 
 Default behavior changes
    * The truncated HMAC extension now conforms to RFC 6066. This means
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 7e5c1419e..6884a82f4 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -21,7 +21,7 @@
  */
 
 /**
- * @mainpage mbed TLS v2.1.10 source code documentation
+ * @mainpage mbed TLS v2.1.11 source code documentation
  *
  * This documentation describes the internal structure of mbed TLS.  It was
  * automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index c05cb8b2d..af9d5ef31 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
 
-PROJECT_NAME           = "mbed TLS v2.1.10"
+PROJECT_NAME           = "mbed TLS v2.1.11"
 
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 1e04c938b..087eafea2 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,16 +39,16 @@
  */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  1
-#define MBEDTLS_VERSION_PATCH  10
+#define MBEDTLS_VERSION_PATCH  11
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x02010A00
-#define MBEDTLS_VERSION_STRING         "2.1.10"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.1.10"
+#define MBEDTLS_VERSION_NUMBER         0x02010B00
+#define MBEDTLS_VERSION_STRING         "2.1.11"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.1.11"
 
 #if defined(MBEDTLS_VERSION_C)
 
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 1353df6d7..a62a82365 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -138,15 +138,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
     add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.1.10 SOVERSION 0)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.1.11 SOVERSION 0)
     target_link_libraries(mbedcrypto ${libs})
 
     add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.1.10 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.1.11 SOVERSION 0)
     target_link_libraries(mbedx509 ${libs} mbedcrypto)
 
     add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.1.10 SOVERSION 10)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.1.11 SOVERSION 10)
     target_link_libraries(mbedtls ${libs} mbedx509)
 
     install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 7928b863c..e30424fd0 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.1.10"
+check_compiletime_version:"2.1.11"
 
 Check runtime library version
-check_runtime_version:"2.1.10"
+check_runtime_version:"2.1.11"
 
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0
diff --git a/yotta/data/module.json b/yotta/data/module.json
index 3a0c5374d..6518ba931 100644
--- a/yotta/data/module.json
+++ b/yotta/data/module.json
@@ -1,6 +1,6 @@
 {
     "name": "mbedtls",
-    "version": "2.1.10",
+    "version": "2.1.11",
     "description": "The mbed TLS crypto/SSL/TLS library",
     "licenses": [
         {