diff --git a/configs/baremetal.h b/configs/baremetal.h index 1b522551a..4a67c98dd 100644 --- a/configs/baremetal.h +++ b/configs/baremetal.h @@ -52,6 +52,8 @@ #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID MBEDTLS_MD_SHA256 #define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID MBEDTLS_SSL_HASH_SHA256 +#define MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256 + /* Key exchanges */ #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 @@ -61,6 +63,7 @@ #define MBEDTLS_MD_C #define MBEDTLS_SHA256_C #define MBEDTLS_SHA256_SMALLER +#define MBEDTLS_SHA256_NO_SHA224 /* TLS options */ #define MBEDTLS_SSL_CLI_C @@ -116,6 +119,7 @@ #define MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID #define MBEDTLS_X509_ON_DEMAND_PARSING #define MBEDTLS_X509_ALWAYS_FLUSH +#define MBEDTLS_X509_REMOVE_VERIFY_CALLBACK #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index c9b58dd53..e0f50ea6f 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -55,6 +55,9 @@ #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C +/* Save ROM by excluded SHA-2 variant that we don't need */ +#define MBEDTLS_SHA256_NO_SHA224 + /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 18e2c4036..d6891fae1 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -78,6 +78,9 @@ #define MBEDTLS_CERTS_C #define MBEDTLS_PEM_PARSE_C +/* Save ROM by excluded SHA-2 variant that we don't need */ +#define MBEDTLS_SHA256_NO_SHA224 + /* Save RAM at the expense of ROM */ #define MBEDTLS_AES_ROM_TABLES diff --git a/configs/config-thread.h b/configs/config-thread.h index 4fa0b8d19..da8ac7aaa 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -88,6 +88,9 @@ #define MBEDTLS_ECP_MAX_BITS 256 #define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes +/* Save ROM by excluded SHA-2 variant that we don't need */ +#define MBEDTLS_SHA256_NO_SHA224 + /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 41c61db05..ceeb2efb2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -788,6 +788,73 @@ #define MBEDTLS_THREADING_IMPL #endif +/* Ensure that precisely one hash is enabled. */ +#if defined(MBEDTLS_MD_SINGLE_HASH) + +#if defined(MBEDTLS_SHA256_C) +#define MBEDTLS_SHA256_ENABLED 1 +#else +#define MBEDTLS_SHA256_ENABLED 0 +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA256_NO_SHA224) +#define MBEDTLS_SHA224_ENABLED 1 +#else +#define MBEDTLS_SHA224_ENABLED 0 +#endif /* MBEDTLS_SHA256_C && !MBEDTLS_SHA256_NO_SHA224 */ + +#if defined(MBEDTLS_SHA512_C) +#define MBEDTLS_SHA512_ENABLED 2 +#else +#define MBEDTLS_SHA512_ENABLED 0 +#endif /* MBEDTLS_SHA512_C */ + +#if defined(MBEDTLS_SHA1_C) +#define MBEDTLS_SHA1_ENABLED 1 +#else +#define MBEDTLS_SHA1_ENABLED 0 +#endif /* MBEDTLS_SHA1_C */ + +#if defined(MBEDTLS_MD2_C) +#define MBEDTLS_MD2_ENABLED 1 +#else +#define MBEDTLS_MD2_ENABLED 0 +#endif /* MBEDTLS_MD2_C */ + +#if defined(MBEDTLS_MD4_C) +#define MBEDTLS_MD4_ENABLED 1 +#else +#define MBEDTLS_MD4_ENABLED 0 +#endif /* MBEDTLS_MD4_C */ + +#if defined(MBEDTLS_MD5_C) +#define MBEDTLS_MD5_ENABLED 1 +#else +#define MBEDTLS_MD5_ENABLED 0 +#endif /* MBEDTLS_MD5_C */ + +#if defined(MBEDTLS_RIPEMD160_C) +#define MBEDTLS_RIPEMD160_ENABLED 1 +#else +#define MBEDTLS_RIPEMD160_ENABLED 0 +#endif /* MBEDTLS_RIPEMD160_C */ + +#define MBEDTLS_HASHES_ENABLED \ + ( MBEDTLS_MD2_ENABLED + \ + MBEDTLS_MD4_ENABLED + \ + MBEDTLS_MD5_ENABLED + \ + MBEDTLS_RIPEMD160_ENABLED + \ + MBEDTLS_SHA1_ENABLED + \ + MBEDTLS_SHA256_ENABLED + \ + MBEDTLS_SHA512_ENABLED ) + +#if MBEDTLS_HASHES_ENABLED != 1 +#error "MBEDTLS_MD_SINGLE_HASH must be used with precisely one hash algorithm enabled." +#endif + +#undef MBEDTLS_HASHES_ENABLED +#endif /* MBEDTLS_MD_SINGLE_HASH */ + #if defined(MBEDTLS_THREADING_ALT) #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_ALT defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 297d1c7ee..3b38a5b9d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1291,6 +1291,16 @@ */ //#define MBEDTLS_SHA256_SMALLER +/** + * \def MBEDTLS_SHA256_NO_SHA224 + * + * Disable the SHA-224 option of the SHA-256 module. Use this to save some + * code size on devices that don't use SHA-224. + * + * Uncomment to disable SHA-224 + */ +//#define MBEDTLS_SHA256_NO_SHA224 + /** * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * @@ -2028,6 +2038,17 @@ */ //#define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +/** + * \def MBEDTLS_X509_REMOVE_VERIFY_CALLBACK + * + * Remove support for X.509 certificate verification callbacks. + * + * Uncomment to save some bytes of code by removing support for X.509 + * certificate verification callbacks in mbedtls_x509_crt_verify() and + * related verification API. + */ +//#define MBEDTLS_X509_REMOVE_VERIFY_CALLBACK + /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT * @@ -3815,6 +3836,20 @@ //#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_MD_ID //#define MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID +/* Set this to MBEDTLS_MD_INFO_{DIGEST} support of a single message + * digest at compile-time, at the benefit of code-size. + * + * On highly constrained systems with large control over the configuration of + * the connection endpoints, this option can be used to hardcode support for + * a single hash algorithm. + * + * You need to make sure that the corresponding digest algorithm attributes + * are defined through macros in md.c. See the definitions + * MBEDTLS_MD_INFO_SHA256_XXX for example. + * + */ +//#define MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256 + /* \} SECTION: Compile-time SSL configuration */ /* Target and application specific configurations diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 3d8d02ae6..00e752b23 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -75,7 +75,7 @@ typedef enum { */ typedef struct mbedtls_ecjpake_context { - const mbedtls_md_info_t *md_info; /**< Hash to use */ + mbedtls_md_handle_t md_info; /**< Hash to use */ mbedtls_ecp_group grp; /**< Elliptic curve */ mbedtls_ecjpake_role role; /**< Are we client or server? */ int point_format; /**< Format for point export */ diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index bcafe4251..4fc897efb 100644 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -70,7 +70,7 @@ extern "C" { * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, +int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ); @@ -99,7 +99,7 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, +int mbedtls_hkdf_extract( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk ); @@ -130,7 +130,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, +int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ); diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index f1289cb30..ed0385455 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -138,7 +138,7 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); * MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED. */ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, @@ -158,7 +158,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, * MBEDTLS_ERR_MD_ALLOC_FAILED. */ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, const unsigned char *data, size_t data_len ); /** diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 69ab21f40..3b847b4a0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -35,6 +35,11 @@ #include MBEDTLS_CONFIG_FILE #endif +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ @@ -80,26 +85,72 @@ typedef enum { #define MBEDTLS_MD_MAX_BLOCK_SIZE 64 #endif +#if !defined(MBEDTLS_MD_SINGLE_HASH) + +#define MBEDTLS_MD_INLINABLE_API + /** - * Opaque struct defined in md_internal.h. + * Opaque struct defined in md.c. */ typedef struct mbedtls_md_info_t mbedtls_md_info_t; + +typedef struct mbedtls_md_info_t const * mbedtls_md_handle_t; +#define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) NULL ) + +#else /* !MBEDTLS_MD_SINGLE_HASH */ + +#define MBEDTLS_MD_INLINABLE_API MBEDTLS_ALWAYS_INLINE static inline + +typedef int mbedtls_md_handle_t; +#define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) 0 ) +#define MBEDTLS_MD_UNIQUE_VALID_HANDLE ( (mbedtls_md_handle_t) 1 ) + +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + +#include "md_internal.h" + /** * The generic message-digest context. */ typedef struct mbedtls_md_context_t { +#if !defined(MBEDTLS_MD_SINGLE_HASH) /** Information about the associated message digest. */ - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; +#endif +#if !defined(MBEDTLS_MD_SINGLE_HASH) /** The digest-specific context. */ void *md_ctx; /** The HMAC part of the context. */ void *hmac_ctx; +#else + unsigned char md_ctx[ sizeof( MBEDTLS_MD_INFO_CTX_TYPE( + MBEDTLS_MD_SINGLE_HASH ) ) ]; + + unsigned char hmac_ctx[ 2 * MBEDTLS_MD_INFO_BLOCKSIZE( + MBEDTLS_MD_SINGLE_HASH ) ]; + +#endif /* MBEDTLS_MD_SINGLE_HASH */ } mbedtls_md_context_t; +#if !defined(MBEDTLS_MD_SINGLE_HASH) +static inline mbedtls_md_handle_t mbedtls_md_get_handle( + struct mbedtls_md_context_t const *ctx ) +{ + return( ctx->md_info ); +} +#else /* !MBEDTLS_MD_SINGLE_HASH */ +static inline mbedtls_md_handle_t mbedtls_md_get_handle( + struct mbedtls_md_context_t const *ctx ) +{ + ((void) ctx); + return( MBEDTLS_MD_UNIQUE_VALID_HANDLE ); +} +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + /** * \brief This function returns the list of digests supported by the * generic digest module. @@ -120,7 +171,7 @@ const int *mbedtls_md_list( void ); * \return The message-digest information associated with \p md_name. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); +mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name ); /** * \brief This function returns the message-digest information @@ -131,7 +182,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); * \return The message-digest information associated with \p md_type. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); +mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); /** * \brief This function initializes a message-digest context without @@ -182,7 +233,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; +int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info ) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -205,7 +256,9 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_setup( mbedtls_md_context_t *ctx, + mbedtls_md_handle_t md_info, + int hmac ); /** * \brief This function clones the state of an message-digest @@ -238,7 +291,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, * * \return The size of the message-digest output in Bytes. */ -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); +unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ); /** * \brief This function extracts the message-digest type from the @@ -249,7 +302,7 @@ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); * * \return The type of the message digest. */ -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); +mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info ); /** * \brief This function extracts the message-digest name from the @@ -260,7 +313,7 @@ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); * * \return The name of the message digest. */ -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); +const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info ); /** * \brief This function starts a message-digest computation. @@ -275,7 +328,7 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_starts( mbedtls_md_context_t *ctx ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( mbedtls_md_context_t *ctx ); /** * \brief This function feeds an input buffer into an ongoing @@ -293,7 +346,9 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_update( mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the digest operation, @@ -313,7 +368,8 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_finish( mbedtls_md_context_t *ctx, + unsigned char *output ); /** * \brief This function calculates the message-digest of a buffer, @@ -333,8 +389,11 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md( + mbedtls_md_handle_t md_info, + const unsigned char *input, + size_t ilen, + unsigned char *output ); #if defined(MBEDTLS_FS_IO) /** @@ -354,7 +413,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * the file pointed by \p path. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, +int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned char *output ); #endif /* MBEDTLS_FS_IO */ @@ -460,12 +519,167 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, +int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output ); /* Internal use */ -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); +MBEDTLS_MD_INLINABLE_API int mbedtls_md_process( mbedtls_md_context_t *ctx, + const unsigned char *data ); + +/* + * Internal wrapper functions for those MD API functions which should be + * inlined in some but not all configurations. The actual MD API will be + * implemented either here or in md.c, and forward to the wrappers. + */ + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_setup_internal( + mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ) +{ + if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + +#if !defined(MBEDTLS_MD_SINGLE_HASH) + ctx->md_ctx = mbedtls_md_info_ctx_alloc( md_info ); + if( ctx->md_ctx == NULL ) + return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + + if( hmac != 0 ) + { + ctx->hmac_ctx = mbedtls_calloc( 2, + mbedtls_md_info_block_size( md_info ) ); + if( ctx->hmac_ctx == NULL ) + { + mbedtls_md_info_ctx_free( md_info, ctx->md_ctx); + return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + } + } + + ctx->md_info = md_info; +#else + ((void) hmac); +#endif /* MBEDTLS_MD_SINGLE_HASH */ + + return( 0 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_starts_internal( + mbedtls_md_context_t *ctx ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_starts( md_info, ctx->md_ctx ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_update_internal( + mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_update( md_info, ctx->md_ctx, + input, ilen ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_finish_internal( + mbedtls_md_context_t *ctx, unsigned char *output ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_finish( md_info, ctx->md_ctx, + output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_internal( + mbedtls_md_handle_t md_info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_digest( md_info, input, + ilen, output) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_process_internal( + mbedtls_md_context_t *ctx, const unsigned char *data ) +{ + mbedtls_md_handle_t md_info; + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_process( md_info, ctx->md_ctx, data ) ); +} + +#if defined(MBEDTLS_MD_SINGLE_HASH) + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_setup( + mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ) +{ + return( mbedtls_md_setup_internal( ctx, md_info, hmac ) ); +} + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_starts( + mbedtls_md_context_t *ctx ) +{ + return( mbedtls_md_starts_internal( ctx ) ); +} + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_update( + mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md_update_internal( ctx, input, ilen ) ); +} + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_finish( + mbedtls_md_context_t *ctx, unsigned char *output ) +{ + return( mbedtls_md_finish_internal( ctx, output ) ); +} + +MBEDTLS_MD_INLINABLE_API int mbedtls_md( + mbedtls_md_handle_t md_info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + return( mbedtls_md_internal( md_info, input, ilen, output ) ); +} + +MBEDTLS_MD_INLINABLE_API int mbedtls_md_process( + mbedtls_md_context_t *ctx, const unsigned char *data ) +{ + return( mbedtls_md_process_internal( ctx, data ) ); +} + +#endif /* MBEDTLS_MD_SINGLE_HASH */ #ifdef __cplusplus } diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index 04de48291..84944ee44 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -1,14 +1,12 @@ -/** + /** * \file md_internal.h * - * \brief Message digest wrappers. - * - * \warning This in an internal header. Do not include directly. + * \brief This file contains the generic message-digest wrapper. * * \author Adriaan de Jong */ /* - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -23,27 +21,157 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ -#ifndef MBEDTLS_MD_WRAP_H -#define MBEDTLS_MD_WRAP_H -#if !defined(MBEDTLS_CONFIG_FILE) -#include "config.h" -#else -#include MBEDTLS_CONFIG_FILE +#ifndef MBEDTLS_MD_INTERNAL_H +#define MBEDTLS_MD_INTERNAL_H + +#if defined(MBEDTLS_MD2_C) +#include "mbedtls/md2.h" #endif -#include "md.h" +#if defined(MBEDTLS_MD4_C) +#include "mbedtls/md4.h" +#endif + +#if defined(MBEDTLS_MD5_C) +#include "mbedtls/md5.h" +#endif + +#if defined(MBEDTLS_RIPEMD160_C) +#include "mbedtls/ripemd160.h" +#endif + +#if defined(MBEDTLS_SHA1_C) +#include "mbedtls/sha1.h" +#endif + +#if defined(MBEDTLS_SHA256_C) +#include "mbedtls/sha256.h" +#endif + +#if defined(MBEDTLS_SHA512_C) +#include "mbedtls/sha512.h" +#endif + +#include "mbedtls/platform_util.h" + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif #ifdef __cplusplus extern "C" { #endif +#define MBEDTLS_MD_WRAPPER MBEDTLS_ALWAYS_INLINE static inline + +/* + * Message-digest information macro definition + */ + +/* Dummy definition to keep check-names.sh happy - don't uncomment */ +//#define MBEDTLS_MD_INFO_SHA256 + +/* SHA-256 */ +static inline void mbedtls_md_sha256_init_free_dummy( void* ctx ) +{ + /* Zero-initialization can be skipped. */ + ((void) ctx); +} +#define MBEDTLS_MD_INFO_SHA256_TYPE MBEDTLS_MD_SHA256 +#define MBEDTLS_MD_INFO_SHA256_CTX_TYPE mbedtls_sha256_context +#if defined(MBEDTLS_MD_SINGLE_HASH) && !defined(MBEDTLS_SHA256_ALT) +/* mbedtls_md_sha256_init() only zeroizes, which is redundant + * because mbedtls_md_context is zeroized in mbedtls_md_init(), + * and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */ +#define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_md_sha256_init_free_dummy +#else +#define MBEDTLS_MD_INFO_SHA256_INIT_FUNC mbedtls_sha256_init +#endif /* MBEDTLS_MD_SINGLE_HASH && !MBEDTLS_SHA256_ALT */ +#define MBEDTLS_MD_INFO_SHA256_NAME "SHA256" +#define MBEDTLS_MD_INFO_SHA256_SIZE 32 +#define MBEDTLS_MD_INFO_SHA256_BLOCKSIZE 64 +#define MBEDTLS_MD_INFO_SHA256_STARTS_FUNC mbedtls_sha256_starts_wrap +#define MBEDTLS_MD_INFO_SHA256_UPDATE_FUNC mbedtls_sha224_update_wrap +#define MBEDTLS_MD_INFO_SHA256_FINISH_FUNC mbedtls_sha224_finish_wrap +#define MBEDTLS_MD_INFO_SHA256_DIGEST_FUNC mbedtls_sha256_wrap +#define MBEDTLS_MD_INFO_SHA256_ALLOC_FUNC mbedtls_sha224_ctx_alloc +#if defined(MBEDTLS_MD_SINGLE_HASH) && !defined(MBEDTLS_SHA256_ALT) +/* mbedtls_md_sha256_free() only zeroizes, which is redundant + * because mbedtls_md_context is zeroized in mbedtls_md_init(), + * and the mbedtls_sha256_context is embedded in mbedtls_md_context_t. */ +#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_md_sha256_init_free_dummy +#else +#define MBEDTLS_MD_INFO_SHA256_FREE_FUNC mbedtls_sha224_ctx_free +#endif /* MBEDTLS_MD_SINGLE_HASH && !MBEDTLS_SHA256_ALT */ +#define MBEDTLS_MD_INFO_SHA256_CLONE_FUNC mbedtls_sha224_clone_wrap +#define MBEDTLS_MD_INFO_SHA256_PROCESS_FUNC mbedtls_sha224_process_wrap + +/* + * Helper macros to extract fields from ciphersuites. + */ + +#define MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) MD ## _CTX_TYPE +#define MBEDTLS_MD_INFO_INIT_FUNC_T( MD ) MD ## _INIT_FUNC +#define MBEDTLS_MD_INFO_TYPE_T( MD ) MD ## _TYPE +#define MBEDTLS_MD_INFO_NAME_T( MD ) MD ## _NAME +#define MBEDTLS_MD_INFO_SIZE_T( MD ) MD ## _SIZE +#define MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) MD ## _BLOCKSIZE +#define MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) MD ## _STARTS_FUNC +#define MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) MD ## _UPDATE_FUNC +#define MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) MD ## _FINISH_FUNC +#define MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) MD ## _DIGEST_FUNC +#define MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) MD ## _ALLOC_FUNC +#define MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) MD ## _FREE_FUNC +#define MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) MD ## _CLONE_FUNC +#define MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) MD ## _PROCESS_FUNC + +/* Wrapper around MBEDTLS_MD_INFO_{FIELD}_T() which makes sure that + * the argument is macro-expanded before concatenated with the + * field name. This allows to call these macros as + * MBEDTLS_MD_INFO_{FIELD}( MBEDTLS_MD_SINGLE_HASH ). + * where MBEDTLS_MD_SINGLE_HASH expands to MBEDTLS_MD_INFO_{DIGEST}. */ +#define MBEDTLS_MD_INFO_CTX_TYPE( MD ) MBEDTLS_MD_INFO_CTX_TYPE_T( MD ) +#define MBEDTLS_MD_INFO_INIT_FUNC( MD ) MBEDTLS_MD_INFO_INIT_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_TYPE( MD ) MBEDTLS_MD_INFO_TYPE_T( MD ) +#define MBEDTLS_MD_INFO_NAME( MD ) MBEDTLS_MD_INFO_NAME_T( MD ) +#define MBEDTLS_MD_INFO_SIZE( MD ) MBEDTLS_MD_INFO_SIZE_T( MD ) +#define MBEDTLS_MD_INFO_BLOCKSIZE( MD ) MBEDTLS_MD_INFO_BLOCKSIZE_T( MD ) +#define MBEDTLS_MD_INFO_STARTS_FUNC( MD ) MBEDTLS_MD_INFO_STARTS_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_UPDATE_FUNC( MD ) MBEDTLS_MD_INFO_UPDATE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FINISH_FUNC( MD ) MBEDTLS_MD_INFO_FINISH_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_DIGEST_FUNC( MD ) MBEDTLS_MD_INFO_DIGEST_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_ALLOC_FUNC( MD ) MBEDTLS_MD_INFO_ALLOC_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_FREE_FUNC( MD ) MBEDTLS_MD_INFO_FREE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_CLONE_FUNC( MD ) MBEDTLS_MD_INFO_CLONE_FUNC_T( MD ) +#define MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) MBEDTLS_MD_INFO_PROCESS_FUNC_T( MD ) + /** * Message digest information. * Allows message digest functions to be called in a generic way. */ + +typedef int mbedtls_md_starts_func_t( void *ctx ); +typedef int mbedtls_md_update_func_t( void *ctx, + const unsigned char *input, + size_t ilen ); +typedef int mbedtls_md_finish_func_t( void *ctx, unsigned char *output ); +typedef int mbedtls_md_digest_func_t( const unsigned char *input, + size_t ilen, + unsigned char *output ); +typedef void* mbedtls_md_ctx_alloc_func_t( void ); +typedef void mbedtls_md_ctx_free_func_t( void *ctx ); +typedef void mbedtls_md_clone_func_t( void *st, const void *src ); +typedef int mbedtls_md_process_func_t( void *ctx, + const unsigned char *input ); + +#if !defined(MBEDTLS_MD_SINGLE_HASH) struct mbedtls_md_info_t { /** Digest identifier */ @@ -59,57 +187,672 @@ struct mbedtls_md_info_t int block_size; /** Digest initialisation function */ - int (*starts_func)( void *ctx ); + mbedtls_md_starts_func_t *starts_func; /** Digest update function */ - int (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); + mbedtls_md_update_func_t *update_func; /** Digest finalisation function */ - int (*finish_func)( void *ctx, unsigned char *output ); + mbedtls_md_finish_func_t *finish_func; /** Generic digest function */ - int (*digest_func)( const unsigned char *input, size_t ilen, - unsigned char *output ); + mbedtls_md_digest_func_t *digest_func; /** Allocate a new context */ - void * (*ctx_alloc_func)( void ); + mbedtls_md_ctx_alloc_func_t *ctx_alloc_func; /** Free the given context */ - void (*ctx_free_func)( void *ctx ); + mbedtls_md_ctx_free_func_t *ctx_free_func; /** Clone state from a context */ - void (*clone_func)( void *dst, const void *src ); + mbedtls_md_clone_func_t *clone_func; /** Internal use only */ - int (*process_func)( void *ctx, const unsigned char *input ); + mbedtls_md_process_func_t *process_func; }; +/** + * \brief This macro builds an instance of ::mbedtls_md_info_t + * from an \c MBEDTLS_MD_INFO_XXX identifier. + */ +#define MBEDTLS_MD_INFO( MD ) \ + { MBEDTLS_MD_INFO_TYPE( MD ), \ + MBEDTLS_MD_INFO_NAME( MD ), \ + MBEDTLS_MD_INFO_SIZE( MD ), \ + MBEDTLS_MD_INFO_BLOCKSIZE( MD ), \ + MBEDTLS_MD_INFO_STARTS_FUNC( MD ), \ + MBEDTLS_MD_INFO_UPDATE_FUNC( MD ), \ + MBEDTLS_MD_INFO_FINISH_FUNC( MD ), \ + MBEDTLS_MD_INFO_DIGEST_FUNC( MD ), \ + MBEDTLS_MD_INFO_ALLOC_FUNC( MD ), \ + MBEDTLS_MD_INFO_FREE_FUNC( MD ), \ + MBEDTLS_MD_INFO_CLONE_FUNC( MD ), \ + MBEDTLS_MD_INFO_PROCESS_FUNC( MD ) } + +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + +/* + * + * Definitions of MD information structures for various digests. + * + */ + +/* + * MD-2 + */ + #if defined(MBEDTLS_MD2_C) -extern const mbedtls_md_info_t mbedtls_md2_info; -#endif + +MBEDTLS_MD_WRAPPER int mbedtls_md2_starts_wrap( void *ctx ) +{ + return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md2_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md2_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); +} + +MBEDTLS_MD_WRAPPER void* mbedtls_md2_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); + + if( ctx != NULL ) + mbedtls_md2_init( (mbedtls_md2_context *) ctx ); + + return( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_md2_ctx_free( void *ctx ) +{ + mbedtls_md2_free( (mbedtls_md2_context *) ctx ); + mbedtls_free( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_md2_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md2_clone( (mbedtls_md2_context *) dst, + (const mbedtls_md2_context *) src ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md2_process_wrap( void *ctx, const unsigned char *data ) +{ + ((void) data); + + return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); +} + +#endif /* MBEDTLS_MD2_C */ + +/* + * MD-4 + */ + #if defined(MBEDTLS_MD4_C) -extern const mbedtls_md_info_t mbedtls_md4_info; -#endif + +MBEDTLS_MD_WRAPPER int mbedtls_md4_starts_wrap( void *ctx ) +{ + return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md4_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md4_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); +} + +MBEDTLS_MD_WRAPPER void* mbedtls_md4_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) ); + + if( ctx != NULL ) + mbedtls_md4_init( (mbedtls_md4_context *) ctx ); + + return( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_md4_ctx_free( void *ctx ) +{ + mbedtls_md4_free( (mbedtls_md4_context *) ctx ); + mbedtls_free( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_md4_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md4_clone( (mbedtls_md4_context *) dst, + (const mbedtls_md4_context *) src ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md4_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); +} + +#endif /* MBEDTLS_MD4_C */ + +/* + * MD-5 + */ + #if defined(MBEDTLS_MD5_C) -extern const mbedtls_md_info_t mbedtls_md5_info; -#endif + +MBEDTLS_MD_WRAPPER int mbedtls_md5_starts_wrap( void *ctx ) +{ + return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md5_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md5_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); +} + +MBEDTLS_MD_WRAPPER void* mbedtls_md5_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) ); + + if( ctx != NULL ) + mbedtls_md5_init( (mbedtls_md5_context *) ctx ); + + return( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_md5_ctx_free( void *ctx ) +{ + mbedtls_md5_free( (mbedtls_md5_context *) ctx ); + mbedtls_free( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_md5_clone_wrap( void *dst, const void *src ) +{ + mbedtls_md5_clone( (mbedtls_md5_context *) dst, + (const mbedtls_md5_context *) src ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_md5_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); +} + +#endif /* MBEDTLS_MD5_C */ + +/* + * RIPEMD-160 + */ + #if defined(MBEDTLS_RIPEMD160_C) -extern const mbedtls_md_info_t mbedtls_ripemd160_info; -#endif + +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_starts_wrap( void *ctx ) +{ + return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, + input, ilen ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, + output ) ); +} + +MBEDTLS_MD_WRAPPER void* mbedtls_ripemd160_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) ); + + if( ctx != NULL ) + mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx ); + + return( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_ripemd160_ctx_free( void *ctx ) +{ + mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx ); + mbedtls_free( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_ripemd160_clone_wrap( void *dst, const void *src ) +{ + mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst, + (const mbedtls_ripemd160_context *) src ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_ripemd160_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_ripemd160_process( + (mbedtls_ripemd160_context *) ctx, data ) ); +} + +#endif /* MBEDTLS_RIPEMD160_C */ + +/* + * SHA-1 + */ + #if defined(MBEDTLS_SHA1_C) -extern const mbedtls_md_info_t mbedtls_sha1_info; -#endif + +MBEDTLS_MD_WRAPPER int mbedtls_sha1_starts_wrap( void *ctx ) +{ + return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha1_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, + input, ilen ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha1_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); +} + +MBEDTLS_MD_WRAPPER void* mbedtls_sha1_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) ); + + if( ctx != NULL ) + mbedtls_sha1_init( (mbedtls_sha1_context *) ctx ); + + return( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_sha1_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha1_clone( (mbedtls_sha1_context *) dst, + (const mbedtls_sha1_context *) src ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_sha1_ctx_free( void *ctx ) +{ + mbedtls_sha1_free( (mbedtls_sha1_context *) ctx ); + mbedtls_free( ctx ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha1_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, + data ) ); +} + +#endif /* MBEDTLS_SHA1_C */ + +/* + * SHA-224 and SHA-256 + */ + #if defined(MBEDTLS_SHA256_C) -extern const mbedtls_md_info_t mbedtls_sha224_info; -extern const mbedtls_md_info_t mbedtls_sha256_info; -#endif + +#if !defined(MBEDTLS_SHA256_NO_SHA224) +MBEDTLS_MD_WRAPPER int mbedtls_sha224_starts_wrap( void *ctx ) +{ + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); +} +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ + +MBEDTLS_MD_WRAPPER int mbedtls_sha224_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, + input, ilen ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha224_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, + output ) ); +} + +#if !defined(MBEDTLS_SHA256_NO_SHA224) +MBEDTLS_MD_WRAPPER int mbedtls_sha224_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); +} +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ + +MBEDTLS_MD_WRAPPER void* mbedtls_sha224_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); + + if( ctx != NULL ) + mbedtls_sha256_init( (mbedtls_sha256_context *) ctx ); + + return( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_sha224_ctx_free( void *ctx ) +{ + mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); + mbedtls_free( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_sha224_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, + (const mbedtls_sha256_context *) src ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha224_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, + data ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha256_starts_wrap( void *ctx ) +{ + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha256_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); +} + +#endif /* MBEDTLS_SHA256_C */ + +/* + * SHA-384 and SHA-512 + */ + #if defined(MBEDTLS_SHA512_C) -extern const mbedtls_md_info_t mbedtls_sha384_info; -extern const mbedtls_md_info_t mbedtls_sha512_info; -#endif + +MBEDTLS_MD_WRAPPER int mbedtls_sha384_starts_wrap( void *ctx ) +{ + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha384_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) +{ + return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, + input, ilen ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha384_finish_wrap( void *ctx, unsigned char *output ) +{ + return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, + output ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha384_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); +} + +MBEDTLS_MD_WRAPPER void* mbedtls_sha384_ctx_alloc( void ) +{ + void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) ); + + if( ctx != NULL ) + mbedtls_sha512_init( (mbedtls_sha512_context *) ctx ); + + return( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_sha384_ctx_free( void *ctx ) +{ + mbedtls_sha512_free( (mbedtls_sha512_context *) ctx ); + mbedtls_free( ctx ); +} + +MBEDTLS_MD_WRAPPER void mbedtls_sha384_clone_wrap( void *dst, const void *src ) +{ + mbedtls_sha512_clone( (mbedtls_sha512_context *) dst, + (const mbedtls_sha512_context *) src ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha384_process_wrap( void *ctx, const unsigned char *data ) +{ + return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, + data ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha512_starts_wrap( void *ctx ) +{ + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); +} + +MBEDTLS_MD_WRAPPER int mbedtls_sha512_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); +} + +#endif /* MBEDTLS_SHA512_C */ + +/* + * Getter functions for MD info structure. + */ + +#if !defined(MBEDTLS_MD_SINGLE_HASH) + +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( + mbedtls_md_handle_t info ) +{ + return( info->type ); +} + +MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( + mbedtls_md_handle_t info ) +{ + return( info->name ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( + mbedtls_md_handle_t info ) +{ + return( info->size ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( + mbedtls_md_handle_t info ) +{ + return( info->block_size ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( + mbedtls_md_handle_t info, + void *ctx ) +{ + return( info->starts_func( ctx ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) +{ + return( info->update_func( ctx, input, ilen ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( + mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) +{ + return( info->finish_func( ctx, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( + mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + return( info->digest_func( input, ilen, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( + mbedtls_md_handle_t info ) +{ + return( info->ctx_alloc_func() ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( + mbedtls_md_handle_t info, + void *ctx ) +{ + info->ctx_free_func( ctx ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( + mbedtls_md_handle_t info, + void *dst, + const void *src ) +{ + info->clone_func( dst, src ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) +{ + return( info->process_func( ctx, input ) ); +} + +#else /* !MBEDTLS_MD_SINGLE_HASH */ + +MBEDTLS_ALWAYS_INLINE static inline mbedtls_md_type_t mbedtls_md_info_type( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline const char * mbedtls_md_info_name( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_size( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_SIZE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_block_size( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_BLOCKSIZE( MBEDTLS_MD_SINGLE_HASH ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_starts( + mbedtls_md_handle_t info, + void *ctx ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_STARTS_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_update( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input, + size_t ilen ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_UPDATE_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, input, ilen ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_init( + mbedtls_md_handle_t info, + void *ctx ) +{ + ((void) info); + MBEDTLS_MD_INFO_INIT_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_finish( + mbedtls_md_handle_t info, + void *ctx, + unsigned char *output ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_FINISH_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_digest( + mbedtls_md_handle_t info, + const unsigned char *input, + size_t ilen, + unsigned char *output ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_DIGEST_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( input, ilen, output ) ); +} + +MBEDTLS_ALWAYS_INLINE static inline void* mbedtls_md_info_ctx_alloc( + mbedtls_md_handle_t info ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_ALLOC_FUNC( MBEDTLS_MD_SINGLE_HASH )() ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_ctx_free( + mbedtls_md_handle_t info, + void *ctx ) +{ + ((void) info); + MBEDTLS_MD_INFO_FREE_FUNC( MBEDTLS_MD_SINGLE_HASH )( ctx ); +} + +MBEDTLS_ALWAYS_INLINE static inline void mbedtls_md_info_clone( + mbedtls_md_handle_t info, + void *dst, + const void *src ) +{ + ((void) info); + MBEDTLS_MD_INFO_CLONE_FUNC( MBEDTLS_MD_SINGLE_HASH )( dst, src ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_md_info_process( + mbedtls_md_handle_t info, + void *ctx, + const unsigned char *input ) +{ + ((void) info); + return( MBEDTLS_MD_INFO_PROCESS_FUNC( MBEDTLS_MD_SINGLE_HASH ) + ( ctx, input ) ); +} + +#endif /* MBEDTLS_MD_SINGLE_HASH */ #ifdef __cplusplus } #endif -#endif /* MBEDTLS_MD_WRAP_H */ +#endif /* MBEDTLS_MD_INTERNAL_H */ diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 09d096518..7033af837 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -30,7 +30,7 @@ #else #include MBEDTLS_CONFIG_FILE #endif - +#include #include #if defined(MBEDTLS_HAVE_TIME_DATE) #include "platform_time.h" @@ -113,6 +113,12 @@ void mbedtls_param_failed( const char *failure_condition, #endif /* MBEDTLS_CHECK_PARAMS */ +#if defined(__GNUC__) || defined(__arm__) +#define MBEDTLS_ALWAYS_INLINE __attribute__((always_inline)) +#else +#define MBEDTLS_ALWAYS_INLINE +#endif + /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -189,6 +195,82 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, struct tm *tm_buf ); #endif /* MBEDTLS_HAVE_TIME_DATE */ +/** + * \brief Convert a 32-bit number to the big endian format and write it to + * the given buffer. + * + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. + * + * \return Address to the end of buffer where the converted number is + * written. + */ +unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, + size_t num ); + +/** + * \brief Convert a 24-bit number to the big endian format and write it to + * the given buffer. + * + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. + * + * \return Address to the end of buffer where the converted number is + * written. + */ +unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, + size_t num ); + +/** + * \brief Convert a 16-bit number to the big endian format and write it to + * the given buffer. + * + * + * \param buf Address where the converted number is written. + * \param num A number that needs to be converted to the big endian format. + * + * \return Address to the end of buffer where the converted number is + * written. + */ +unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, + size_t num ); + +/** + * \brief Convert a 32-bit number from the big endian format. + * + * The function reads a 32-bit number from the given buffer in the + * big endian format and returns it to the caller. + * + * \param buf Buffer where the 32-bit number locates. + * + * \return Converted number. + */ +size_t mbedtls_platform_get_uint32_be( const unsigned char *buf ); + +/** + * \brief Convert a 24-bit number from the big endian format. + * + * The function reads a 14-bit number from the given buffer in the + * big endian format and returns it to the caller. + * + * \param buf Buffer where the 24-bit number locates. + * + * \return Converted number. + */ +size_t mbedtls_platform_get_uint24_be( const unsigned char *buf ); + +/** + * \brief Convert a 16-bit number from the big endian format. + * + * The function reads a 16-bit number from the given buffer in the + * big endian format and returns it to the caller. + * + * \param buf Buffer where the 16-bit number locates. + * + * \return Converted number. + */ +size_t mbedtls_platform_get_uint16_be( const unsigned char *buf ); + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index d64739820..6ef2245cf 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -60,8 +60,10 @@ typedef struct mbedtls_sha256_context uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ +#if !defined(MBEDTLS_SHA256_NO_SHA224) int is224; /*!< Determines which function to use: 0: Use SHA-256, or 1: Use SHA-224. */ +#endif } mbedtls_sha256_context; @@ -101,6 +103,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * \param ctx The context to use. This must be initialized. * \param is224 This determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. * * \return \c 0 on success. * \return A negative error code on failure. @@ -169,6 +172,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param ctx The context to use. This must be initialized. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. */ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); @@ -237,6 +241,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * be a writable buffer of length \c 32 Bytes. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, @@ -269,6 +274,7 @@ int mbedtls_sha256_ret( const unsigned char *input, * a writable buffer of length \c 32 Bytes. * \param is224 Determines which function to use. This must be either * \c 0 for SHA-256, or \c 1 for SHA-224. + * If #MBEDTLS_SHA256_NO_SHA224 is defined, this must be \c 0. */ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, size_t ilen, diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 40ad4b114..8008b516b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -142,11 +142,19 @@ /* * Various constants */ +#if !defined(MBEDTLS_SSL_PROTO_NO_TLS) #define MBEDTLS_SSL_MAJOR_VERSION_3 3 #define MBEDTLS_SSL_MINOR_VERSION_0 0 /*!< SSL v3.0 */ #define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ #define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ +#else /* MBEDTLS_SSL_PROTO_NO_TLS */ +#define MBEDTLS_SSL_MAJOR_VERSION_3 254 +#define MBEDTLS_SSL_MINOR_VERSION_0 257 /*!< unused */ +#define MBEDTLS_SSL_MINOR_VERSION_1 256 /*!< unused */ +#define MBEDTLS_SSL_MINOR_VERSION_2 255 /*!< DTLS v1.0 */ +#define MBEDTLS_SSL_MINOR_VERSION_3 253 /*!< DTLS v1.2 */ +#endif /* MBEDTLS_SSL_PROTO_NO_TLS */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ @@ -1033,7 +1041,8 @@ struct mbedtls_ssl_config void *p_sni; /*!< context for SNI callback */ #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) /** Callback to customize X.509 certificate chain verification */ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); void *p_vrfy; /*!< context for X.509 verify calllback */ @@ -1165,18 +1174,18 @@ struct mbedtls_ssl_config unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */ #endif -#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) - unsigned char max_major_ver; /*!< max. major version used */ -#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ -#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) - unsigned char max_minor_ver; /*!< max. minor version used */ -#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_MIN_MAJOR_VER) unsigned char min_major_ver; /*!< min. major version used */ #endif /* !MBEDTLS_SSL_CONF_MIN_MAJOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MAJOR_VER) + unsigned char max_major_ver; /*!< max. major version used */ +#endif /* !MBEDTLS_SSL_CONF_MAX_MAJOR_VER */ #if !defined(MBEDTLS_SSL_CONF_MIN_MINOR_VER) - unsigned char min_minor_ver; /*!< min. minor version used */ + uint16_t min_minor_ver; /*!< min. minor version used */ #endif /* !MBEDTLS_SSL_CONF_MIN_MINOR_VER */ +#if !defined(MBEDTLS_SSL_CONF_MAX_MINOR_VER) + uint16_t max_minor_ver; /*!< max. minor version used */ +#endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ /* * Flags (bitfields) @@ -1588,7 +1597,8 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); */ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) /** * \brief Set the verification callback (Optional). * @@ -1603,7 +1613,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if !defined(MBEDTLS_SSL_CONF_RNG) /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index d9690cb40..a98a458c4 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1196,6 +1196,8 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_PROTO_TLS) + /* * Convert version numbers to/from wire format * and, for DTLS, to/from TLS equivalent. @@ -1257,6 +1259,88 @@ MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_read_version( #endif /* MBEDTLS_SSL_PROTO_TLS */ } + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_leq( int v0, int v1 ) +{ + return( v0 <= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_lt( int v0, int v1 ) +{ + return( v0 < v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_geq( int v0, int v1 ) +{ + return( v0 >= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 ) +{ + return( v0 > v1 ); +} + +#else /* MBEDTLS_SSL_PROTO_TLS */ + +/* If only DTLS is enabled, we can match the internal encoding + * with the standard's encoding of versions. */ +static inline void mbedtls_ssl_write_version( int major, int minor, + int transport, + unsigned char ver[2] ) +{ + ((void) transport); + ver[0] = (unsigned char) major; + ver[1] = (unsigned char) minor; +} + +static inline void mbedtls_ssl_read_version( int *major, int *minor, + int transport, + const unsigned char ver[2] ) +{ + ((void) transport); + *major = ver[0]; + *minor = ver[1]; +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_leq( int v0, int v1 ) +{ + return( v0 >= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_lt( int v0, int v1 ) +{ + return( v0 > v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_geq( int v0, int v1 ) +{ + return( v0 <= v1 ); +} + +MBEDTLS_ALWAYS_INLINE static inline int mbedtls_ssl_ver_gt( int v0, int v1 ) +{ + return( v0 < v1 ); +} + +#endif /* MBEDTLS_SSL_PROTO_TLS */ + +MBEDTLS_ALWAYS_INLINE static inline size_t mbedtls_ssl_minor_ver_index( + int ver ) +{ + switch( ver ) + { + case MBEDTLS_SSL_MINOR_VERSION_0: + return( 0 ); + case MBEDTLS_SSL_MINOR_VERSION_1: + return( 1 ); + case MBEDTLS_SSL_MINOR_VERSION_2: + return( 2 ); + case MBEDTLS_SSL_MINOR_VERSION_3: + return( 3 ); + } + return( 0 ); +} + #ifdef __cplusplus } #endif @@ -1697,7 +1781,8 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced( #define MBEDTLS_SSL_BEGIN_FOR_EACH_CIPHERSUITE( ssl, ver, info ) \ { \ int const *__id_ptr; \ - for( __id_ptr=(ssl)->conf->ciphersuite_list[ (ver) ]; \ + for( __id_ptr=(ssl)->conf->ciphersuite_list[ \ + mbedtls_ssl_minor_ver_index( ver ) ]; \ *__id_ptr != 0; __id_ptr++ ) \ { \ const int __id = *__id_ptr; \ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 182ab15b0..662ec68a1 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -214,6 +214,8 @@ typedef struct mbedtls_x509write_cert mbedtls_x509write_cert; #endif /* MBEDTLS_X509_CRT_WRITE_C */ +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + /** * Item in a verification chain: cert and flags for it */ @@ -236,6 +238,16 @@ typedef struct unsigned len; } mbedtls_x509_crt_verify_chain; +#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + +typedef struct +{ + unsigned len; + uint32_t flags; +} mbedtls_x509_crt_verify_chain; + +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -249,6 +261,9 @@ typedef struct /* for find_parent_in() */ mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ + /* current child CRT */ + mbedtls_x509_crt *cur_crt; + #if defined(MBEDTLS_HAVE_TIME_DATE) mbedtls_x509_crt *fallback_parent; int fallback_signature_is_good; @@ -502,14 +517,17 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * verification process. */ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) - const char *cn, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); + const char *cn, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */ + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */ + ); /** * \brief Verify the certificate signature according to profile @@ -544,10 +562,13 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, const mbedtls_x509_crt_profile *profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) const char *cn, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */ + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */ + ); /** * \brief Restartable version of \c mbedtls_crt_verify_with_profile() @@ -577,10 +598,12 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, const mbedtls_x509_crt_profile *profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) || defined(DOXYGEN_ONLY) const char *cn, -#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || defined(DOXYGEN_ONLY) */ +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION || DOXYGEN_ONLY */ uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) || defined(DOXYGEN_ONLY) + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK || DOXYGEN_ONLY */ mbedtls_x509_crt_restart_ctx *rs_ctx ); #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) diff --git a/include/tinycrypt/ecc.h b/include/tinycrypt/ecc.h index 37a7ef1af..9c53f3e7e 100644 --- a/include/tinycrypt/ecc.h +++ b/include/tinycrypt/ecc.h @@ -1,5 +1,10 @@ /* ecc.h - TinyCrypt interface to common ECC functions */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* Copyright (c) 2014, Kenneth MacKay * All rights reserved. * diff --git a/include/tinycrypt/ecc_dh.h b/include/tinycrypt/ecc_dh.h index c680a77e6..a2edb0155 100644 --- a/include/tinycrypt/ecc_dh.h +++ b/include/tinycrypt/ecc_dh.h @@ -1,5 +1,10 @@ /* ecc_dh.h - TinyCrypt interface to EC-DH implementation */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. diff --git a/include/tinycrypt/ecc_dsa.h b/include/tinycrypt/ecc_dsa.h index cc5eebcdd..e54a77e85 100644 --- a/include/tinycrypt/ecc_dsa.h +++ b/include/tinycrypt/ecc_dsa.h @@ -1,5 +1,10 @@ /* ecc_dh.h - TinyCrypt interface to EC-DSA implementation */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 65722802e..98c7e979a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -38,7 +38,6 @@ set(src_crypto md2.c md4.c md5.c - md_wrap.c memory_buffer_alloc.c nist_kw.c oid.c diff --git a/library/Makefile b/library/Makefile index 50faed9ca..062846b7b 100644 --- a/library/Makefile +++ b/library/Makefile @@ -77,7 +77,7 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ error.o gcm.o havege.o \ hkdf.o \ hmac_drbg.o md.o md2.o \ - md4.o md5.o md_wrap.o \ + md4.o md5.o \ memory_buffer_alloc.o nist_kw.o \ oid.o padlock.o pem.o \ pk.o pk_wrap.o pkcs12.o \ diff --git a/library/ecdsa.c b/library/ecdsa.c index 2b4800642..3a11e1801 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -420,11 +420,14 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, mbedtls_hmac_drbg_context *p_rng = &rng_ctx; unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; size_t grp_len = ( grp->nbits + 7 ) / 8; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_mpi h; - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } mbedtls_mpi_init( &h ); mbedtls_hmac_drbg_init( &rng_ctx ); diff --git a/library/ecjpake.c b/library/ecjpake.c index 1845c936a..3381c7c40 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -63,7 +63,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ) { ECJPAKE_VALIDATE( ctx != NULL ); - ctx->md_info = NULL; + ctx->md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_ecp_group_init( &ctx->grp ); ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; @@ -86,7 +86,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ) if( ctx == NULL ) return; - ctx->md_info = NULL; + ctx->md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_ecp_group_free( &ctx->grp ); mbedtls_ecp_point_free( &ctx->Xm1 ); @@ -119,8 +119,11 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, ctx->role = role; - if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL ) + if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + } MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) ); @@ -140,7 +143,7 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ) { ECJPAKE_VALIDATE_RET( ctx != NULL ); - if( ctx->md_info == NULL || + if( ctx->md_info == MBEDTLS_MD_INVALID_HANDLE || ctx->grp.id == MBEDTLS_ECP_DP_NONE || ctx->s.p == NULL ) { @@ -190,7 +193,7 @@ static int ecjpake_write_len_point( unsigned char **p, /* * Compute hash for ZKP (7.4.2.2.2.1) */ -static int ecjpake_hash( const mbedtls_md_info_t *md_info, +static int ecjpake_hash( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -240,7 +243,7 @@ cleanup: /* * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3) */ -static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, +static int ecjpake_zkp_read( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -312,7 +315,7 @@ cleanup: /* * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2) */ -static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, +static int ecjpake_zkp_write( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -373,7 +376,7 @@ cleanup: * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof * Output: verified public key X */ -static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info, +static int ecjpake_kkp_read( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -410,7 +413,7 @@ cleanup: * Generate an ECJPAKEKeyKP * Output: the serialized structure, plus private/public key pair */ -static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info, +static int ecjpake_kkp_write( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -447,7 +450,7 @@ cleanup: * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs * Ouputs: verified peer public keys Xa, Xb */ -static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, +static int ecjpake_kkpp_read( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, @@ -480,7 +483,7 @@ cleanup: * Generate a ECJPAKEKeyKPPairList * Outputs: the serialized structure, plus two private/public key pairs */ -static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info, +static int ecjpake_kkpp_write( mbedtls_md_handle_t md_info, const mbedtls_ecp_group *grp, const int pf, const mbedtls_ecp_point *G, diff --git a/library/hkdf.c b/library/hkdf.c index 82d8a429f..d64dc4da1 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -30,7 +30,7 @@ #include "mbedtls/hkdf.h" #include "mbedtls/platform_util.h" -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, +int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ) @@ -51,7 +51,7 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, return( ret ); } -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, +int mbedtls_hkdf_extract( mbedtls_md_handle_t md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk ) @@ -81,7 +81,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) ); } -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, +int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ) { diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 34f18155e..b51e9b18d 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -70,7 +70,8 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len ) { - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); + size_t md_len = mbedtls_md_get_size( + mbedtls_md_get_handle( &ctx->md_ctx ) ); unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1; unsigned char sep[1]; unsigned char K[MBEDTLS_MD_MAX_SIZE]; @@ -124,7 +125,7 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) */ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, const unsigned char *data, size_t data_len ) { int ret; @@ -246,7 +247,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, * from the entropy source as suggested in 8.6.7. */ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, + mbedtls_md_handle_t md_info, int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy, const unsigned char *custom, @@ -329,7 +330,8 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, { int ret; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); + size_t md_len = mbedtls_md_get_size( + mbedtls_md_get_handle( &ctx->md_ctx ) ); size_t left = out_len; unsigned char *out = output; @@ -564,7 +566,7 @@ int mbedtls_hmac_drbg_self_test( int verbose ) { mbedtls_hmac_drbg_context ctx; unsigned char buf[OUTPUT_LEN]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); mbedtls_hmac_drbg_init( &ctx ); diff --git a/library/md.c b/library/md.c index 303cdcbee..882942e13 100644 --- a/library/md.c +++ b/library/md.c @@ -32,7 +32,6 @@ #if defined(MBEDTLS_MD_C) #include "mbedtls/md.h" -#include "mbedtls/md_internal.h" #include "mbedtls/platform_util.h" #if defined(MBEDTLS_PLATFORM_C) @@ -49,6 +48,177 @@ #include #endif +#if !defined(MBEDTLS_MD_SINGLE_HASH) +/* + * + * Definitions of MD information structures for various digests. + * + */ + +/* + * MD-2 + */ +#if defined(MBEDTLS_MD2_C) +static const mbedtls_md_info_t mbedtls_md2_info = { + MBEDTLS_MD_MD2, + "MD2", + 16, + 16, + mbedtls_md2_starts_wrap, + mbedtls_md2_update_wrap, + mbedtls_md2_finish_wrap, + mbedtls_md2_ret, + mbedtls_md2_ctx_alloc, + mbedtls_md2_ctx_free, + mbedtls_md2_clone_wrap, + mbedtls_md2_process_wrap, +}; +#endif /* MBEDTLS_MD2_C */ + +/* + * MD-4 + */ + +#if defined(MBEDTLS_MD4_C) +static const mbedtls_md_info_t mbedtls_md4_info = { + MBEDTLS_MD_MD4, + "MD4", + 16, + 64, + mbedtls_md4_starts_wrap, + mbedtls_md4_update_wrap, + mbedtls_md4_finish_wrap, + mbedtls_md4_ret, + mbedtls_md4_ctx_alloc, + mbedtls_md4_ctx_free, + mbedtls_md4_clone_wrap, + mbedtls_md4_process_wrap, +}; +#endif /* MBEDTLS_MD4_C */ + +/* + * MD-5 + */ + +#if defined(MBEDTLS_MD5_C) +static const mbedtls_md_info_t mbedtls_md5_info = { + MBEDTLS_MD_MD5, + "MD5", + 16, + 64, + mbedtls_md5_starts_wrap, + mbedtls_md5_update_wrap, + mbedtls_md5_finish_wrap, + mbedtls_md5_ret, + mbedtls_md5_ctx_alloc, + mbedtls_md5_ctx_free, + mbedtls_md5_clone_wrap, + mbedtls_md5_process_wrap, +}; +#endif /* MBEDTLS_MD5_C */ + +/* + * RIPEMD-160 + */ + +#if defined(MBEDTLS_RIPEMD160_C) +static const mbedtls_md_info_t mbedtls_ripemd160_info = { + MBEDTLS_MD_RIPEMD160, + "RIPEMD160", + 20, + 64, + mbedtls_ripemd160_starts_wrap, + mbedtls_ripemd160_update_wrap, + mbedtls_ripemd160_finish_wrap, + mbedtls_ripemd160_ret, + mbedtls_ripemd160_ctx_alloc, + mbedtls_ripemd160_ctx_free, + mbedtls_ripemd160_clone_wrap, + mbedtls_ripemd160_process_wrap, +}; +#endif /* MBEDTLS_RIPEMD160_C */ + +/* + * SHA-1 + */ + +#if defined(MBEDTLS_SHA1_C) +static const mbedtls_md_info_t mbedtls_sha1_info = { + MBEDTLS_MD_SHA1, + "SHA1", + 20, + 64, + mbedtls_sha1_starts_wrap, + mbedtls_sha1_update_wrap, + mbedtls_sha1_finish_wrap, + mbedtls_sha1_ret, + mbedtls_sha1_ctx_alloc, + mbedtls_sha1_ctx_free, + mbedtls_sha1_clone_wrap, + mbedtls_sha1_process_wrap, +}; +#endif /* MBEDTLS_SHA1_C */ + +/* + * SHA-224 and SHA-256 + */ + +#if defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_SHA256_NO_SHA224) +static const mbedtls_md_info_t mbedtls_sha224_info = { + MBEDTLS_MD_SHA224, + "SHA224", + 28, + 64, + mbedtls_sha224_starts_wrap, + mbedtls_sha224_update_wrap, + mbedtls_sha224_finish_wrap, + mbedtls_sha224_wrap, + mbedtls_sha224_ctx_alloc, + mbedtls_sha224_ctx_free, + mbedtls_sha224_clone_wrap, + mbedtls_sha224_process_wrap, +}; +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ +static const mbedtls_md_info_t mbedtls_sha256_info = + MBEDTLS_MD_INFO( MBEDTLS_MD_INFO_SHA256 ); +#endif /* MBEDTLS_SHA256_C */ + +/* + * SHA-384 and SHA-512 + */ + +#if defined(MBEDTLS_SHA512_C) +static const mbedtls_md_info_t mbedtls_sha384_info = { + MBEDTLS_MD_SHA384, + "SHA384", + 48, + 128, + mbedtls_sha384_starts_wrap, + mbedtls_sha384_update_wrap, + mbedtls_sha384_finish_wrap, + mbedtls_sha384_wrap, + mbedtls_sha384_ctx_alloc, + mbedtls_sha384_ctx_free, + mbedtls_sha384_clone_wrap, + mbedtls_sha384_process_wrap, +}; +static const mbedtls_md_info_t mbedtls_sha512_info = { + MBEDTLS_MD_SHA512, + "SHA512", + 64, + 128, + mbedtls_sha512_starts_wrap, + mbedtls_sha384_update_wrap, + mbedtls_sha384_finish_wrap, + mbedtls_sha512_wrap, + mbedtls_sha384_ctx_alloc, + mbedtls_sha384_ctx_free, + mbedtls_sha384_clone_wrap, + mbedtls_sha384_process_wrap, +}; +#endif /* MBEDTLS_SHA512_C */ + /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ @@ -61,8 +231,10 @@ static const int supported_digests[] = { #if defined(MBEDTLS_SHA256_C) MBEDTLS_MD_SHA256, +#if !defined(MBEDTLS_SHA256_NO_SHA224) MBEDTLS_MD_SHA224, #endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) MBEDTLS_MD_SHA1, @@ -92,7 +264,7 @@ const int *mbedtls_md_list( void ) return( supported_digests ); } -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) +mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name ) { if( NULL == md_name ) return( NULL ); @@ -119,11 +291,13 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); #endif #if defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_SHA256_NO_SHA224) if( !strcmp( "SHA224", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 ); +#endif if( !strcmp( "SHA256", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); -#endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) if( !strcmp( "SHA384", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 ); @@ -133,7 +307,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) return( NULL ); } -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) +mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) { switch( md_type ) { @@ -158,11 +332,13 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) return( &mbedtls_sha1_info ); #endif #if defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_SHA256_NO_SHA224) case MBEDTLS_MD_SHA224: return( &mbedtls_sha224_info ); +#endif case MBEDTLS_MD_SHA256: return( &mbedtls_sha256_info ); -#endif +#endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA384: return( &mbedtls_sha384_info ); @@ -174,25 +350,69 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) } } +#else /* MBEDTLS_MD_SINGLE_HASH */ + +const int *mbedtls_md_list( void ) +{ + static int single_hash[2] = + { MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ), + MBEDTLS_MD_INVALID_HANDLE }; + + return( single_hash ); +} + +mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name ) +{ + static const char * const hash_name = + MBEDTLS_MD_INFO_NAME( MBEDTLS_MD_SINGLE_HASH ); + + if( md_name != NULL && strcmp( hash_name, md_name ) == 0 ) + return( MBEDTLS_MD_UNIQUE_VALID_HANDLE ); + + return( MBEDTLS_MD_INVALID_HANDLE ); +} + +mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) +{ + static const mbedtls_md_type_t hash_type = + MBEDTLS_MD_INFO_TYPE( MBEDTLS_MD_SINGLE_HASH ); + + if( hash_type == md_type ) + return( MBEDTLS_MD_UNIQUE_VALID_HANDLE ); + + return( MBEDTLS_MD_INVALID_HANDLE ); +} + +#endif /* MBEDTLS_MD_SINGLE_HASH */ + void mbedtls_md_init( mbedtls_md_context_t *ctx ) { memset( ctx, 0, sizeof( mbedtls_md_context_t ) ); + +#if defined(MBEDTLS_MD_SINGLE_HASH) + mbedtls_md_info_init( mbedtls_md_get_handle( ctx ), + ctx->md_ctx ); +#endif } void mbedtls_md_free( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) + if( ctx == NULL || mbedtls_md_get_handle( ctx ) == MBEDTLS_MD_INVALID_HANDLE ) return; +#if !defined(MBEDTLS_MD_SINGLE_HASH) if( ctx->md_ctx != NULL ) - ctx->md_info->ctx_free_func( ctx->md_ctx ); + { + mbedtls_md_info_ctx_free( mbedtls_md_get_handle( ctx ), ctx->md_ctx ); + } if( ctx->hmac_ctx != NULL ) { mbedtls_platform_zeroize( ctx->hmac_ctx, - 2 * ctx->md_info->block_size ); + 2 * mbedtls_md_info_block_size( mbedtls_md_get_handle( ctx ) ) ); mbedtls_free( ctx->hmac_ctx ); } +#endif /* MBEDTLS_MD_SINGLE_HASH */ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } @@ -200,83 +420,57 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ) { - if( dst == NULL || dst->md_info == NULL || - src == NULL || src->md_info == NULL || - dst->md_info != src->md_info ) + if( dst == NULL || mbedtls_md_get_handle( dst ) == MBEDTLS_MD_INVALID_HANDLE || + src == NULL || mbedtls_md_get_handle( src ) == MBEDTLS_MD_INVALID_HANDLE || + mbedtls_md_get_handle( dst ) != mbedtls_md_get_handle( src ) ) { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - dst->md_info->clone_func( dst->md_ctx, src->md_ctx ); - + mbedtls_md_info_clone( mbedtls_md_get_handle( dst ), + dst->md_ctx, src->md_ctx ); return( 0 ); } #if ! defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) +int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info ) { return mbedtls_md_setup( ctx, md_info, 1 ); } #endif -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ) +#if !defined(MBEDTLS_MD_SINGLE_HASH) +int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac ) { - if( md_info == NULL || ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); - - if( hmac != 0 ) - { - ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size ); - if( ctx->hmac_ctx == NULL ) - { - md_info->ctx_free_func( ctx->md_ctx ); - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); - } - } - - ctx->md_info = md_info; - - return( 0 ); + return( mbedtls_md_setup_internal( ctx, md_info, hmac ) ); } int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( ctx->md_info->starts_func( ctx->md_ctx ) ); + return( mbedtls_md_starts_internal( ctx ) ); } -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md_update( mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); + return( mbedtls_md_update_internal( ctx, input, ilen ) ); } int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); + return( mbedtls_md_finish_internal( ctx, output ) ); } -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, +int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen, unsigned char *output ) { - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( md_info->digest_func( input, ilen, output ) ); + return( mbedtls_md_internal( md_info, input, ilen, output ) ); } +#endif /* !MBEDTLS_MD_SINGLE_HASH */ #if defined(MBEDTLS_FS_IO) -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ) +int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned char *output ) { int ret; FILE *f; @@ -284,7 +478,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne mbedtls_md_context_t ctx; unsigned char buf[1024]; - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); if( ( f = fopen( path, "rb" ) ) == NULL ) @@ -295,17 +489,27 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) goto cleanup; - if( ( ret = md_info->starts_func( ctx.md_ctx ) ) != 0 ) + ret = mbedtls_md_info_starts( md_info, ctx.md_ctx ); + if( ret != 0 ) goto cleanup; while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - if( ( ret = md_info->update_func( ctx.md_ctx, buf, n ) ) != 0 ) + { + ret = mbedtls_md_info_update( md_info, ctx.md_ctx, + buf, n ); + if( ret != 0 ) goto cleanup; + } if( ferror( f ) != 0 ) + { ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; + } else - ret = md_info->finish_func( ctx.md_ctx, output ); + { + ret = mbedtls_md_info_finish( md_info, ctx.md_ctx, + output ); + } cleanup: mbedtls_platform_zeroize( buf, sizeof( buf ) ); @@ -323,27 +527,44 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, unsigned char *ipad, *opad; size_t i; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + mbedtls_md_handle_t md_info; + + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - if( keylen > (size_t) ctx->md_info->block_size ) +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + if( keylen > (size_t) mbedtls_md_info_block_size( md_info ) ) { - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) - goto cleanup; - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 ) - goto cleanup; - if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 ) + if( ( ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ) ) != 0 ) goto cleanup; - keylen = ctx->md_info->size; + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, + key, keylen ) ) != 0 ) + { + goto cleanup; + } + + if( ( ret = mbedtls_md_info_finish( md_info, ctx->md_ctx, sum ) ) != 0 ) + goto cleanup; + + keylen = mbedtls_md_info_size( md_info ); key = sum; } ipad = (unsigned char *) ctx->hmac_ctx; - opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; + opad = (unsigned char *) ctx->hmac_ctx + + mbedtls_md_info_block_size( md_info ); - memset( ipad, 0x36, ctx->md_info->block_size ); - memset( opad, 0x5C, ctx->md_info->block_size ); + memset( ipad, 0x36, mbedtls_md_info_block_size( md_info ) ); + memset( opad, 0x5C, mbedtls_md_info_block_size( md_info ) ); for( i = 0; i < keylen; i++ ) { @@ -351,11 +572,14 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, opad[i] = (unsigned char)( opad[i] ^ key[i] ); } - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + if( ( ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ) ) != 0 ) goto cleanup; - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ) ) != 0 ) + + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, ipad, + mbedtls_md_info_block_size( md_info ) ) ) != 0 ) + { goto cleanup; + } cleanup: mbedtls_platform_zeroize( sum, sizeof( sum ) ); @@ -363,12 +587,26 @@ cleanup: return( ret ); } -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, + const unsigned char *input, size_t ilen ) { - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + mbedtls_md_handle_t md_info; + + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + return( mbedtls_md_info_update( md_info, + ctx->md_ctx, input, + ilen ) ); } int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) @@ -377,22 +615,45 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + mbedtls_md_handle_t md_info; + + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ - if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 ) + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + + opad = (unsigned char *) ctx->hmac_ctx + + mbedtls_md_info_block_size( md_info ); + + if( ( ret = mbedtls_md_info_finish( md_info, ctx->md_ctx, tmp ) ) != 0 ) return( ret ); - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + + if( ( ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ) ) != 0 ) return( ret ); - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad, - ctx->md_info->block_size ) ) != 0 ) + + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, opad, + mbedtls_md_info_block_size( md_info ) ) ) != 0 ) + { return( ret ); - if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp, - ctx->md_info->size ) ) != 0 ) + } + + if( ( ret = mbedtls_md_info_update( md_info, ctx->md_ctx, tmp, + mbedtls_md_info_size( md_info ) ) ) != 0 ) + { return( ret ); - return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); + } + + if( ( ret = mbedtls_md_info_finish( md_info, ctx->md_ctx, output ) ) != 0 ) + return( ret ); + + return( 0 ); } int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) @@ -400,18 +661,33 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) int ret; unsigned char *ipad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + mbedtls_md_handle_t md_info; + + if( ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + + md_info = mbedtls_md_get_handle( ctx ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); ipad = (unsigned char *) ctx->hmac_ctx; - if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + ret = mbedtls_md_info_starts( md_info, ctx->md_ctx ); + if( ret != 0 ) return( ret ); - return( ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ) ); + + ret = mbedtls_md_info_update( md_info, + ctx->md_ctx, ipad, + mbedtls_md_info_block_size( md_info ) ); + return( ret ); } -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, +int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output ) @@ -419,7 +695,7 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, mbedtls_md_context_t ctx; int ret; - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); mbedtls_md_init( &ctx ); @@ -440,36 +716,35 @@ cleanup: return( ret ); } +#if !defined(MBEDTLS_MD_SINGLE_HASH) int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) { - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( ctx->md_info->process_func( ctx->md_ctx, data ) ); + return( mbedtls_md_process_internal( ctx, data ) ); } +#endif /* !MBEDTLS_MD_SINGLE_HASH */ -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) +unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info ) { - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( 0 ); - return md_info->size; + return mbedtls_md_info_size( md_info ); } -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ) +mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info ) { - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_MD_NONE ); - return md_info->type; + return mbedtls_md_info_type( md_info ); } -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ) +const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info ) { - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( NULL ); - return md_info->name; + return mbedtls_md_info_name( md_info ); } #endif /* MBEDTLS_MD_C */ diff --git a/library/md_wrap.c b/library/md_wrap.c deleted file mode 100644 index 32f087197..000000000 --- a/library/md_wrap.c +++ /dev/null @@ -1,586 +0,0 @@ -/** - * \file md_wrap.c - * - * \brief Generic message digest wrapper for mbed TLS - * - * \author Adriaan de Jong - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_MD_C) - -#include "mbedtls/md_internal.h" - -#if defined(MBEDTLS_MD2_C) -#include "mbedtls/md2.h" -#endif - -#if defined(MBEDTLS_MD4_C) -#include "mbedtls/md4.h" -#endif - -#if defined(MBEDTLS_MD5_C) -#include "mbedtls/md5.h" -#endif - -#if defined(MBEDTLS_RIPEMD160_C) -#include "mbedtls/ripemd160.h" -#endif - -#if defined(MBEDTLS_SHA1_C) -#include "mbedtls/sha1.h" -#endif - -#if defined(MBEDTLS_SHA256_C) -#include "mbedtls/sha256.h" -#endif - -#if defined(MBEDTLS_SHA512_C) -#include "mbedtls/sha512.h" -#endif - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif - -#if defined(MBEDTLS_MD2_C) - -static int md2_starts_wrap( void *ctx ) -{ - return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); -} - -static int md2_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); -} - -static int md2_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); -} - -static void *md2_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md2_context ) ); - - if( ctx != NULL ) - mbedtls_md2_init( (mbedtls_md2_context *) ctx ); - - return( ctx ); -} - -static void md2_ctx_free( void *ctx ) -{ - mbedtls_md2_free( (mbedtls_md2_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md2_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md2_clone( (mbedtls_md2_context *) dst, - (const mbedtls_md2_context *) src ); -} - -static int md2_process_wrap( void *ctx, const unsigned char *data ) -{ - ((void) data); - - return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); -} - -const mbedtls_md_info_t mbedtls_md2_info = { - MBEDTLS_MD_MD2, - "MD2", - 16, - 16, - md2_starts_wrap, - md2_update_wrap, - md2_finish_wrap, - mbedtls_md2_ret, - md2_ctx_alloc, - md2_ctx_free, - md2_clone_wrap, - md2_process_wrap, -}; - -#endif /* MBEDTLS_MD2_C */ - -#if defined(MBEDTLS_MD4_C) - -static int md4_starts_wrap( void *ctx ) -{ - return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); -} - -static int md4_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); -} - -static int md4_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); -} - -static void *md4_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md4_context ) ); - - if( ctx != NULL ) - mbedtls_md4_init( (mbedtls_md4_context *) ctx ); - - return( ctx ); -} - -static void md4_ctx_free( void *ctx ) -{ - mbedtls_md4_free( (mbedtls_md4_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md4_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md4_clone( (mbedtls_md4_context *) dst, - (const mbedtls_md4_context *) src ); -} - -static int md4_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); -} - -const mbedtls_md_info_t mbedtls_md4_info = { - MBEDTLS_MD_MD4, - "MD4", - 16, - 64, - md4_starts_wrap, - md4_update_wrap, - md4_finish_wrap, - mbedtls_md4_ret, - md4_ctx_alloc, - md4_ctx_free, - md4_clone_wrap, - md4_process_wrap, -}; - -#endif /* MBEDTLS_MD4_C */ - -#if defined(MBEDTLS_MD5_C) - -static int md5_starts_wrap( void *ctx ) -{ - return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); -} - -static int md5_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); -} - -static int md5_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); -} - -static void *md5_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_md5_context ) ); - - if( ctx != NULL ) - mbedtls_md5_init( (mbedtls_md5_context *) ctx ); - - return( ctx ); -} - -static void md5_ctx_free( void *ctx ) -{ - mbedtls_md5_free( (mbedtls_md5_context *) ctx ); - mbedtls_free( ctx ); -} - -static void md5_clone_wrap( void *dst, const void *src ) -{ - mbedtls_md5_clone( (mbedtls_md5_context *) dst, - (const mbedtls_md5_context *) src ); -} - -static int md5_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); -} - -const mbedtls_md_info_t mbedtls_md5_info = { - MBEDTLS_MD_MD5, - "MD5", - 16, - 64, - md5_starts_wrap, - md5_update_wrap, - md5_finish_wrap, - mbedtls_md5_ret, - md5_ctx_alloc, - md5_ctx_free, - md5_clone_wrap, - md5_process_wrap, -}; - -#endif /* MBEDTLS_MD5_C */ - -#if defined(MBEDTLS_RIPEMD160_C) - -static int ripemd160_starts_wrap( void *ctx ) -{ - return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); -} - -static int ripemd160_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, - input, ilen ) ); -} - -static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, - output ) ); -} - -static void *ripemd160_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ripemd160_context ) ); - - if( ctx != NULL ) - mbedtls_ripemd160_init( (mbedtls_ripemd160_context *) ctx ); - - return( ctx ); -} - -static void ripemd160_ctx_free( void *ctx ) -{ - mbedtls_ripemd160_free( (mbedtls_ripemd160_context *) ctx ); - mbedtls_free( ctx ); -} - -static void ripemd160_clone_wrap( void *dst, const void *src ) -{ - mbedtls_ripemd160_clone( (mbedtls_ripemd160_context *) dst, - (const mbedtls_ripemd160_context *) src ); -} - -static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_ripemd160_process( - (mbedtls_ripemd160_context *) ctx, data ) ); -} - -const mbedtls_md_info_t mbedtls_ripemd160_info = { - MBEDTLS_MD_RIPEMD160, - "RIPEMD160", - 20, - 64, - ripemd160_starts_wrap, - ripemd160_update_wrap, - ripemd160_finish_wrap, - mbedtls_ripemd160_ret, - ripemd160_ctx_alloc, - ripemd160_ctx_free, - ripemd160_clone_wrap, - ripemd160_process_wrap, -}; - -#endif /* MBEDTLS_RIPEMD160_C */ - -#if defined(MBEDTLS_SHA1_C) - -static int sha1_starts_wrap( void *ctx ) -{ - return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); -} - -static int sha1_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, - input, ilen ) ); -} - -static int sha1_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); -} - -static void *sha1_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha1_context ) ); - - if( ctx != NULL ) - mbedtls_sha1_init( (mbedtls_sha1_context *) ctx ); - - return( ctx ); -} - -static void sha1_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha1_clone( (mbedtls_sha1_context *) dst, - (const mbedtls_sha1_context *) src ); -} - -static void sha1_ctx_free( void *ctx ) -{ - mbedtls_sha1_free( (mbedtls_sha1_context *) ctx ); - mbedtls_free( ctx ); -} - -static int sha1_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, - data ) ); -} - -const mbedtls_md_info_t mbedtls_sha1_info = { - MBEDTLS_MD_SHA1, - "SHA1", - 20, - 64, - sha1_starts_wrap, - sha1_update_wrap, - sha1_finish_wrap, - mbedtls_sha1_ret, - sha1_ctx_alloc, - sha1_ctx_free, - sha1_clone_wrap, - sha1_process_wrap, -}; - -#endif /* MBEDTLS_SHA1_C */ - -/* - * Wrappers for generic message digests - */ -#if defined(MBEDTLS_SHA256_C) - -static int sha224_starts_wrap( void *ctx ) -{ - return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); -} - -static int sha224_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, - input, ilen ) ); -} - -static int sha224_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, - output ) ); -} - -static int sha224_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); -} - -static void *sha224_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha256_context ) ); - - if( ctx != NULL ) - mbedtls_sha256_init( (mbedtls_sha256_context *) ctx ); - - return( ctx ); -} - -static void sha224_ctx_free( void *ctx ) -{ - mbedtls_sha256_free( (mbedtls_sha256_context *) ctx ); - mbedtls_free( ctx ); -} - -static void sha224_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha256_clone( (mbedtls_sha256_context *) dst, - (const mbedtls_sha256_context *) src ); -} - -static int sha224_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, - data ) ); -} - -const mbedtls_md_info_t mbedtls_sha224_info = { - MBEDTLS_MD_SHA224, - "SHA224", - 28, - 64, - sha224_starts_wrap, - sha224_update_wrap, - sha224_finish_wrap, - sha224_wrap, - sha224_ctx_alloc, - sha224_ctx_free, - sha224_clone_wrap, - sha224_process_wrap, -}; - -static int sha256_starts_wrap( void *ctx ) -{ - return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); -} - -static int sha256_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); -} - -const mbedtls_md_info_t mbedtls_sha256_info = { - MBEDTLS_MD_SHA256, - "SHA256", - 32, - 64, - sha256_starts_wrap, - sha224_update_wrap, - sha224_finish_wrap, - sha256_wrap, - sha224_ctx_alloc, - sha224_ctx_free, - sha224_clone_wrap, - sha224_process_wrap, -}; - -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA512_C) - -static int sha384_starts_wrap( void *ctx ) -{ - return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); -} - -static int sha384_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) -{ - return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, - input, ilen ) ); -} - -static int sha384_finish_wrap( void *ctx, unsigned char *output ) -{ - return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, - output ) ); -} - -static int sha384_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); -} - -static void *sha384_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_sha512_context ) ); - - if( ctx != NULL ) - mbedtls_sha512_init( (mbedtls_sha512_context *) ctx ); - - return( ctx ); -} - -static void sha384_ctx_free( void *ctx ) -{ - mbedtls_sha512_free( (mbedtls_sha512_context *) ctx ); - mbedtls_free( ctx ); -} - -static void sha384_clone_wrap( void *dst, const void *src ) -{ - mbedtls_sha512_clone( (mbedtls_sha512_context *) dst, - (const mbedtls_sha512_context *) src ); -} - -static int sha384_process_wrap( void *ctx, const unsigned char *data ) -{ - return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, - data ) ); -} - -const mbedtls_md_info_t mbedtls_sha384_info = { - MBEDTLS_MD_SHA384, - "SHA384", - 48, - 128, - sha384_starts_wrap, - sha384_update_wrap, - sha384_finish_wrap, - sha384_wrap, - sha384_ctx_alloc, - sha384_ctx_free, - sha384_clone_wrap, - sha384_process_wrap, -}; - -static int sha512_starts_wrap( void *ctx ) -{ - return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); -} - -static int sha512_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); -} - -const mbedtls_md_info_t mbedtls_sha512_info = { - MBEDTLS_MD_SHA512, - "SHA512", - 64, - 128, - sha512_starts_wrap, - sha384_update_wrap, - sha384_finish_wrap, - sha512_wrap, - sha384_ctx_alloc, - sha384_ctx_free, - sha384_clone_wrap, - sha384_process_wrap, -}; - -#endif /* MBEDTLS_SHA512_C */ - -#endif /* MBEDTLS_MD_C */ diff --git a/library/pk.c b/library/pk.c index 161a135f1..93c57642d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -205,13 +205,16 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) */ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; if( *hash_len != 0 ) return( 0 ); - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( -1 ); + } *hash_len = mbedtls_md_get_size( md_info ); return( 0 ); diff --git a/library/pkcs11.c b/library/pkcs11.c index 0ea64252e..9ef53533f 100644 --- a/library/pkcs11.c +++ b/library/pkcs11.c @@ -183,8 +183,8 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, if( md_alg != MBEDTLS_MD_NONE ) { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) diff --git a/library/pkcs12.c b/library/pkcs12.c index 7edf064c1..e16d0a934 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -261,7 +261,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, size_t hlen, use_len, v, i; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; // This version only allows max of 64 bytes of password or salt @@ -269,7 +269,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); mbedtls_md_init( &md_ctx ); diff --git a/library/pkcs5.c b/library/pkcs5.c index 50133435c..a517778a4 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -122,7 +122,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1; unsigned char key[32], iv[32]; size_t olen = 0; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; const mbedtls_cipher_info_t *cipher_info; mbedtls_md_context_t md_ctx; mbedtls_cipher_type_t cipher_alg; @@ -157,7 +157,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, } md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid, @@ -226,7 +226,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p unsigned int i; unsigned char md1[MBEDTLS_MD_MAX_SIZE]; unsigned char work[MBEDTLS_MD_MAX_SIZE]; - unsigned char md_size = mbedtls_md_get_size( ctx->md_info ); + unsigned char md_size = mbedtls_md_get_size( mbedtls_md_get_handle( ctx ) ); size_t use_len; unsigned char *out_p = output; unsigned char counter[4]; @@ -356,14 +356,14 @@ static const unsigned char result_key[MAX_TESTS][32] = int mbedtls_pkcs5_self_test( int verbose ) { mbedtls_md_context_t sha1_ctx; - const mbedtls_md_info_t *info_sha1; + mbedtls_md_handle_t info_sha1; int ret, i; unsigned char key[64]; mbedtls_md_init( &sha1_ctx ); info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); - if( info_sha1 == NULL ) + if( info_sha1 == MBEDTLS_MD_INVALID_HANDLE ) { ret = 1; goto exit; diff --git a/library/platform_util.c b/library/platform_util.c index b1f745097..6f6d8b67e 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -137,3 +137,54 @@ struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ + +unsigned char* mbedtls_platform_put_uint32_be( unsigned char *buf, + size_t num ) +{ + *buf++ = (unsigned char) ( num >> 24 ); + *buf++ = (unsigned char) ( num >> 16 ); + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +unsigned char* mbedtls_platform_put_uint24_be( unsigned char *buf, + size_t num ) +{ + *buf++ = (unsigned char) ( num >> 16 ); + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +unsigned char* mbedtls_platform_put_uint16_be( unsigned char *buf, + size_t num ) +{ + *buf++ = (unsigned char) ( num >> 8 ); + *buf++ = (unsigned char) ( num ); + + return buf; +} + +size_t mbedtls_platform_get_uint32_be( const unsigned char *buf ) +{ + return ( ( (unsigned int) buf[0] << 24 ) | + ( (unsigned int) buf[1] << 16 ) | + ( (unsigned int) buf[2] << 8 ) | + ( (unsigned int) buf[3] ) ); +} + +size_t mbedtls_platform_get_uint24_be( const unsigned char *buf ) +{ + return ( ( buf[0] << 16 ) | + ( buf[1] << 8) | + ( buf[2] ) ); +} + +size_t mbedtls_platform_get_uint16_be( const unsigned char *buf ) +{ + return ( ( buf[0] << 8 ) | + ( buf[1] ) ); +} diff --git a/library/rsa.c b/library/rsa.c index af1a87859..3bfc73ec5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1076,7 +1076,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); memset( counter, 0, 4 ); - hlen = mbedtls_md_get_size( md_ctx->md_info ); + hlen = mbedtls_md_get_size( mbedtls_md_get_handle( md_ctx ) ); /* Generate and apply dbMask */ p = dst; @@ -1128,7 +1128,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int ret; unsigned char *p = output; unsigned int hlen; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); @@ -1145,7 +1145,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); olen = ctx->len; @@ -1326,7 +1326,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char lhash[MBEDTLS_MD_MAX_SIZE]; unsigned int hlen; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); @@ -1349,7 +1349,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); @@ -1767,7 +1767,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, size_t slen, min_slen, hlen, offset = 0; int ret; size_t msb; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || @@ -1789,14 +1789,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, { /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hashlen = mbedtls_md_get_size( md_info ); } md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); @@ -1910,8 +1910,8 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Are we signing hashed or raw data? */ if( md_alg != MBEDTLS_MD_NONE ) { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) @@ -2150,7 +2150,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, unsigned char zeros[8]; unsigned int hlen; size_t observed_salt_len, msb; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; @@ -2186,14 +2186,14 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, { /* Gather length of hash to sign */ md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hashlen = mbedtls_md_get_size( md_info ); } md_info = mbedtls_md_info_from_type( mgf1_hash_id ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); hlen = mbedtls_md_get_size( md_info ); diff --git a/library/sha256.c b/library/sha256.c index 91d461c95..98965f7a7 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -49,40 +49,12 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define SHA256_VALIDATE_RET(cond) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA ) #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) #if !defined(MBEDTLS_SHA256_ALT) -/* - * 32-bit integer manipulation (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -do { \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} while( 0 ) -#endif - -static inline void sha256_put_uint32_be( uint32_t n, - unsigned char *b, - uint8_t i ) -{ - b[i ] = (unsigned char) ( n >> 24 ); - b[i + 1] = (unsigned char) ( n >> 16 ); - b[i + 2] = (unsigned char) ( n >> 8 ); - b[i + 3] = (unsigned char) ( n ); -} - void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) { SHA256_VALIDATE( ctx != NULL ); @@ -113,24 +85,20 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { SHA256_VALIDATE_RET( ctx != NULL ); +#if defined(MBEDTLS_SHA256_NO_SHA224) + SHA256_VALIDATE_RET( is224 == 0 ); + (void) is224; +#else SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); +#endif ctx->total[0] = 0; ctx->total[1] = 0; - if( is224 == 0 ) - { - /* SHA-256 */ - ctx->state[0] = 0x6A09E667; - ctx->state[1] = 0xBB67AE85; - ctx->state[2] = 0x3C6EF372; - ctx->state[3] = 0xA54FF53A; - ctx->state[4] = 0x510E527F; - ctx->state[5] = 0x9B05688C; - ctx->state[6] = 0x1F83D9AB; - ctx->state[7] = 0x5BE0CD19; - } - else +#if !defined(MBEDTLS_SHA256_NO_SHA224) + ctx->is224 = is224; + + if( is224 == 1 ) { /* SHA-224 */ ctx->state[0] = 0xC1059ED8; @@ -142,8 +110,19 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) ctx->state[6] = 0x64F98FA7; ctx->state[7] = 0xBEFA4FA4; } - - ctx->is224 = is224; + else +#endif + { + /* SHA-256 */ + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; + } return( 0 ); } @@ -220,7 +199,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, for( i = 0; i < 64; i++ ) { if( i < 16 ) - GET_UINT32_BE( W[i], data, 4 * i ); + W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); else R( i ); @@ -231,7 +210,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, } #else /* MBEDTLS_SHA256_SMALLER */ for( i = 0; i < 16; i++ ) - GET_UINT32_BE( W[i], data, 4 * i ); + W[i] = (uint32_t)mbedtls_platform_get_uint32_be( &data[4 * i] ); for( i = 0; i < 16; i += 8 ) { @@ -341,7 +320,7 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - int ret; + int ret, s_pos, o_pos; uint32_t used; uint32_t high, low; @@ -378,8 +357,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - sha256_put_uint32_be( high, ctx->buffer, 56 ); - sha256_put_uint32_be( low, ctx->buffer, 60 ); + (void)mbedtls_platform_put_uint32_be( ctx->buffer + 56, high ); + (void)mbedtls_platform_put_uint32_be( ctx->buffer + 60, low ); if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); @@ -387,16 +366,17 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, /* * Output final state */ - sha256_put_uint32_be( ctx->state[0], output, 0 ); - sha256_put_uint32_be( ctx->state[1], output, 4 ); - sha256_put_uint32_be( ctx->state[2], output, 8 ); - sha256_put_uint32_be( ctx->state[3], output, 12 ); - sha256_put_uint32_be( ctx->state[4], output, 16 ); - sha256_put_uint32_be( ctx->state[5], output, 20 ); - sha256_put_uint32_be( ctx->state[6], output, 24 ); + for( s_pos = 0, o_pos = 0; s_pos < 7; s_pos++, o_pos += 4 ) + { + (void)mbedtls_platform_put_uint32_be( &output[o_pos], + ctx->state[s_pos] ); + } + +#if !defined(MBEDTLS_SHA256_NO_SHA224) if( ctx->is224 == 0 ) - sha256_put_uint32_be( ctx->state[7], output, 28 ); +#endif + (void)mbedtls_platform_put_uint32_be( &output[28], ctx->state[7] ); return( 0 ); } @@ -469,8 +449,9 @@ static const size_t sha256_test_buflen[3] = 3, 56, 1000 }; -static const unsigned char sha256_test_sum[6][32] = +static const unsigned char sha256_test_sum[][32] = { +#if !defined(MBEDTLS_SHA256_NO_SHA224) /* * SHA-224 test vectors */ @@ -486,6 +467,7 @@ static const unsigned char sha256_test_sum[6][32] = 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, 0x4E, 0xE7, 0xAD, 0x67 }, +#endif /* !MBEDTLS_SHA256_NO_SHA224 */ /* * SHA-256 test vectors @@ -504,6 +486,9 @@ static const unsigned char sha256_test_sum[6][32] = 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 } }; +#define SHA256_TEST_SUM_N \ + ( sizeof( sha256_test_sum ) / sizeof( sha256_test_sum[0] ) ) + /* * Checkup routine */ @@ -525,10 +510,14 @@ int mbedtls_sha256_self_test( int verbose ) mbedtls_sha256_init( &ctx ); - for( i = 0; i < 6; i++ ) + for( i = 0; i < (int) SHA256_TEST_SUM_N; i++ ) { j = i % 3; +#if !defined(MBEDTLS_SHA256_NO_SHA224) k = i < 3; +#else + k = 0; +#endif if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5c2d87073..0a1322ab0 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -102,18 +102,14 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * } ServerNameList; * */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); - - *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SERVERNAME ); + p = mbedtls_platform_put_uint16_be( p, hostname_len + 5 ); + p = mbedtls_platform_put_uint16_be( p, hostname_len + 3 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len ) & 0xFF ); + + p = mbedtls_platform_put_uint16_be( p, hostname_len ); memcpy( p, ssl->hostname, hostname_len ); @@ -148,8 +144,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ); *p++ = 0x00; *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; @@ -237,15 +232,10 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, * SignatureAndHashAlgorithm * supported_signature_algorithms<2..2^16-2>; */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF ); - - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF ); - - *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SIG_ALG ); + p = mbedtls_platform_put_uint16_be( p, ( sig_alg_len + 2 ) ); + p = mbedtls_platform_put_uint16_be( p, sig_alg_len ); *olen = 6 + sig_alg_len; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && @@ -290,18 +280,13 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); - - *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ); + p = mbedtls_platform_put_uint16_be( p, elliptic_curve_len + 2 ); + p = mbedtls_platform_put_uint16_be( p, elliptic_curve_len ); MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( tls_id ) - *p++ = tls_id >> 8; - *p++ = tls_id & 0xFF; + p = mbedtls_platform_put_uint16_be( p, tls_id ); + MBEDTLS_SSL_END_FOR_EACH_SUPPORTED_EC_TLS_ID *olen = 6 + elliptic_curve_len; @@ -324,8 +309,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ); *p++ = 0x00; *p++ = 2; @@ -362,8 +346,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ECJPAKE_KKPP ); /* * We may need to send ClientHello multiple times for Hello verification. @@ -410,8 +393,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, kkpp_len ); *olen = kkpp_len + 4; } @@ -452,11 +434,10 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, } /* Add extension ID + size */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID ); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + + p = mbedtls_platform_put_uint16_be( p, ext_len ); *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -487,8 +468,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ); *p++ = 0x00; *p++ = 1; @@ -521,8 +501,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC ); *p++ = 0x00; *p++ = 0x00; @@ -556,8 +535,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ); *p++ = 0x00; *p++ = 0x00; @@ -592,8 +570,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ); *p++ = 0x00; *p++ = 0x00; @@ -625,11 +602,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); - - *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( tlen ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET ); + p = mbedtls_platform_put_uint16_be( p, tlen ); *olen = 4; @@ -673,8 +647,7 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ALPN ); /* * opaque ProtocolName<1..2^8-1>; @@ -697,12 +670,9 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, *olen = p - buf; /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); - + (void)mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + (void)mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -730,11 +700,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); - + p = mbedtls_platform_put_uint32_be( p, (uint32_t) t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) ); #else if( ( ret = mbedtls_ssl_conf_get_frng( ssl->conf ) @@ -773,8 +739,10 @@ static int ssl_validate_ciphersuite( mbedtls_ssl_ciphersuite_handle_t suite_info if( suite_info == MBEDTLS_SSL_CIPHERSUITE_INVALID_HANDLE ) return( 1 ); - if( mbedtls_ssl_suite_get_min_minor_ver( suite_info ) > max_minor_ver || - mbedtls_ssl_suite_get_max_minor_ver( suite_info ) < min_minor_ver ) + if( mbedtls_ssl_ver_gt( mbedtls_ssl_suite_get_min_minor_ver( suite_info ), + max_minor_ver ) || + mbedtls_ssl_ver_lt( mbedtls_ssl_suite_get_max_minor_ver( suite_info ), + min_minor_ver ) ) { return( 1 ); } @@ -1002,8 +970,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( mbedtls_ssl_get_renego_status( ssl ) == MBEDTLS_SSL_INITIAL_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; } @@ -1012,8 +979,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); n++; } #endif @@ -1141,8 +1107,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 ) { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ext_len ); p += ext_len; } @@ -1497,7 +1462,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - list_len = ( buf[0] << 8 ) | buf[1]; + list_len = mbedtls_platform_get_uint16_be( buf ); if( list_len != len - 2 ) { mbedtls_ssl_pend_fatal_alert( ssl, @@ -1557,10 +1522,12 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1) * even is lower than our min version. */ - if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || - minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 || - major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) || - minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( major_ver, MBEDTLS_SSL_MAJOR_VERSION_3 ) || + mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_2 ) || + mbedtls_ssl_ver_gt( major_ver, + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_gt( minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) ); @@ -1715,10 +1682,14 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->conf->transport, buf + 0 ); - if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) || - minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) || - major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) || - minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( major_ver, + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_lt( minor_ver, + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) || + mbedtls_ssl_ver_gt( major_ver, + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_gt( minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - " " min: [%d:%d], server: [%d:%d], max: [%d:%d]", @@ -1744,10 +1715,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - ( (uint32_t) buf[2] << 24 ) | - ( (uint32_t) buf[3] << 16 ) | - ( (uint32_t) buf[4] << 8 ) | - ( (uint32_t) buf[5] ) ) ); + (unsigned long)mbedtls_platform_get_uint32_be( &buf[2] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); @@ -1765,8 +1733,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) { - ext_len = ( ( buf[38 + n] << 8 ) - | ( buf[39 + n] ) ); + ext_len = mbedtls_platform_get_uint16_be( &buf[38 + n] ); if( ( ext_len > 0 && ext_len < 4 ) || ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) @@ -1790,7 +1757,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } /* ciphersuite (used later) */ - i = ( buf[35 + n] << 8 ) | buf[36 + n]; + i = (int)mbedtls_platform_get_uint16_be( &buf[ 35 + n ] ); /* * Read and check compression @@ -1954,10 +1921,10 @@ server_picked_valid_suite: while( ext_len ) { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); + unsigned int ext_id = (unsigned int) + mbedtls_platform_get_uint16_be( ext ); + unsigned int ext_size = (unsigned int) + mbedtls_platform_get_uint16_be( &ext[2] ); if( ext_size + 4 > ext_len ) { @@ -2327,7 +2294,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, "(psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - len = (*p)[0] << 8 | (*p)[1]; + len = mbedtls_platform_get_uint16_be( *p ); *p += 2; if( end - (*p) < (int) len ) @@ -2462,8 +2429,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl, defined(MBEDTLS_SSL_PROTO_TLS1_2) if( len_bytes == 2 ) { - out[0] = (unsigned char)( *olen >> 8 ); - out[1] = (unsigned char)( *olen ); + (void)mbedtls_platform_put_uint16_be( out, *olen ); *olen += 2; } #endif @@ -2951,7 +2917,8 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_3 ) ) { pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); @@ -2977,7 +2944,8 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - sig_len = ( p[0] << 8 ) | p[1]; + + sig_len = mbedtls_platform_get_uint16_be( p ); p += 2; if( p != end - sig_len ) @@ -3288,8 +3256,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( mbedtls_ssl_get_minor_ver( ssl ) == MBEDTLS_SSL_MINOR_VERSION_3 ) { - size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + size_t sig_alg_len = mbedtls_platform_get_uint16_be( &buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] ); #if defined(MBEDTLS_DEBUG_C) unsigned char* sig_alg; size_t i; @@ -3329,8 +3296,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* certificate_authorities */ - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + dn_len = mbedtls_platform_get_uint16_be( &buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] ); n += dn_len; if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) @@ -3573,9 +3539,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < n + 2 ) return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), @@ -3690,9 +3654,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); memcpy( p, ssl->conf->psk_identity, n ); p += ssl->conf->psk_identity_len; @@ -3736,9 +3698,7 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - p[0] = (unsigned char)( n >> 8 ); - p[1] = (unsigned char)( n ); - p += 2; + p = mbedtls_platform_put_uint16_be( p, n ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), @@ -4036,8 +3996,7 @@ sign: return( ret ); } - ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); - ssl->out_msg[5 + offset] = (unsigned char)( n ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + offset], n ); ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -4103,10 +4062,9 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); - lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | - ( msg[2] << 8 ) | ( msg[3] ); + lifetime = (uint32_t)mbedtls_platform_get_uint32_be( msg ); - ticket_len = ( msg[4] << 8 ) | ( msg[5] ); + ticket_len = mbedtls_platform_get_uint16_be( &msg[4] ); if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) { diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 56e9bdd2b..67f9114bb 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -50,7 +50,7 @@ * with max 32 bytes of cookie for DTLS 1.0 */ #if defined(MBEDTLS_SHA256_C) -#define COOKIE_MD MBEDTLS_MD_SHA224 +#define COOKIE_MD MBEDTLS_MD_SHA256 #define COOKIE_MD_OUTLEN 32 #define COOKIE_HMAC_LEN 28 #elif defined(MBEDTLS_SHA512_C) @@ -172,12 +172,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, #else t = ctx->serial++; #endif - - (*p)[0] = (unsigned char)( t >> 24 ); - (*p)[1] = (unsigned char)( t >> 16 ); - (*p)[2] = (unsigned char)( t >> 8 ); - (*p)[3] = (unsigned char)( t ); - *p += 4; + *p = mbedtls_platform_put_uint32_be( *p, t ); #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) @@ -243,10 +238,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx, cur_time = ctx->serial; #endif - cookie_time = ( (unsigned long) cookie[0] << 24 ) | - ( (unsigned long) cookie[1] << 16 ) | - ( (unsigned long) cookie[2] << 8 ) | - ( (unsigned long) cookie[3] ); + cookie_time = (unsigned long)mbedtls_platform_get_uint32_be( cookie ); if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout ) return( -1 ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index fd1ece0d8..69af31727 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -98,7 +98,8 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + servername_list_size = mbedtls_platform_get_uint16_be( buf ); + if( servername_list_size + 2 != len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); @@ -110,7 +111,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, p = buf + 2; while( servername_list_size > 2 ) { - hostname_len = ( ( p[1] << 8 ) | p[2] ); + hostname_len = mbedtls_platform_get_uint16_be( &p[1] ); if( hostname_len + 3 > servername_list_size ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); @@ -218,7 +219,9 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + + sig_alg_list_size = mbedtls_platform_get_uint16_be( buf ); + if( sig_alg_list_size + 2 != len || sig_alg_list_size % 2 != 0 ) { @@ -293,7 +296,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); + + list_size = mbedtls_platform_get_uint16_be( buf ); if( list_size + 2 != len || list_size % 2 != 0 ) { @@ -311,7 +315,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, while( list_size > 0 ) { - uint16_t const peer_tls_id = ( p[0] << 8 ) | p[1]; + uint16_t const peer_tls_id = (uint16_t) + mbedtls_platform_get_uint16_be( p ); MBEDTLS_SSL_BEGIN_FOR_EACH_SUPPORTED_EC_TLS_ID( own_tls_id ) if( own_tls_id == peer_tls_id && @@ -657,7 +662,8 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - list_len = ( buf[0] << 8 ) | buf[1]; + list_len = mbedtls_platform_get_uint16_be ( buf ); + if( list_len != len - 2 ) { mbedtls_ssl_pend_fatal_alert( ssl, @@ -751,8 +757,8 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk, while( ec_tls_ids_len-- != 0 ) { - uint16_t const cur_tls_id = - ( acceptable_ec_tls_ids[0] << 8 ) | acceptable_ec_tls_ids[1]; + uint16_t const cur_tls_id = (uint16_t) + mbedtls_platform_get_uint16_be( acceptable_ec_tls_ids ); if( cur_tls_id == tls_id ) return( 0 ); @@ -878,7 +884,8 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * present them a SHA-higher cert rather than failing if it's the only * one we got that satisfies the other conditions. */ - if( mbedtls_ssl_get_minor_ver( ssl ) < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_3 ) ) { mbedtls_md_type_t sig_md; { @@ -945,10 +952,12 @@ static int ssl_ciphersuite_is_match( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %s", mbedtls_ssl_suite_get_name( suite_info ) ) ); - if( mbedtls_ssl_suite_get_min_minor_ver( suite_info ) - > mbedtls_ssl_get_minor_ver( ssl ) || - mbedtls_ssl_suite_get_max_minor_ver( suite_info ) - < mbedtls_ssl_get_minor_ver( ssl ) ) + if( mbedtls_ssl_ver_gt( + mbedtls_ssl_suite_get_min_minor_ver( suite_info ), + mbedtls_ssl_get_minor_ver( ssl ) ) || + mbedtls_ssl_ver_lt( + mbedtls_ssl_suite_get_max_minor_ver( suite_info ), + mbedtls_ssl_get_minor_ver( ssl ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) ); return( 0 ); @@ -1102,7 +1111,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF; + n = mbedtls_platform_get_uint16_be( buf ); if( n < 17 || n > 512 ) { @@ -1120,7 +1129,8 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) ? buf[4] : mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); #endif - if( mbedtls_ssl_get_minor_ver( ssl ) < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( mbedtls_ssl_get_minor_ver( ssl ), + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" " [%d:%d] < [%d:%d]", @@ -1162,9 +1172,9 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) */ MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n ); - ciph_len = ( buf[0] << 8 ) | buf[1]; - sess_len = ( buf[2] << 8 ) | buf[3]; - chal_len = ( buf[4] << 8 ) | buf[5]; + ciph_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[0] ); + sess_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[2] ); + chal_len = (unsigned int)mbedtls_platform_get_uint16_be( &buf[4] ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d", ciph_len, sess_len, chal_len ) ); @@ -1246,8 +1256,9 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) ); - if( mbedtls_ssl_get_minor_ver( ssl ) < - mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_get_minor_ver( ssl ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); @@ -1442,7 +1453,7 @@ read_record_header: } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d", - ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) ); + (int)mbedtls_platform_get_uint16_be( ssl->in_len ) ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]", buf[1], buf[2] ) ); @@ -1489,7 +1500,7 @@ read_record_header: } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; + msg_len = mbedtls_platform_get_uint16_be( ssl->in_len ); #if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) @@ -1557,11 +1568,12 @@ read_record_header: } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", - ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) ); + (int)mbedtls_platform_get_uint24_be( &buf[1]) ) ); /* We don't support fragmentation of ClientHello (yet?) */ if( buf[1] != 0 || - msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) + msg_len != ( mbedtls_ssl_hs_hdr_len( ssl ) + + mbedtls_platform_get_uint16_be( &buf[2]) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); @@ -1578,8 +1590,8 @@ read_record_header: if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) { /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( cli_msg_seq != ssl->handshake->in_msg_seq ) { @@ -1594,8 +1606,9 @@ read_record_header: else #endif { - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; } @@ -1661,8 +1674,10 @@ read_record_header: #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ - if( major_ver < mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) || - minor_ver < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( major_ver, + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) ) || + mbedtls_ssl_ver_lt( minor_ver, + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" " [%d:%d] < [%d:%d]", @@ -1674,13 +1689,19 @@ read_record_header: return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); } - if( major_ver > mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_gt( + major_ver, + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) ) ) { major_ver = mbedtls_ssl_conf_get_max_major_ver( ssl->conf ); minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); } - else if( minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + else if( mbedtls_ssl_ver_gt( + minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) + { minor_ver = mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ); + } #if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER) ssl->major_ver = major_ver; @@ -1783,8 +1804,8 @@ read_record_header: } #endif /* MBEDTLS_SSL_PROTO_TLS */ - ciph_len = ( buf[ciph_offset + 0] << 8 ) - | ( buf[ciph_offset + 1] ); + + ciph_len = mbedtls_platform_get_uint16_be( &buf[ciph_offset + 0] ); if( ciph_len < 2 || ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ @@ -1857,8 +1878,7 @@ read_record_header: return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ext_len = ( buf[ext_offset + 0] << 8 ) - | ( buf[ext_offset + 1] ); + ext_len = mbedtls_platform_get_uint16_be( &buf[ext_offset + 0] ); if( ( ext_len > 0 && ext_len < 4 ) || msg_len != ext_offset + 2 + ext_len ) @@ -1885,8 +1905,8 @@ read_record_header: MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); } - ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) ); - ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) ); + ext_id = (unsigned int)mbedtls_platform_get_uint16_be( ext ); + ext_size = (unsigned int)mbedtls_platform_get_uint16_be( &ext[2] ); if( ext_size + 4 > ext_len ) { @@ -2070,8 +2090,9 @@ read_record_header: { MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) ); - if( mbedtls_ssl_get_minor_ver( ssl ) < - mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_get_minor_ver( ssl ), + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); @@ -2323,9 +2344,7 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_TRUNCATED_HMAC ); *p++ = 0x00; *p++ = 0x00; @@ -2367,13 +2386,9 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, * opaque cid<0..2^8-1>; * } ConnectionId; */ - - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_CID ); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, ext_len ); *p++ = (uint8_t) ssl->own_cid_len; memcpy( p, ssl->own_cid, ssl->own_cid_len ); @@ -2423,9 +2438,7 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ); *p++ = 0x00; *p++ = 0x00; @@ -2451,8 +2464,7 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " "extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ); *p++ = 0x00; *p++ = 0x00; @@ -2476,9 +2488,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SESSION_TICKET ); *p++ = 0x00; *p++ = 0x00; @@ -2500,8 +2510,7 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ); #if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) @@ -2541,9 +2550,7 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ); *p++ = 0x00; *p++ = 1; @@ -2572,8 +2579,7 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ); *p++ = 0x00; *p++ = 2; @@ -2613,8 +2619,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, MBEDTLS_TLS_EXT_ECJPAKE_KKPP ); ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, @@ -2626,9 +2631,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); - + p = mbedtls_platform_put_uint16_be( p, kkpp_len ); *olen = kkpp_len + 4; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -2652,16 +2655,11 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, * 6 . 6 protocol name length * 7 . 7+n protocol name */ - buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + (void)mbedtls_platform_put_uint16_be( &buf[0], MBEDTLS_TLS_EXT_ALPN ); *olen = 7 + strlen( ssl->alpn_chosen ); - - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); - - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); + (void)mbedtls_platform_put_uint16_be( &buf[2], ( *olen - 4 ) ); + (void)mbedtls_platform_put_uint16_be( &buf[4], ( *olen - 6 ) ); buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); @@ -2791,10 +2789,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); + p = mbedtls_platform_put_uint32_be( p, (uint32_t) t ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); #else @@ -2900,8 +2895,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_handshake_get_resume( ssl->handshake ) ? "a" : "no" ) ); ciphersuite = mbedtls_ssl_session_get_ciphersuite( ssl->session_negotiate ); - *p++ = (unsigned char)( ciphersuite >> 8 ); - *p++ = (unsigned char)( ciphersuite ); + p = mbedtls_platform_put_uint16_be( p, ciphersuite ); *p++ = (unsigned char)( mbedtls_ssl_session_get_compression( ssl->session_negotiate ) ); @@ -2978,8 +2972,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 ) { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ext_len ); p += ext_len; } @@ -3121,8 +3114,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_END_FOR_EACH_SIG_HASH_TLS - p[0] = (unsigned char)( sa_len >> 8 ); - p[1] = (unsigned char)( sa_len ); + (void)mbedtls_platform_put_uint16_be( p, sa_len ); sa_len += 2; p += sa_len; } @@ -3167,8 +3159,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) break; } - *p++ = (unsigned char)( dn_size >> 8 ); - *p++ = (unsigned char)( dn_size ); + p = mbedtls_platform_put_uint16_be( p, dn_size ); memcpy( p, frame->subject_raw.p, dn_size ); p += dn_size; @@ -3185,8 +3176,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); - ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4 + ct_len + sa_len], + total_dn_size ); ret = mbedtls_ssl_write_handshake_msg( ssl ); @@ -3740,8 +3731,9 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) if( signature_len != 0 ) { - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 ); - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len ); + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[ssl->out_msglen], + signature_len ); + ssl->out_msglen += 2; MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", ssl->out_msg + ssl->out_msglen, @@ -3822,7 +3814,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = mbedtls_platform_get_uint16_be ( *p ); *p += 2; if( *p + n > end ) @@ -4078,7 +4070,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = mbedtls_platform_get_uint16_be( *p ); *p += 2; if( n < 1 || n > 65535 || n > (size_t) ( end - *p ) ) @@ -4610,7 +4602,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) goto exit; } - sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; + sig_len = mbedtls_platform_get_uint16_be( &ssl->in_msg[i] ); i += 2; if( i + sig_len != ssl->in_hslen ) @@ -4682,15 +4674,9 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret ); tlen = 0; } + (void)mbedtls_platform_put_uint32_be( &ssl->out_msg[4], lifetime ); - ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; - ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF; - ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF; - ssl->out_msg[7] = ( lifetime ) & 0xFF; - - ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF ); - + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[8], tlen ); ssl->out_msglen = 10 + tlen; /* diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 5fe693c8f..285e73663 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -221,8 +221,8 @@ int mbedtls_ssl_ticket_write( void *p_ticket, { goto cleanup; } - state_len_bytes[0] = ( clear_len >> 8 ) & 0xff; - state_len_bytes[1] = ( clear_len ) & 0xff; + + (void)mbedtls_platform_put_uint16_be( state_len_bytes, clear_len ); /* Encrypt and authenticate */ tag = state + clear_len; @@ -298,7 +298,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) goto cleanup; - enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; + enc_len = mbedtls_platform_get_uint16_be( enc_len_p ); tag = ticket + enc_len; if( len != 4 + 12 + 2 + enc_len + 16 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e47c45657..850bcb172 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -497,7 +497,7 @@ static unsigned int ssl_mfl_code_to_length( int mfl ) switch( mfl ) { case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); + return( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); case MBEDTLS_SSL_MAX_FRAG_LEN_512: return 512; case MBEDTLS_SSL_MAX_FRAG_LEN_1024: @@ -507,7 +507,7 @@ static unsigned int ssl_mfl_code_to_length( int mfl ) case MBEDTLS_SSL_MAX_FRAG_LEN_4096: return 4096; default: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); + return( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); } } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -660,7 +660,7 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, const unsigned char *S1, *S2; unsigned char tmp[128]; unsigned char h_i[20]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; int ret; @@ -681,8 +681,11 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, /* * First compute P_md5(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) return( ret ); @@ -712,8 +715,11 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen, /* * XOR out with P_sha1(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) return( ret ); @@ -763,14 +769,17 @@ int tls_prf_generic( mbedtls_md_type_t md_type, size_t i, j, k, md_len; unsigned char tmp[128]; unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; int ret; mbedtls_md_init( &md_ctx ); - if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } md_len = mbedtls_md_get_size( md_info ); @@ -861,7 +870,7 @@ MBEDTLS_ALWAYS_INLINE static inline int ssl_prf( int minor_ver, else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_3 ) ) return( tls1_prf( secret, slen, label, random, rlen, dstbuf, dlen ) ); else #endif @@ -1160,7 +1169,7 @@ MBEDTLS_ALWAYS_INLINE static inline int ssl_calc_finished( else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_3 ) ) ssl_calc_finished_tls( ssl, buf, from ); else #endif @@ -1244,7 +1253,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, unsigned keylen; mbedtls_ssl_ciphersuite_handle_t ciphersuite_info; const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \ !defined(MBEDTLS_SSL_EXPORT_KEYS) && \ @@ -1293,7 +1302,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, md_info = mbedtls_md_info_from_type( mbedtls_ssl_suite_get_mac( ciphersuite_info ) ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", mbedtls_ssl_suite_get_mac( ciphersuite_info ) ) ); @@ -1484,7 +1493,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) + if( mbedtls_ssl_ver_geq( minor_ver, MBEDTLS_SSL_MINOR_VERSION_1 ) ) { /* For HMAC-based ciphersuites, initialize the HMAC transforms. For AEAD-based ciphersuites, there is nothing to do here. */ @@ -1759,7 +1768,7 @@ int mbedtls_ssl_calc_verify( int minor_ver, else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor_ver, MBEDTLS_SSL_MINOR_VERSION_3 ) ) ssl_calc_verify_tls( ssl, dst, hlen ); else #endif @@ -2102,8 +2111,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + p = mbedtls_platform_put_uint16_be( p, psk_len ); if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2144,8 +2152,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); } - *(p++) = (unsigned char)( len >> 8 ); - *(p++) = (unsigned char)( len ); + p = mbedtls_platform_put_uint16_be( p, len ); p += len; MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); @@ -2185,10 +2192,8 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch MBEDTLS_DEBUG_ECDH_Z ); #endif /* MBEDTLS_USE_TINYCRYPT */ - *(p++) = (unsigned char)( zlen >> 8 ); - *(p++) = (unsigned char)( zlen ); + p = mbedtls_platform_put_uint16_be( p, zlen ); p += zlen; - } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -2201,8 +2206,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end - p < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + p = mbedtls_platform_put_uint16_be( p, psk_len ); if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -2240,9 +2244,8 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, padlen = 40; memcpy( header, ctr, 8 ); - header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); + header[8] = (unsigned char) type; + (void)mbedtls_platform_put_uint16_be( &header[9], len ); memset( padding, 0x36, padlen ); mbedtls_md_starts( md_ctx ); @@ -2394,15 +2397,14 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, { memcpy( add_data + 11, rec->cid, rec->cid_len ); add_data[11 + rec->cid_len + 0] = rec->cid_len; - add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF; + (void)mbedtls_platform_put_uint16_be( &add_data[11 + rec->cid_len + 1], + rec->data_len ); *add_data_len = 13 + 1 + rec->cid_len; } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; + (void)mbedtls_platform_put_uint16_be( &add_data[11], rec->data_len ); *add_data_len = 13; } } @@ -2533,8 +2535,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_1 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_1 ) ) { unsigned char mac[MBEDTLS_SSL_MAC_ADD]; @@ -2713,8 +2716,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Prepend per-record IV for block cipher in TLS v1.1 and up as per * Method 1 (6.2.3.2. in RFC4346 and RFC5246) */ - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { if( f_rng == NULL ) { @@ -2763,8 +2767,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( mbedtls_ssl_transform_get_minor_ver( transform ) < - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* * Save IV in SSL3 and TLS1 @@ -3021,8 +3026,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Check immediate ciphertext sanity */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* The ciphertext is prefixed with the CBC IV. */ minlen += transform->ivlen; @@ -3127,8 +3133,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Initialize for prepended IV for block cipher in TLS v1.1 and up */ - if( mbedtls_ssl_transform_get_minor_ver( transform ) >= - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */ memcpy( transform->iv_dec, data, transform->ivlen ); @@ -3157,8 +3164,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( mbedtls_ssl_transform_get_minor_ver( transform ) < - MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_lt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { /* * Save IV in SSL3 and TLS1, where CBC decryption of consecutive @@ -3221,8 +3229,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) > - MBEDTLS_SSL_MINOR_VERSION_0 ) + if( mbedtls_ssl_ver_gt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_0 ) ) { /* The padding check involves a series of up to 256 * consecutive memory reads at the end of the record @@ -3320,8 +3329,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_transform_get_minor_ver( transform ) > - MBEDTLS_SSL_MINOR_VERSION_0 ) + if( mbedtls_ssl_ver_gt( + mbedtls_ssl_transform_get_minor_ver( transform ), + MBEDTLS_SSL_MINOR_VERSION_0 ) ) { /* * Process MAC and always update for padlen afterwards to make @@ -3368,7 +3378,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, memset( tmp, 0, sizeof( tmp ) ); - switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) ) + switch( mbedtls_md_get_type( + mbedtls_md_get_handle( &transform->md_ctx_dec ) ) ) { #if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \ defined(MBEDTLS_SHA256_C) @@ -4150,13 +4161,9 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ memcpy( ssl->out_msg, cur->p, 6 ); - ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); - ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); - ssl->out_msg[8] = ( ( frag_off ) & 0xff ); - - ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff ); - ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff ); - ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[6], frag_off ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[9], + cur_hs_frag_len ); MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); @@ -4353,9 +4360,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) */ if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { - ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); - ssl->out_msg[2] = (unsigned char)( hs_len >> 8 ); - ssl->out_msg[3] = (unsigned char)( hs_len ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[1], hs_len ); /* * DTLS has additional fields in the Handshake layer, @@ -4383,8 +4388,8 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Write message_seq and update it, except for HelloRequest */ if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) { - ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; - ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; + (void)mbedtls_platform_put_uint16_be( &ssl->out_msg[4], + ssl->handshake->out_msg_seq ); ++( ssl->handshake->out_msg_seq ); } else @@ -4495,8 +4500,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->conf->transport, ssl->out_hdr + 1 ); memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); - ssl->out_len[0] = (unsigned char)( len >> 8 ); - ssl->out_len[1] = (unsigned char)( len ); + (void)mbedtls_platform_put_uint16_be( ssl->out_len, len ); if( ssl->transform_out != NULL ) { @@ -4539,8 +4543,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) memcpy( ssl->out_cid, rec.cid, rec.cid_len ); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; - ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->out_len[1] = (unsigned char)( rec.data_len ); + (void)mbedtls_platform_put_uint16_be( ssl->out_len, rec.data_len ); } protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); @@ -4641,16 +4644,12 @@ static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[9] << 16 ) | - ( ssl->in_msg[10] << 8 ) | - ssl->in_msg[11] ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[9] ) ); } static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[6] << 16 ) | - ( ssl->in_msg[7] << 8 ) | - ssl->in_msg[8] ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[6] ) ); } static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) @@ -4753,9 +4752,7 @@ static size_t ssl_get_reassembly_buffer_size( size_t msg_len, static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) { - return( ( ssl->in_msg[1] << 16 ) | - ( ssl->in_msg[2] << 8 ) | - ssl->in_msg[3] ); + return( (uint32_t)mbedtls_platform_get_uint24_be( &ssl->in_msg[1] ) ); } int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) @@ -4777,7 +4774,8 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { int ret; - unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned int recv_msg_seq = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); if( ssl_check_hs_header( ssl ) != 0 ) { @@ -5104,12 +5102,12 @@ static int ssl_check_dtls_clihlo_cookie( /* Go back and fill length fields */ obuf[27] = (unsigned char)( *olen - 28 ); - obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); - obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); - obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); + (void)mbedtls_platform_put_uint24_be( &obuf[14], ( *olen - 25 ) ); + obuf[22] = obuf[14]; + obuf[23] = obuf[15]; + obuf[24] = obuf[16]; - obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); - obuf[12] = (unsigned char)( ( *olen - 13 ) ); + (void)mbedtls_platform_put_uint16_be( &obuf[11], ( *olen - 13 ) ); return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); } @@ -5340,7 +5338,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } - if( minor_ver > mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) + if( mbedtls_ssl_ver_gt( minor_ver, + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); @@ -5371,8 +5370,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) | - ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 ); + rec->data_len = mbedtls_platform_get_uint16_be( &buf[rec_hdr_len_offset] ); MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, " @@ -5401,7 +5399,7 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) if( MBEDTLS_SSL_TRANSPORT_IS_DTLS( ssl->conf->transport ) ) { - rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1]; + rec_epoch = (uint32_t)mbedtls_platform_get_uint16_be( rec->ctr ); /* Check that the datagram is large enough to contain a record * of the advertised length. */ @@ -5451,7 +5449,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) { - unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; + unsigned int rec_epoch = (unsigned int) + mbedtls_platform_get_uint16_be( &ssl->in_ctr[0] ); /* * Check for an epoch 0 ClientHello. We can't use in_msg here to @@ -5798,9 +5797,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) { /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = ( hs_buf->data[1] << 16 ) | - ( hs_buf->data[2] << 8 ) | - hs_buf->data[3]; + size_t msg_len = mbedtls_platform_get_uint24_be( &hs_buf->data[1] ); /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ @@ -5899,7 +5896,9 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) case MBEDTLS_SSL_MSG_HANDSHAKE: { unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned recv_msg_seq = (unsigned) + mbedtls_platform_get_uint16_be( &ssl->in_msg[4] ); + mbedtls_ssl_hs_buffer *hs_buf; size_t msg_len = ssl->in_hslen - 12; @@ -6497,8 +6496,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_hdr[0] = rec.type; ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->in_len[1] = (unsigned char)( rec.data_len ); + (void)mbedtls_platform_put_uint16_be( ssl->in_len, rec.data_len ); return( 0 ); } @@ -6830,17 +6828,13 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); } - ssl->out_msg[i ] = (unsigned char)( n >> 16 ); - ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); - ssl->out_msg[i + 2] = (unsigned char)( n ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[i], n ); i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); i += n; crt = crt->next; } - ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); - ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); - ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); + (void)mbedtls_platform_put_uint24_be( &ssl->out_msg[4], ( i - 7 ) ); ssl->out_msglen = i; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -6890,13 +6884,16 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, ssl->session->peer_cert_digest; mbedtls_md_type_t const peer_cert_digest_type = ssl->session->peer_cert_digest_type; - mbedtls_md_info_t const * const digest_info = + mbedtls_md_handle_t digest_info = mbedtls_md_info_from_type( peer_cert_digest_type ); unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; size_t digest_len; - if( peer_cert_digest == NULL || digest_info == NULL ) + if( peer_cert_digest == NULL || + digest_info == MBEDTLS_MD_INVALID_HANDLE ) + { return( -1 ); + } digest_len = mbedtls_md_get_size( digest_info ); if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN ) @@ -6947,7 +6944,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, /* * Same message structure as in mbedtls_ssl_write_certificate() */ - n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; + n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] ); if( ssl->in_msg[i] != 0 || ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) @@ -6982,8 +6979,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, } /* Read length of the next CRT in the chain. */ - n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) - | (unsigned int) ssl->in_msg[i + 2]; + n = mbedtls_platform_get_uint16_be( &ssl->in_msg[i + 1] ); i += 3; if( n < 128 || i + n > ssl->in_hslen ) @@ -7181,7 +7177,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, ssl->hostname, #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &ssl->session_negotiate->verify_result, - ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + ssl->conf->f_vrfy, ssl->conf->p_vrfy, +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + rs_ctx ); if( verify_ret != 0 ) { @@ -8162,7 +8161,9 @@ static void ssl_update_out_pointers( mbedtls_ssl_context *ssl, /* Adjust out_msg to make space for explicit IV, if used. */ if( transform != NULL && - mbedtls_ssl_get_minor_ver( ssl ) >= MBEDTLS_SSL_MINOR_VERSION_2 ) + mbedtls_ssl_ver_geq( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) { ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen; } @@ -8523,7 +8524,8 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) #endif /* MBEDTLS_SSL_CONF_AUTHMODE */ } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) @@ -8531,7 +8533,7 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, conf->f_vrfy = f_vrfy; conf->p_vrfy = p_vrfy; } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if !defined(MBEDTLS_SSL_CONF_RNG) void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, @@ -8651,10 +8653,10 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ) { - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; + conf->ciphersuite_list[0] = ciphersuites; + conf->ciphersuite_list[1] = ciphersuites; + conf->ciphersuite_list[2] = ciphersuites; + conf->ciphersuite_list[3] = ciphersuites; } void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, @@ -8664,10 +8666,14 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) return; - if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) + if( mbedtls_ssl_ver_lt( minor, MBEDTLS_SSL_MINOR_VERSION_0 ) || + mbedtls_ssl_ver_gt( minor, MBEDTLS_SSL_MINOR_VERSION_3 ) ) + { return; + } - conf->ciphersuite_list[minor] = ciphersuites; + conf->ciphersuite_list[mbedtls_ssl_minor_ver_index( minor )] = + ciphersuites; } #endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ @@ -9421,8 +9427,12 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) /* For TLS 1.1 or higher, an explicit IV is added * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_get_minor_ver( ssl ) >= MBEDTLS_SSL_MINOR_VERSION_2 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_2 ) ) + { transform_expansion += block_size; + } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ break; @@ -9477,7 +9487,7 @@ static size_t ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) if( mbedtls_ssl_conf_get_endpoint( ssl->conf ) == MBEDTLS_SSL_IS_CLIENT && ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) - return ( 0 ); + return( 0 ); if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) return( ssl->mtu ); @@ -9789,8 +9799,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, { const int ciphersuite = mbedtls_ssl_session_get_ciphersuite( session ); - *p++ = (unsigned char)( ( ciphersuite >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ciphersuite ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ciphersuite ); #if defined(MBEDTLS_ZLIB_SUPPORT) *p++ = (unsigned char)( @@ -9803,11 +9812,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, memcpy( p, session->master, 48 ); p += 48; - - *p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session->verify_result ); } /* @@ -9824,9 +9829,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len ) & 0xFF ); + p = mbedtls_platform_put_uint24_be( p, cert_len ); if( session->peer_cert != NULL ) { @@ -9869,9 +9872,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, if( used <= buf_len ) { - *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len ) & 0xFF ); + p = mbedtls_platform_put_uint24_be( p, session->ticket_len ); if( session->ticket != NULL ) { @@ -9879,10 +9880,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, p += session->ticket_len; } - *p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session->ticket_lifetime ); } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -10017,7 +10015,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - ciphersuite = ( p[0] << 8 ) | p[1]; + ciphersuite = (int)mbedtls_platform_get_uint16_be( p ); p += 2; #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) @@ -10041,10 +10039,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, memcpy( session->master, p, 48 ); p += 48; - session->verify_result = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->verify_result = (uint32_t)mbedtls_platform_get_uint32_be( p ); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -10068,7 +10063,8 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 3 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + cert_len = mbedtls_platform_get_uint24_be( &p[0] ); + p += 3; if( cert_len == 0 ) @@ -10110,9 +10106,9 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( session->peer_cert_digest_len != 0 ) { - const mbedtls_md_info_t *md_info = + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( session->peer_cert_digest_type ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -10139,7 +10135,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 3 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + session->ticket_len = mbedtls_platform_get_uint24_be( &p[0] ); p += 3; if( session->ticket_len != 0 ) @@ -10158,10 +10154,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 4 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->ticket_lifetime = (uint32_t)mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -10628,7 +10621,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( mbedtls_ssl_get_minor_ver( ssl ) >= MBEDTLS_SSL_MINOR_VERSION_1 ) + if( mbedtls_ssl_ver_geq( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_1 ) ) { ret = mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_WARNING, @@ -10836,7 +10831,9 @@ static int ssl_write_split( mbedtls_ssl_context *ssl, if( ssl->conf->cbc_record_splitting == MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || len <= 1 || - mbedtls_ssl_get_minor_ver( ssl ) > MBEDTLS_SSL_MINOR_VERSION_1 || + mbedtls_ssl_ver_gt( + mbedtls_ssl_get_minor_ver( ssl ), + MBEDTLS_SSL_MINOR_VERSION_1 ) || mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) != MBEDTLS_MODE_CBC ) { @@ -11267,10 +11264,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4 + session_len; if( used <= buf_len ) { - *p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, session_len ); ret = ssl_session_save( ssl->session, 1, p, session_len, &session_len ); @@ -11312,10 +11306,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF ); + p = mbedtls_platform_put_uint32_be( p, ssl->badmac_seen ); } #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -11362,8 +11353,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 2; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->mtu ) & 0xFF ); + p = mbedtls_platform_put_uint16_be( p, ssl->mtu ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -11432,14 +11422,18 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * least check it matches the requirements for serializing. */ if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) || - mbedtls_ssl_conf_get_max_major_ver( ssl->conf ) < - MBEDTLS_SSL_MAJOR_VERSION_3 || - mbedtls_ssl_conf_get_min_major_ver( ssl->conf ) > - MBEDTLS_SSL_MAJOR_VERSION_3 || - mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) < - MBEDTLS_SSL_MINOR_VERSION_3 || - mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) > - MBEDTLS_SSL_MINOR_VERSION_3 || + mbedtls_ssl_ver_lt( + mbedtls_ssl_conf_get_max_major_ver( ssl->conf ), + MBEDTLS_SSL_MAJOR_VERSION_3 ) || + mbedtls_ssl_ver_gt( + mbedtls_ssl_conf_get_min_major_ver( ssl->conf ), + MBEDTLS_SSL_MAJOR_VERSION_3 ) || + mbedtls_ssl_ver_lt( + mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ), + MBEDTLS_SSL_MINOR_VERSION_3 ) || + mbedtls_ssl_ver_gt( + mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ), + MBEDTLS_SSL_MINOR_VERSION_3 ) || mbedtls_ssl_conf_is_renegotiation_enabled( ssl->conf ) ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -11466,10 +11460,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 4 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session_len = ( (size_t) p[0] << 24 ) | - ( (size_t) p[1] << 16 ) | - ( (size_t) p[2] << 8 ) | - ( (size_t) p[3] ); + session_len = mbedtls_platform_get_uint32_be( p ); p += 4; /* This has been allocated by ssl_handshake_init(), called by @@ -11558,10 +11549,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, if( (size_t)( end - p ) < 4 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + ssl->badmac_seen = (unsigned)mbedtls_platform_get_uint32_be( p ); p += 4; #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -11606,8 +11594,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_DTLS) if( (size_t)( end - p ) < 2 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->mtu = ( p[0] << 8 ) | p[1]; + ssl->mtu = (uint16_t)mbedtls_platform_get_uint16_be( p ); p += 2; #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -11964,11 +11951,11 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - ssl_preset_suiteb_ciphersuites; + conf->ciphersuite_list[0] = + conf->ciphersuite_list[1] = + conf->ciphersuite_list[2] = + conf->ciphersuite_list[3] = + ssl_preset_suiteb_ciphersuites; #endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -12016,11 +12003,11 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif /* !MBEDTLS_SSL_CONF_MAX_MINOR_VER */ #if !defined(MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE) - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - mbedtls_ssl_list_ciphersuites(); + conf->ciphersuite_list[0] = + conf->ciphersuite_list[1] = + conf->ciphersuite_list[2] = + conf->ciphersuite_list[3] = + mbedtls_ssl_list_ciphersuites(); #endif /* MBEDTLS_SSL_CONF_SINGLE_CIPHERSUITE */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -12484,7 +12471,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, { int ret = 0; mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg ); *hashlen = mbedtls_md_get_size( md_info ); mbedtls_md_init( &ctx ); diff --git a/library/version_features.c b/library/version_features.c index bb655c0c9..4f5bf137a 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -435,6 +435,9 @@ static const char *features[] = { #if defined(MBEDTLS_SHA256_SMALLER) "MBEDTLS_SHA256_SMALLER", #endif /* MBEDTLS_SHA256_SMALLER */ +#if defined(MBEDTLS_SHA256_NO_SHA224) + "MBEDTLS_SHA256_NO_SHA224", +#endif /* MBEDTLS_SHA256_NO_SHA224 */ #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) "MBEDTLS_SSL_ALL_ALERT_MESSAGES", #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ @@ -576,6 +579,9 @@ static const char *features[] = { #if defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) "MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION", #endif /* MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ +#if defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + "MBEDTLS_X509_REMOVE_VERIFY_CALLBACK", +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) "MBEDTLS_X509_RSASSA_PSS_SUPPORT", #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ diff --git a/library/x509.c b/library/x509.c index 19cc64b79..d570f71ea 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1065,7 +1065,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, mbedtls_pk_type_t pk_alg, if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) { const mbedtls_pk_rsassa_pss_options *pss_opts; - const mbedtls_md_info_t *md_info, *mgf_md_info; + mbedtls_md_handle_t md_info, mgf_md_info; pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; @@ -1252,9 +1252,14 @@ int mbedtls_x509_self_test( int verbose ) ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) - NULL, + NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - &flags, NULL, NULL ); + &flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + , NULL, NULL +#endif + ); + if( ret != 0 ) { if( verbose != 0 ) diff --git a/library/x509_crt.c b/library/x509_crt.c index 89fea412e..1923abf9c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -669,23 +669,6 @@ static int x509_check_wildcard( char const *cn, } #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ -/* - * Reset (init or clear) a verify_chain - */ -static void x509_crt_verify_chain_reset( - mbedtls_x509_crt_verify_chain *ver_chain ) -{ - size_t i; - - for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) - { - ver_chain->items[i].crt = NULL; - ver_chain->items[i].flags = (uint32_t) -1; - } - - ver_chain->len = 0; -} - /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ @@ -2088,7 +2071,7 @@ static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info ) static int x509_crt_get_sig_info( mbedtls_x509_crt_frame const *frame, mbedtls_x509_crt_sig_info *info ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; md_info = mbedtls_md_info_from_type( frame->sig_md ); if( mbedtls_md( md_info, frame->tbs.p, frame->tbs.len, @@ -2705,7 +2688,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial, int ret; int flags = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_x509_buf_raw ca_subject; mbedtls_pk_context *pk; int can_sign; @@ -3200,6 +3183,140 @@ static int x509_crt_check_ee_locally_trusted( return( -1 ); } +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + +/* + * Reset (init or clear) a verify_chain + */ +static void x509_crt_verify_chain_reset( + mbedtls_x509_crt_verify_chain *ver_chain ) +{ + size_t i; + + for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) + { + ver_chain->items[i].crt = NULL; + ver_chain->items[i].flags = (uint32_t) -1; + } + + ver_chain->len = 0; +} + +/* + * Merge the flags for all certs in the chain, after calling callback + */ +static int x509_crt_verify_chain_get_flags( + const mbedtls_x509_crt_verify_chain *ver_chain, + uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + int ret; + unsigned i; + uint32_t cur_flags; + const mbedtls_x509_crt_verify_chain_item *cur; + + for( i = ver_chain->len; i != 0; --i ) + { + cur = &ver_chain->items[i-1]; + cur_flags = cur->flags; + + if( NULL != f_vrfy ) + if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) + return( ret ); + + *flags |= cur_flags; + } + + return( 0 ); +} + +static void x509_crt_verify_chain_add_ee_flags( + mbedtls_x509_crt_verify_chain *chain, + uint32_t ee_flags ) +{ + chain->items[0].flags |= ee_flags; +} + +static void x509_crt_verify_chain_add_crt( + mbedtls_x509_crt_verify_chain *chain, + mbedtls_x509_crt *crt ) +{ + mbedtls_x509_crt_verify_chain_item *cur; + cur = &chain->items[chain->len]; + cur->crt = crt; + cur->flags = 0; + chain->len++; +} + +static uint32_t* x509_crt_verify_chain_get_cur_flags( + mbedtls_x509_crt_verify_chain *chain ) +{ + return( &chain->items[chain->len - 1].flags ); +} + +static unsigned x509_crt_verify_chain_len( + mbedtls_x509_crt_verify_chain const *chain ) +{ + return( chain->len ); +} + +#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + +/* + * Reset (init or clear) a verify_chain + */ +static void x509_crt_verify_chain_reset( + mbedtls_x509_crt_verify_chain *ver_chain ) +{ + ver_chain->len = 0; + ver_chain->flags = 0; +} + +/* + * Merge the flags for all certs in the chain, after calling callback + */ +static int x509_crt_verify_chain_get_flags( + const mbedtls_x509_crt_verify_chain *ver_chain, + uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy ) +{ + ((void) f_vrfy); + ((void) p_vrfy); + *flags = ver_chain->flags; + return( 0 ); +} + +static void x509_crt_verify_chain_add_ee_flags( + mbedtls_x509_crt_verify_chain *chain, + uint32_t ee_flags ) +{ + chain->flags |= ee_flags; +} + +static void x509_crt_verify_chain_add_crt( + mbedtls_x509_crt_verify_chain *chain, + mbedtls_x509_crt *crt ) +{ + ((void) crt); + chain->len++; +} + +static uint32_t* x509_crt_verify_chain_get_cur_flags( + mbedtls_x509_crt_verify_chain *chain ) +{ + return( &chain->flags ); +} + +static unsigned x509_crt_verify_chain_len( + mbedtls_x509_crt_verify_chain const *chain ) +{ + return( chain->len ); +} + +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + /* * Build and verify a certificate chain * @@ -3252,7 +3369,6 @@ static int x509_crt_verify_chain( * catch potential issues with jumping ahead when restarting */ int ret; uint32_t *flags; - mbedtls_x509_crt_verify_chain_item *cur; mbedtls_x509_crt *child_crt; mbedtls_x509_crt *parent_crt; int parent_is_trusted; @@ -3267,10 +3383,7 @@ static int x509_crt_verify_chain( /* restore saved state */ *ver_chain = rs_ctx->ver_chain; /* struct copy */ self_cnt = rs_ctx->self_cnt; - - /* restore derived state */ - cur = &ver_chain->items[ver_chain->len - 1]; - child_crt = cur->crt; + child_crt = rs_ctx->cur_crt; child_is_trusted = 0; goto find_parent; @@ -3289,16 +3402,13 @@ static int x509_crt_verify_chain( int self_issued; /* Add certificate to the verification chain */ - cur = &ver_chain->items[ver_chain->len]; - cur->crt = child_crt; - cur->flags = 0; - ver_chain->len++; + x509_crt_verify_chain_add_crt( ver_chain, child_crt ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) find_parent: #endif - flags = &cur->flags; + flags = x509_crt_verify_chain_get_cur_flags( ver_chain ); { mbedtls_x509_crt_sig_info child_sig; @@ -3340,7 +3450,7 @@ find_parent: *flags |= MBEDTLS_X509_BADCERT_BAD_PK; /* Special case: EE certs that are locally trusted */ - if( ver_chain->len == 1 && self_issued && + if( x509_crt_verify_chain_len( ver_chain ) == 1 && self_issued && x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) { mbedtls_x509_crt_frame_release( child_crt ); @@ -3362,7 +3472,8 @@ find_parent: ret = x509_crt_find_parent( &child_sig, child_crt->next, trust_ca, &parent_crt, &parent_is_trusted, &signature_is_good, - ver_chain->len - 1, self_cnt, rs_ctx ); + x509_crt_verify_chain_len( ver_chain ) - 1, + self_cnt, rs_ctx ); x509_crt_free_sig_info( &child_sig ); } @@ -3374,6 +3485,7 @@ find_parent: rs_ctx->in_progress = x509_crt_rs_find_parent; rs_ctx->self_cnt = self_cnt; rs_ctx->ver_chain = *ver_chain; /* struct copy */ + rs_ctx->cur_crt = child_crt; return( ret ); } #else @@ -3390,13 +3502,14 @@ find_parent: /* Count intermediate self-issued (not necessarily self-signed) certs. * These can occur with some strategies for key rollover, see [SIRO], * and should be excluded from max_pathlen checks. */ - if( ver_chain->len != 1 && self_issued ) + if( x509_crt_verify_chain_len( ver_chain ) != 1 && self_issued ) self_cnt++; /* path_cnt is 0 for the first intermediate CA, * and if parent is trusted it's not an intermediate CA */ if( ! parent_is_trusted && - ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) + x509_crt_verify_chain_len( ver_chain ) > + MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { /* return immediately to avoid overflow the chain array */ return( MBEDTLS_ERR_X509_FATAL_ERROR ); @@ -3550,35 +3663,6 @@ static int x509_crt_verify_name( const mbedtls_x509_crt *crt, } #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ -/* - * Merge the flags for all certs in the chain, after calling callback - */ -static int x509_crt_merge_flags_with_cb( - uint32_t *flags, - const mbedtls_x509_crt_verify_chain *ver_chain, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - int ret; - unsigned i; - uint32_t cur_flags; - const mbedtls_x509_crt_verify_chain_item *cur; - - for( i = ver_chain->len; i != 0; --i ) - { - cur = &ver_chain->items[i-1]; - cur_flags = cur->flags; - - if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) - return( ret ); - - *flags |= cur_flags; - } - - return( 0 ); -} - /* * Verify the certificate validity (default profile, not restartable) */ @@ -3588,9 +3672,12 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) + , void *p_vrfy +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ) { return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, &mbedtls_x509_crt_profile_default, @@ -3598,7 +3685,10 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ flags, - f_vrfy, p_vrfy, NULL ) ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + f_vrfy, p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + NULL ) ); } /* @@ -3611,16 +3701,23 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) + uint32_t *flags +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + , int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) + , void *p_vrfy +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ) { return( mbedtls_x509_crt_verify_restartable( crt, trust_ca, ca_crl, profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - flags, f_vrfy, p_vrfy, NULL ) ); + flags, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + f_vrfy, p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + NULL ) ); } /* @@ -3641,8 +3738,10 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, const char *cn, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ uint32_t *flags, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; @@ -3697,10 +3796,14 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, goto exit; /* Merge end-entity flags */ - ver_chain.items[0].flags |= ee_flags; + x509_crt_verify_chain_add_ee_flags( &ver_chain, ee_flags ); /* Build final flags, calling callback on the way if any */ - ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + ret = x509_crt_verify_chain_get_flags( &ver_chain, flags, f_vrfy, p_vrfy ); +#else + ret = x509_crt_verify_chain_get_flags( &ver_chain, flags, NULL, NULL ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ exit: #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a5acf5b8b..8d671abf2 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -100,7 +100,7 @@ int main( int argc, char *argv[] ) unsigned char diff; const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_cipher_context_t cipher_ctx; mbedtls_md_context_t md_ctx; #if defined(_WIN32_WCE) @@ -192,7 +192,7 @@ int main( int argc, char *argv[] ) } md_info = mbedtls_md_info_from_string( argv[5] ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) { mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] ); goto exit; diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 709a149e0..ed5357f08 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -53,7 +53,7 @@ int main( void ) #else -static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum ) +static int generic_wrapper( mbedtls_md_handle_t md_info, char *filename, unsigned char *sum ) { int ret = mbedtls_md_file( md_info, filename, sum ); @@ -66,7 +66,7 @@ static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, un return( ret ); } -static int generic_print( const mbedtls_md_info_t *md_info, char *filename ) +static int generic_print( mbedtls_md_handle_t md_info, char *filename ) { int i; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; @@ -81,7 +81,7 @@ static int generic_print( const mbedtls_md_info_t *md_info, char *filename ) return( 0 ); } -static int generic_check( const mbedtls_md_info_t *md_info, char *filename ) +static int generic_check( mbedtls_md_handle_t md_info, char *filename ) { int i; size_t n; @@ -177,7 +177,7 @@ int main( int argc, char *argv[] ) { int ret = 1, i; int exit_code = MBEDTLS_EXIT_FAILURE; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_md_context_t md_ctx; mbedtls_md_init( &md_ctx ); @@ -210,7 +210,7 @@ int main( int argc, char *argv[] ) * Read the MD from the command line */ md_info = mbedtls_md_info_from_string( argv[1] ); - if( md_info == NULL ) + if( md_info == MBEDTLS_MD_INVALID_HANDLE ) { mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] ); return( exit_code ); diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index dd5051466..71a212d0c 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1202,6 +1202,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SHA256_SMALLER */ +#if defined(MBEDTLS_SHA256_NO_SHA224) + if( strcmp( "MBEDTLS_SHA256_NO_SHA224", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_NO_SHA224 ); + return( 0 ); + } +#endif /* MBEDTLS_SHA256_NO_SHA224 */ + #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) if( strcmp( "MBEDTLS_SSL_ALL_ALERT_MESSAGES", config ) == 0 ) { @@ -1578,6 +1586,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ +#if defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + if( strcmp( "MBEDTLS_X509_REMOVE_VERIFY_CALLBACK", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_VERIFY_CALLBACK ); + return( 0 ); + } +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 ) { @@ -2898,6 +2914,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CONF_SINGLE_SIG_HASH_TLS_ID */ +#if defined(MBEDTLS_MD_SINGLE_HASH) + if( strcmp( "MBEDTLS_MD_SINGLE_HASH", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_MD_SINGLE_HASH ); + return( 0 ); + } +#endif /* MBEDTLS_MD_SINGLE_HASH */ + /* If the symbol is not found, return an error */ return( 1 ); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 788793a49..1a07c9dea 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -69,6 +69,8 @@ int main( void ) #include "mbedtls/debug.h" #include "mbedtls/timing.h" +#include "mbedtls/ssl_internal.h" + #include #include #include @@ -664,6 +666,8 @@ static int send_cb( void *ctx, unsigned char const *buf, size_t len ) !MBEDTLS_SSL_CONF_RECV_TIMEOUT */ #if defined(MBEDTLS_X509_CRT_PARSE_C) + +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) static unsigned char peer_crt_info[1024]; /* @@ -704,6 +708,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, return( 0 ); } +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -1506,14 +1511,18 @@ int main( int argc, char *argv[] ) mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && - mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) > opt.max_version ) + mbedtls_ssl_ver_gt( + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ), + opt.max_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && - mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) < opt.min_version ) + mbedtls_ssl_ver_lt( + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ), + opt.min_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; @@ -1523,17 +1532,24 @@ int main( int argc, char *argv[] ) /* If the server selects a version that's not supported by * this suite, then there will be no common ciphersuite... */ if( opt.max_version == -1 || - opt.max_version > mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) + mbedtls_ssl_ver_gt( + opt.max_version, + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) ) { opt.max_version = mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ); } - if( opt.min_version < mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) + if( mbedtls_ssl_ver_lt( + opt.min_version, + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) ) { opt.min_version = mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ); /* DTLS starts with TLS 1.1 */ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 ) + mbedtls_ssl_ver_lt( opt.min_version, + MBEDTLS_SSL_MINOR_VERSION_2 ) ) + { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; + } } /* Enable RC4 if needed and not explicitly disabled */ @@ -1894,8 +1910,10 @@ int main( int argc, char *argv[] ) #endif } +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ @@ -2316,10 +2334,11 @@ int main( int argc, char *argv[] ) else mbedtls_printf( " ok\n" ); -#if !defined(MBEDTLS_X509_REMOVE_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) mbedtls_printf( " . Peer certificate information ...\n" ); mbedtls_printf( "%s\n", peer_crt_info ); -#endif /* !MBEDTLS_X509_REMOVE_INFO */ +#endif /* !MBEDTLS_X509_REMOVE_INFO && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2648,9 +2667,10 @@ send_request: mbedtls_printf( " . Restarting connection from same port..." ); fflush( stdout ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { @@ -2825,9 +2845,10 @@ reconnect: mbedtls_printf( " . Reconnecting with saved session..." ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) memset( peer_crt_info, 0, sizeof( peer_crt_info ) ); -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index b07ab4fac..c0476dc59 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -68,6 +68,8 @@ int main( void ) #include "mbedtls/debug.h" #include "mbedtls/timing.h" +#include "mbedtls/ssl_internal.h" + #include #include #include @@ -2232,14 +2234,18 @@ int main( int argc, char *argv[] ) mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] ); if( opt.max_version != -1 && - mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) > opt.max_version ) + mbedtls_ssl_ver_gt( + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ), + opt.max_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; goto usage; } if( opt.min_version != -1 && - mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) < opt.min_version ) + mbedtls_ssl_ver_lt( + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ), + opt.min_version ) ) { mbedtls_printf( "forced ciphersuite not allowed with this protocol version\n" ); ret = 2; @@ -2249,17 +2255,24 @@ int main( int argc, char *argv[] ) /* If we select a version that's not supported by * this suite, then there will be no common ciphersuite... */ if( opt.max_version == -1 || - opt.max_version > mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) + mbedtls_ssl_ver_gt( + opt.max_version, + mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ) ) ) { opt.max_version = mbedtls_ssl_suite_get_max_minor_ver( ciphersuite_info ); } - if( opt.min_version < mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) + if( mbedtls_ssl_ver_lt( + opt.min_version, + mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ) ) ) { opt.min_version = mbedtls_ssl_suite_get_min_minor_ver( ciphersuite_info ); /* DTLS starts with TLS 1.1 */ if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 ) + mbedtls_ssl_ver_lt( opt.min_version, + MBEDTLS_SSL_MINOR_VERSION_2 ) ) + { opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; + } } /* Enable RC4 if needed and not explicitly disabled */ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 2b8656692..88e3290d0 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -693,13 +693,16 @@ int main( int argc, char *argv[] ) if( todo.hmac_drbg ) { mbedtls_hmac_drbg_context hmac_drbg; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_init( &hmac_drbg ); #if defined(MBEDTLS_SHA1_C) - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { mbedtls_exit(1); + } if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); @@ -715,8 +718,11 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SHA256_C) - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == NULL ) + if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ) ) == + MBEDTLS_MD_INVALID_HANDLE ) + { mbedtls_exit(1); + } if( mbedtls_hmac_drbg_seed( &hmac_drbg, md_info, myrand, NULL, NULL, 0 ) != 0 ) mbedtls_exit(1); diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index 3c9c2786f..dcbd5ff4a 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -66,7 +66,6 @@ #include "mbedtls/md2.h" #include "mbedtls/md4.h" #include "mbedtls/md5.h" -#include "mbedtls/md_internal.h" #include "mbedtls/net.h" #include "mbedtls/net_sockets.h" #include "mbedtls/nist_kw.h" diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 74efea388..b82f83f8f 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -129,6 +129,7 @@ static void my_debug( void *ctx, int level, } #endif /* MBEDTLS_DEBUG_C */ +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags ) { char buf[1024]; @@ -148,6 +149,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *fl return( 0 ); } +#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ #if defined(MBEDTLS_SSL_CONF_RNG) int rng_wrap( void *ctx, unsigned char *dst, size_t len ); @@ -363,11 +365,21 @@ int main( int argc, char *argv[] ) { mbedtls_printf( " . Verifying X.509 certificate..." ); - if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - &flags, my_verify, NULL ) ) != 0 ) + &flags, + my_verify, NULL ); +#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + NULL, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + if( ret != 0 ) { char vrfy_buf[512]; @@ -436,7 +448,10 @@ int main( int argc, char *argv[] ) { mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED ); mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); + +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); +#endif } else mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); diff --git a/scripts/config.pl b/scripts/config.pl index 751ea1db1..287f1f18b 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -30,6 +30,7 @@ # MBEDTLS_NO_PLATFORM_ENTROPY # MBEDTLS_REMOVE_ARC4_CIPHERSUITES # MBEDTLS_REMOVE_3DES_CIPHERSUITES +# MBEDTLS_SHA256_NO_SHA224 # MBEDTLS_SSL_HW_RECORD_ACCEL # MBEDTLS_SSL_PROTO_NO_DTLS # MBEDTLS_SSL_NO_SESSION_CACHE @@ -43,6 +44,7 @@ # MBEDTLS_X509_CRT_REMOVE_TIME # MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID # MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +# MBEDTLS_X509_REMOVE_VERIFY_CALLBACK # MBEDTLS_ZLIB_SUPPORT # MBEDTLS_PKCS11_C # and any symbol beginning _ALT @@ -99,6 +101,7 @@ MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_RSA_NO_CRT MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_3DES_CIPHERSUITES +MBEDTLS_SHA256_NO_SHA224 MBEDTLS_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_PROTO_NO_TLS MBEDTLS_SSL_NO_SESSION_CACHE @@ -110,6 +113,7 @@ MBEDTLS_X509_REMOVE_INFO MBEDTLS_X509_CRT_REMOVE_TIME MBEDTLS_X509_CRT_REMOVE_SUBJECT_ISSUER_ID MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +MBEDTLS_X509_REMOVE_VERIFY_CALLBACK MBEDTLS_ZLIB_SUPPORT MBEDTLS_PKCS11_C MBEDTLS_NO_UDBL_DIVISION diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 5938a5fc8..2ea77e7e7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -133,6 +133,7 @@ add_test_suite(poly1305) add_test_suite(shax) add_test_suite(ssl) add_test_suite(timing) +add_test_suite(tinycrypt) add_test_suite(rsa) add_test_suite(version) add_test_suite(xtea) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8b3c99abd..69f97c7fb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -921,6 +921,34 @@ component_test_hardcoded_elliptic_curve_cmake_clang() { if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$' } +component_test_hardcoded_hash_cmake_clang() { + msg "build: cmake, full config + MBEDTLS_MD_SINGLE_HASH, clang" # ~ 50s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_SHA1_C + scripts/config.pl unset MBEDTLS_SHA512_C + scripts/config.pl set MBEDTLS_SHA256_NO_SHA224 + scripts/config.pl unset MBEDTLS_MD2_C + scripts/config.pl unset MBEDTLS_MD4_C + scripts/config.pl unset MBEDTLS_MD5_C + scripts/config.pl unset MBEDTLS_RIPEMD160_C + scripts/config.pl unset MBEDTLS_SSL_PROTO_SSL3 + scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1 + scripts/config.pl unset MBEDTLS_SSL_PROTO_TLS1_1 + scripts/config.pl unset MBEDTLS_SSL_CBC_RECORD_SPLITTING + scripts/config.pl set MBEDTLS_MD_SINGLE_HASH MBEDTLS_MD_INFO_SHA256 + + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . + make + + msg "test: main suites (full config + MBEDTLS_MD_SINGLE_HASH)" # ~ 5s + make test + + msg "test: ssl-opt.sh default (full config + MBEDTLS_MD_SINGLE_HASH)" # ~ 5s + if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$' +} + component_build_deprecated () { msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s scripts/config.pl full @@ -1365,6 +1393,21 @@ component_test_no_hostname_verification () { if_build_succeeded tests/ssl-opt.sh } +component_test_no_x509_verify_callback () { + msg "build: full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_X509_REMOVE_VERIFY_CALLBACK + make CFLAGS='-Werror -O1' + + msg "test: full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 10s + make test + + msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_VERIFY_CALLBACK" # ~ 1 min + if_build_succeeded tests/ssl-opt.sh +} + component_build_arm_none_eabi_gcc () { msg "build: arm-none-eabi-gcc, make" # ~ 10s scripts/config.pl baremetal diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index f57e7ed88..9bfff7947 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -40,8 +40,18 @@ my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); # for md we want to catch MD5_C but not MD_C, hence the extra dot my $mdx_sed_cmd = 's/^#define \(MBEDTLS_MD..*_C\)/\1/p'; my $sha_sed_cmd = 's/^#define \(MBEDTLS_SHA.*_C\)/\1/p'; -my @hashes = split( /\s+/, +my @hash_modules = split( /\s+/, `sed -n -e '$mdx_sed_cmd' -e '$sha_sed_cmd' $config_h` ); + +# there are also negative options for truncated variants, disabled by default +my $sha_trunc_sed_cmd = 's/^\/\/#define \(MBEDTLS_SHA..._NO_.*\)/\1/p'; +my @hash_negatives = split( /\s+/, + `sed -n -e '$sha_trunc_sed_cmd' $config_h` ); + +# list hash options with corresponding actions +my @hashes = ((map { "unset $_" } @hash_modules), + (map { "set $_" } @hash_negatives)); + system( "cp $config_h $config_h.bak" ) and die; sub abort { system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n"; @@ -55,11 +65,11 @@ for my $hash (@hashes) { system( "make clean" ) and die; print "\n******************************************\n"; - print "* Testing without hash: $hash\n"; + print "* Testing hash option: $hash\n"; print "******************************************\n"; - system( "scripts/config.pl unset $hash" ) - and abort "Failed to disable $hash\n"; + system( "scripts/config.pl $hash" ) + and abort "Failed to $hash\n"; for my $opt (@ssl) { system( "scripts/config.pl unset $opt" ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9ed1308d5..49d2d1fc4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1198,6 +1198,7 @@ run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \ requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SHA-1 forbidden by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI debug_level=2 allow_sha1=0" \ @@ -1222,6 +1223,7 @@ run_test "SHA-256 allowed by default in server certificate" \ requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ @@ -3663,6 +3665,7 @@ run_test "DER format: with 9 trailing random bytes" \ # Tests for auth_mode requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server badcert, client required" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -3674,6 +3677,7 @@ run_test "Authentication: server badcert, client required" \ -c "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -3685,6 +3689,7 @@ run_test "Authentication: server badcert, client optional" \ -C "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server goodcert, client optional, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ @@ -3697,6 +3702,7 @@ run_test "Authentication: server goodcert, client optional, no trusted CA" \ -C "SSL - No CA Chain is set, but required to operate" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: server goodcert, client required, no trusted CA" \ "$P_SRV" \ "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ @@ -3793,6 +3799,7 @@ run_test "Authentication: client has no cert, server required (TLS)" \ -s "No client certification received from the client, but required by the authentication mode" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client badcert, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -3815,6 +3822,7 @@ run_test "Authentication: client badcert, server required" \ # before reading the alert message. requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client cert not trusted, server required" \ "$P_SRV debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -3833,6 +3841,7 @@ run_test "Authentication: client cert not trusted, server required" \ -s "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client badcert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -3868,6 +3877,7 @@ run_test "Authentication: client badcert, server none" \ -S "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -3886,6 +3896,7 @@ run_test "Authentication: client no cert, server optional" \ -S "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: openssl client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional ca_file=data_files/test-ca2.crt" \ "$O_CLI" \ @@ -3918,6 +3929,7 @@ run_test "Authentication: client no cert, openssl server required" \ requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: client no cert, ssl3" \ "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ @@ -4036,6 +4048,7 @@ run_test "Authentication: do not send CA list in CertificateRequest" \ -S "requested DN" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Authentication: send CA list in CertificateRequest, client self signed" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -4051,6 +4064,7 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig # Tests for certificate selection based on SHA verson requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4062,6 +4076,7 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ -C "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4073,6 +4088,7 @@ run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ -c "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4084,6 +4100,7 @@ run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ -c "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4096,6 +4113,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ -C "signed using.*ECDSA with SHA1" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ "$P_SRV crt_file=data_files/server6.crt \ key_file=data_files/server6.key \ @@ -4110,6 +4128,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ # tests for SNI requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: no SNI callback" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4121,6 +4140,7 @@ run_test "SNI: no SNI callback" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: matching cert 1" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4133,6 +4153,7 @@ run_test "SNI: matching cert 1" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: matching cert 2" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4199,6 +4220,7 @@ run_test "SNI: client auth override: optional -> none" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: CA no override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4219,6 +4241,7 @@ run_test "SNI: CA no override" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: CA override" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4239,6 +4262,7 @@ run_test "SNI: CA override" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4260,6 +4284,7 @@ run_test "SNI: CA override with CRL" \ # Tests for SNI and DTLS requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, no SNI callback" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4271,6 +4296,7 @@ run_test "SNI: DTLS, no SNI callback" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, matching cert 1" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4283,6 +4309,7 @@ run_test "SNI: DTLS, matching cert 1" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, matching cert 2" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4349,6 +4376,7 @@ run_test "SNI: DTLS, client auth override: optional -> none" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, CA no override" \ "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4388,6 +4416,7 @@ run_test "SNI: DTLS, CA override" \ requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SNI: DTLS, CA override with CRL" \ "$P_SRV debug_level=3 auth_mode=optional \ crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ @@ -4826,6 +4855,7 @@ run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ -C "Ciphersuite is TLS-" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ @@ -4858,6 +4888,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail" \ -C "Ciphersuite is TLS-" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ "$O_SRV -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ @@ -6414,16 +6445,14 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \ crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ - key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \ - debug_level=1 ec_max_ops=1000" \ - 1 \ + key_file=data_files/server5.key crt_file=data_files/server5.crt ca_file=data_files/test-ca2.crt \ + debug_level=1 ec_max_ops=1000 auth_mode=optional" \ + 0 \ -c "x509_verify_cert.*4b00" \ - -C "mbedtls_pk_verify.*4b00" \ - -C "mbedtls_ecdh_make_public.*4b00" \ - -C "mbedtls_pk_sign.*4b00" \ + -c "mbedtls_pk_verify.*4b00" \ + -c "mbedtls_ecdh_make_public.*4b00" \ + -c "mbedtls_pk_sign.*4b00" \ -c "! The certificate is not correctly signed by the trusted CA" \ - -c "! mbedtls_ssl_handshake returned" \ - -c "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_enabled MBEDTLS_ECP_RESTARTABLE @@ -6445,6 +6474,7 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ -C "X509 - Certificate verification failed" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK requires_config_enabled MBEDTLS_ECP_RESTARTABLE run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ "$P_SRV auth_mode=required ca_file=data_files/test-ca2.crt \ @@ -6545,6 +6575,7 @@ run_test "SSL async private: sign, RSA, TLS 1.1" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_disabled MBEDTLS_X509_REMOVE_INFO requires_config_disabled MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "SSL async private: sign, SNI" \ "$P_SRV debug_level=3 \ async_operations=s async_private_delay1=0 async_private_delay2=0 \ @@ -7008,6 +7039,7 @@ run_test "DTLS client auth: required" \ -s "Verifying peer X.509 certificate... ok" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "DTLS client auth: optional, client has no cert" \ "$P_SRV dtls=1 auth_mode=optional" \ "$P_CLI dtls=1 crt_file=none key_file=none" \ @@ -7015,6 +7047,7 @@ run_test "DTLS client auth: optional, client has no cert" \ -s "! Certificate was missing" requires_config_disabled MBEDTLS_X509_REMOVE_INFO +requires_config_disabled MBEDTLS_X509_REMOVE_VERIFY_CALLBACK run_test "DTLS client auth: none, client has no cert" \ "$P_SRV dtls=1 auth_mode=none" \ "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index 59e209b36..b6ffb4f15 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -58,7 +58,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"sample":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64" ECDSA deterministic test vector rfc 6979 p192 sha224 -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"sample":"A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5":"E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A" ECDSA deterministic test vector rfc 6979 p192 sha256 @@ -78,7 +78,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"test":"0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D":"EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7" ECDSA deterministic test vector rfc 6979 p192 sha224 -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"test":"6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34":"B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293" ECDSA deterministic test vector rfc 6979 p192 sha256 @@ -98,7 +98,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"sample":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69" ECDSA deterministic test vector rfc 6979 p224 sha224 -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"sample":"1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E":"A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC" ECDSA deterministic test vector rfc 6979 p224 sha256 @@ -118,7 +118,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"test":"DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C":"95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2" ECDSA deterministic test vector rfc 6979 p224 sha224 -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"test":"C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019":"902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4" ECDSA deterministic test vector rfc 6979 p224 sha256 @@ -138,7 +138,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"sample":"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32":"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB" ECDSA deterministic test vector rfc 6979 p256 sha224 -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"sample":"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F":"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C" ECDSA deterministic test vector rfc 6979 p256 sha256 @@ -158,7 +158,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"test":"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89":"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1" ECDSA deterministic test vector rfc 6979 p256 sha224 -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"test":"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692":"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D" ECDSA deterministic test vector rfc 6979 p256 sha256 @@ -178,7 +178,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"sample":"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2":"A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443" ECDSA deterministic test vector rfc 6979 p384 sha224 -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"sample":"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE060122":"9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D" ECDSA deterministic test vector rfc 6979 p384 sha256 @@ -198,7 +198,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"test":"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7":"D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282" ECDSA deterministic test vector rfc 6979 p384 sha224 -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"test":"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72":"07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66" ECDSA deterministic test vector rfc 6979 p384 sha256 @@ -218,7 +218,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"sample":"0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D":"0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16" ECDSA deterministic test vector rfc 6979 p521 sha224 -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"sample":"1776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E":"050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F" ECDSA deterministic test vector rfc 6979 p521 sha256 @@ -238,7 +238,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA1_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"test":"13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367":"1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF" ECDSA deterministic test vector rfc 6979 p521 sha224 -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"test":"1C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB":"177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4" ECDSA deterministic test vector rfc 6979 p521 sha256 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 0e7283bc7..4f3143f5b 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -332,7 +332,7 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, mbedtls_mpi d, r, s, r_check, s_check; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t hlen; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); @@ -345,7 +345,7 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); hlen = mbedtls_md_get_size( md_info ); TEST_ASSERT( mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ) == 0 ); @@ -511,7 +511,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; size_t hlen, slen, slen_check; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_ecdsa_restart_init( &rs_ctx ); mbedtls_ecdsa_init( &ctx ); @@ -524,7 +524,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, slen_check = unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); hlen = mbedtls_md_get_size( md_info ); mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 3e8720734..77f0d5d54 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -1,6 +1,5 @@ /* BEGIN_HEADER */ #include "mbedtls/hkdf.h" -#include "mbedtls/md_internal.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -25,8 +24,8 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, */ unsigned char okm_hex[257] = { '\0' }; - const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md != NULL ); + mbedtls_md_handle_t md = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md != MBEDTLS_MD_INVALID_HANDLE ); ikm_len = unhexify( ikm, hex_ikm_string ); salt_len = unhexify( salt, hex_salt_string ); @@ -54,8 +53,8 @@ void test_hkdf_extract( int md_alg, char *hex_ikm_string, unsigned char *output_prk = NULL; size_t ikm_len, salt_len, prk_len, output_prk_len; - const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md != NULL ); + mbedtls_md_handle_t md = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md != MBEDTLS_MD_INVALID_HANDLE ); output_prk_len = mbedtls_md_get_size( md ); output_prk = mbedtls_calloc( 1, output_prk_len ); @@ -90,8 +89,8 @@ void test_hkdf_expand( int md_alg, char *hex_info_string, unsigned char *output_okm = NULL; size_t info_len, prk_len, okm_len; - const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md != NULL ); + mbedtls_md_handle_t md = mbedtls_md_info_from_type( md_alg ); + TEST_ASSERT( md != MBEDTLS_MD_INVALID_HANDLE ); output_okm = mbedtls_calloc( OKM_LEN, 1 ); @@ -114,7 +113,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_MD_SINGLE_HASH */ void test_hkdf_extract_ret( int hash_len, int ret ) { int output_ret; @@ -141,7 +140,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_MD_SINGLE_HASH */ void test_hkdf_expand_ret( int hash_len, int prk_len, int okm_len, int ret ) { int output_ret; diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index 13bc40062..da280dbd9 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -34,7 +34,7 @@ void hmac_drbg_entropy_usage( int md_alg ) { unsigned char out[16]; unsigned char buf[1024]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; entropy_ctx entropy; size_t last_len, i, reps = 10; @@ -47,7 +47,7 @@ void hmac_drbg_entropy_usage( int md_alg ) entropy.p = buf; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); /* Init must use entropy */ last_len = entropy.len; @@ -112,13 +112,13 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void hmac_drbg_seed_file( int md_alg, char * path, int ret ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, rnd_std_rand, NULL, NULL, 0 ) == 0 ); @@ -136,7 +136,7 @@ void hmac_drbg_buf( int md_alg ) { unsigned char out[16]; unsigned char buf[100]; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; size_t i; @@ -145,7 +145,7 @@ void hmac_drbg_buf( int md_alg ) memset( out, 0, sizeof( out ) ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed_buf( &ctx, md_info, buf, sizeof( buf ) ) == 0 ); /* Make sure it never tries to reseed (would segfault otherwise) */ @@ -168,7 +168,7 @@ void hmac_drbg_no_reseed( int md_alg, data_t * entropy, unsigned char data[1024]; unsigned char my_output[512]; entropy_ctx p_entropy; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); @@ -177,7 +177,7 @@ void hmac_drbg_no_reseed( int md_alg, data_t * entropy, p_entropy.len = entropy->len; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); /* Test the simplified buffer-based variant */ memcpy( data, entropy->x, p_entropy.len ); @@ -215,7 +215,7 @@ void hmac_drbg_nopr( int md_alg, data_t * entropy, data_t * custom, { unsigned char my_output[512]; entropy_ctx p_entropy; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); @@ -224,7 +224,7 @@ void hmac_drbg_nopr( int md_alg, data_t * entropy, data_t * custom, p_entropy.len = entropy->len; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy, custom->x, custom->len ) == 0 ); @@ -247,7 +247,7 @@ void hmac_drbg_pr( int md_alg, data_t * entropy, data_t * custom, { unsigned char my_output[512]; entropy_ctx p_entropy; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_hmac_drbg_context ctx; mbedtls_hmac_drbg_init( &ctx ); @@ -256,7 +256,7 @@ void hmac_drbg_pr( int md_alg, data_t * entropy, data_t * custom, p_entropy.len = entropy->len; md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_entropy_func, &p_entropy, custom->x, custom->len ) == 0 ); diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 64bce03b3..acbf3bae7 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_entropy_usage:MBEDTLS_MD_SHA1 HMAC_DRBG entropy usage SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA224 HMAC_DRBG entropy usage SHA-256 @@ -27,11 +27,11 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_seed_file:MBEDTLS_MD_SHA1:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-256 @@ -63,7 +63,7 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_buf:MBEDTLS_MD_SHA1 HMAC_DRBG from buffer SHA-224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_buf:MBEDTLS_MD_SHA224 HMAC_DRBG from buffer SHA-256 diff --git a/tests/suites/test_suite_hmac_drbg.no_reseed.data b/tests/suites/test_suite_hmac_drbg.no_reseed.data index d7e62a120..0cc9cc3b4 100644 --- a/tests/suites/test_suite_hmac_drbg.no_reseed.data +++ b/tests/suites/test_suite_hmac_drbg.no_reseed.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_no_reseed:MBEDTLS_MD_SHA1:"3e325daab3301856044f416f250b6161e447e63d85ca084f":"a9d2a53dbd7ef4b9150dd0ed4d002e56":"4de6c923346d7adc16bbe89b9a184a79":"9e9e3412635aec6fcfb9d00da0c49fb3":"48ac8646b334e7434e5f73d60a8f6741e472baabe525257b78151c20872f331c169abe25faf800991f3d0a45c65e71261be0c8e14a1a8a6df9c6a80834a4f2237e23abd750f845ccbb4a46250ab1bb63" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a76e77a969ab92645181f0157802523746c34bf321867641051ed6ba39368033adc93d4e":"":"":"":"8925987db5566e60520f09bdddab488292bed92cd385e5b6fc223e1919640b4e34e34575033e56c0a8f608be21d3d221c67d39abec98d81312f3a2653d55ffbf44c337c82bed314c211be23ec394399ba351c4687dce649e7c2a1ba7b0b5dab125671b1bcf9008da65cad612d95ddc92" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"65cdaa5ab147d0c79fdd02b24fc94d0e427f59ef9a31f447458c6befe0c2cde5a58c6b7d":"":"":"":"0d164682b5bb552a53a2a942373639d98576450ca632faebc15060691a4219467c5aa106034cd19a214a0a4f31d402e68c4c565f49b33b680d522ef25f541e8202be779730376fdcf5b7b58fd6ac959204a88f91008651d2c02ada82505f914d4d9b9aea7967784e5320e185e1248270" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"650996f1477112af7604386be5ace78232904315d99d87d72a06709d331a6f930b447cf5":"":"":"":"d3341d7767cfd95640a107b3abaed7b4e1855b348e3ae5bcc53a0b0d49d4b4976837ec8f376f38327135578eca7ee583215bd5c79ebf499816f79afcc402ff1e9ffc4ad0f896761c9cff75050bf84baa194c355763b16b5d2648d480a2b48f22662685de39c7cee90aa0b6edf8062e42" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"898640ce467201a53e7731bdfb572977f7eb3e49050bc1e367ca74bf0a27376d339d09f4":"":"":"":"4f5eea927023b4abab5d4d9944e84ca001ee081cbc21d4080e1534ee6d1d8a6f60361029ffa983bcc79b5d65d4aaaaaf98983de13ddde39a739f9d95878fb31f57f96184e5f2f3adf654a468c616237fcbc6b2c194e247178cb90294f631c449a01f1fe09c02587c460305be9fc71b5a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fe405dd73956bf6ec875515eebd8c5ecd60553643da750914c83dfc93611d57390af7324":"":"":"":"d8ae0eb81913a190c439f8ffa56c06155a73f84b20608b2b2e9eab3061202cebad18ab8b3eba81672152c1c02ef573cd6e8623c392facb6a857425c6795cd7999c1e7f56f3fa9accca018076e0bfc106d075df98f5fb66f28933215e9276777dfc479e71a8d506a66197918d9b0f7a8f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b06892f6f455afddc8eb60aae35b35a64f63b2aa85a2dae4ef489266f7bc354f72d68b71":"":"":"":"fc10c03fc37d3bd5fba6591a97f6354a9ed8ba2b6806744432851f43a3ce6418e39ccb417b8539e349acea588e2abe5da06147c9825c6e50a31f8589a57ca3bfb10f0da9c8e89fe2e372b5af1cf96e0fbeec5d99228770c41a76e587da7d8764d5f235f5d1d6188d84ae61c52c2164fb" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9174e174e9e031f62b2e19ae5c0bef22eed7d5598e6e73504759a2c15b05c2473a721d26":"":"":"":"1962f2d473b31a2576dbd78022f4eeb974641fa2e9cb582f03ab741929f51f0f4663129e68ddc242e1c2ceafacec3dccb97e09527aff46b948f0abcea1451699dc3ae4d3fb5e04c84337e17b504af2fb5f1aa6ec0033ddf138a188ee162c497526563a67da8015275d89f0e1e902b2ef" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eb1d45ba0d8951b7b1d7ce922b7d1f6e94da8b821940126c9da5b0b4382425930743a051":"":"":"":"306b1f733e6f69b6f26b7baa5441af4967a5cad8faad18029440aa989aef6024dbf3ba02dfc2c694dad6496ff760d72ae6914a4dcd5e3a443f4bcb14bf2b64986f35c32449f15e3084d46fadfa2ae213da6b26f787cef89b6a23084a929608a9f6acd8315808c29f8ae435a40202a012" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78cdc1567caf2ff529ef8e3475c0fbb09a48b687a544f7399f503948621f29686fb15216":"":"":"":"2367067d8ec189b0819eda34602768a0698b4b545c7d5214fad58c9787b89809b97f3af5f9349907d2954f8c0dccbdbe63cc019bde3a6fae10497ae57f33e91ed55b6fc4a83fe8a2463552796d5120da8066f7285a8388958817b1218e006d7fc617f453ad0f9217966a0731ba99f093" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"25f9ee24ee25ad3d29a974f8f552b178cb292b847a6be80694213a6c0b33e25e29fd3ecc":"":"":"":"32fe251a619d164c217365b12a313a942b6a9c3df007751a5fa9f356412d1142c785c292e3dc9d0b1d77e080892e5d39b91c58fd142458c71182061920a0721db453a32fe7ffc8b2c20bf11894fa37d8f0e9463edd43a97f65362295119be03d5e06f617fdff6accaab8c4da72ac8f81" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0b644221788c266aae00a3b63a87f32ca96a6c32b116cd37caa4f75ff5d7e56be3b4e20f":"":"":"":"dc9245da77502cadd1a8ac4d1cf6a199c8e529deda10c87ab6c69ceea6fdef36d45f4d036021b93fe5b342c52fe1e71d81e617bebc58804af3109bab93dbb2e5c546e108bd0891710128b5e8e4a4f01df2003d038fec8cef426fad7f72dd5e091b4850e9bf4932d60deacb6e9ea3c5e6" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a6677badff70966a3cd2febaad7de7aa5849ba763789b20d0a39b6c569261b826cdb15e8":"":"":"":"e04838c970f5d7208a2a7310da893d65391666a5dc62d9ede71fc30816cfc3e8064ac59cc9aaf30283356078c812676ca20beb044a6d78db6c5ef9718a88559607f225002452c01459944433013cfffea84d6fe404fbbbc2d66bb50a2fa01d8a5d6e4ea9b402dc5256752461bf6fcb7f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2301d8c053312db04882f4284cf8b47966c1c9b8c49de847d0c11f14c5f70ce19346562b":"":"":"":"b46246526b28f3ad7f6d8732ca3bfc40f005d97a519640a4ce728486d8bf830d661be5a97b11113e89096d9bf15cbef73ec28ac13e3fbeadc9bca500918bbe92ea23e131cc622dbffe2272db16ec5d4ca30e9bd986d1709ae22d10180514bcd11bd6218ea1fbaba101444945a17a4c4b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78644ea1b0c4c55c4addeb476fc34471ea2c4393697aa4f170726010c443b8e1c4a6b3ea":"":"":"":"ef1b41bd03ee8460d55759db65a4c97758f48e3a09127be04c7ed08bbee5fa5cf119929df42c187e2a347a8df99c502b693a7ae41946f4918d84686880ae29d6d8fbbc4fccc9e295876a249cfa59effd331994e84717b4c76637df36beb960761880daab3d43376341439af2ce8e33cc" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bcf49cb642b3d915cf03b90e65":"":"":"":"144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e4547261c9dda6bafe9fddf435a80ebc96354c7c2c8847c5d26c6e73a967bfc4ebaf8613":"42849dc8eec611eaa49252067fa60d7d7267d711dc35b576":"815f50fc233f157f96ad0627c355bce407b269dca91af661":"775a1c9da6f58d4eb95b27935ecc01dde31ff17ce2e4e65d":"25adb777523a80a6dbb6ac1fd08e02bfc4b4686cec5efe3ae9aa2d4469eae8c9c3693fdc8e0fc107720b7789ef7331e23fe3799412ec86857ffbba515a5af4d91013b2f17669421c822005b4747942790a11a24c4974f27d54de69727b0ed507b6a48a9d6c53f93e2f3d33df73dd643f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"06d677001d9b3c97fda4d09778aee3de131b4123696b109f81bb6b0d7fbcab3c5842bb83":"f99638d2d4365b662cd83ab4e6a7bbb624e6c72b7b38e81b":"20b7d56f6222bafeeeee59dbca1933d8086218891f3a9bfe":"9de4f2847fe239cb1a3df4b8ff64c25d7b0870f3c9ebe3a3":"e18ff19837ce21e68944659321311b8584dd515ed8a6a1f2b0ac06e69009c3d0cf0489af876201efad962cfd1ba54f540b94131d788d3fea797c4bc079593bc7932baa70abb145a355741a98c584f0fa3298b8310b01e1a6debf5359d7d02b1a6c663100acb56975450bec20e91b736b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"abd38c0465cdfe018f36ffbb7a0ee51d67675ab4f0f1d1e93418bb4cdf6499a371af4d3a":"9a07d5571d841e3c1a9eb3fb48cde3b3e080e1c2e0db6a6d":"a392f79022aebbec0c82b981293627d139dfb5232eb490b4":"f5ce1f6b1e6715c49bea42ff439fdecd9b3b7f2e578133cc":"885c54ad25992fc38260498d6f4d8c73d6159af5f7efef06174da03afcd8384cb28690fd9ded1d26e2dff74aee4dd0c47a0d99c6fc1ec8d8faccbdcf6fdb12a528564ad0d8131bcf5222d7e6c69c52da1acba01b721c98ac5a33725111f12f6d8100009d7cc9efb7ad8d7d95ea4e620d" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b52620e58e0b52b8eed0d6a6c5f4ff6c1483c61fc41dacf72bf475b37d068d061d1edcea":"ef0d233de00d24622b7d4ff4215aa720787fe80aaeb65d7a":"81b735acd3dcb13e65231c2d980fb40ca850370581f230d2":"b2302d024d92cdaed4b12f79b0aeb20c98b2321710fefab2":"ae94204670196baf740768f97b3a095134b384afea667fd90a77a16c8ae390a732ff49a3073a27db0f7a2c8ad5d7cb527d334a37abf0472f292a20f2a28e667d7c9e9f7b8fbdd177f36bf92d66223aee3f712b6c9b064e07ab96f6a77613ea55008fb4f8fbcb2f1ccbb0da75316c1faa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2592a5ed86ff64b9b4c1fbb81222d1bfbc53f3a639571ecc356084058b8855237da15c50":"a626c51ec99e72431485d2ba027ed9cabcae7b86116abe4f":"c430876552d28776570923c6b74e42c3210f01104006bf11":"fe2ebc239690a4eb18a0b5e75d08831cc2eb07c982c63973":"005045ade7cc15467b5ea784649d9804540a842ffba4db8d44df4f44c69480bd4fe965b645aed09d62190daeb2693a2192aec3d71453a8218e4700201ab922ac35d241d95150b47cc7a051897be4d958f2da5c2ebbfceb1c550cb67b32ff83ce4fd845fd826a0d2469b506f5158765fa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"376785f5ff8a82ceb0aaeb010533cc1089059ec583c302b14bc47e2cb8c2711839ce7f68":"6d345e248339e893f75696c039ac47e5678696fd489a393c":"b0f3fa1131c3fdd5c7fd2de93931e45a66fa030422ac65db":"c66341e3f9fb82e3ba85f229fcb7d34457e4a6ba8396b548":"b92d17e1be94b0385a8cc3e16189811fef7b284a1b0b6b2520fde79af7826c745e746486a70cd8dd9930b163da75f7eea7c216e758d9ed6c745dcd7bde19bb9382c1f7c37cd15b703b884d7d452c255b25048a836844c5ff28aaacf733a52c28904b36e1b51729d7aed81d601c0872dd" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2cc2557582c5a90cd2ad0c4a5578eb0bbc9bde41b126e46d8e9c3563341ba238414eb628":"9d2fbb9153e3ffefae0770c79de10db069a5ff9f50e31787":"2e54e32539e27ef76ac1eeae2e30c2385647652e20903b39":"1f4e01255908c3c8049521f8972c01ede7dc76c425c59640":"7d6ccdfab33f322898c470be02d8257e0e952dd10f407b3a8eaeeba47c541d968d79eca29e15541c1505fe4f19a41797c9ca2280c06261fe9d0c58bab65d16f5794b57566b8795c38c7b43d4761c8fd107beb95147a0fe61ae8dc31e25eb2957e44c0463ca7c1b589ea587f0cae1428c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e670f896326b76034e43cd85f6f6f11fe6582d3471a8eb88d37a2302de010aac0e556860":"5e218091abee1960ef81f4d5a80415e388bd0cc79bed70cf":"7cf84b9ff30dbd0f608fb21646d7c5b542fba50adb38d5df":"c1c4aabe7616a4c97a4dbdadb08a9b63c6e10cef8d463fd8":"d8fbd557fccf31829b5ee11b05d0353e725bff15fdaac94d21ce95d40eff55edd852b264b515ec6384e2d28d014e47a2df0d4f56a4ec79309b06affc62915e231d62d02bfc60220c72b7ca7ba5671f882839b791ef534e707a04e5274c1011f7941fe1075a5d06a47af9fb2f65c1f211" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0576bb2d4c663b781193509251e2f76b0a8bb792e79449600c2c154feb70cf33ca942508":"ad15e4fce9f4dea43c12ff9f9d50c963b335a01332541154":"3c8a4d6ab96cebf9d02b5663dcb0e0db23699623455cd4b5":"43d2d3a8d023fa1785ce4781a15eb20ad787685a47da08f0":"a68e648cb07da2eb795a8c898c8631e565f33c2fe9c35e686d6f85fef145446cb79bb6d17bdc8224bfe437468a9630ed03c517caf1226c278ae510c869d67d50b6bf1cb378a34035041f290d8dbc123650ab4fbe5cf6074ed0ba90e45d9a8ae08566ea3d3a00ee3741c8ec8f56dcc78c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"f597ce05b9a5b1cf3847bbd4171e5085384cc256f77ac61573b435726cbd538b93de9f55":"573cf859f8fea05f16c6d03cb4e524b91e917f39eeeb1d68":"2a842454870c3f7936f8036b453d219557ca341f261d2519":"7afd8cc269899acd88f5c55af29fb0c4ce678a0d8ebf924f":"8162c16c1ce3d5c6b7c96f0281f4220569a882277935752b86e7d3f54646b276cb77ed96da73799911fca3d19d34c1f0b21068a472afcb77410412eff2abd03c753a009ce02b0e995477546366020294eff0ef0da66f31a413313e2774ca04f09a4d5076e0e85ca97d5bb6faac4c0c27" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"d5b5374fe143035c4fea41667bc8bc7d46000998cc82ab32a0040c705e01f9b354e8f16e":"ed8bb219e67515874c5b9e3f6ae6e4dfa9c42d1e69204e8b":"70f03fe6e78cc34ec1678b2708fcd8ae3300183ea15ccfc7":"9c641d7e73d1a2b819e113747d74a979b74c444ed36b7391":"d50df8e3e17c0f5e19673ba2097d1d0c4cf7a9def7465a5b91ac8d49ae1b6a821fe9efde841ec9064555c0e2d6cdfa41f1089f22a5c27090c5a136660d1af586a1e131a853f19bc3c8f4c79aa09e39c2f22b4456c667ec907e2a4124218665e7cce50399ae1e19ba9c2399f470444839" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"74d7c8c9b170e59e4f128c8df1955838df5c8071a5e85439d71e785c68b37e10efb39c9a":"be3d54203a1078d051519137774d5d851e81be026155eb78":"23f7b6758d79de580ed3eb995fc173da74939837aa8d9eb4":"6f0d5a333ddea0d38362df0dc3ebaa2be2fe5825ddb0ce84":"4462fc32110b25b3797c5cafaad830e8a4346d9270fed98b30f1345a7a8dde19bf5365d6f3788e7f715feb2762af263839c8c8188908c61120743d977d71c51f6324d887bbda380fc07eff09a31c2332e7b1aa1692c59c3379db95fc21cf711c004c4d385fe14f48f2f2a31bcce6aaec" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eaf27c3f69279fd523c0c3a1da5fc4f01ed64c27ffcfe3c1c596482f5baae1434e8c687c":"b038829fc95dcba8645ce40a306491c893f48139ae30a071":"fbbf7abb8cc2612eeea6d9463efd55c47245e01713332bd6":"ccd7e81f529de1ff4e65fc63d34c262ffde7ee49e6707197":"96dfb7445057633b2f0deb69135d10d0a2dc53faa9cded55ddfb8edc63f5424f8fec7627597a30328177dde7963f76f9e5412b5b440256c6a3f0c7c7fa02ca49e19ea176abac013696e9d529f65e51d4a7348e42dd254bbf19d9632d6c875b8ecd7a4139f1bf020a159d2a30af8d645f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"319cbf2b11b37c831c654b6cec2570dc6d7abeeab185272a518eaef30faa5acf5c8b254d":"9effa141f7466b659eaa50c32c8e683c2640f54027ab6aa5":"63b3acc237588cdf41c0d4bef16c4890cf3d458fcf1de8ea":"573d6a7960aeccc3280a8aee4d72e587e9d196b7b270e329":"8a568086fdd9f01206a5aaee34d253bbc9339112d3170699b9a1392e97062d5d0f16240114dc1789269217c5b4b2974895b20903890f7dacfef46fa4a4d02891c70425ab3b42f53d72f852faf3713ac7b8207dc453279f4df345091b8bfeb54983095c2d190358293ba507bdfdc39b24" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"56f3f5b08da10ead0c986dd2ae5553e4b2eeeb47ad5d22197b12b89b4a871c51c0d85554":"96c8630a1f4187fb0794601cf51e7e333e71756a0421ff43":"875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe":"4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595":"90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-256,256+128,0,0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.nopr.data b/tests/suites/test_suite_hmac_drbg.nopr.data index 782e584e2..ac3d3e5be 100644 --- a/tests/suites/test_suite_hmac_drbg.nopr.data +++ b/tests/suites/test_suite_hmac_drbg.nopr.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_nopr:MBEDTLS_MD_SHA1:"4e8227e8422d674cdb79e52cc30b7b84f81cc05b03339704dba3e731fc81949e679a4257c5fd68a7":"2d6e4af02acaf230bf746157ec624ba7":"deebb368a79c1788528b589056b1194b":"1dbbc7a131e98344fd748edc6fec11a0":"0266e8a066dcabaf6991c7a91e1c6e56":"e51fc833a60b099e56996a66820368f5332822c8f9dffe8459c80d2512d451e1669ecf6e562a1c295fa6981fa651fdd3d8d936c18f88d5844393a2a371aaac8f485cfe92926f1a54980500edc43a0a6c" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"09effa3906a5e93d05530edc71e62b39c5e4da020537176c23823da52dbdbae8307656cdaf8f861471dba14533c880505874098917e338f20ef8d8a1":"":"":"":"":"d5de8a3388b11e45085f6d9a009462947631c4e74523080ccd03a0196aa56b63a93a2939f490e9456e9fce3e9000e58190991b9aed6d145ac18f65cf2b1c17eb021acc5256eb6a7e9023f62aed87d15ea4e4b328f265cc34adbc062d54524365cc9c5073a8371f35dc2f459e1d027515" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a7071e686936e60c392061f71b68500dd6f11c563732fca9dec3b2f859e06a857fd94e3ca1817872d94c2b7c2f283a0d2d12a6443e95f7e700a910":"":"":"":"":"72c0f3cb7792bfebbc1ee6f65d40d118a6a1c4e04e589c8f70273b4c7b718c9df383658572b894838a311fc0aa2aa6258758b33783e192b0c3c1d322809375dc925a05605fed8c7e8fb878fb63c84ce639fd277d9955f91602a9f4777b7c3b15404c4e761ec8d466674e32136c7b8bdb" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"abd3dafc85b23025792bcdaf9f410829d3201c1e8ca450e217e13ec2e3b744e8c54107174a6e69ad05f643ee5cec49cd47ea88c80b96a0944154b458":"":"":"":"":"152333e16b04283dfb8c43dbb3be43b5db2ec49a399facb65cebdf7ca3ed267792ba308cdb0649b0c19cb1126b144d5766b5afeca98036a1f85cd2cfe3b8071011b69b2aec382f8562d9dd4331a554f3a3ee632cff308488b30a7416be8bbdee7e250cd12f371d069a097e9eac43031a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"caa286c160d22af10922ee6088c269d0c963034e5fd2a85d2fc171d0c4ba0833b630a64ab09965f132a744656631bf2dd27430c7c2d1e59cdcf43a97":"":"":"":"":"4d6132b9ce70470dd36f551584ada639e74b85fb9bd3c3e350011d99f2dc0371f874e6b9d92eba3fceafe34e574c1441d0d476c475b704755a28733e31637962cae67e849bed18d77501383cdbc27ab6f60d5d8d26634ef39e2c60fcbb04a9bdda8bcfb9b2d3aeec12a21279ed553343" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f79156a2321ba930e15109501ead80a3b26c1747b7a9aeb922d1a9d474df64a1fc3483f10e88a7fcdde91dc06940c58bf4d747b5a9cd8cad2c2e9870":"":"":"":"":"1b3aeaff973b2e20cee947ff283277991842a22f45cce9d22c1705daa51a56ab43aaae1b51bad7a7363edc7b548a0cec6b376b925a6e35bc7dc3b4a33a7f3b57d66b1b35256908bd2d8f0495caf2539ba4475d766c21c2c2e4acff87fefb07c662eb344d9c99ed407165f8a09a22816a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2dfeb70fc433426e23378d048b836f899cbff52d4a92c6d7d218e3aa54c06793339a752f86f03b7fcf89bef725339f16ab1cd28ec85c20594bbdf3be":"":"":"":"":"d403dd8a6f3a914933253db9cd043421e54243a34043f5ee11a3b6a627e25d944434eac22a00172caa607ebf7de55b4c4305c2b93428d5fb4cf0a649451ec7fc5da65c4894cf4d2f3d52e90993544237e5c58745441c9cb2e047513ff81d9cf980d8b12769c21cc8c06f6d583b8be3dd" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c6ba987bb61c4131138bb8acd877763c2c7e1f86289a81b6b54d1d8b399b5a5ac7171c0c9c0b5943bd7f54bf72b20307834e971bb637b351a756823":"":"":"":"":"7ff01def84626825fc22a62cfe28f5f95403bb2618eff22529b6531aaf1032100944d5f9703496d165c5756c0aac55b1812a72940aa5317fb6a2944d124e7f65766f231b6bda06100c5ad0d1b37c488e0e9f11a6d8f7e4cf7337e04d094ea9de2db1bbecf40e0cc8d1fc1cf5a01cd081" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ba08acc3a00b9b40d2bad8cca4909d3bbec5471f78d0bf89a805d839b8b29fb753c9e5d3674365a7055a187a238ea1cd04f482d24d856b67eb54d71a":"":"":"":"":"9ec6ad840270051313c5825295a6f7527a8b1b9b3e7c867e5642a984b11911be60614e5737d3a0d109eea4223f0d2ee63cb19be702291a771b2e2c277f2d4559176fc5adccea52492e3d3ba7d17bad5b5f487d783639467997d7668ce2173ef777f9e31dbecb6ee716b5cedc8bc5098a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95413345228eadb85b67674b9981af34bd6a4ae04866229921be928c06e6a6a6fde8d31a6a88f24d6a1114ccbe08ded9d7c50c3360bcb8908a615381":"":"":"":"":"d4dc08e36f94e88f8bfb1919c13186139591edc681affb61c421d32dfda69e507d59495bcadd39b73c4036ef440dc598e339473caba60e0770ac4729264b1dbfdaf32ca6d136ef6810a6660fa5cbac91940a28053c0fa405c7b6ca5e3f147b5e0096f36b67da9fce64247cfdaad70fc0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9b6bb9589f41e8ed6969dbf1a3b3d242dd5e133711f72549334c74190e4efb1d0452016ed4fffca9561aaf219e6793bfb6fd3dd9500bd61e6a62db66":"":"":"":"":"cee02e4fe0980afe6ccbb1b0d80041ba9841461397494f0fae5188228fbe9822e3ffc5397b7caa29950d95536e7000e1249e5bb93a593e659a49689add16d2f5e02ff251c76716dc426010c2961a176bd63c29397f6e36cd4de2f2b11e1260b9f9a00bd49b4b6617fb056b82c92c471d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f276ba0da08274a082f3b8ad989a713908873b742f96bbbf8c81b4e1a7e4857bc99aeceabe534c45105306b14860883cd56f2438a7812b43f0d911f7":"":"":"":"":"24dd3eea9a8e1f9929ebbbc2a68379caec77fb42531a97f7f3a75d16ad053799ffc25cace4f4553c271ae360eca1f5131ef87bf0390b26785880db0d92bb351e6e22409d600f6dab5cbb2278b8784e67a40be4d8ea6d994115c67b7224d721d1b3c7fc5b24e15f97eb3bbe33798d1bb8" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fa5ed9189f21d7e94764bddeff23050112868cfe35220b863e8112f691c57e6d6c4a91c752c5f0b37b97d5f3e383480054877f319a568b064e6562a4":"":"":"":"":"55eb5ef1248b5a34c741f2076ea5d568da630ce4720b7e2c86a9dd535b48faece2229866a36024fd4114249be4730e554b772d557ce3f8b9d4d86d91202582213a676a076b87f941351c7606a452816db5d0f8194825d402d2fe7ebb2815532091b3830a9616918bb0e3298faf037bf6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"d0c5003a6168163f707b25191b51211dc1ae361df1e069d0f284f66967aca4199809dc89368164213ae17285674e5574851582372fcae8cd2733bf4a":"":"":"":"":"24910e1a9304471d053af458bc3fdef527e8796e33133f5af005106b203e8fdefb274f1c0e8ff44e92c63bef3082c6e5607a7981a6076f1a1d15368f4330c7012509d5f61b4349224a87960bce9873725145f187aa931394c449f502d12b60655a0ab2a221134a51786c3683f9ffa2b2" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"bf5b5d1c891f7a6f2dd3f4d486d693fbf67f49584b7f053aa96ddacd9fc0cdea0fab8209d8f4335820ce68bfa04899b63cda15242e9cd3f7acb1f103":"":"":"":"":"710c8b33ab034b50a29de657b93f3c71df4727a5219a474350c88b4e3974ffd0d3452e8c4d26f579e348f39cfe0d20045a70a866c5e16a0c22aa0d69b739f74cbe8b046bc14cf82b86498460bfb26af0771371c2750f7c59320c6f6fe1d04cfb40c048686b6c1b69dc641b8957c2c341" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"525615164dce0dac5397b357546aad049dbe5982da2c215a233557553460f8505a3e7c8224af561190099ee21a06d62f9f00e282b32b486e8d0e338f":"":"":"":"":"3fe96c9b10c4c8e43cf3cd76ced4ad85ae576f32ea6671ef284f7c97491b72152a18a1060145e4f5e7c0c373c396cb4c8c0b6d625c1f0d2ae95b0691cb1c80a3dd5eaa21632a82aaa28e09a2bbdeff7fd8812fae46deae14bbb16da24d06878fc417b3554fb47b0ef9fe18d1b9d4f4ca" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ca81953d50430bfb09537a318a1a7b90a9200077abb721e55d9ac28946fbf75d9cebc81f11cf6d4db712a3b91d479e00ba30d736a763cbfe40b91448":"":"e50aa8bec96339cf2608bb82cf038d5fd6bf93e65271cb72":"5c5eed0d98c7fc7eb30acddfee002d5b99c965949d4e2095":"a1a7cbc79bfaf4571cd8020da094118d241b3f018ec823ba":"c8b7d9c15624ae018a8612edf6444354c45c6a788272281c16526c689a3dac36679e44d89c4acd7eb58ff40a577c3d1a9f4d0175feef9ac5674c115d5e4cd17f2369e0135e33b018bdc99e4099713ace986a145ef55e868f74846feb3592d44ca3ebba6044a928e9284b5ea75063ae81" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b96ca1202fa959ef55a683a9021068e14c75376e15d1f0394b1c091a8b6dd6b98b6f63747dae58c29186179b4155b868f5a81ca206a5086a5759b025":"":"a35096086c1fdeb1fb60dd84fa730eccedd53e5b127eecf9":"a3269fa749e55850d4aa9e466bced0beab2edf86b926c2ae":"29f6799f7c78fdfa2d0dbdde8381aec5af249556903f6313":"c63ea73e1ddc9d55bd64a63cf73f730136ab4f6d688a9cd56b945f9875ef4ff48cdbdd8b78b898486a685d8af8cccbc2a834a9804e566ee7138c7dbf488d263fbd387041f835ea46ad27cbd66721428ed5795f6ed044cdb17c8e7e3ecbf61dd68239e8fd644ae85776050afbaa06caf7" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"59af1213cfcaeea29e31400ab6b30f108d4a9a77d3b370972d29032cdc612b7c360c41f16b0c9d794219300fe0551e0e66d634a4eec396c50ec9604c":"":"66ed9352bed73224d35508754aab68fcea10aac06d60e888":"198a3526a67a0ce31ad0348bbdfecede4f82d4203d1d5ca1":"03faa2f4c34577cd8b2ed53e10c68c83c1ebc8d877379178":"5e24f1a9083f13274ed1020ab6935222cca644d0920839c2b142e2780983204453d2e6c58518cb351188bc3e5e3b64015882130d745511f004cfb6b64831139e01ae5bba64b74f1a1ede7e220a6d29b1067d7c68ba3543f4dda2fc97a3dd23590c2c18b85662618462ba2c05231534b6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e6cc94c72f37999f28b5fe350bff622b433ae19111786c747d954adaecba47abacfea8cdf5eab05e2f750c0a679cfb9c2c2c071461178a054af40967":"":"3032528703dd66e42c7b6b5881483eca41e9eea503852eda":"ce8c03b0a05982ceadb516b1fe513da2403a9e6dcd7a39f0":"3f7ccb55376f23dfac1dc13be617894931f9c13d15fd3dcb":"558656cad7da2ad87a7a29ec5e612addcca96d72ac7b224cde80ce386c6efda12113fe9aa8e511714a42edab53ea0289c75d34b42f2313ac366f51f5dd3f6968bbd4c09ebf840dfd03852dedc1e3b6209d932889cb04062c644482106cf8b7a237d2937840f0c4d752d52725b5590d15" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cd4dcc8fb50672611f19e0cc8adcf9285f9d76e7e28bcac34e931163f8057b9f86424e5d514a13c0a25bbb49ee485501ec5e21061e006ad1569d2610":"":"24480094a44067b86ef47db38ec3e62914351196358bd9d7":"c6ac3b879adb6c150a8ee44428c333574ed9b0d6806848d8":"92bdc1514d87daaa321655d56c6302878c2bde37700163e8":"21c51a1568aafb56af1fd424f6fa146113d14d6d63e1a24e3168130ebc10dd84925bc4077c41897aa8b3c73aeb5bcf392d496dedcb6487379bfb3e12bc07fcf5c196d59fcc1fa730e55c00edaa2bca7b1e32a40ba06500ed3dd7fcab361995319979a0fa9cdc406a4d20650814e8bfac" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fdca0039e8485a06e6a9afbde5b07a1bbe49e13659a2164034289639d23dcf3f9874b8fb1a1af8495b6b2129b88475cc529c96271bc1bbb5c7c2ea03":"":"841f765ed5f00be838a270730ce5926659cd7cd9d5b93ca5":"825fa13ed554973768aab55917cc880183c3ebb33a532305":"736e9de931198dd1c5f18a7da3887f685fbfa22b1d6ab638":"dd8596a62847a77da81818dbbeaf0393bd5e135069ba169f8987f01dc756689342cba61d87a79d4bce2311790069d10709c3a53df974c7d6793ae1298253f13ecdbb5680928579b73d73afdcd24a703dc9b391f303d8835ba1129c3d46237ede5e44732a74f8f23b60a3a45ce42f042a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e246e3f95d89c166768aac69fc95fb49eec49aa633adb938ce1705b68987aeb0fae7f57b7e99e4f3e3e1b1db2d1fedf443bd2618e95193cefd905e1d":"":"130701f88cc1e7545980e6c6f6cc76b0336f089bb66cc347":"95533f4cc247c887d6a7cc0ca753009bf034ba95b7b1d3b2":"464fd16f011eb2986d9982879d79349a3ce4f5905bbfe832":"0d4e6b03af7a648337abec2efa585908af40e88d1f104b3e8c352aa29ac79fe8e448f36b0dfd701a1fc0f1d86dcab7e8a8ecada6ba218d9aaea1c40aa442ca51f3116ced3c9b8ba7546688ed4f3a1378f76b8a29ec763784fc82906dc0f688c5e60d59e6d5284fcd96f361bc5b285465" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cb0405e58270cecb34a9951adeb694c5513c499cf310f6a99985d4fb3973463e907705740e01aed4ca221d4b03ef30e69fd8dbfb4ea919a913800a1a":"":"0b57e688472e9a05baa3920417a2e8f9a9c12555fd0abc00":"cac05f79d9837c97bb39f751792624983c397fd288dd1d95":"344d2aa2b3bad1485429b66606bf215acb0a65bf2a318f6d":"b2a13d75ad389514149763199d711092a9b0e4f1e50809355cfefc1884a94f4d4a50ac5c5da0b4e9bd7537e413bb451fdd2fa77f1f894444cb5c81e4c43978ebfd96900a2c8986c885d0faf89a2ad5c6ef922dfba1b5219b0f3c4ac2095340c3b8bf0db037171b6545741c76217b2aa5" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e38ea7584fea31e48ab085c44f46b4cf68ff24b4a6b0b25867463e4a46ddc9a4de23f7272af1e9c4e0391aa9491ce7cdb5f96292e0d65cb9a9a4a3cc":"":"afe267e1491de3934054b8419b88b16731217eb4ee74c854":"bd0f3c43229a0ffc9e143e16738111e16d6a06ebf3eaa5b0":"23bd14ef8cf797cff7ff787df8ed8b87684fe7a9a33bf695":"c27a6ee5bab8f8e93783840e72894f3b024c7d3206a4a1869ce6fa8b5674bcbd24d4aab30f9866d797d850423c57684b7697913b9ef7bc0be933d0e21535bd50fea0feeb293985261fb9d4eb1ef97ab5ec6b691a08db4c8171e63745d14fb4c3a03c41f906daaa2877b7622b254f0449" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"71dc625242dcb94e6ba2bd013beb2112cfca576774e102830503b7aeda24c2c9d862f5212975ccc019ad2ea0442595f74d1d37dbcba0719d8ea32ba1":"":"0fef9f0934bb4485bfab2431f8811d963ec7fa7953ffc213":"a6a7501c4a5a93c396ef8cc969ebd93cac1c30b4783a0617":"c58ea233f35a22fd9b01592c6026aa17922070b3604c7118":"a1452d85799b54370cff65fd6dd74b575199606cc8fa64880b26972c913c372010b4c3f4ce9b7b565a8f5305072404c7b9d70f7aef6e2709c1694eefae66ffa80f16eb4b91f8041f4487427e69daa437e183e83d3b9718ba6a23fb90365884899e0d2f0bef56b27249f65e1c00c5411a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"36c1e048d16f9d6035c6b62515afb929633f356fed6a654282663e2284fd4132116d21eef66d29629bc712965d960f18cf3f7dcbf8a3ccd61b5b5fb5":"":"93bb372b7ae1035de6f13b2a36c3ae5682b9a3ea8f444383":"9715b72e4755993762e11a93857f1d50a051e70d094339a5":"2f1e73945863b237f49d6d20d0999a0203f295b9a046dca2":"ca135891b47f27c26ac891df49c80d085f90c13d236a60f1372eefd81eafc5819f4ae5aee5b32d46681be01629b078ae965f67b81a5268ef0b303d09e048f4449f5aaa11af51f80151b4697b13700930167cdcb3b6e8260eeb8bec7f6a67a2050a6ea569c825d61d4858a1cd15f70fb3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"582425e13356e7a840cae9fa435b220af6a96fb53ac91e7ee22023cf6a0eef3923907883ae540be816e0631c894520b86e8c6adb8152e55cb6aed5ad":"":"227762e137f9eec6d2b3c63476b404dc5b0c68613a93034a":"fba72c01a9e51c93ac00c1232c717d32fd4d4c791556e716":"f5258bf318457769a93ef5b3ba95fa2753ad1c5c1b81a785":"c753a84ba7f41af2ab757ac1e4c9c450d2112767ff55a9af8f58edc05c2adcaef7b5bf696e5c64f71d5685593f254a87625065ee0df51ab4f7bba38faf5799c567d783fa047957f3f965571a7b4cb477566d1c434d6b2e22ae16fdf473a6c03057d934a7e25f0ea3537be97238d74bc4" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"836f5d7521f26d884dc34af2ca56ab4a752ea18b909085a87cb6d07dba32b654390a25b68ea7ba8fb790271c712f387145052ca46cb40534355c1666":"":"99d9aec334666d7c399e453455ef6ae884c2173e12e31cf2":"d74d20dc22c55c35f0b66a464dfbe8f349616916fc726298":"407b0951404079fb3b54559c0286143d9cb18957bed7fb1d":"809f372d1af60ff972049193fe9f173684a2fc9828b60b32164c1b6738e1ba6aa12cf739287a74c6ad528a3ec00095b590b44705b4975236a0b7ea02c1213f0e830f275f53bb79efd98679c4766cad27738e6fb777e98cdd606b971fa60745289d5ef72a99e1919686a53a241fe36cf0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e555ed6c7ab344fea68d73c6432e4e6da2e67d8b33ab79e5719a2def258a852d17d93212840583fe23900949c301a29fc92095f4716018144e64583b":"":"5262cccd138256fa8424801435d118f39b9aa1db4d11ca9f":"9b55d76b743bd7fc5700fde8ffca956c0ed6091df1a22aed":"f8c99af8029110c41a6a01fd2d3d12b7103aa39cbeea90c8":"d1ec06e38af7c6e0a70b73ac62bc3556183f99a47bfea0f0c4a59e7ba4b0718df5438e369ba14be84db40d5ffe8a1a5952edfb83f61ee4d984e3d2fa67f557aacc58291cc688fa29be530e66c228e68607e25c013473b4ffbcfeda721ee35f5dfc8809528eaddad8969ce719a411216f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"12f2cabd3b6f640daaf27ed6cf6bd7d06e2ac372733c6971739e36afe2ba1ebf4e7e5e9f5591480e3fae752fa59bb99a1949bdeccf0c100f6afe886d":"":"7766c36e6583cc8e3c26a8058fa0923bfeb3ee22033f46c0":"63e60d1bba9aa29adc3f3b8a5db53f3b703c7ae69bcbc2f7":"f416f36717ba5f0a78125ca52ccd004b2f4f2dcdd401f595":"6196b2b4adff14a26d64f440b6c160210266d7f5b77d5e292e94b8c67bd9cc774274741e7c0c9a7ab21c31f1194ef4218ddcbbe94059042d22ef44ecfecef214a73db64505d46d5493d7475d0684fc0e431c5265c12b35310d4404b3c4db6029facbaec88b0c0ae9799e5af0aa49e842" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c50da90a1f7987d5216950ea22689584b237647d96c1239f9251942f4d13d16f418b0cf7265b91c4ad97a7acbbda065a48bc1bc5c7a9ee1523c50e3":"a74c108fe870b91a2defa971fa1efcb7a209f293d29bb5ea":"":"":"":"8853eb47c4ada94a3d58a1b517784bccc8f831d02dd5239c740fd7caa3869c5ff7bbf522a78be2d510c49c496a6657a09f0ede00daee9fd77061b0f04e7342518dc6ec1f4a7ff99dd7c783882b58f5e8bc467516c6b85985fab65c6761d4fe756ffc27fd62cfb92778391a258d3b0b0e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4606e3e19a8a53e8aba05d9d1fda1ddf15e7709aa2bae8b54efc4a14e734b45a5cbbad00a749d2bde540258de74ff8fe886d05570300af2086d0b9a2":"23ef5fbde4b270c084a745e0e299a5eba228a37074fd4f07":"":"":"":"8caf86df25de5cbc3749fee4b64fe041cf4ef2859e20704bb01abe126a90ead8cffc427c2f98aac400aab97184846125a2a66888dea9c8aa108e96e03b05bbd30e566fb90c661dc1990ebfe75f73f5b0de7be419c225bfcba3713805455dffbe5d6fcc98141743b59c2cbd70e78f5977" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"08e2e2175fb34e4111179fc2580c05afa16d224440cc7eff24082beb16133a992fc4f4e2762634fbf68177dc3f11c4d057b71661ade56e7768ab9e6b":"0a4af33e2501ba409b132459ba97603888e727aca0a0cee0":"":"":"":"39c60b6d9f85cb69b2128bde86aca2b055e21ffd7716d789f834ecacc69a043893b09459991793571d3d8070f03382a11bd1c1bf38e86fae13a932c6dc82c540fab8c8eff478e598d3295663ab75ee8a56376c0d607fe43b74ac39479b8f694a3a13826b1b96344ec67b9eb0a5858eec" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b436ebeda1119de3fb2b2e532f7ebf59fac632a4d784d904f844bb73f2cade5a88d4790c8c1d5973fc73f6b7f929303b62d30b6818a25ddf705bdb9e":"07de5589726c49dc5a764de9b41bce74675e4ca3c71769a6":"":"":"":"2099fc754ecd19a19de8afd21d2ae2ce456c32d6ce7772a98e37ed47f54001f44fad8e9b591a70d3bb28f19bca22940321ba17c33193613b7b5be1ec54efa470b70cbd6be2931193c35cc73d80c139bb4e670e1a2cb74d3bedd3610e9d0f9d154372a70b608fef824c346fb16241b301" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4d3e993c296c66983b9c751d2c0aa2d519f801a764ac9f1fd8d86b57eb226bdd9f69efd9ad29bf16af483e7dc170f8af65c16426c2ab7c0fa9df0175":"52ae4cfe985348408d3678d60259a78369aac02953911e74":"":"":"":"bead2cfc29315133e6f5ba2e85bd7778dcf9908081032ee634f90b0124ed9371c9009419b9e2a409fe4abd6295cad57cddcb6042986cc98f2fafdff99f7cc1185f3ba0d5f1e5f5452ee5f9df03c0e8a4f8426ca246afafe81079c2f0d165b87056e7c8528e8cccac5f49d0bb5ccfbefc" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c7c4e18c56e9191ba43c967cebe48e55bf9aff4d6449c3e6a1f9846bfd7f92d535bb7386c0155cdc5aa2beec888de0d432f695ec79b1c78841ad941e":"c36a381b1b36e6ab00ea80557b5e7451ec9771101dc22580":"":"":"":"da74b23d309fc7cf7670d7feb6cb6ff4da1b763ae2e8616edeec12c71511f5a24b9c466532283f4151a902ffa5ae211d7c1efa84477b93fc393ac95522f3673f97aa9e379e48d198d5929684875150633fcf8a0918d2050551d8daa91887f3d2685737b6456d0c61c0a117413f193346" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"78426f865483ffbcc6330db2ccd65bf8f247706cedf68d4cbcc289bacb1ef32e5caf05f28a21146a9b18e77b3a7ed0d24a0803c9af7264fe4e23d692":"e5026090f9806ff6f158c4a834588f6a39e9b4a44ef2dfa6":"":"":"":"111cd64a9950cc6f20a1b38811fce4a08929ca2654bed66c0cdebab0b81552826c06ef12ce463fc9c91c81a35d2ca0553905922b9a4975fa8fee2c7f9ffa9f2ed8cb2609f4b7d32a44927c7b5baa8f43dda137aba9b49a2b0394f7f67d37b7f71a5e4f4c151db6b96e8e4dd9cd0bd84d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"43ca11d53ad0198e4db5e136de8136bc461851a30ce59521f931ad0596d13365bd8297a68dd42b7dab7f40808b3ce6c12f14d4de741ce451b6637a10":"532b05891fe406ce72421013aceb434581be8a3a13549dfa":"":"":"":"4c42f791dc8322d779f9a1ed9a28b0cf352601a4ef6d74e4e822ee5d9eef06e700314acb7a47dcbb62805babdcfdd236e3022374defd44bbf747764f72fbfccae10893b54b29966aba448435987c22ace4c931d01dc945091860cae7744365bd9b619059b8b646b229878966049cf83f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ddcb3024b681e30e16e05026d8e23977497fd0b2c0ac24017de2744edcb097d3a104d4e3c6b8adcb554746f9a43671f0692c01a8f89fa98ec3a54ac7":"bd9e41974f6627ac5bbb21ec690eece459e1dcedefb327f9":"":"":"":"741b2a8e82aa3ca9f3a609d05a6e2d570be463ef957f235344cdf9e0f89b3610951aa1ef0b9406785b75e59c2de8349d435e4db82fc2a4a8b94e366f4eb13c432fcf8fac08f0c7fdbe67a44e81706b53b460f78befb8cb6dd2a0ffd13c87df84f8a5197ed47158cee171e5323593df4e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f81c4ba8605dc14072e2bda2d2ef64e71ad856061056b8d8374fff5a6fd9a54a814fd725bda8944037197492c52c62b97ea02df33325b35b91726839":"217137084f4519d046ec896144cf2c301baf911e1440852e":"":"":"":"14efd71fa13dfbd498bbe13ffa24e646d04ee0ef32c99c11004c3e9d8f748ac2f956f9899a72c8d97ae988d06275855f77a92bc30f1b957dbcfc93fffec3852715c239c5313e765affbed257d302b6d1b74977b8012522b69902adb86efc1ad768d99d657a5375dff720b4cad886877a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"8181fd2cc5f7ae2d4ed2c96b9511aeeef33e50ecf164afc4eddebaf76a96d97bfb40377959e1edc44d24df041749ec6239ff226e40d5a5feccdbeda6":"7d6ca5ab652a37cd79367d84299f1ff2c5a3c2331c77b98e":"":"":"":"5a2cac8110a24e1d8c5f8bff3e82857ec8cfcd469c316fa18b0f65a0d30866e49fed2a228121f50901dbbba561732c4fe82a98f341bbc0a397fd257a5f8a4a9122c991648b1a6507c82f866d26f9b22e0ee7c9a51c4d8e5104f0b4570043c9257bb9dd6f3730f1daf94f80baf8907acb" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"a0ad012a978bed2268d05086b823f5d0dc9bb98ee03980d755bce968f9ac81db886a2a05b59df40d8346334a0276b73f528db03a118545acb7f2d70e":"1a8aca3c118f2bc0c2196df81ef22c267d20ed7c607cdae0":"":"":"":"b9dc0eb1e4aeb482dea1b4a5e6f6ef9636366face696811db2d912e9430b303f23ac95d65682694ef9513ac5b3e56a053b2e1a2ffbcb901c375cd122cab47d31fca5a0606daf8cc2e5e6e99b90fc8ab4fa67794caad91985cc92b2187dd2965be0980240d9be2fb1c4bf06e60f58f547" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f28b143468ab87794230cef4361d047236444180d0cfda58cbb9494cd1ad21be96297ff799011042013789a928f18831ffb0169126dd046c774a4fce":"ea7fc50e1eea3d84bffcbf83b240e921348b532e7b33f094":"":"":"":"5c22e92f25acaf98f55ff06e1bd80d382da754d1d33cffb6fca933583ba758200357551640c439770f77f843e9ce1e9a054f69588d76acb9cb92b7a2fa2903bc51391bd7001ccc1da67a4cce9e5dd08c2d489295c36de2c148ce27311d0789310de1cab2641e92f859b036383a8058a4" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b628cb448e477cb439a2de687861a992e738db6b2b25cc6c27aadfc3a0a640b3411de49c920407303e80abd7a1d4f45c4749980fe1550bff69518210":"d5f4f8266da9b7f17ac97734201544104a5c0acb53c6bf22":"":"":"":"34a834dbb7da0b6a2e2353bd9795bef369cdde4d172b3feae7b1d9fdfb0446454cfb1adeff423d0a143c33c0e0d8e7905bd1720889e8b1121f1ef82cf15443c2f9c8999c5573e7df60b52ef395ca1d1b60e7eb721c012c344d06b336d519fa2b7b6dfbed8383456504bd0b4893bf2ba2" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"5c7c9690a1926a4580c691c2e5327e736d5c3aec0ce8f5d32d4946bc4b607f712a8759428b010ba1b268b0de64fc5eb32d3f7fa9b8d4f20fab45c72d":"0310b2d8b5655cbb0fc2041ad15a248a7b1f2ac78845e29b":"":"":"":"6f8b6df55d9d8acf87dc2af20b7f4512f9425987495f512975de8059135e7ebb8698cb0301a8816e7299e76053cb66051c8b35bd2b00b4695cff4847f168d2d60697495cd9007ab7dd74ee7f61ee90b7827543f624b7c1412bba3d6df1242e6ffd90534ed393341429fc00bd97d9bcb7" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"96ae702af50c50c7c38818a5133938bd7ce51197fc78e21815b6c5a7ff9c0395d764159f707d5813e5bf47c1b8232b44a007bf7decfef499d758ed53":"e96554644097e9932585b7f4bb14d101f24c8b0376f38c05":"3f698a5f6f4fe67ef2ddf23bd5a67c1a2df4f3b19425fb85":"fe1f6a90fc0ed396bca21c0d40a1bb583eb63df78c98adac":"5942b56148f27dd5388f00caa47ffd4925e854237fe14454":"150b9260ce9aa419fe1860332ae7c9f42d9ada1649679b53f46bc9d20de3431186a54afb5df7b6269cdc05540a93fdd50a2cd3a862372d862841768df02846b057993dd6aa32f874b7220a5a1fd9cb573d720a54af5715cedfc16f0d9a467735e253b2b1a6e97421fcee1f2d670dec1a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4834717f669d9b599f0ee526129057b5a7c5680724ae0459ceb0e0d4eda21e5fe92e63fd23f08f8a0b094a85f3f377fdf1018ada0c461b5a05c334e8":"870b7857dae97cd361a005c3005013e4dd55ca76e46b62bd":"522534ba1a09cf9abf29bde66ce1dacd0e273e8954eccafb":"45f54169665f59d92211f266892009958ee515f14d09581a":"4633819c2ae83c71059ec8ae41ed2c68cadf9b2085a5b8bb":"7afd6cfafd9a7bad155b59a8bb2094f76b915b93764e92858821d5c32ff4a29493788d3dc1627ffe7980950394349eba88b9c2f6869ac5086296366b6f4ee37e8529d291c9d962e30662423faf375b7820e0b650db03e3c99791d8042da790cce1a1997ea21441dba4b936bd8b393300" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f5d1d27eb344b63e907d82a2e57494b25dabcae440ac88738512d9602ac8bca243018f2495599e618dde0261e43ea38d45e7c09ccdc4bf3dd8e5c100":"12ff844e5c5bb3fd871feb37ab796002846ffaca5a741c54":"f642c19602754584afa3083f567d80fdcd1e5c29202ac3ad":"cb6dbad8ce1a5677b4825cca934336b936ccf841ff98d894":"c11fcc157c643a943e54274f1d942d998fd1ea0333e21588":"6f25ae8bf8c26d5f0b9d2a81acaf221790a09241b6e83c9e527c7784881d1f7398c2d7771174f92aab45134b4633ad96430df30b130ae34af52de90b425405959ba24a41685a04d2411e2f0e8564bf5bf3280cb6d75d0b910d06c73a625cd56646eebff14fcff81411c055921cdfb4c0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"49a10569d87a790d34bcc3c8fd77d075a1cef9eff337e8929b51bdb8d6c5df3ad31045684fd1dabb1fe6f052fc9886384fe43c0a7abc7adca043d35e":"34d6ad434a436a690e7644f0dc2207131148192ceb2e91b6":"8707328fc5a1721e4d72b23c2b8ca3c30ddd95664ac478aa":"82c8d83a9f5d5639a6a1ce26d244bd30dceb1cc978627e19":"2a53b0b80b29c7d071983b65ba835e4eda66bcfe7b3d90b5":"08e24ccaae3b44b7248b2d735af985dcadb84f74d202bca726de1cd663bb5ea1bb67c669126ac97218a9ca45491df90beb387615474249bba1afd4534be7a74c61fef308f13661ddfcce40f24b410cffb1cc3cbba2c6d20a5e4c4814d44bef07bb697cfcf1e9932e43349376dc04865d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9a4232a59cc579867f8330c288a9218251030c00ebe50c9cd97d6cff6e49ad079df509644ec2ebe3ad4e515654af383da265d7b348dd4b89ddd49cbd":"b4498a32f664d4b489c2b47e67845d2d2bed5096e88f86de":"b8471ee87531817d81ee32578d27fa3a190df33561da7a2d":"2e74194aa62ef911599b37a51fa742817e3a4e6c254ec179":"afc7f13ae55e738cceb976ebdd01698de4d103db797f799b":"340c28cb7cf4c3e143dac3e133de864b1f458c76e3d47f3cbb6845f940be174b8819fc539f42005f4485fddc657f064c34873094e25a9bf7ec341a98cb97014a1d694b1694170ca5a8976e86f6e4e41232f526ec8536facd02394f492fbcc7c298ef0eddb3c5a148399ded7677366cf3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b89744009793d2c118365b1d2f343d6b6c59374b41dbd805e793f27882467c5342015cf968b080a88a15fd6a7be3757b05313528525ab1e2cbd08ffd":"f3c02be0a880e194013c21b09b6703a61a7ccf7a73e8a541":"bca27f10060bb8d16d499b3f6ca05ed8462b51b0b43a1fd7":"eb6fcf75884be9112219d359013f45fcb1959ea971bd0bc8":"50a03bc3652f50cb9ed1167ea70ec1e74f896f81a8090216":"d2a529722365e7ff3e660964eeb27040a0e92a4d19bbe94592cfebad71047414676ca6ca72234f5127f313cb7f5be613b44d989fe141c9a0ec1f0b4d83c36e744cfb1c72c32a02b68c21d28832da008c57664046255ef18488ed750ec5e73b18eead939f932d2809f12939670c3c1033" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"6d2918c15be7871cad99dc9e06f73253ef905d9705c4e4ec38664043b04f9a150fe5953bfa7aebd926be162b7edd72fdc14ff97e67dae6257ad654f4":"489243eaac215f76a573b92f0709d116bd3c817eb95c2c39":"0a84cad7a1cd21a5afe6557d7d2875d9c62183cbbf49a123":"0c14578ac9504902cb9aa654086246d113039f926a87b325":"1aaab1e3a29e144cec825d29c3f42dc945cf2772ed30cb5b":"33438ba4edd0c38db99f2b6a50b35dd89aecb3491990ec4e60460bb32eb0186ff9fdc973b1b0df23ae65da31b8af5a37a69f81ab3e577a4c2c31e51cfcc4e844b044fb597e937524f59a0019ad5120c460329c982fc93e8e7a4b4e1de5619103b23a7a579633fc925d147d8fb856a277" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"1330c4aef54ff84387e0372f7c8d273cecf0af2ceb32ef6edb6a4f1ace802f3b95fa69cf578e2cda1d6060ec2554eb3152507387f325d8e26009bd80":"89d7bf8f5754cedc2e1a249f693e29276170f62c29c5edae":"a6b58f33d57570f4df05bbfb792a00087d331e17417e09ef":"f57fc701e4f8f5cc2181b5357824f932f6e07679ec0d3cc7":"586c4e8c5769156cbb54c025fb01aad0b61aa6238c231656":"0bcb6ad4f2acefb549c46271d5a4ed41d7decc095137e2044b60273388c6c6d79cb89016abcad1d6a138621720b71fc11ef82fae04026e08926e94042694a0c008f99281e03da580fbb6543aca2b4596d39699b97f1fe65ec60a70b88770eb825b716a10ce41383f31db596079a9d54e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"3f0564b9ceee32c8944c8f2bc4b4d2179b38acc880bdb91eed466b881e2cc21df77bc3901ab5ce5ecf029a066784503f80d1857979b09c4563944433":"5d54fc715556c20f5b2d01d6b0992f1c596e5ad77f81da75":"35cb6d07862fbab4f50038097cb463aadf14e519c8834651":"abb21e501e85ad1edc66108e3b88380fddf810b10b883317":"3c690cdd997dfa9c5677bee976fa93cac21f5bbf382f7f53":"bae872c9d221b1531f85c15f466b7a3af3fa9c9c6b72bb8f5dad77f3d12df52d10347ba5d6504cd0a285c3be578bb67f0a9f0137463dc01cdcb847e7853c5db4cbb6a115ebff7b80db0406baccb0e3e68a4a4a95364c2da29466e160fece7b8ddb65dfab000c66cc8109380a601d5ed9" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"115c973d6df41ead464e22572dbe0761dcdb9aad930b2e55a5558075fb7c51c94efc5f8fe5dfe24d30175a89f1bbcf146037a07b324f572d0d4c27e4":"d3079ee3a3c9b2d69ee0fd316a6448bc7d8e3b730948c46d":"2348ee87bd5a3bb45d51a7b6a109043a9b6ee3db011dda28":"937fe1a7a790754bff99ad51782e8ef5b4928d0057b0c380":"3e89899f4aad241a9189ffa127c87c15b5e3bcfd80bc316d":"0ffc883aa19b3cbdeb39039fd3760160a93cd663b8b358e9fbb6300df164689303ee5f2489ab4ab2d522f6a33c93350eab553a2499b15f8ca198303ff45e946a06d8a40959f33a759c5381b3a59da22e68032abf3da3da6aadb410cb41f54b3146ce57f9bb5d28bc823e3e03c0294794" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c28541425a7cf33e29adaa91f326f216de89976031977f104f44fcbcdcf4579337434613801fe4661642392db29f15f0924566e72b596b23ff7b18d5":"44650a29972aa8521d6fb9dffeb15c00903a283f20ea9914":"43cf4de0276483be1382f3cecc6a803551a40602584cd84b":"03eaa10612895db8f66d50a2210d73d1f563c3ca929d9f54":"8d2b20abc4e8890c772bcaa05cb7b3eb5025ac4cacb5f7ce":"aed27ff8eb54a7d2787e73ed2a51877c1250c0d4eaf10aaddb30409624289a9b7742cdebba54218c7c448b57f209182e214014cd180916a8c125ad438af2e5f5ca5b00f9cf063f0c307560ed4378382b4572b97088f8d24e0bdf0fc3489f64074f1155fbb1163b54c93098b841257c30" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"dfa52082afb4dd137cb5209f6771f04eda25794280983ba1d8cd2f3d7f9dee556ac26d8a5a368d29096ed643089b65e9ab17b5f58ec816570499fbff":"16ccfd20408082829aaf8a818885164581c9a1bd09e9fc12":"abe13d12a9f0133bdebe14785dfef5f08a133a6cb5c26a92":"485dad7804de594356cf3c571d5f22263c0b7cbd4dca1f1b":"5961f8177b6015ae0119d22e0a45a4aa1bcdc580f7e7f975":"ee48e57f1b5bd72c99c911d3353952c2c143689c3cd9b474a46e4ada83811efc67f2557d323723526809825aa338a80e833c95297d6b16490db633ac1f1648071c3ad4cdcea056c41b4eb157ffc83c3454b0cf001f1e01c31e48a61587381e293e6cff97270c1f157b069df3e591c2f9" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95f3a1aeacd07218a2ccee44c807f790e568e0032a42fdc7c8dc9a71f76bd725aa909ddbdf5457f1dc4e69746426a9c56fbec603867633ee36a7fe62":"658b7326cf6adbf7208d37cd69547805bc3f58fdd874e143":"d44350c7a668e64873ff97c31d79cb23b0f1620aed7c9d23":"dfefff80f10c3143b82de3392c395ab94ac8a2f4c0a30048":"a6d21a762aaaddcdbae9b9ecefbcb3149d514c94fe83eb21":"4f5e544491b72b84a0d0532d7f9ce01ec2de6a05ab5056fc75d8f73bbcac5ffc38e20745d0e8aa1eacdefea6dcbb92475b5cf9ce0a617e5603b7b9fe34f4f4cb04ade2db35cce1fd315140e3e4ab8472216c7cfdaf004181351f210b397c3147dcd279f6fc2ebd96050e996f77ad6ba1" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a1897d6ea5de66e551f8c106f601e421ddd940812530df00f634682f249aebdaf86938c895c11f9fcb0bd1fcdb183b4f8cf86b3429a5372caafe1d":"d655a179edaf4b8381a9f6a332ed5b754dbf34f650d19867":"31c87be686b6f90f3d1b0ea90c541e16f3430292a5c4755f":"ed49403700cebec30d1057503be7baacbeb45bcdfd9a43a2":"952763380af3243c6c327f23cb74f8368919e0b6b9c25934":"fb29067bdb23c0f0153932523edf32d0e3c18e46616e07f39a4b78091eca90349f636ffcf26b68a4cd0902431f2ada91bcc86dc223db4aa7a42e7cb57a852095704a27f9f07962880a50d2ce16c125be1e8d4f54a0cc5eaf63150c32408db6f39b22fc93b853caaba9e49581f13a8815" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"387e31bcfffa51323a92d90713b438a1f4ded69707be3aa517e1e72d448abbdf0a17989b3de7c43c621e904f52db52ad823daabff9c10b3fca93acfa":"e08fff320a493d70ea4cc85a4cc604664a0deec8f6c7666d":"969cafc33e99964833c4d0f88f906f5429b5daa552f53bf0":"8d6e6f05301ef5cefba752f3d0ef58a25775d6b69f6c15a4":"72292aaa69fbef6f010fa4d5bb63d6d7a595395d79a8c110":"77ead908484044482da529f9a6f4ca6e6d8d49954d2e2d5c7dc455e03bebf484021673727bbc40adc8812600201b8c2de8e658191422b80d23502329c84c0ca061b212952fdb2ecf3106dd20e6455f1f231e1dad1cfbf2fa019dfe9c162a670ae20b252ae2e5a4ca0eaae1c679a7fd3b" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-256, 0, 0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.pr.data b/tests/suites/test_suite_hmac_drbg.pr.data index b625ba7fc..934a6e3d3 100644 --- a/tests/suites/test_suite_hmac_drbg.pr.data +++ b/tests/suites/test_suite_hmac_drbg.pr.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_SHA1_C hmac_drbg_pr:MBEDTLS_MD_SHA1:"567d3f4c0de396ed67569c070d87f2b535ec874e881418983ec42ceb295b7d312e715e46b96f9da5998f9cde45b1dc22db6d2d7bfd4f3930":"43c16ab49ca5174f907d7899ebd242e9":"6c0b479d9e847dfbeae230bd4601d0db":"0d5a2183c9f9ca6941f6a617892f5e47":"934fe82b0951b97dafc5ba16e87b0459691156b42ff2dbbbd8f6ed9b04be952af267c6a17fbfc86de91f9f07eed482a5362b176216a8963af485503ba93b2e82c03a3ee6225077d90cd961e24f6026f6" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"f3a709bb47a36838cb998fb6986ff074c57932a669670570ff6cd1b202ee1da014a011f43fc02c51ffcb4048cc060763f2c58de2edd494275da14118c9cb7fd50475c66cc7e792406213a7d00cf7623d931a5947":"":"":"":"bbe3daefa61fe302bdaa6d4d379680acfd0d456b5d35f137c145b72626f2fcf39fdf7f3708d9e88c1710408a3d7ece3b0261ff538846fd5452149960215c0c22beafe6cd24a7c392d5845774b87528912c322119a2adf4d35a0ba61dd36ffc8a7e7475afec58ad4a8cf343afb677f087" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"0f508c6330b9673e94861ae2057e200ae8f2b330b74634d79fe8a4c698211080db07e58b762a2387379f0c0e2d01b2ca40ef82fec35eb81a5493ccef709dbaa0b0e4494e460530062c8db7446bc6af2d852fd875":"":"":"":"583367bde003eb2061cdb6f51db9c6827cbcefbff0497ba823e112edbf7f2066fcffa3e92d1e8c531007783554e6aa8a633bc925690ca6d579fbedbf9cc4d6cb08133d0cf8d4c25fcd3b6fed95f00b1bb17477cf67b97a557e7da933bdc121481755f628fdf0f0b1189a097c7147169e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9082871e73b098bbc58f324f12f6a83c321360c9f5b400d00a9bb865ef5265083d9309657c40ac94b579995902df0e2084eb4a6410cac605e482ea4abe5c8eb73bc63f68baaeaa56d47f7d74974d940555fd3861":"":"":"":"67c2fd4397af79297782af9baad2a26b993efa48c689a74531417ae102d4ea1d6a82cb0321aee3dc2572ad27299e81a7a77f1cf837119e746988f2ec60bb01eb2ac3d110a948c1c33e86833757e2670cc3947658f3b2d32ac59242f152e889d03d03056f0a265ee759d3a4488b55c63a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"4701f34326930cf93deaeb3a9c196e307a890c8ccf44a55f84593b3388a196238fdd97d201998ec734821998e7d6bef7b31fa2a81343918056c01d65f519c8576e4120a3d6b9ce28ccf57eeabd012d2c14e47045":"":"":"":"b499b86b0a25a0fc84a9a1b902972e2bb5aaf9b84f13804d6180491285b9316218cde0e73eacf722b5c664f4e618625ed35c5facbfca153cc184309754ecaad9c3678ce51ade96dfe3290e125d661e2afbdadfa73240c24939bc31d171712c7c987bfb434f1db6ed44b321bcd237f149" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a912b6755cd2d677d63268a5203739b0785d7d956738a596e269128a583921aacbba1adb7c6d1714c164143c8f44e76711965514651680235068476ab137d5962e5e5872f3b899d0e9ca5ae8fe71bdcfaef1d241":"":"":"":"0f410304b6d88e52c8d6039ca674a06c49a5fa1094cf341c4034e39990236d9e5bb8ebb6e59849e7df82e2d02981d8df21e4ba3381e606b99c16de62860a470109c0123c69ebaf970603f451f9e6acf83e1c5951c3cb87170ef319d9a791110aea0c0dae5623c287d4c454ec93227654" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"54fb376707de02a1c385a3da78523485111a0a099066206f210ad848f29d3c270d2fd2f668cdd3a57cabed71f9d784c209259d1e4a3eee2046846a55a46965e495eb29725a86bd630dc43cd60ddb4fc93c59980d":"":"":"":"a2e3ab5390b5b79786ec7b434de48e45f590b85513106008479d8a3b7b236c884b0f871d8dee539c712509bd70de351f3881cd87c9cf77c1a9d8879986ff0f6678549c5c6acd15aeb6bbe653a9bc76829df2f194c5f6e8c7dd3058971ce15273a2d559c1ac60a0014e5e32352d6be2a1" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"3a0c24b5a6106d28c02957538e76e96b3ececfa80ba4c7d01fe642a88fc822884cc36ac2703e8952ee635948715f78c542e6e3270f2757f1652474df4706490b18e649ffd95dc518a8b4259da193600af5d5bde1":"":"":"":"55dc24206aa59d34ea990ac6b31250f15ac056c8ecd52e159f3464c38e1f28840eec4c6423b0fd9971d11c5ab99225eda5d173c08f9439bb56eb1cc487fdaea934fa816f9c9e0d628f111cbe60a647e03892084f80775248d41cb587617671d99b508644476b66c1c96979e5061e025a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae7ff70bb69c964f05c99c0e7868210d567bcb5eb02db7708de162e6bbfd91fa17f30656420dad1ca69d356cbab80456cef922a9206f07d32c3f198c1a68e673c5583674bb1df1f2a69c554fdd3411c81a90c83f":"":"":"":"f1f3f79b1d7f988d4caf7308416f3d02371cc029a28eb4f0247c8625c4680a2dcbe9f3d56d92de6ee4d4031a254bda8a657bc147fb90c2f7783a8e3749b60633e5a921d015b846b3cb38830bc7554308af08ee8219e5acd1b699f1ac538930d257da4ef567ca570a7951bfb236d4d36b" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"86704ad0286f88dbc60baebc2ed0571de7b5ab64bc8554ba8645557fa10159ec03cc9f6f299c1c3011c73b2563e571fc24f5b5b50b4bee514d7c808873ca804b147201ba7ed43430d89b066c04b00b0a17694523":"":"":"":"6b1a26d7d21308d217bc8988067ef3e21f5bc10d34e89937f2a89f8da256acef50b6ea7d9ea877bc1d15002b1766e9bc7fea3d681b147e42359ce29d6d4f8c73e7c29b9ec14277fce2f6a0c518d24aeada44990f7f92b0d1184ff96b20c76d506f6f9d963391abec5bc247a2ac6b24c7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"d0b30341b4fd48281f76a83d7de5769d05d5cb9e565b213c8e2bc8d4adcbae90107fc12fc1ed2a19f20beb563de8f05bc5c437637148154a12b1606bff071dbb366458b74a07a1c14114fab487772d436d4ce159":"":"":"":"fe2a7ced1965f013d475724eaa7d31b62740be411d899afa79f9fa6e73f18ebe0907f2f21388b6498cd365798f27f882a2c5c2744a9b25e8d351e77b9fa4471ceb1dd6c72fdef75977e4e4a246e24f56a615189e1b2a8d6782e8c5062b744a65ebe1f7c5fbcab333fdc155bfee300503" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"4a1a697e41537f28b381e05f11ebc905bd66c2c1d905d8c0b78c10c26cdf547a1b6f85ff58f48298a11bba41e3ec015d41a24d9e335e6e13b06b84b9f56b3e803bac569dae2d74c444bb58b3a6344bfbb9eee765":"":"":"":"15060b2bc827dbeefa2170ade633b0f0075a4b9b03fc24f73522174be4e4b08b93b421fa98c7c5a445c3aafed47a2eeeed63f19ef4f67e7726d8ff84bd94daa3338e397d52abea4c7d1191e30f3e8a11864f10ff56b2dbefd860655d34cf63ea22bbb54dfd0c5f64284c303a2ba2f49e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"e80b8c8896557d596e192c3226347c336dae455b50bf32a78c61b9a98c949096be51538e293d338a464eae0eb18f1ab21f9903d07a8b98ea2ad7f41fe7ffdc4b4bd0fd06138a84dc5217cc8fe39b92f9558aa619":"":"":"":"55574491d07db3aff94dcb71f519cffe2f96ef57219262860c3c03f9a5b8a1eb88869e69587f8bc0693c9919bb277dc84fa55187c0dbb20101f0c4e301dcd2fe21664e5a2f0dda3eb4f11df3878c5becddbfc3ca032a17f740d424b99be0a9bedfd99907229ecccbf459f5495533560e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5c25f02bef1f1319cb6868d836c9cbc182fd8d86ecd87bc5cba41c163710074e80d1a30ddfd0f5d88c6682292cd50c68966d15e6ff95e117d342d974ff074ee872719d15745da624f8503a6141b0ac4b887ead5f":"":"":"":"9c5204d5471c25203f1d9786d38f71081a872f1c56604dc7570caa5439f17cddb7feff01cadaac8e0f35e7a5433cbbcd2dd4f11cc7dd14f6af629fd72a3145db6924d2bdefc262662367b7258cff36172263460f4dd52dd08faed3460bbffe18eb10ff5b3c6a97faddf65b3e21ecc98c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"68b4e1ddfd16a1c1ecb0f4221306e77ad02b07993457eace086f66566afc5f12489633c605d11d53916eee96ed778d6d6518c5681f0fa9b0160da1c71740a94ab33310bc20a18710015af25d3d667c40dc619f34":"":"":"":"5c4c9b3276d546d3b6277a3a2089d4969146d833e0ace3e1ddbd9f79fa2158531f8bb26a28b08dc64bb1e610f13eb14c9fb23559dc2f38326e145ab509b9f69259a0d1a32f471d5abf154a2585288063845f99306f9bb875ccb0d32e9d49b42900257ebaa532e8ec223aea60abc9714d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"d5ee5e2e629ea17487e593914012575daa8baf2d0e9671e1b8aad16524dbdf7d04c11130cdc10e50c630ccb235579a72b6eb4502fe146aabdab62a085c820ea46bb9091054d75a892a83c3850da0a31c15e0d021":"":"":"":"e32c0798b2040620fbc5d2a44ec7fa8038444c1910fd4a24312c8c8eadb57a78606449cf05ac51a3bc4d58ce78742c1be3a0fab6e3f5ebc92b82b5d5d64ce29e8c2787ace0f4e718a7f6cb669a0a43ba1aee0d9aef55cb7c6f5dff57c8acfe883ffd8a496d44afe06803e4c9ff62df04" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"6e531842b9b7fe2c0ee66899a1255135f784a2d5259c93ab3d63a5cb708e2e6cba955897d9b66c7fab274aa388a5db69713c86faa4a19709e9aab04638c670ffaa83806abf79a43e613e62cccafc637e1a1c0c14":"":"e628db057250fbc6fc5aba01b6c8b47062ec5632a8566730":"bd12e61e3d5218efb0c103dc49402800cfb863ec8925e76a":"037650ddf66ed42ea38cf44aaa94884effc5f831c593fb35886b5d601a58f74f868d89f2dba450b9c160e28f69fd24e30fb7a44189810e29afd0d11762d3ef07b4527f4134d6c53bdc9b024cebb6b40fbacd68b6acd4bb4d011d6705ce22f90d910ac4017d2426db7a48db3242161aa8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"3fadabd2d8879bd2298f53c54b573db2584655e08a83289cb58a4ff5170fdc30d71bb24efbb5a50def315dc69146111462e204289a64ce72767499f299c74c934f0007ddb34bf5183bc1e5afd8c15eebdebba882":"":"742f7022892c2123e62379e9367787302fd18dc3835de0bd":"b60325136fde7c858054983a977262b6390a48419725febe":"3bfa419f9bad259b871703681284c5396fa94a323d646ddbf5339398c4d8314a999c230894ac60bf231762acada672f58154a86f80a8c4e3bbc67132e22ef50c0377193cb0d13c7e2c97cb24ce5bb69c73be2e5cd3a07ca2b000b2d7eea940053156bf55d846181e3748a91c342e191f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"0784a499424dd1c2c13f765e9ed88d752fefa83cec61154f82b3fd645f642ff103db9c8d1c10b5979c56a22d58324669d4ace3994927222fa87fd049558a48adcbd6ad5a2380d2d927be57fffaae037bf8a34384":"":"9f853db57c3da0421914d2f71f9317817580c1de4ca43d50":"27071ad475b8541c1a80234bb2d110637fcf4b4e20e06a7a":"2c879a03bd719595211b526101fe85702161711c67a81184cc42c1f9da5761e853ff4b8d19deb95a2f3323d1cd58a2e066c66e7a30059732eba43a4bf3b22fffa5bea5161fd775160dc53d7cbb4c892bc122e4e0139f8f550219cf6fbccf55d16d8a4d8d7776aa143c00d9e7bd1c847a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"addb36bc9ad134c7b8fa54881db1b18e040de4f253be28efbd36b12bfcf4721b08c5833eb0a97c668c7adbc7f04a9e0299549126172e25b9e624282c8e63eccf358c0ef1a71f8fd0a8fc49451db7757eae344e48":"":"e32540418ef68c3dcca1e7a0546e5dc7d4c5e92019b8cb0f":"327e31a0619305c93e9b5eef87102d447d21e21e2d8c1cc2":"178bee4059af0282854c833e11e7bba923a1e2f1126fe8cd7e1694602c180802d67b845a88ff786147f22a74e6ffb0f8b86d352cec2714ff8f308b1f9705603faf5b04bea3c75c87c91d5e6cf7583b5c45eb5f5a74d2bac490c8415d2fe07726bc334c88e3fb7284058b006f82e89ae7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"412431badcf06f87551ec63c3860baf4b59667cb4753363d0f82fe7c968ea6f8bc5d015418adeae206005725dd9693af6f7060a2d5ba53f66dd49dc148de581737b67acd4bb70ff2f4cf20abc001ae1eb50cb75f":"":"d67f94a953e7e4e4bc0cbd517f963e599d68851cc333644a":"385281961ecf2d8175c0a718347d2132f059964c55f39f57":"357876e78a69cd4bc4e06b2c52ad28434520d54a4a310ee0eb026b87993514ba1442e25eb1ae22a3ce98529625d8db9b0e5b680d7e027523b0ba0184d3f2e4b9cdee027960ac1612295bcdbf570912ed05108541b97e3bb30ae0a122d74cb536e5db34b7d5ee5a042897d5d29fa3c126" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae914c3d74acb6e2d9b8487927db7992b838ede73dc918b60bcc94f0f456f454a6d100c90e119342154bc3ddb059f48db3a8d7b7288eb42d0ceb07532a2a357d20506ead28d9bd4a127d437a657a61f5d30b04cf":"":"2afb537c13fee9c4103cc6abb11225046d94df2e9838f73f":"6a9f670cb49cd9ad98a17cc19d00d4766344108f0c86804b":"2ed0c4140420c6e3798a13f917cd998b2ce6f98bac27f0fdb09e2538f573caff16904edb371f98f50964b7de552e997007fcd267b36abed12cd95d9a08852a4ca862872edd32c707e7a60e11fe0a7db4c0d34f4c70ff16e5c75e6f5d7ffaec3be383b8790ef0ff3a0d9f79850c9749c0" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"38a93c3ede148c91eb7f0cd327cbe8b27ff0e569bc5262aaf30b86d31be35f83b4ff50b84b5dfd649908d0c55cd5be7ad36d4f5f7f22cce066d3b589adef804bfaf52253a0e4c6bb03e000d649541e523ae52f1d":"":"e12c05f2bf463d24da9abe89301d2acefb7957dc1bab9ef8":"d70065fa713e2d691bf554a00d063222755e7204a3e53968":"3e5ad7e96c8cee899889640d8268cbea296aee96fca7bb60308bcdc08eed36bdc8a5b3126ed8be900577e60ec0f8b3d3014deec41ac650480e08dd3a425843b37fa5d1d621b5053ba4b2fc1804d407849a84e9eb5bfcf94f27c2a535e2756b8202ede1f18e81f65e3f7f51a064b401a4" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"384d6f43e7d77a381bc6bfbfbfe1a17aa35525bef01be8aaf6c488c46517d9b94380c73d3fb45a4f1b4d70375021c7df78eadb61df5d9efc6e08fe2d81ffa65df33667c23e3cc5c89893988f04be1d3634ced443":"":"a0271fd2552e037568cc857a60a550db050680fc03904fce":"ec095cc9e3bc301071a901d0289b54aefc796bffad6fda8e":"aca2571a9cf6bcd10429e146e6e94d1ae43a00db28bee2b60eb6a1bc1cde3d452dd6e04617aae7a3f813feaddc0f8fd25890004607f45ec995df970e1a3abb17b416bdbf62b6ba5625a80cb100e2b87260a73ffe15d9e6f24abfe9e6f9ba66bdfbfe71380d832418e2a4b460dd7415f4" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"98c8df867d234553e504fcdf807fb8bba51d23ac65dd8b160943bd45181764cf6df0049cad23e6aca490db57d12dc6c631604c943f153927d6d04af042e1da1b225eb8bdf4ee99dd405e3586acf8e44bb0184d68":"":"3338baea79c06f0d48ec2d47004e61c1c1e5056bf8bbecd3":"79007bfce109a682b746df074e87c845eebd665532867fa2":"ba7040193e38c4495971827fb1ddb747ea80cd0bb1fd6aaabf85ec1959c29eba8f818ef55aadadc8c34b6a7c00f210a899092b9704f2e03abf3e5e8fe6d127cac0436441d0a6f1b02a00e5fe948539c66a8c78e70f35cfeb600e1cc68c06553f47ca053b64a0534a028a73d0890034fe" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"6150b7280b3105b86b66c2a39a1f0461cfbce17e746791afb241b298741454e174650ab1e7f08500bd7eb096e40d8114e5a60668636b6ff66d2622154b7d239eaefc9ab2aa3351eda2af4fe51de36e22e70235fb":"":"6ece8aa447d2cf51d8497e303c1a202e39e06bd723c847b7":"21d890666d2c8ce4440bb453f4284c3928650f8cf38576d7":"7554b8cc8e79330ae55575f9157cd10d8eeb58af30eeebe9daa021f4b55ce365fbdf3629be7547a89c78bb9df79d35179e5d2924aa032e60d5a00281f19ee2255c17a69345ed86bf36ecfd694be0405c8b6c077b43a8c8bbea603ddc632a1aea6771a6bc117dbdc365e2714bdaa8b377" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"cb25eef7230ac2da249fe30ea94d3a3332147022bb2207aab4a50822b1564c24a047ebb46d57f45f6680f909629b43129876c75381e3b7c6d06887f68083fc423f06ecba159a90edd394cc0ca9473e9cd0f23c89":"":"2f30b005ea5d5965439bf15220b1c010e6c79306e700e6fe":"9937bf3edb3603cbbe190f3616b021fad652011854e6f6d0":"040a30b82981f71e4607c20c1f2d6e6854824c90b127517f65b6c7da99fd33dee32dc52bd0dbe902509c50492a88e5963b2b6e27d046334b356e5909f85763af2de70e93a89d6a00e2ef81ddd74f4a33d3f8406d05b383fda569a5a574fb5e3c0c86a5096e94174b79b2a4eadebccc2c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1d7dbe4e83913bad3fa918262ab0f45cdb9e4e61667694f361ddecace06bf352b18dfab4c32bff9a013d3b92a2da8ed698168155ddc492f8ad5d65cda8eed212793cd9aec8acde7e00f952bb5d00c53c5c181e89":"":"f9c51ff8f264cae722734502f6799e4fc5bee773d31e3e31":"6a171a0a8801017a1d924f80fc5d9d6592b8b28a342f30de":"425024bd1d1a66d4527a3e8a8307b3206923bc1d693f5b7f9017f0d5527cd6591016758794ac89e2f682cb2d66f8d28f9a2f5ae2974a75f4d0de17dcd02e93bf29c69175fceba262378bafbe3eb7e3dabe974889306d0a2ebd0ad9d934c37b1ad89ac1fc28493e6b1f6f24620e40eaf7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a6887fe41ed5a615eb030b31b86315d32d13dd5ad506566ea23ea3b162b8dd621129736c8dde31708a7fa4a4c606dc212b3440617111e94a5c6722c3a729d84d2e5858c23ba8bb249456a11d63dba9d4260a7213":"":"a52036daa8172111e89c8991ca818bdd711095a1602f2f15":"cba427a2b7bb64002e1da3159d643e002516bed279e0d442":"cf0f5881032606c21a8ea20adba6a72e176e968f10b08ab6d08f997b24fc2a24f2c5d44d1b99deb7db4f388dc8ac268f966a34c857cc5f43efc601674bc548ffeaee1c13415df6d0240835832cb75840b60711cb636f509dd9b87b698615959688e9afeffa50671ada05faa564c87ad5" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a563459889ca29b711086adfbf18f284fdd18601ff69916af1ce47510d33f205d4dcd0080f9dfedb2bc1e2e60fa0b9cae094102bc7a705cc223279e0fc3b0020b4facafc2b31b9bca92382f3810d5a4e3ef626a9":"":"5fc83f1f6dc0ad454bbacf2df366c803cc1d2fd46bf78d32":"1a9654667cfd6ad0aad9383be04ec1480a494262b3fee823":"cb45ce96a973728bdade51f91004ac09e155173769063b3fb4712493d8877f088127a3492588e99fef648a101cf1c238fdefd798dd4928b5bb3a851eed693f37d67360a28a2b27c4406e9ddefdffba662529b91a980bbe4eb381cf9734b336e2b64e7482e0328c2e2bf81e39edc30d97" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"886d098731abf3140d512e0d348a384d25372667fe7e4f0ce713b1d2eca7b2ad939b25af03f78edad75bf0ab95b4110710d0e12e714e03f7df35db59fc4ef2906cf36c6c8897b802200a83e60d16f7fb064abd2a":"":"a4f42d83a492db3fc053d1275c6f264706fa932955c3da62":"4505c0664e59bb4388020470838bb098c4ae1338c268adf2":"4f9c3c60ee32042735cc539b9a23d04c2bc6bcd68db04a58240305f165bccebbb98e0f4796b283a0d78bdaccfcc8daf19f21a72945be07996bbb0b606643c7753f76ee6371292d3e681468b714e16bc32db14ad6d777677137ebd3731186ea72b840b8c4ae79ecb2c61352ea056d2d6a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a26af93571ba84b58e14e921a6bada73083ec17f21580a152703e1741392fc9ce6046f77d6eda5000f3225ef28425e30cec138a16b0ebd885fef074c6da2a7b126fcd1f056e3a5fd5627368c63681cc10fbf750b":"0627d10b1e5b4f0fff96d0c7e684deb9fb6a4e48959dbc29":"":"":"98d6bc7ec7cd72da4c750d9173518a9a17120fe9af10cd1a7d872fac505d9276c551b821a868cb8b4d8b10eb3b05845827717d2975814b5080a2f4aa50c5b112bd01b8652f2d1b56a88c6c891db5f3f40d1d1f0648d84e6ce2138c2c879884eb4847856198579eac759a065a5d384c46" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5fd08930ba404d13a7275227660869e7eff10e103548e6ea15f0816ea93b649f6aba408ac710c49eaddea0b4d1e219577e6f6ba4f193386228f6fdf9cdcc50d5bdcf6d1f249e9cae0a097bb341e2ba3581a3f2ca":"7a463958302109d5fb9fef1a232b5aea13ba58a60b70911c":"":"":"a1a5c9d90f9340c807efa2068c6a0b872a4ad51a7cf90e14b4797dd894361712fc9507bd61d8ba984ecf1345fa3cbcf3031e2bc4302354cdf3f615c3a1bf43f60a464698e250726c37a7a9a23e1ff7e8d96df03957e3a0b5e6c4c4fdbdcff487e467b12dbc21e07eb8a7c4cd7f779912" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"625d6a509ec43c55bbec45b4244fa0bce24c74cc270851f2d32e4bb4f1961476af40088b5ea81f7a86efba78abdfb50be09e1a68851899e0e9acd95f77f16e8b0aea5a9bf29bc1a18d32158cf69c794f3f47fe61":"bcfa259c919f6e56c77914a272959cda6d2cafeaff87d91b":"":"":"b5bc1f03099547ce1a359bede1f9f3b76b38e8b9cc781fb3909899144f4d0a4ba93272552bfb0ddcda51165d0ca3eae47d10961a62692bd9edf2a9339c8ad14469f1834eee3c3fc1074cb1493054f84273e4adc73e5eec6cba284c5b7fd8005f10cb67b0fe16ae0b4ff30d50ca245c5d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"bc0c83de31217ff6b22c719de8c6653fcbd8aff7925f04624c76f586ed3bab324b64fa8a1ec14efa8d8d0b41eb6735d517f6c647ef8bedf3036a6ca90fa1d2c528722de33f76f7375711b6b4127b86fe096e72cd":"d7ef6b5dd09c08437313871078ac730c2f85a5abae6d6e24":"":"":"6d415afc0151c3cb426eb3b90c209feb726c01e28785678bb0b8d9143d4b7f31ae07e384816072e2df31350b133a8f4e3ee18f04b154d194513d9b072a695e52bf03eeb4c9a1df85dd6ef98d2453dc39390bc3a17f3ce499d9b182c89d0591dc3dbdb7aecb626b07f0ad2737bf8200b2" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"caca2b8631502fbd8bec33e89066e77b97a57b09d21a92dcc7b65897e50d7a312f287932c529f6a6fd8be6fad5c467f6c15f9bc0f39653a6e4963c0d4c4baa9d6ad39f4ad2a1d6587377ec3898e63e02cc0c454f":"33691da7461d3355659c4ca927b4d3e3bbfd8e775b535538":"":"":"89abe8e656667299705c4c8b208f0fc400897397d15aa3574cf86c0a6415dd30ac5d7d8bc629d8ba52e6e5af63818475874266e98a43ab5d3085d2856950e8d487ea22e01f9ab7fe1862be1fdb9a97cc24eb9ad05beebb202716607e8b164cf63cacb92504e80e68e641af71ad6ee47d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5d97de97d6f81a858ad6ae0262e58169b27c25adfc2bff506854e6bfd37f3a4d8c4b46cd78d0a76b0dc67e0d3f90fb04c2131bc31239defc8eabe9be0fc589a554a4b77fa79c64c03bbf87a32031530d99bbe397":"a0d8be30a0972002f21ce2d7cf3c8e84907c638e0093354d":"":"":"67536d7352a49a1a49110a1dc1b77dd1924be34123e027aea0ba6064ae0aa051d4470ccbf923e0c96c86f2d440f17f45b67c4c7785a6f5006bf0cadc13269540b2c59bb75f642e9668feb601fc60c18b94d65ebea0dfe5fb284e003a58837f9e9e120481ec2ba972c755c6a9134af683" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9ca7149b0c5ccb7a0f7ec5399c644dba98c418373460c59978d91db57ff714897ee71caf459c1dc164655140810992fa6cbbb708ba2e61053d5866ba6a1bbdbc639fd21be4383beb4a4d370e86d0e9739ef849ae":"2ade2ffc19de7fc94767193223aa1fb3461cb29d970c8f05":"":"":"b39d6db529fbb3c6a90d6b7057759c26a9fa26024d2b65e3bf459881ff0f88a5b93b87e0779635022cea81db313329b61613742cc82b52fff1a2e6e24ae0eebc0917d5e4573466e4aee3f0ee0053445566eaa080c3e701bc35d40ce5105b4b6572baa7b4c84a16e4aab501e6ef670164" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"cc751171d828dba023f430b3f5a7134f733f4cc1ec76495e98a6dc2a627d97924716d7e6b043cf15c62ce8da1dda2a930c88d6d4d12ca992a501f773dff5d38e42f150f1c55ee358aba1e73cbebf465baf9fd0a6":"4ba50a75424970526022c7351831c58ee75f1e3aa0c47749":"":"":"8b387e55b9c10d0cc336f5445755c0b6dbe971bf69a04682b21c9303a66e093b7dccf33fc685765c6d2bcfa3020892ed09ce6ea3e3355b3bc16741f34d40b5c96bb085c1574801d14b4f71c97cf64e75dcc330fafa1d1e626822609a9af62c894dbdd56307ccf1ebbb7ec09d500096aa" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1f2ccd29bc38e8364a4beb0e89984b88d61dcd31d48e310ae691c0e146f495b9d8cf443ed12f3ad2da7c59c2a2f6b8df4e0202414791e106c1f879879b7a46ac207f45b5fed69c38309adf15dfd0dd75742c0df0":"e0c49aee71c4c060aac1bab1f438f9e2b0c96d710ebfef77":"":"":"593677f65ca4339c0dd8b1ae9278cc49adaef1cf889760b4631a379d82bc25123dfd2e1436d0b6b890d4155e3236fc1e2cef67d8bc0454099051e220d6925b37c47408fdacdfd54cab7be70f8b3b3dfc5a86f181dd559ff7182f225f7de87dd8bd69143be270ce76d2562c6e01ba4c4e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"f1bee9caecfd0397a6cd76f356ecacf1053981c64d315db4a51a244fe3b22ef997392f65dc13cf30f5b8f5edb7f8f55863a30156722536d02440e5f06e503795d2401775a560685f2ad3c98aaaa22726cd6ec45a":"9d42670ea4113ae02302cdcc660b497f3ffb19b9aca8babf":"":"":"78f31a24cda43acfbc4db7f17c57805a4b53353d668596247358b47e8f8deeaca312a7f9ce78832bc1da2d6b3727fcb847ca4feb1695a2edfd2ab24c486da125be1c1af4f78b749afdb57f97b4a8b892fd87228f116ba10fa739059581256de4fb865d1115c58284cb9850a24e5b7615" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"17b3146ea3ac1afdca446275f3b7539a517766b90e2da2c4c85db4802943efcd8009a9ffdd054440da16edb641a050fce3f3cab3d5f03d550111daeaa8841a9c814def76eec9c4e910788c710562428a39cd0987":"f3831c1bc859fad452a76ce513575a23e8b790c90de4575c":"":"":"c6c85936cd52b5271a6e70410e0b9d960d76f3236b548cfd4fea26504ca8a78e58ee914c6cf248f30d7ee3547eedd3a4d9869b15e326c911aaecb7f0c221f8eb9208a9b355e4b1cc7926380d25bb776f3e89904943b3fdf306012fc95d06b3b7c44ef55c9eee675150b332e2181f2a32" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"fabe526177dcd476be9950233ec56f9122a9b083e589c9264add302d4768c06020cf53e7708bc728582360cbf06a18de38e3da2642dd6751aa686dbf11734bd75a422571c9f2420915d7d79d9efea870e72d262d":"ba5858340e6a82b2ecfe1190215bd8da995ee8ef572eed8b":"":"":"10260dfc2f2322f530192e96a2396694dead62f9b206137108666cd199939184503da75598f54a89dff885a9856140b56687347c2c066a1593bfe02b8bd2cd93e939c424b33683a13678ba5f34df3f2f5f50b2a708d1d5a04683db00a607e2f80e5feb20086e3d64294e9732b0776c51" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b7c9a1d221fe10552bb0b799e18d12cffd1f76d6a1e6dc79a36584ac7e13c355b9323d0ef2f97fc2d8a26e6c37209a485963788aeab084e923a3794c63713c2ee288ba3a99f2d407adfc1b87ba64fcc5a7f98e4e":"e563f8c8318862c7117af8946823e8570ebc64b3de1b293e":"":"":"100c460c12e5ab12a72bd4351f7b608f5578060b262f21d735fe79d13c942035a76f001adfd39fe93caa22b6274bec282e640469d3f454d108991a1b73d8acb3d392732fc24cafb15fbe248441462bb2c1278883610ba28486ef82ec2ff3d20eb9601866c7dc4eaf44cdd73e5b5ac14f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"78e5d4818964d748282fa8dd386ea9c920c4fc5ddb9d2204a3f6285082b8065dd3944ce193722e973f8300783e37991e6c4a6286a1a0fe3703dd78ae951c88a0ce47b1a23d91e0926358221713670a78732d5470":"fa058586d35f0d74d2c473e005e7f8ddc33a1f6d5bc79d75":"":"":"6b603b098ca74b7fcf3c8f9b42dde5b3b51e84cab4f67f4d87bc6575ad4fa3f1e0ee27085f88e2a5ecf4f57f9ba92638e52941535806d2cd1b5aeb5b7c81b3d44d41cf5b8073b646a9cc1b0a9f7e183b082e9f2270acd928623e8a46b46257e1b827e8b88b55c88a3a3a067cfcb9b2b0" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"50241739e3f08c910baea7f9ba481511b6ee5d69bb1a2dd34f3987a231cc25f39a1a966390e391a33dc21281372589e2a667cdbbe4267710d5244fd342c959b7272b39e5cdf67701d47665b61782541e94aa224f":"6a7d2f2dcfcae8a284802c97d77917e87c6cf8417c2b16bd":"":"":"4402afee12048c1c6a44624d2df026798930ec732884899ffd20d17f1c8d7c221cf5edac8679a21ee11b177ecfd61927d4ccbb175ee6b49cc6f371450904c2666aaf2e6cb36cd55cae3af772beb80955cf67b4e8be1fce11250a39693ecb7f8ac05aa23b949ac74bc9a67060cd60cc77" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #0 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"c3005cdc5c5b7b25ed78c9684f3faf6278f9a9c5a9fb202014a29882e50b21e56ec8b7947fe871daec2626f32372123f44a8721ff4339e0a20f978ea27609eb495c2342e9ba719bbd2b44ff503db2322ada1c982":"c4506109937e0f9352fc881b0396b0a103626a15addfe525":"6ee49c76d138eaa3fc10cf411e0b8ad5488d77f74faacf13":"8825122b506dd6f3a58811fe6c9a7e9271a6e68dcdd590e2":"e818887ca1c84717e277baf00913d65ed58a8f90b8728080a03043bb2ab53f55fa605ba0cfab29b4cb694f6aae6594dedcbe6f74e1f7573c2944f3703b89a52789b0170077ea8e66d8299ba5cc139943ab96254065a27abca2098a85162fb01d294d8671b00206b7f784319384e01b3d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9bf2ab19aa7e9ffc3461522f3cf85b3292b54bd3e1099a42dd6f5349d169d59a152b2dce675874b665fcff802260ea84b358f6fcf8011b511834e8447a73c1f675b7598d836dc9fbf40f1dd0f481f47f95f3ef4d":"38d7a2109c6fad9205abc22b9ff705b7f671c4bde5b662d4":"b46e928cb59eac0cbed65645767e96fd824fa95cb96a1cd7":"532c8d3748205cfaa826fba7f240e9926cd3811da8fd1a5a":"bc367839d1510316ac3ba17fb7bf633a6eb4b61dc0b03cf1cca564db8248ced0b47ccb36e730c0237b0812af30361b5dce662636b23f87d6ace82cd3e34d45a1133b35ff9b8bde8fb29fe82298820c0c87f0e30887ddb15c9644bfb12578f0878a710771ad22fe16935c66681378f5f8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a3bfbed559c396b807ffa80409fc4e2c23ba952f64a41c07d3af5e5b78d8ef88171bd5022d3e02efefa644f4fddbe207e59397605a0408b0201f6a882def64d973c0714555d2c7e0a6fddf49558fd1328074ca79":"4c63bef79f71fa82168928619cd09b003aeb2ba2b04150d2":"c85bb368a82d57c70cd5ad6327187c8550f7c10380b2f030":"5d467e9c06ee058ca066dadd6f6ec6b0da59ecbaa4ddd12e":"1ce311c919c67e151b51ce3060384ca95c071a295f01e54349abaa2da8ef497ea1364454133d20f57da28985bfc6d1d2f58f84d144c85dbe3c9fd5e8958ce06f2f5ad5af7e16bf90ddb4a1e2947f78008467fcc38b5a082eb1612d68e36e3c0abfbfb3a321eef3754ac16c41f96bd635" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1b2c2419e85386716135b3c142d749f1f5bc23edbf8c0a1c53b72f474484c545761b21aeff05cdd35621d104ee393e791737c48c5a6e6b25b58c5c5be28ecf17c410c9c9c3c3aa2b6385f66759f31b61f9fe0286":"b69011f446e50880a15bb0dd00229f765bf77b2a40040109":"67eb63a168aad8712a0e7e0f162af7ac7893e902f1aa72cd":"23bb752e6232144630e3d3a6daaa1e58a5ca315f21fe1d8b":"cd8e6c6b8a1f7f98f5d796023fdd4f1da2d72eedb96a8e85cac661da24dd0a7810fa04be0491c69db7617712582b43ec4bf112d9e2932288f25b64fb7a2a09ac8747b8f71ce75e3c80b854336a0457b8013ec6dc1268b4c7e8f7d3422a4a5d432f8d9705d6a273a09b9f9273f4928c4f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"62d059e3ecb695167e93b3cfd77f96e681985ab5d68f15473a89f9cbc4012e1c090a5a9e65f738be938f44fd6cb157fd9b737d9389e4e56b6903d4d015f9d80d96336730fdf57787296d447ea91de7e686c7a81e":"d8f121b2bbdb8530c6315c63e0a52e383c163c033d3b0854":"830e2cab11331b761aed55db61681fffad3a61a1a06adfec":"c7783d7357ff30e88cfdbc90569daf03d3fec8caf89619ff":"e44c9b35d3b847a928748094ba6754d1c5de3cbe3d90d4e2bd0c0f19dc5aed7228c541044b2b14d7e67dcc148ab04abff7c22a8f1fdbec4d68ad24a7c4b0f0e507bd7f2b4845593363da484b481906fb7207844597238b9d40c14237004e275572aac6a6d84d151fa58abc0987e54e18" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"fcf3887b4505f7a1273ad5b32e064ff51682bca23ed974ca981871a5b7f63e5ceee58131f9a01fa7c37ab14150c9323a03f694e463496c4159eb8e5d3ebc62f41264beb93098a42a3dd406b983e1fb040d108f93":"9b3e97eed077155cf181829233868d27eb773c398575dfb2":"75a75a15c622e69eba698a064b0b41c8bc80ef803df0f29e":"7b6a20a222a81dfa6fd164def816c2b6708bd4c761b2bb8f":"0b3d501f728d2f1d8b0d7dffda0160157b30d0d97932315f77022d1a6fb30d9a0ee4383f2f63377ac6e57b16b0c7480a6f5dd12ed3ec0bc6f104a26c86592daa3f68a499570703306e2c2448e784b67cd6efdb4ae64a2e8ffa5929e74c95b663c9b7fe891633f07d7b50f5f16e9fe567" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"7a6a0774f2cb5ddce6b5242782fd3d7b5c7c7e31cb5fe95367c06f29a5488fa37feb34d689c646cdb162e258ad636a030ff74f6a7ff876417fb08f5c5decdcc98692538bebf9958c627ad8287633f98c587cdaec":"fb16aea72967c43b8803bcdd3e794911f6d53f2cb7946cee":"67d89947396322ca243e2c591a3adc8fd9f1ef448414fca8":"a0d568f4fce862e5e1b22acca29e60d7bc6cdcf6cc277794":"758b4685b0db1093eebde07ba11085a9dcab64c8d5adacda070fd2b292bec49240f25e158fc96cb1d0ecc9ebcccc360b981d140e3cdba54fc697313014450a9af29d9d55dcbc5bb9a38e4f10c6a3e41874d5c6688f22d0c5714301083cbbd0014880af0f7d088dabeb4e84a64f26d2b9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"19bbbbfcb755cd9dc000abfc03343ef64193141c3d3f43120f55674616e3d96b6086adf47c906981923c98ef7dd0fbb2f7af0ecbbd2de848f2b25cba8651b7e3aeaa0c59b605e6d4710a01406565ea30d0c4f68d":"e77cce9d26d283bb5d6e8300ad0f69df723324d23928c6f7":"0586c76051462d0483071213804385d01a07bcb27db05e06":"1c9363d0b3e9f42b6c722b8d62f9c633066587577fe766e3":"6d458079264d5f3940d098aae092690b7d04cd46d6d5dde753063b7194118ab67d3848459156b8f0216d85b5c583a1bfc000e68111be459743175fd114253cc24db72ecc978ff8620301ecbf18f42fc4697d91150649a8254a9850d5c28f9c4e187e409e496e2a659b2e79c06074c5c9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #8 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"c2b577bfd802b8f599ca14bdd5fe5003ee28ae69ca5c246df4f62d9e21a7793281c48f73ffea15f3c3d444ba48367fde04cdf6d62498b8afb24966a8662461015135cb55034a63571a032d3cd2c1e6cf4a6855ef":"f0de29d4530b4af75b8defe9b3b24dcb7ce0add4aed6f72d":"90ac05703a8e0c6057dd2d8b1a6f16f0059e7c70679919df":"16935f700de9fe529a2bbe811dccad430e27dbc60549c3e5":"56988f9328a91314e4b3ae027bc6f43a01fe471615f3a319afd9bb63f55b13e681ac0ae830d4d3057882fe247ca4decbb26af811282f59ee89ea38642e4ffad9bdfae44bcdbc3a289bf431e0bfc68148c12ced1853e698e74f74e24aa434937390fd41cb4e78f823a262900f2f44c1fa" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #9 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b5c4acc63ae5c68ca404bded2d36a391e8b2e9ef3b32eb598aa94fd6b5ede6c3d9c33ec77a195abb6f8cbcafb6c492a1d78f04439bdc442168d1eccc783d53a92e16b90ccbdb0284b383cb96af04e81728d1cda0":"b3e6df5e9ae10c63da4269de170550b92dde7c6e33af228e":"c9787b641b5c881dae53a69e2b3514ce2ea81e5879765bd1":"e4abedcfc4cc69da45467bf2bfb03d823abc19a746e3c582":"e14f46dcab0ba39965f170f01a07308090b051127685ada6601112aa236093f7a760530f856617d9e027c8279ef33d9fbc4b624ae26a277b9e6077ac71e2d2f101b84ebed007ddeddb4286aa4729cb3b28798387b757d8e99a7b6d2631601fe7ab4caad7983dede59b94f4c920ef1b29" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #10 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"7302ea40e214308136b8427e601ad61132d195f870f2a861c7b8ce1f686bf325a155d0aae1211401bb844893dba2909060c76cf9cda757d9e2cb24f5602fedf6a7412f49497c82866a8c9b56e2bbaf912f760255":"58efaa77c9bf446ce8d3f3ce73b7d1f014bdeffea2a2fdde":"68f9eab1893186d7e5cf3a8c37bf1c229344abdceecd9de5":"a0d3bf1de632fb19ca5326d936f79aafe59a0e809b13f10c":"f2c6a717ab10a9cc89f6d3a07bf6077fa33c2e5d67475ebcdd1b895fd0067941ed3fd8f251352403c2680df2319a882f39a91f8ccb7df2c06a13037f057962e23b8ea0654ef9bfc19b6ec982e539ea6afcd1145cee582d27b708691354b4c397a51d004c61687c1c9c948576009002ee" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #11 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"48ce334fcdeae603c54fc228461e7173681a8e8387e0c048c2acfdd6a78c955deb7dc25bea4e9924c4a2ae22d9fb6b227452addd0b6eda7769f9ceaaf2ca34568b3c198ebdcf5f6ed11f863097bd56f42d648862":"6bf4c173d264dce03e475fb3bde9fca2474877627bfb0c5d":"2a728f461ce1067dd38896002724b4967c1a9cfececd3437":"2b862cd7a94c1776b26022c27c0e4f2d199ccb782caae6dd":"07f80326ea781bd95efe729867d6c39465213bb698b5e486e6c5f27d3fac4fda3cfb7c831fe6291062d4db2aff59781efb4f4cf428236aad6a55111b969885a6b851d5462278d0863909a07796e5e0e8448fc0d674a4408cd9e91e98e3adcec2064ad37dcc566faa80149519f5ea261c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #12 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b23c748a9c9d206ed4ce6b8bacb6f7e17cacf5649ea8d1e1144a96e977a4cb22c0f37139c3eedbcc8b9024c6f21412f1600fcde1488f95744446df7b6e21a858224b9294a75829a014697cc4b363c3ad0e152ca6":"325bdbd8c14b766d4a7ff0e14128585b21af76de7ca30ff1":"2e002a406bb8090eae6c950944a4d6768c89d43cc0d8bd17":"4828622ff56d0867bbad03bac51b8c939a5dfa33a362b129":"58cebdf4676a21ded5eba4dd19452f5dec909c589751879ea4249a4c9fef834d85dcfc95ada82f7fba1476451774036246d7a496d4d427f37647ebc10fc2e1125b0b71da1fa5f1479c5681e9d7acc9b88b527390734d943bff6a76c4b22bb4f6ac331f7710b95f6806fa35a29a2fa35f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #13 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"606f388e8ae35faf979434656144370991e89b7457ca5b55d5bf2b48fe8cb64f549f48a812edbbb4cff895efb21c90eb26c1db239ed72da43504a1e09c56fe144f2d09242f2670dbe2561456d938352125b19131":"5e039f38d6f9a9c4ecc67158f40d3c8de61808fd7476fbf7":"21c7d976da71bcde51a3b4bc1b9a79cc6c4ca51ec992e479":"bac1c5904816c3040eb532622f127ac3e28cd78ba68404a9":"5f951dd774bc1a0818b249ffc51348bf1f36aa4b9d6a3348d36df84b5d3e824adcdf8b87ffecfec13fe36ca354625ae8db8a69722254c3f6e7027b866c529f9bed25360e0cee7ce41f996d50d224a08e965e0e5dd67a77142e2a3de0d559b9dae8919ad0387ba5fdef699e42016d7291" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #14 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"be16ca52551a6a0656c40539e3155eebbc416cbfe212101f8edc2f7118472907ae9b2b9574abe81257533115472610ab401d1ce1f8998884af43fa5776a59ae38c88631a066fa85d24dfc9b2547caae598cd0fa7":"ed000ad2e479513861014e8ff45a481a494af312d2dd5563":"feb295c74975f1e1c738988fc70b9d2603c7da93832154a1":"764705681b7781573af811fa7751dbc27d667af7a1e59dce":"ba4a0583d8d6c5b4216a0875cfad594485858dc7f9ef265d4ed0c0f0fbfcaaf5ae318df2d7fc530301813d9f49826030625f7ea02d0630b3573c486b1fa0ef4269cbfb6fb86675c11fb7c0570cf7ff4fc7affdb00625ac453c23c229a4ea5f540c66f031ab3462f7d12659eec990501f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-256, 0, 0) #0 diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index abd8e55d9..0febabb91 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -26,7 +26,7 @@ depends_on:MBEDTLS_SHA1_C md_info:MBEDTLS_MD_SHA1:"SHA1":20 Information on SHA224 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_info:MBEDTLS_MD_SHA224:"SHA224":28 Information on SHA256 @@ -582,31 +582,31 @@ depends_on:MBEDTLS_SHA1_C mbedtls_md_hmac:"SHA1":10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6" generic HMAC-SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee" generic HMAC-SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53" generic HMAC-SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0" generic HMAC-SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24" generic HMAC-SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab" generic HMAC-SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba" generic HMAC-SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_hmac:"SHA224":28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08" generic HMAC-SHA-256 Test Vector NIST CAVS #1 @@ -726,31 +726,31 @@ depends_on:MBEDTLS_SHA1_C md_hmac_multi:"SHA1":10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hmac_multi:"SHA224":28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08" generic multi step HMAC-SHA-256 Test Vector NIST CAVS #1 @@ -866,31 +866,31 @@ depends_on:MBEDTLS_SHA1_C md_hex:"SHA1":"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" generic SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" generic SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" generic SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" generic SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" generic SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" generic SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex:"SHA224":"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" generic SHA-256 Test Vector NIST CAVS #1 @@ -1026,31 +1026,31 @@ depends_on:MBEDTLS_SHA1_C md_hex_multi:"SHA1":"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" generic multi step SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic multi step SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" generic multi step SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" generic multi step SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" generic multi step SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" generic multi step SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" generic multi step SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 md_hex_multi:"SHA224":"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" generic multi step SHA-256 Test Vector NIST CAVS #1 @@ -1162,19 +1162,19 @@ depends_on:MBEDTLS_SHA1_C mbedtls_md_file:"SHA1":"data_files/hash_file_4":"da39a3ee5e6b4b0d3255bfef95601890afd80709" generic SHA-224 Hash file #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_1":"8606da018870f0c16834a21bc3385704cb1683b9dbab04c5ddb90a48" generic SHA-224 Hash file #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_2":"733b2ab97b6f63f2e29b9a2089756d81e14c93fe4cc9615c0d5e8a03" generic SHA-224 Hash file #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_3":"e1df95867580e2cc2100e9565bf9c2e42c24fe5250c19efe33d1c4fe" generic SHA-224 Hash file #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 mbedtls_md_file:"SHA224":"data_files/hash_file_4":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic SHA-256 Hash file #1 diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 11cf88ae7..31d5aaf17 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -11,7 +11,7 @@ void mbedtls_md_process( ) { const int *md_type_ptr; - const mbedtls_md_info_t *info; + mbedtls_md_handle_t info; mbedtls_md_context_t ctx; unsigned char buf[150]; @@ -28,7 +28,7 @@ void mbedtls_md_process( ) for( md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++ ) { info = mbedtls_md_info_from_type( *md_type_ptr ); - TEST_ASSERT( info != NULL ); + TEST_ASSERT( info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_md_setup( &ctx, info, 0 ) == 0 ); TEST_ASSERT( mbedtls_md_process( &ctx, buf ) == 0 ); mbedtls_md_free( &ctx ); @@ -39,22 +39,26 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_MD_SINGLE_HASH */ void md_null_args( ) { mbedtls_md_context_t ctx; - const mbedtls_md_info_t *info = mbedtls_md_info_from_type( *( mbedtls_md_list() ) ); + mbedtls_md_handle_t info = mbedtls_md_info_from_type( *( mbedtls_md_list() ) ); unsigned char buf[1] = { 0 }; mbedtls_md_init( &ctx ); - TEST_ASSERT( mbedtls_md_get_size( NULL ) == 0 ); - TEST_ASSERT( mbedtls_md_get_type( NULL ) == MBEDTLS_MD_NONE ); - TEST_ASSERT( mbedtls_md_get_name( NULL ) == NULL ); + TEST_ASSERT( mbedtls_md_get_size( MBEDTLS_MD_INVALID_HANDLE ) + == 0 ); + TEST_ASSERT( mbedtls_md_get_type( MBEDTLS_MD_INVALID_HANDLE ) + == MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_md_get_name( MBEDTLS_MD_INVALID_HANDLE ) + == NULL ); - TEST_ASSERT( mbedtls_md_info_from_string( NULL ) == NULL ); + TEST_ASSERT( mbedtls_md_info_from_string( NULL ) == MBEDTLS_MD_INVALID_HANDLE ); - TEST_ASSERT( mbedtls_md_setup( &ctx, NULL, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_md_setup( &ctx, MBEDTLS_MD_INVALID_HANDLE, 0 ) + == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_setup( NULL, info, 0 ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_starts( NULL ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -66,10 +70,12 @@ void md_null_args( ) TEST_ASSERT( mbedtls_md_finish( NULL, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_finish( &ctx, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_md( NULL, buf, 1, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_md( MBEDTLS_MD_INVALID_HANDLE, + buf, 1, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); #if defined(MBEDTLS_FS_IO) - TEST_ASSERT( mbedtls_md_file( NULL, "", buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_md_file( MBEDTLS_MD_INVALID_HANDLE, + "", buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); #endif TEST_ASSERT( mbedtls_md_hmac_starts( NULL, buf, 1 ) @@ -90,27 +96,29 @@ void md_null_args( ) TEST_ASSERT( mbedtls_md_hmac_reset( NULL ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_hmac_reset( &ctx ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_md_hmac( NULL, buf, 1, buf, 1, buf ) + TEST_ASSERT( mbedtls_md_hmac( MBEDTLS_MD_INVALID_HANDLE, buf, 1, buf, 1, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_process( NULL, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_md_process( &ctx, buf ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA ); /* Ok, this is not NULL arg but NULL return... */ - TEST_ASSERT( mbedtls_md_info_from_type( MBEDTLS_MD_NONE ) == NULL ); - TEST_ASSERT( mbedtls_md_info_from_string( "no such md" ) == NULL ); + TEST_ASSERT( mbedtls_md_info_from_type( MBEDTLS_MD_NONE ) == + MBEDTLS_MD_INVALID_HANDLE ); + TEST_ASSERT( mbedtls_md_info_from_string( "no such md" ) == + MBEDTLS_MD_INVALID_HANDLE ); } /* END_CASE */ /* BEGIN_CASE */ void md_info( int md_type, char * md_name, int md_size ) { - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; const int *md_type_ptr; int found; md_info = mbedtls_md_info_from_type( md_type ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( md_info == mbedtls_md_info_from_string( md_name ) ); TEST_ASSERT( mbedtls_md_get_type( md_info ) == (mbedtls_md_type_t) md_type ); @@ -132,7 +140,7 @@ void md_text( char * text_md_name, char * text_src_string, char md_name[100]; unsigned char src_str[1000]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( src_str, 0x00, 1000 ); @@ -141,7 +149,7 @@ void md_text( char * text_md_name, char * text_src_string, strncpy( (char *) src_str, text_src_string, sizeof( src_str ) - 1 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string(md_name); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); @@ -155,14 +163,14 @@ void md_hex( char * text_md_name, data_t * src_str, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( output, 0x00, 100 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) ); @@ -181,7 +189,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, unsigned char output[100]; int halfway, len; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_md_context_t ctx, ctx_copy; mbedtls_md_init( &ctx ); @@ -197,7 +205,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, halfway = len / 2; md_info = mbedtls_md_info_from_string(md_name); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) ); @@ -230,7 +238,7 @@ void md_hex_multi( char * text_md_name, data_t * src_str, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_md_context_t ctx, ctx_copy; int halfway; @@ -242,7 +250,7 @@ void md_hex_multi( char * text_md_name, data_t * src_str, strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string(md_name); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 0 ) ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx_copy, md_info, 0 ) ); @@ -277,14 +285,14 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( output, 0x00, 100 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); @@ -299,7 +307,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; mbedtls_md_context_t ctx; int halfway; @@ -310,7 +318,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT ( 0 == mbedtls_md_setup( &ctx, md_info, 1 ) ); halfway = src_str->len / 2; @@ -344,14 +352,14 @@ void mbedtls_md_file( char * text_md_name, char * filename, { char md_name[100]; unsigned char output[100]; - const mbedtls_md_info_t *md_info = NULL; + mbedtls_md_handle_t md_info = MBEDTLS_MD_INVALID_HANDLE; memset( md_name, 0x00, 100 ); memset( output, 0x00, 100 ); strncpy( (char *) md_name, text_md_name, sizeof( md_name ) - 1 ); md_info = mbedtls_md_info_from_string( md_name ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 8b95baba9..fc917d003 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -593,7 +593,7 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); TEST_ASSERT( mbedtls_pk_verify( &pk, digest, hash_result, 0, @@ -709,7 +709,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; size_t hlen, slen, slen_check; - const mbedtls_md_info_t *md_info; + mbedtls_md_handle_t md_info; mbedtls_pk_restart_init( &rs_ctx ); mbedtls_pk_init( &prv ); @@ -729,7 +729,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, slen_check = unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); - TEST_ASSERT( md_info != NULL ); + TEST_ASSERT( md_info != MBEDTLS_MD_INVALID_HANDLE ); hlen = mbedtls_md_get_size( md_info ); mbedtls_md( md_info, (const unsigned char *) msg, strlen( msg ), hash ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 0723623a5..58c25bf67 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -275,8 +275,10 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) @@ -313,9 +315,10 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 99be08ac0..a9635e17d 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -128,8 +128,10 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); @@ -169,8 +171,10 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index f3c421d0f..e87b4ae71 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -19,23 +19,23 @@ depends_on:MBEDTLS_SHA1_C pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3" PBKDF2 Python hashlib Test Vector #1 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e" PBKDF2 Python hashlib Test Vector #2 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971" PBKDF2 Python hashlib Test Vector #3 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60" PBKDF2 Python hashlib Test Vector #5 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057" PBKDF2 Python hashlib Test Vector #6 (SHA224) -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c" PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256) diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 26f1d3331..a8f052384 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -12,14 +12,14 @@ void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str, int it_cnt, int key_len, data_t * result_key_string ) { mbedtls_md_context_t ctx; - const mbedtls_md_info_t *info; + mbedtls_md_handle_t info; unsigned char key[100]; mbedtls_md_init( &ctx ); info = mbedtls_md_info_from_type( hash ); - TEST_ASSERT( info != NULL ); + TEST_ASSERT( info != MBEDTLS_MD_INVALID_HANDLE ); TEST_ASSERT( mbedtls_md_setup( &ctx, info, 1 ) == 0 ); TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len, it_cnt, key_len, key ) == 0 ); diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index bb26e4e9c..d29a35c0b 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -363,147 +363,147 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA256_C:MBEDTLS_PKCS5_C:!MBEDTLS_SHA256_NO_SHA224 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 953b1ff92..3b3b04f46 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -15,7 +15,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 RSA PKCS1 Verify v1.5 CAVS #4 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"867ac26e11a13b7ac34a42a1e177648692861226effb55bb597fbde10f299bf7fffd6fc8ddb2a46a73b97b67387a461b23e1d65dc119366286979add615b926b9272832fc0c058b946fc752dcffceca12233f4c63f7897cbaa08aa7e07cf02b5e7e3e5ece252bf2fe61d163bce84c0e0368454a98e9fdebf6edbd70b290d549b":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"3bb7b1c5f3391de4549e2e96fd33afa4d647dd90e321d9d576f3808e32213e948b697ef4fd2dd12923de6ec3ffd625078a57f86af38dc07052bb50547c616ed51fa1352b3ab66788408168d21263ef2d3388d567d2ce8cf674f45491ab2b0319d47be1266bda39e343b2a38ea2d6aaaee6c4465aee1d7bb33e93a1c40a8e3ae4":0 RSA PKCS1 Verify v1.5 CAVS #5 @@ -44,7 +44,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"55013a489e09b6553262aab59fb041b49437b86d52876f8e5d5e405b77ca0ff6ce8ea2dd75c7b3b411cf4445d56233c5b0ff0e58c49128d81b4fedd295e172d225c451e13defb34b87b7aea6d6f0d20f5c55feb71d2a789fa31f3d9ff47896adc16bec5ce0c9dda3fde190e08ca2451c01ff3091449887695f96dac97ad6a30e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #11 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"f4a990b8d434a5914340c0ca3ca4e4a70856c55e13e938c1f854e91cdef54c6107d6d682a62e6c1ff12b1c6178ee0b26b5d8ae5ee4043db4151465727f313e9e174d7c6961abe9cb86a21367a89e41b47267ac5ef3a6eceaaca5b19ae756b3904b97ec35aeb404dc2a2d0da373ba709a678d2728e7d72daae68d335cbf6c957d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"d8ef7bdc0f111b1249d5ad6515b6fe37f2ff327f493832f1385c10e975c07b0266497716fcb84f5039cd60f5a050614fde27f354a6c45e8a7d74f9821e2f301500ac1953feafeb9d98cf88d2c928413f337813135c66abfc3dc7a4d80655d925bf96f21872ca2b3a2684b976ca768fe37feae20a69eeec3cc8f1de0db34b3462":0 RSA PKCS1 Verify v1.5 CAVS #12 @@ -64,7 +64,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"224ecd3b630581da948216366c741015a9723c5ea43de67e28454d0a846f54a6df167a25cc500cf21f729aaefed6a71a3bdba438e12e20ad0c48396afe38568b70a3187f26098d6ac649a7c7ea68ed52748e7125225102216236a28f67753b077cfd8d9198b86b0b331027cb59b24b85fd92896e8f2ff5a1d11872c2e6af6ae2":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"1f7938b20a9cd8bb8ca26bad9e79ea92373174203f3ab212a06de34a9a3e14e102d19a8878c28a2fc8083a97c06b19c1ae62678289d5d071a904aed1d364655d9e2d16480a6fd18f4c8edf204844a34d573b1b988b82d495caefd9298c1635083e196a11f4a7df6a7e3cc4db7b9642e7682d22ec7038c3bad791e1365fe8836976092460e6df749dc032baf1e026684f55936beb9369845c53c3d217941c1f8d8f54a32333a4c049c3f2d527125778032f5d390040d1d4cce83dc353ce250152":0 RSA PKCS1 Verify v1.5 CAVS #16 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"6ecc722d233dad1aca45e6bc3e1a0b99fb1f89c0ec63bc657e6aaacbf931f267106cff42b712819f341b1ede798964a0b1a5032c198b391111e88d0d7303c02e23fa0137e74e604579a285b2dbc0a23aebdda65c371eb403125bd366e822e72dceffe0d55dfa3155c16283020dc9abb0d150da1aef251484aa49e49e00974dac":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"339dce3a1937669d9fb14c4f652378861fd5adc4da88eaf833b16020b55a24ddc83b7ae3395a9a49b426bb9a4170cb765b02652faa9594b457aeefdae4f802e93d8e65c687ddc723701465a5ef19249ed5d2617b5121c58557b34eb99a663bbcf4453a6e1db5d88723de449fcf58ca8ef514daf08cfdc71be155bb3d0724df0c0a6fd5aa7737433cc376640b9b8b4c7ddd09776bae0245729cddb56e36f28edad6aecaed0821ec8d843a96348e722bf0a84cf060a793a2179f054138f907d0c3":0 RSA PKCS1 Verify v1.5 CAVS #17 @@ -88,11 +88,11 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"ac58fd024208d7f045d81a56cd55aad40ab86b0d216ab55136c7027aca23ea13480a52c0dacce0d98139b25965aa4ff76a41dd92037195d24bc0750d52cb3467b48b7b3e71d852c5f82bd9ee85a8388ead5cd8bc38c3d4792e8daa9734a137d31963e245ad3217fad235f7dfd5584de0fe91c4526568588e08b60bdf1badd99f":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #22 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"027f767928a5821e2723d6f36c43e6b498b6f0b381852571794a096bd49f1c36a4d7bacec7ec402c24b970163169173bb930ec7fdc39bc9457dfc4ca051f5f28a64de1bbe007c22e8368ff9b117dbda17efd2fb73434bbbf5a4158df56813b8c904bb2e779de504dcd974a291568210d6f85810291606a1c0cd88d51ceadf98a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #23 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"06dcd9d4c056b6a45b9ed2ae5f6c1cfa43aae06fe01ee098264aa7a80e901abbcf9a505e55f9a352ef0c078d48249b8298e57ea21bf0e423c3bf69002acfa541ca05007c704bc79cee7a80e1107c7b28d2b2aa6dd093b28efe9642519952a4a95ee49235f9924a0ac0aee5b2a1bce47459d70cd6e75074614199dca44561407c":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"5e08f399258e6de075b67a0a6a822ceb21b1eb7a0342eca6a4295739f644547dee3456243cf32bd6ea6f357c88632508457130f3dae04f7806efaed43d1d501e16c961dfbd6c71a42b480e95c7027f8275063d05a9aac3eef0520867b9896ebe8ec358f7d121beb4e61ddfdc3dcd835dfe265f2ba68d300ef566ed1284f9f3d7b1af363ed47bfa2e5f0492925444df7e5fcb1e79e690c746117650b543a5e82c39553552f0f44e617b5cf773c533050f4129e893ac22af69b1eb9afb4b5ba5f5":0 RSA PKCS1 Verify v1.5 CAVS #24 @@ -112,7 +112,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"4871adc05f6b3ecf296680b0dd8d86715b0d5264c064008037dc410512520b5f193c8f4d21eb6c42e10d220c0275c9b3751f03a4096e2f0e3db9df8d52068c06a51589d23ca1361e9fe27691e95663301ec1407fbf73aee99cc92362eaf6994b95038396d815052a0aef6489bbb7bcb0fffdf13f0af9e7d9fd14f6ce00ab98f7":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"180caf03781b391aacebe5b3f5e1d3b01c68a00df4ecfb6c4bf14217aed7cfca0adac099ec1d6e1f0b43b09b86788533fee6691d773807af0df6cc3bbdde3cf34bf5b848fa59c8bc10227cc3eba3452a85e0520fccdb2d8d32dd99672d302756a2d7f7f2693db3a48be17bd34d9d891f4ba44449c5bad1de91b788f524500a7703cccbaa77b9fe8791f5c8aa7b8f055336f28fcfc01733712e33cfb3d33fe71ddb9ced2a31931ec38007f5ad4a0d19acc428124b0e5ee6e0746fb33c1a4d90c8":0 RSA PKCS1 Verify v1.5 CAVS #28 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"3bba64de38438a71b95ab9c94539d5870c1fb08d7a9937600c00e9d063438edc97e625d0cd4b1eb00c31c9d94c7a0fe6d03160d1b6cbec5acdad16ada6ef253fee603df9faca8f98a477cc5456f3dfbf6414dbf19f3832e227ce291780188881e82e96a2e84744f12a34a9808a2daedc6fd00b345c6772bec26a095719451e6a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"8c846e75e32ce5f9964bdd8f6dcf1d2996a646b233bcf1bd6394e13e856691b89bedd18290a0f9f7c90dca307271b3108e795340490513b25e6789e93722c65ec064b4c43457295a31d1f07dd605e133fd6eaafc58cda132df2939f5f693e0205af34550afaa137f3e482885e50dfb48333a15c0821e7a19642acdddc6fea3c7487c691246a2b083dac439889d5ae741b7e08c47937530b4b069f1a260cd07fe4a0ddd530ab11534fb805e9b562118ee0e97932966008aadfc83f3b8a10de8ee":0 RSA PKCS1 Verify v1.5 CAVS #29 @@ -199,11 +199,11 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Sign #3 (SHA224, 2048 bits RSA) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0 RSA PKCS1 Sign #3 Verify -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0 RSA PKCS1 Sign #4 (SHA384, 2048 bits RSA) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f2a9b9878..4d22c9b35 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -497,8 +497,10 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, @@ -538,8 +540,10 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - if( mbedtls_md_info_from_type( digest ) != NULL ) + if( mbedtls_md_info_from_type( digest ) != MBEDTLS_MD_INVALID_HANDLE ) + { TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); + } TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str->x ) == result ); diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index 2f65c230e..b88fda040 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -52,31 +52,31 @@ SHA-256 Invalid parameters sha256_invalid_param: SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 sha224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" SHA-256 Test Vector NIST CAVS #1 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b177779e7..9873dd828 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -102,12 +102,12 @@ static int build_transforms( mbedtls_ssl_transform *t_in, if( cipher_info->mode == MBEDTLS_MODE_CBC || cipher_info->mode == MBEDTLS_MODE_STREAM ) { - mbedtls_md_info_t const *md_info; + mbedtls_md_handle_t md_info; unsigned char *md0, *md1; /* Pick hash */ md_info = mbedtls_md_info_from_type( hash_id ); - CHK( md_info != NULL ); + CHK( md_info != MBEDTLS_MD_INVALID_HANDLE ); /* Pick hash keys */ maclen = mbedtls_md_get_size( md_info ); @@ -121,7 +121,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 ); CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 ); - if( ver > MBEDTLS_SSL_MINOR_VERSION_0 ) + if( mbedtls_ssl_ver_gt( ver, MBEDTLS_SSL_MINOR_VERSION_0 ) ) { CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc, md0, maclen ) == 0 ); diff --git a/tests/suites/test_suite_tinycrypt.data b/tests/suites/test_suite_tinycrypt.data new file mode 100644 index 000000000..ac2a8e23e --- /dev/null +++ b/tests/suites/test_suite_tinycrypt.data @@ -0,0 +1,11 @@ +Tinycrypt ECDH +test_ecdh: + +Tinycrypt ECDSA +test_ecdsa: + +ECDH primitive rfc 5903 p256 +ecdh_primitive_testvec:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8AFE84049C62A9C57862D1433":"DAD0B65394221CF9B051E1FECA5787D098DFE637FC90B9EF945D0C3772581180":"5271A0461CDB8252D61F1C456FA3E59AB1F45B33ACCF5F58389E0577B8990BB3":"C6EF9C5D78AE012A011164ACB397CE2088685D8F06BF9BE0B283AB46476BEE53":"D12DFB5289C8D4F81208B70270398C342296970A0BCCB74C736FC7554494BF63":"56FBF3CA366CC23E8157854C13C58D6AAC23F046ADA30F8353E74F33039872AB":"D6840F6B42F6EDAFD13116E0E12565202FEF8E9ECE7DCE03812464D04B9442DE" + +ECDSA primitive rfc 4754 p256 +ecdsa_primitive_testvec:"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":1 diff --git a/tests/suites/test_suite_tinycrypt.function b/tests/suites/test_suite_tinycrypt.function new file mode 100644 index 000000000..24b331d80 --- /dev/null +++ b/tests/suites/test_suite_tinycrypt.function @@ -0,0 +1,117 @@ +/* BEGIN_HEADER */ + +#include "tinycrypt/ecc.h" +#include "tinycrypt/ecc_dh.h" +#include "tinycrypt/ecc_dsa.h" + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_USE_TINYCRYPT + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void test_ecdh() +{ + uint8_t private1[NUM_ECC_BYTES] = {0}; + uint8_t private2[NUM_ECC_BYTES] = {0}; + uint8_t public1[2*NUM_ECC_BYTES] = {0}; + uint8_t public2[2*NUM_ECC_BYTES] = {0}; + uint8_t secret1[NUM_ECC_BYTES] = {0}; + uint8_t secret2[NUM_ECC_BYTES] = {0}; + + const struct uECC_Curve_t * curve = uECC_secp256r1(); + + uECC_set_rng( &uecc_rng_wrapper ); + + TEST_ASSERT( uECC_make_key( public1, private1, curve ) != 0 ); + + TEST_ASSERT( uECC_make_key( public2, private2, curve ) != 0 ); + + TEST_ASSERT( uECC_shared_secret( public2, private1, secret1, curve ) != 0 ); + + TEST_ASSERT( uECC_shared_secret( public1, private2, secret2, curve ) != 0 ); + + TEST_ASSERT( memcmp( secret1, secret2, sizeof( secret1 ) ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void test_ecdsa() +{ + uint8_t private[NUM_ECC_BYTES] = {0}; + uint8_t public[2*NUM_ECC_BYTES] = {0}; + uint8_t hash[NUM_ECC_BYTES] = {0}; + uint8_t sig[2*NUM_ECC_BYTES] = {0}; + + const struct uECC_Curve_t * curve = uECC_secp256r1(); + + uECC_set_rng( &uecc_rng_wrapper ); + + TEST_ASSERT( rnd_std_rand( NULL, hash, NUM_ECC_BYTES ) == 0 ); + + TEST_ASSERT( uECC_make_key( public, private, curve ) != 0 ); + + TEST_ASSERT( uECC_sign( private, hash, sizeof( hash ), sig, curve ) != 0 ); + + TEST_ASSERT( uECC_verify( public, hash, sizeof( hash ), sig, curve ) != 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void ecdh_primitive_testvec( data_t * private1, data_t * xA_str, + data_t * yA_str, data_t * private2, + data_t * xB_str, data_t * yB_str, data_t * z_str ) +{ + const struct uECC_Curve_t * curve = uECC_secp256r1(); + uint8_t public1[2*NUM_ECC_BYTES] = {0}; + uint8_t public2[2*NUM_ECC_BYTES] = {0}; + uint8_t secret1[NUM_ECC_BYTES] = {0}; + uint8_t secret2[NUM_ECC_BYTES] = {0}; + + memcpy( public1, xA_str->x, xA_str->len ); + memcpy( public1 + NUM_ECC_BYTES, yA_str->x, yA_str->len ); + memcpy( public2, xB_str->x, xB_str->len ); + memcpy( public2 + NUM_ECC_BYTES, yB_str->x, yB_str->len ); + + // Compute shared secrets and compare to test vector secret + TEST_ASSERT( uECC_shared_secret( public2, private1->x, secret1, curve ) != 0 ); + + TEST_ASSERT( uECC_shared_secret( public1, private2->x, secret2, curve ) != 0 ); + + TEST_ASSERT( memcmp( secret1, secret2, sizeof( secret1 ) ) == 0 ); + TEST_ASSERT( memcmp( secret1, z_str->x, sizeof( secret1 ) ) == 0 ); + TEST_ASSERT( memcmp( secret2, z_str->x, sizeof( secret2 ) ) == 0 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_TINYCRYPT */ +void ecdsa_primitive_testvec( data_t * xQ_str, data_t * yQ_str, + data_t * hash, data_t * r_str, data_t * s_str, + int result ) +{ + const struct uECC_Curve_t * curve = uECC_secp256r1(); + uint8_t pub_bytes[2*NUM_ECC_BYTES] = {0}; + uint8_t sig_bytes[2*NUM_ECC_BYTES] = {0}; + + memcpy( pub_bytes, xQ_str->x, xQ_str->len ); + memcpy( pub_bytes + NUM_ECC_BYTES, yQ_str->x, yQ_str->len ); + memcpy( sig_bytes, r_str->x, r_str->len ); + memcpy( sig_bytes + NUM_ECC_BYTES, s_str->x, r_str->len ); + + TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len, + sig_bytes, curve ) == result ); + + // Alter the signature and check the verification fails + for( int i = 0; i < 2*NUM_ECC_BYTES; i++ ) + { + uint8_t temp = sig_bytes[i]; + sig_bytes[i] = ( sig_bytes[i] + 1 ) % 256; + TEST_ASSERT( uECC_verify( pub_bytes, hash->x, hash->len, + sig_bytes, curve ) == 0 ); + sig_bytes[i] = temp; + } + +} +/* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 375feb9a3..abf2ab353 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -39,7 +39,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA256 Digest @@ -59,7 +59,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA256 Digest @@ -79,7 +79,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED: x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_SHA256_NO_SHA224 x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA256 Digest @@ -167,7 +167,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest @@ -187,7 +187,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!M mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest @@ -207,7 +207,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMO mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest @@ -291,7 +291,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!M mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO:!MBEDTLS_SHA256_NO_SHA224 mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA256 @@ -544,7 +544,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDT x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" X509 CRT verification #15 (Valid Cert SHA224 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #16 (Valid Cert SHA256 Digest) @@ -560,11 +560,11 @@ depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBE x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #19 (Valid Cert, denying callback) -depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none" X509 CRT verification #19 (Not trusted Cert, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all" X509 CRT verification #21 (domain matching wildcard certificate, case insensitive) @@ -668,7 +668,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_SHA256_NO_SHA224:!MBEDTLS_USE_TINYCRYPT x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) @@ -768,7 +768,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MB x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C:!MBEDTLS_SHA256_NO_SHA224 x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256) @@ -920,7 +920,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MB x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #92 (bad name, allowing callback) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_TINYCRYPT:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) @@ -936,7 +936,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:!MBEDTLS_SHA256_NO_SHA224 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 96ad7d932..130d90fa8 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -334,7 +334,10 @@ void x509_verify_restart( char *crt_file, char *ca_file, NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &flags, - NULL, NULL, &rs_ctx ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + NULL, NULL, +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == result ); @@ -355,7 +358,10 @@ void x509_verify_restart( char *crt_file, char *ca_file, NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &flags, - NULL, NULL, &rs_ctx ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) + NULL, NULL, +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + &rs_ctx ); TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); exit: @@ -376,7 +382,9 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, mbedtls_x509_crl crl; uint32_t flags = 0; int res; +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL; +#endif const mbedtls_x509_crt_profile *profile; #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) char * cn_name = NULL; @@ -406,6 +414,7 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, else TEST_ASSERT( "Unknown algorithm profile" == 0 ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) if( strcmp( verify_callback, "NULL" ) == 0 ) f_vrfy = NULL; else if( strcmp( verify_callback, "verify_none" ) == 0 ) @@ -414,16 +423,28 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, f_vrfy = verify_all; else TEST_ASSERT( "No known verify callback selected" == 0 ); +#else + if( strcmp( verify_callback, "NULL" ) != 0 ) + TEST_ASSERT( "Verify callbacks disabled" == 0 ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 ); +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) cn_name, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ &flags, f_vrfy, NULL ); +#else + res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + cn_name, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags ); +#endif TEST_ASSERT( res == ( result ) ); if( flags != (uint32_t) flags_result ) @@ -441,7 +462,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ void x509_verify_callback( char *crt_file, char *ca_file, char *name, int exp_ret, char *exp_vrfy_out ) { @@ -827,11 +848,21 @@ void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int, TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 ); /* Try to verify that chain */ +#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK) ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, #if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) NULL, #endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ - &flags, NULL, NULL ); + &flags, + NULL, NULL ); +#else + ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, +#if !defined(MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION) + NULL, +#endif /* !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */ + &flags ); +#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ + TEST_ASSERT( ret == ret_chk ); TEST_ASSERT( flags == (uint32_t) flags_chk ); @@ -841,7 +872,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result, int result, char *profile_name, int vrfy_fatal_lvls ) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index c5f7462dd..468b806a1 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0 Certificate Request check Server1 SHA224 -depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_SHA256_NO_SHA224 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0 Certificate Request check Server1 SHA256 diff --git a/tinycrypt/LICENSE b/tinycrypt/LICENSE new file mode 100644 index 000000000..2e1db516a --- /dev/null +++ b/tinycrypt/LICENSE @@ -0,0 +1,61 @@ + +================================================================================ + + TinyCrypt Cryptographic Library + +================================================================================ + + Copyright (c) 2017, Intel Corporation. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + - Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + - Neither the name of the Intel Corporation nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +================================================================================ +Copyright (c) 2014, Kenneth MacKay +All rights reserved. + +https://github.com/kmackay/micro-ecc + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +================================================================================ diff --git a/tinycrypt/README b/tinycrypt/README new file mode 100644 index 000000000..d0f49a69e --- /dev/null +++ b/tinycrypt/README @@ -0,0 +1,77 @@ + +================================================================================ + + TinyCrypt Cryptographic Library + (integrated as part of Mbed TLS) + +================================================================================ + + Copyright (c) 2017, Intel Corporation. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + - Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + - Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + - Neither the name of the Intel Corporation nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +================================================================================ + +Copyright (c) 2019 ARM Limited + +================================================================================ +Overview: + +The TinyCrypt Library provides an implementation for constrained devices of a +minimal set of standard cryptography primitives. + +This is a modified form of the library based on version 0.2.8 included as part +of Mbed TLS as a compilation option. It is not included in its full form and +those wishing to use TinyCrypt should use the original unmodified project. + +The original project can be found here: https://github.com/intel/tinycrypt + +Contributions should be made upstream to that project, and full documentation +can be found in the originating repository. + +================================================================================ + +Organization: + +tinycrypt: C source code of the cryptographic primitives. +include/tinycrypt: C header files of the cryptographic primitives. + +No documentation is provided, and instead is available with the original +project. + +Tests are provided as part of Mbed TLS and the Mbed TLS test suites. + +================================================================================ + +Building: + +To include TinyCrypt as part of Mbed TLS, enable the configuration option +MBEDTLS_USE_TINYCRYPT in the configration file 'include/mbedtls/config.h', and +build as Mbed TLS as normal. + +================================================================================ + diff --git a/tinycrypt/ecc.c b/tinycrypt/ecc.c index ab1956a50..cef1469ee 100644 --- a/tinycrypt/ecc.c +++ b/tinycrypt/ecc.c @@ -1,5 +1,10 @@ /* ecc.c - TinyCrypt implementation of common ECC functions */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. diff --git a/tinycrypt/ecc_dh.c b/tinycrypt/ecc_dh.c index 8aae1a214..ec1328e14 100644 --- a/tinycrypt/ecc_dh.c +++ b/tinycrypt/ecc_dh.c @@ -1,5 +1,10 @@ /* ec_dh.c - TinyCrypt implementation of EC-DH */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* * Copyright (c) 2014, Kenneth MacKay * All rights reserved. diff --git a/tinycrypt/ecc_dsa.c b/tinycrypt/ecc_dsa.c index 374309191..a3893d37f 100644 --- a/tinycrypt/ecc_dsa.c +++ b/tinycrypt/ecc_dsa.c @@ -1,5 +1,10 @@ /* ec_dsa.c - TinyCrypt implementation of EC-DSA */ +/* + * Copyright (c) 2019, Arm Limited (or its affiliates), All Rights Reserved. + * SPDX-License-Identifier: BSD-3-Clause + */ + /* Copyright (c) 2014, Kenneth MacKay * All rights reserved. * diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 2ec9178af..e6f9ec815 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -264,7 +264,6 @@ -