2025-08-04 15:01:03 +00:00
69 changed files with 872 additions and 1145 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -8,7 +8,7 @@ endif()
 option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
 option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
-option(ENABLE_PROGRAMS "Build mbed TLS programs." OFF)
+option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
 option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@ -21,7 +21,7 @@ string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
 if(CMAKE_COMPILER_IS_MSVC)
    option(ENABLE_TESTING "Build mbed TLS tests." OFF)
 else()
-    option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+    option(ENABLE_TESTING "Build mbed TLS tests." ON)
 endif()
 # Warning string - created as a list for compatibility with CMake 2.8
@ -157,9 +157,6 @@ if(CMAKE_COMPILER_IS_IAR)
 endif(CMAKE_COMPILER_IS_IAR)
 if(CMAKE_COMPILER_IS_MSVC)
    # Compile with UTF-8 encoding (REMOVE THIS COMMIT ONCE A FIX IS DEPLOYED UPSTREAM)
    add_compile_options(/utf-8)
    # Strictest warnings, and treat as errors
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
--- a/47
+++ b/47
@ -1,52 +1,5 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 2.16.10 branch released 2021-03-12
 Default behavior changes
   * In mbedtls_rsa_context objects, the ver field was formerly documented
     as always 0. It is now reserved for internal purposes and may take
     different values.
 Security
   * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
     |A| - |B| where |B| is larger than |A| and has more limbs (so the
     function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
     applications calling mbedtls_mpi_sub_abs() directly are affected:
     all calls inside the library were safe since this function is
     only called with |A| >= |B|. Reported by Guido Vranken in #4042.
   * Fix an errorneous estimation for an internal buffer in
     mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
     value the function might fail to write a private RSA keys of the largest
     supported size.
     Found by Daniel Otte, reported in #4093 and fixed in #4094,
     backported in #4100.
   * Fix a stack buffer overflow with mbedtls_net_poll() and
     mbedtls_net_recv_timeout() when given a file descriptor that is
     beyond FD_SETSIZE. Reported by FigBug in #4169.
   * Guard against strong local side channel attack against base64 tables by
     making access aceess to them use constant flow code.
 Bugfix
   * Fix an incorrect error code if an RSA private operation glitched.
   * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
     is enabled, on platforms where initializing a mutex allocates resources.
     This was a regression introduced in the previous release. Reported in
     #4017, #4045 and #4071.
   * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
     twice is safe. This happens for RSA when some Mbed TLS library functions
     fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
     enabled on platforms where freeing a mutex twice is not safe.
   * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
     when MBEDTLS_THREADING_C is enabled on platforms where initializing
     a mutex allocates resources.
   * This change makes 'mbedtls_x509write_crt_set_basic_constraints'
     consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
     include this extension in all CA certificates that contain public keys
     used to validate digital signatures on certificates and MUST mark the
     extension as critical in such certificates." Previous to this change,
     the extension was always marked as non-critical. This was fixed by
     #4044.
 = mbed TLS 2.16.9 branch released 2020-12-11
 Security
--- a/ChangeLog.d/add-missing-parenthesis.txt
+++ b/ChangeLog.d/add-missing-parenthesis.txt
@ -1,3 +0,0 @@
 Bugfix
   * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
     defined. Fixes #4217.
--- a/ChangeLog.d/aescrypt2.txt
+++ b/ChangeLog.d/aescrypt2.txt
@ -1,3 +0,0 @@
 Changes
   * Remove the AES sample application programs/aes/aescrypt2 which shows
     bad cryptographic practice. Fix #1906.
--- a/ChangeLog.d/bugfix_PR3616.txt
+++ b/ChangeLog.d/bugfix_PR3616.txt
@ -1,5 +0,0 @@
 Bugfix
   * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
     lead to the seed file corruption in case if the path to the seed file is
     equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
     Krasnoshchok in #3616.
--- a/ChangeLog.d/dhm_min_bitlen.txt
+++ b/ChangeLog.d/dhm_min_bitlen.txt
@ -1,4 +0,0 @@
 Bugfix
   * In a TLS client, enforce the Diffie-Hellman minimum parameter size
     set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
     minimum size was rounded down to the nearest multiple of 8.
--- a/ChangeLog.d/dtls_sample_use_read_timeout.txt
+++ b/ChangeLog.d/dtls_sample_use_read_timeout.txt
@ -1,2 +0,0 @@
 Changes
   * Fix the setting of the read timeout in the DTLS sample programs.
--- a/ChangeLog.d/fix-pk-parse-key-error-code.txt
+++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt
@ -1,2 +0,0 @@
 Bugfix
   * Fix an incorrect error code when parsing a PKCS#8 private key.
--- a/ChangeLog.d/mpi_read_negative_zero.txt
+++ b/ChangeLog.d/mpi_read_negative_zero.txt
@ -1,3 +0,0 @@
 Bugfix
   * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
     as equal to 0 in all cases. Fix it to produce the same object as "0".
--- a/4
+++ b/4
@ -124,11 +124,11 @@ endif
 ## Editor navigation files
 C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
 # Exuberant-ctags invocation. Other ctags implementations may require different options.
-CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o
+CTAGS = ctags --langmap=c:+.h.function -o
 tags: $(C_SOURCE_FILES)
 	$(CTAGS) $@ $(C_SOURCE_FILES)
 TAGS: $(C_SOURCE_FILES)
-	etags --no-line-directive -o $@ $(C_SOURCE_FILES)
+	etags -o $@ $(C_SOURCE_FILES)
 global: GPATH GRTAGS GSYMS GTAGS
 GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
 	ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@ -49,7 +49,7 @@
 */
 /**
- * @mainpage mbed TLS v2.16.10 source code documentation
+ * @mainpage mbed TLS v2.16.9 source code documentation
 *
 * This documentation describes the internal structure of mbed TLS.  It was
 * automatically generated from specially formatted comment blocks in
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
-PROJECT_NAME           = "mbed TLS v2.16.10"
+PROJECT_NAME           = "mbed TLS v2.16.9"
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1746,23 +1746,6 @@
 */
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 /**
 * \def MBEDTLS_TEST_HOOKS
 *
 * Enable features for invasive testing such as introspection functions and
 * hooks for fault injection. This enables additional unit tests.
 *
 * Merely enabling this feature should not change the behavior of the product.
 * It only adds new code, and new branching points where the default behavior
 * is the same as when this feature is disabled.
 * However, this feature increases the attack surface: there is an added
 * risk of vulnerabilities, and more gadgets that can make exploits easier.
 * Therefore this feature must never be enabled in production.
 *
 * Uncomment to enable invasive tests.
 */
 //#define MBEDTLS_TEST_HOOKS
 /**
 * \def MBEDTLS_THREADING_ALT
 *
@ -2249,7 +2232,7 @@
 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
 *
 */
-#define MBEDTLS_CMAC_C
+//#define MBEDTLS_CMAC_C
 /**
 * \def MBEDTLS_CTR_DRBG_C
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@ -214,13 +214,6 @@ typedef struct mbedtls_ctr_drbg_context
    void *p_entropy;            /*!< The context for the entropy function. */
 #if defined(MBEDTLS_THREADING_C)
    /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
     * This means that the mutex is initialized during the initial seeding
     * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
     *
     * Note that this invariant may change without notice. Do not rely on it
     * and do not access the mutex directly in application code.
     */
    mbedtls_threading_mutex_t mutex;
 #endif
 }
@ -284,15 +277,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 *                      device.
 */
 #endif
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      after this function returns successfully,
 *                      it is safe to call mbedtls_ctr_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param ctx           The CTR_DRBG context to seed.
 *                      It must have been initialized with
@ -302,8 +286,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 *                      the same context unless you call
 *                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
 *                      again first.
 *                      After a failed call to mbedtls_ctr_drbg_seed(),
 *                      you must call mbedtls_ctr_drbg_free().
 * \param f_entropy     The entropy callback, taking as arguments the
 *                      \p p_entropy context, the buffer to fill, and the
 *                      length of the buffer.
@ -395,11 +377,6 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
 * \brief               This function reseeds the CTR_DRBG context, that is
 *                      extracts data from the entropy source.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param ctx           The CTR_DRBG context.
 * \param additional    Additional data to add to the state. Can be \c NULL.
 * \param len           The length of the additional data.
@ -417,11 +394,6 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
 /**
 * \brief              This function updates the state of the CTR_DRBG context.
 *
 * \note               This function is not thread-safe. It is not safe
 *                     to call this function if another thread might be
 *                     concurrently obtaining random numbers from the same
 *                     context or updating or reseeding the same context.
 *
 * \param ctx          The CTR_DRBG context.
 * \param additional   The data to update the state with. This must not be
 *                     \c NULL unless \p add_len is \c 0.
@ -445,11 +417,6 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
@ -478,16 +445,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 *
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
- */
+ *
-#if defined(MBEDTLS_THREADING_C)
+ *
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      it is safe to call mbedtls_ctr_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -147,15 +147,13 @@ mbedtls_entropy_source_state;
 */
 typedef struct mbedtls_entropy_context
 {
-    int accumulator_started; /* 0 after init.
+    int accumulator_started;
                              * 1 after the first update.
                              * -1 after free. */
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
    mbedtls_sha512_context  accumulator;
 #else
    mbedtls_sha256_context  accumulator;
 #endif
-    int             source_count; /* Number of entries used in source. */
+    int             source_count;
    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_havege_state    havege_data;
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@ -128,14 +128,6 @@ typedef struct mbedtls_hmac_drbg_context
    void *p_entropy;            /*!< context for the entropy function        */
 #if defined(MBEDTLS_THREADING_C)
    /* Invariant: the mutex is initialized if and only if
     * md_ctx->md_info != NULL. This means that the mutex is initialized
     * during the initial seeding in mbedtls_hmac_drbg_seed() or
     * mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free().
     *
     * Note that this invariant may change without notice. Do not rely on it
     * and do not access the mutex directly in application code.
     */
    mbedtls_threading_mutex_t mutex;
 #endif
 } mbedtls_hmac_drbg_context;
@ -185,17 +177,7 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
 * \note                During the initial seeding, this function calls
 *                      the entropy source to obtain a nonce
 *                      whose length is half the entropy length.
- */
+ *
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      after this function returns successfully,
 *                      it is safe to call mbedtls_hmac_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param ctx           HMAC_DRBG context to be seeded.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param f_entropy     The entropy callback, taking as arguments the
@ -234,17 +216,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
 *
 * This function is meant for use in algorithms that need a pseudorandom
 * input such as deterministic ECDSA.
- */
+ *
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      after this function returns successfully,
 *                      it is safe to call mbedtls_hmac_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param ctx           HMAC_DRBG context to be initialised.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param data          Concatenation of the initial entropy string and
@ -307,11 +279,6 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
 /**
 * \brief               This function updates the state of the HMAC_DRBG context.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param ctx           The HMAC_DRBG context.
 * \param additional    The data to update the state with.
 *                      If this is \c NULL, there is no additional data.
@ -328,11 +295,6 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
 * \brief               This function reseeds the HMAC_DRBG context, that is
 *                      extracts data from the entropy source.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param ctx           The HMAC_DRBG context.
 * \param additional    Additional data to add to the state.
 *                      If this is \c NULL, there is no additional data
@ -358,11 +320,6 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
 *                      #mbedtls_hmac_drbg_context structure.
 * \param output        The buffer to fill.
@ -392,16 +349,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
 *
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
- */
+ *
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      it is safe to call mbedtls_ctr_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
 *                      #mbedtls_hmac_drbg_context structure.
 * \param output        The buffer to fill.
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@ -151,7 +151,6 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
 *
 * \return         0 if successful, or one of:
 *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
 *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
 *                      MBEDTLS_ERR_NET_BIND_FAILED,
 *                      MBEDTLS_ERR_NET_LISTEN_FAILED
 *
@ -171,8 +170,6 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
 *                  can be NULL if client_ip is null
 *
 * \return          0 if successful, or
 *                  MBEDTLS_ERR_NET_SOCKET_FAILED,
 *                  MBEDTLS_ERR_NET_BIND_FAILED,
 *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
 *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
 *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
@ -185,10 +182,6 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
 /**
 * \brief          Check and wait for the context to be ready for read/write
 *
 * \note           The current implementation of this function uses
 *                 select() and returns an error if the file descriptor
 *                 is \c FD_SETSIZE or greater.
 *
 * \param ctx      Socket to check
 * \param rw       Bitflag composed of MBEDTLS_NET_POLL_READ and
 *                 MBEDTLS_NET_POLL_WRITE specifying the events
@ -270,21 +263,16 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
 *                 'timeout' seconds. If no error occurs, the actual amount
 *                 read is returned.
 *
 * \note           The current implementation of this function uses
 *                 select() and returns an error if the file descriptor
 *                 is \c FD_SETSIZE or greater.
 *
 * \param ctx      Socket
 * \param buf      The buffer to write to
 * \param len      Maximum length of the buffer
 * \param timeout  Maximum number of milliseconds to wait for data
 *                 0 means no timeout (wait forever)
 *
- * \return         The number of bytes received if successful.
+ * \return         the number of bytes received,
- *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out.
+ *                 or a non-zero error code:
 *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
 *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
 *                 Another negative error code (MBEDTLS_ERR_NET_xxx)
 *                 for other failures.
 *
 * \note           This function will block (until data becomes available or
 *                 timeout is reached) even if the socket is set to
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -124,10 +124,7 @@ extern "C" {
 */
 typedef struct mbedtls_rsa_context
 {
-    int ver;                    /*!<  Reserved for internal purposes.
+    int ver;                    /*!<  Always 0.*/
                                 *    Do not set this field in application
                                 *    code. Its meaning might change without
                                 *    notice. */
    size_t len;                 /*!<  The size of \p N in Bytes. */
    mbedtls_mpi N;              /*!<  The public modulus. */
@ -157,7 +154,6 @@ typedef struct mbedtls_rsa_context
                                     mask generating function used in the
                                     EME-OAEP and EMSA-PSS encodings. */
 #if defined(MBEDTLS_THREADING_C)
    /* Invariant: the mutex is initialized iff ver != 0. */
    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex. */
 #endif
 }
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@ -73,9 +73,6 @@ extern "C" {
 typedef struct mbedtls_threading_mutex_t
 {
    pthread_mutex_t mutex;
    /* is_valid is 0 after a failed init or a free, and nonzero after a
     * successful init. This field is not considered part of the public
     * API of Mbed TLS and may change without notice. */
    char is_valid;
 } mbedtls_threading_mutex_t;
 #endif
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@ -65,16 +65,16 @@
 */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  16
-#define MBEDTLS_VERSION_PATCH  10
+#define MBEDTLS_VERSION_PATCH  9
 /**
 * The single version number has the following structure:
 *    MMNNPP00
 *    Major version | Minor version | Patch version
 */
-#define MBEDTLS_VERSION_NUMBER         0x02100A00
+#define MBEDTLS_VERSION_NUMBER         0x02100900
-#define MBEDTLS_VERSION_STRING         "2.16.10"
+#define MBEDTLS_VERSION_STRING         "2.16.9"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.10"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.9"
 #if defined(MBEDTLS_VERSION_C)
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
 if(USE_SHARED_MBEDTLS_LIBRARY)
    add_library(mbedcrypto SHARED ${src_crypto})
-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.10 SOVERSION 3)
+    set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.9 SOVERSION 3)
    target_link_libraries(mbedcrypto ${libs})
    add_library(mbedx509 SHARED ${src_x509})
-    set_target_properties(mbedx509 PROPERTIES VERSION 2.16.10 SOVERSION 0)
+    set_target_properties(mbedx509 PROPERTIES VERSION 2.16.9 SOVERSION 0)
    target_link_libraries(mbedx509 ${libs} mbedcrypto)
    add_library(mbedtls SHARED ${src_tls})
-    set_target_properties(mbedtls PROPERTIES VERSION 2.16.10 SOVERSION 12)
+    set_target_properties(mbedtls PROPERTIES VERSION 2.16.9 SOVERSION 12)
    target_link_libraries(mbedtls ${libs} mbedx509)
    install(TARGETS mbedtls mbedx509 mbedcrypto
--- a/library/base64.c
+++ b/library/base64.c
@ -96,99 +96,6 @@ static const unsigned char base64_dec_map[128] =
 #define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
 /*
 * Constant flow conditional assignment to unsigned char
 */
 static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
                                       unsigned char condition )
 {
    /* MSVC has a warning about unary minus on unsigned integer types,
     * but this is well-defined and precisely what we want to do here. */
 #if defined(_MSC_VER)
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
    /* Generate bitmask from condition, mask will either be 0xFF or 0 */
    unsigned char mask = ( condition | -condition );
    mask >>= 7;
    mask = -mask;
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
    *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
 }
 /*
 * Constant flow conditional assignment to uint_32
 */
 static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
                                       uint32_t condition )
 {
    /* MSVC has a warning about unary minus on unsigned integer types,
     * but this is well-defined and precisely what we want to do here. */
 #if defined(_MSC_VER)
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
    /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
    uint32_t mask = ( condition | -condition );
    mask >>= 31;
    mask = -mask;
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
    *dest = ( src & mask ) | ( ( *dest ) & ~mask );
 }
 /*
 * Constant flow check for equality
 */
 static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
 {
    size_t difference = in_a ^ in_b;
    /* MSVC has a warning about unary minus on unsigned integer types,
     * but this is well-defined and precisely what we want to do here. */
 #if defined(_MSC_VER)
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
    difference |= -difference;
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
    /* cope with the varying size of size_t per platform */
    difference >>= ( sizeof( difference ) * 8 - 1 );
    return (unsigned char) ( 1 ^ difference );
 }
 /*
 * Constant flow lookup into table.
 */
 static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
                                                 const size_t table_size, const size_t table_index )
 {
    size_t i;
    unsigned char result = 0;
    for( i = 0; i < table_size; ++i )
    {
        mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
    }
    return result;
 }
 /*
 * Encode a buffer into base64 format
 */
@ -229,17 +136,10 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
        C2 = *src++;
        C3 = *src++;
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-                                            ( ( C1 >> 2 ) & 0x3F ) );
+        *p++ = base64_enc_map[(((C1 &  3) << 4) + (C2 >> 4)) & 0x3F];
-
+        *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+        *p++ = base64_enc_map[C3 & 0x3F];
                                            ( ( ( ( C1 &  3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
                                            ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
                                            ( C3 & 0x3F ) );
    }
    if( i < slen )
@ -247,15 +147,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
        C1 = *src++;
        C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
-        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+        *p++ = base64_enc_map[(C1 >> 2) & 0x3F];
-                                            ( ( C1 >> 2 ) & 0x3F ) );
+        *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
        *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
                                            ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
        if( ( i + 1 ) < slen )
-             *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
+             *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
                                                 ( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
        else *p++ = '=';
        *p++ = '=';
@ -276,7 +172,6 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
    size_t i, n;
    uint32_t j, x;
    unsigned char *p;
    unsigned char dec_map_lookup;
    /* First pass: check for validity and get output length */
    for( i = n = j = 0; i < slen; i++ )
@ -307,12 +202,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
        if( src[i] == '=' && ++j > 2 )
            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-        dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
+        if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
        if( src[i] > 127 || dec_map_lookup == 127 )
            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-        if( dec_map_lookup < 64 && j != 0 )
+        if( base64_dec_map[src[i]] < 64 && j != 0 )
            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
        n++;
@ -342,10 +235,8 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
        if( *src == '\r' || *src == '\n' || *src == ' ' )
            continue;
-        dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
+        j -= ( base64_dec_map[*src] == 64 );
-
+        x  = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
        mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
        x  = ( x << 6 ) | ( dec_map_lookup & 0x3F );
        if( ++n == 4 )
        {
--- a/library/bignum.c
+++ b/library/bignum.c
@ -500,7 +500,6 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
 {
    int ret;
    size_t i, j, slen, n;
    int sign = 1;
    mbedtls_mpi_uint d;
    mbedtls_mpi T;
    MPI_VALIDATE_RET( X != NULL );
@ -511,12 +510,6 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
    mbedtls_mpi_init( &T );
    if( s[0] == '-' )
    {
        ++s;
        sign = -1;
    }
    slen = strlen( s );
    if( radix == 16 )
@ -531,6 +524,12 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
        for( i = slen, j = 0; i > 0; i--, j++ )
        {
            if( i == 1 && s[i - 1] == '-' )
            {
                X->s = -1;
                break;
            }
            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
            X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
        }
@ -541,15 +540,26 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
        for( i = 0; i < slen; i++ )
        {
            if( i == 0 && s[i] == '-' )
            {
                X->s = -1;
                continue;
            }
            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
+
            if( X->s == 1 )
            {
                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
            }
            else
            {
                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
            }
        }
    }
    if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
        X->s = -1;
 cleanup:
    mbedtls_mpi_free( &T );
@ -1344,12 +1354,6 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
    for( n = B->n; n > 0; n-- )
        if( B->p[n - 1] != 0 )
            break;
    if( n > A->n )
    {
        /* B >= (2^ciL)^n > A */
        ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
        goto cleanup;
    }
    carry = mpi_sub_hlp( n, X->p, B->p );
    if( carry != 0 )
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@ -83,6 +83,10 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
    memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init( &ctx->mutex );
 #endif
 }
 /*
@ -95,13 +99,14 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
        return;
 #if defined(MBEDTLS_THREADING_C)
-    /* The mutex is initialized iff f_entropy is set. */
+    mbedtls_mutex_free( &ctx->mutex );
    if( ctx->f_entropy != NULL )
        mbedtls_mutex_free( &ctx->mutex );
 #endif
    mbedtls_aes_free( &ctx->aes_ctx );
    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init( &ctx->mutex );
 #endif
 }
 void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, int resistance )
@ -417,11 +422,6 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
    memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
    /* The mutex is initialized iff f_entropy is set. */
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init( &ctx->mutex );
 #endif
    mbedtls_aes_init( &ctx->aes_ctx );
    ctx->f_entropy = f_entropy;
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@ -247,9 +247,6 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) || \
    !defined(MBEDTLS_ECDSA_SIGN_ALT)     || \
    !defined(MBEDTLS_ECDSA_VERIFY_ALT)
 /*
 * Derive a suitable integer for group grp from a buffer of length len
 * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
@ -272,7 +269,6 @@ static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
 cleanup:
    return( ret );
 }
 #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
 #if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
@ -784,8 +780,6 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
    (void) md_alg;
 #if defined(MBEDTLS_ECDSA_SIGN_ALT)
    (void) rs_ctx;
    MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d,
                         hash, hlen, f_rng, p_rng ) );
 #else
@ -894,8 +888,6 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
        goto cleanup;
    }
 #if defined(MBEDTLS_ECDSA_VERIFY_ALT)
    (void) rs_ctx;
    if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen,
                                      &ctx->Q, &r, &s ) ) != 0 )
        goto cleanup;
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@ -850,8 +850,6 @@ static const unsigned char ecjpake_test_password[] = {
    0x65, 0x73, 0x74
 };
 #if !defined(MBEDTLS_ECJPAKE_ALT)
 static const unsigned char ecjpake_test_x1[] = {
    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
    0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
@ -996,8 +994,6 @@ cleanup:
    return( ret );
 }
 #endif /* ! MBEDTLS_ECJPAKE_ALT */
 /* For tests we don't need a secure RNG;
 * use the LGC from Numerical Recipes for simplicity */
 static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
@ -1093,12 +1089,6 @@ int mbedtls_ecjpake_self_test( int verbose )
    if( verbose != 0 )
        mbedtls_printf( "passed\n" );
 #if !defined(MBEDTLS_ECJPAKE_ALT)
    /* 'reference handshake' tests can only be run against implementations
     * for which we have 100% control over how the random ephemeral keys
     * are generated. This is only the case for the internal mbed TLS
     * implementation, so these tests are skipped in case the internal
     * implementation is swapped out for an alternative one. */
    if( verbose != 0 )
        mbedtls_printf( "  ECJPAKE test #2 (reference handshake): " );
@ -1147,7 +1137,6 @@ int mbedtls_ecjpake_self_test( int verbose )
    if( verbose != 0 )
        mbedtls_printf( "passed\n" );
 #endif /* ! MBEDTLS_ECJPAKE_ALT */
 cleanup:
    mbedtls_ecjpake_free( &cli );
--- a/library/ecp.c
+++ b/library/ecp.c
@ -2505,7 +2505,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P
 #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
+        return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
 #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
    p_size = ( grp->pbits + 7 ) / 8;
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@ -1048,13 +1048,13 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
 /*
 * If the result is negative, we get it in the form
- * c * 2^bits + N, with c negative and N positive shorter than 'bits'
+ * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
 */
 static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
 {
    int ret;
-    /* C = - c * 2^bits */
+    /* C = - c * 2^(bits + 32) */
 #if !defined(MBEDTLS_HAVE_INT64)
    ((void) bits);
 #else
--- a/library/entropy.c
+++ b/library/entropy.c
@ -146,11 +146,6 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
 void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
 {
    /* If the context was already free, don't call free() again.
     * This is important for mutexes which don't allow double-free. */
    if( ctx->accumulator_started == -1 )
        return;
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_havege_free( &ctx->havege_data );
 #endif
@ -167,7 +162,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
 #endif
    ctx->source_count = 0;
    mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
-    ctx->accumulator_started = -1;
+    ctx->accumulator_started = 0;
 }
 int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
@ -494,20 +489,14 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
 int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
 {
    int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    FILE *f = NULL;
+    FILE *f;
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
    {
        ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
        goto exit;
    }
    if( ( f = fopen( path, "wb" ) ) == NULL )
-    {
+        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
-        ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+
    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
        goto exit;
    }
    if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
    {
@ -520,9 +509,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
 exit:
    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    if( f != NULL )
+    fclose( f );
        fclose( f );
    return( ret );
 }
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@ -84,6 +84,10 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
    memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
    ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init( &ctx->mutex );
 #endif
 }
 /*
@ -155,10 +159,6 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
        return( ret );
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init( &ctx->mutex );
 #endif
    /*
     * Set initial working state.
     * Use the V memory location, which is currently all 0, to initialize the
@ -284,11 +284,6 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
        return( ret );
    /* The mutex is initialized iff the md context is set up. */
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init( &ctx->mutex );
 #endif
    md_size = mbedtls_md_get_size( md_info );
    /*
@ -456,13 +451,14 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
        return;
 #if defined(MBEDTLS_THREADING_C)
-    /* The mutex is initialized iff the md context is set up. */
+    mbedtls_mutex_free( &ctx->mutex );
    if( ctx->md_ctx.md_info != NULL )
        mbedtls_mutex_free( &ctx->mutex );
 #endif
    mbedtls_md_free( &ctx->md_ctx );
    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
    ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_init( &ctx->mutex );
 #endif
 }
 #if defined(MBEDTLS_FS_IO)
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@ -496,13 +496,6 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
    if( fd < 0 )
        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
    /* A limitation of select() is that it only works with file descriptors
     * that are strictly less than FD_SETSIZE. This is a limitation of the
     * fd_set type. Error out early, because attempting to call FD_SET on a
     * large file descriptor is a buffer overflow on typical platforms. */
    if( fd >= FD_SETSIZE )
        return( MBEDTLS_ERR_NET_POLL_FAILED );
 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
    /* Ensure that memory sanitizers consider read_fds and write_fds as
@ -622,13 +615,6 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
    if( fd < 0 )
        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
    /* A limitation of select() is that it only works with file descriptors
     * that are strictly less than FD_SETSIZE. This is a limitation of the
     * fd_set type. Error out early, because attempting to call FD_SET on a
     * large file descriptor is a buffer overflow on typical platforms. */
    if( fd >= FD_SETSIZE )
        return( MBEDTLS_ERR_NET_POLL_FAILED );
    FD_ZERO( &read_fds );
    FD_SET( fd, &read_fds );
--- a/library/pkparse.c
+++ b/library/pkparse.c
@ -1070,7 +1070,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
    if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
-        return( ret );
+        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@ -455,7 +455,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
 *      publicExponent    INTEGER   -- e            1 + 3 + MPI_MAX + 1
 *  }
 */
-#define RSA_PUB_DER_MAX_BYTES   ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
+#define RSA_PUB_DER_MAX_BYTES   38 + 2 * MBEDTLS_MPI_MAX_SIZE
 /*
 * RSA private keys:
@ -472,10 +472,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
 *      otherPrimeInfos   OtherPrimeInfos OPTIONAL  0 (not supported)
 *  }
 */
-#define MPI_MAX_SIZE_2          ( MBEDTLS_MPI_MAX_SIZE / 2 + \
+#define MPI_MAX_SIZE_2          MBEDTLS_MPI_MAX_SIZE / 2 + \
-                                  MBEDTLS_MPI_MAX_SIZE % 2 )
+                                MBEDTLS_MPI_MAX_SIZE % 2
-#define RSA_PRV_DER_MAX_BYTES   ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
+#define RSA_PRV_DER_MAX_BYTES   47 + 3 * MBEDTLS_MPI_MAX_SIZE \
-                                   + 5 * MPI_MAX_SIZE_2 )
+                                   + 5 * MPI_MAX_SIZE_2
 #else /* MBEDTLS_RSA_C */
@ -496,7 +496,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
 *                                            + 2 * ECP_MAX (coords)    [1]
 *  }
 */
-#define ECP_PUB_DER_MAX_BYTES   ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
+#define ECP_PUB_DER_MAX_BYTES   30 + 2 * MBEDTLS_ECP_MAX_BYTES
 /*
 * EC private keys:
@ -507,7 +507,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
 *      publicKey  [1] BIT STRING OPTIONAL      1 + 2 + [1] above
 *    }
 */
-#define ECP_PRV_DER_MAX_BYTES   ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
+#define ECP_PRV_DER_MAX_BYTES   29 + 3 * MBEDTLS_ECP_MAX_BYTES
 #else /* MBEDTLS_ECP_C */
@ -516,10 +516,10 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
 #endif /* MBEDTLS_ECP_C */
-#define PUB_DER_MAX_BYTES   ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
+#define PUB_DER_MAX_BYTES   RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
-                              RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
+                            RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES
-#define PRV_DER_MAX_BYTES   ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
+#define PRV_DER_MAX_BYTES   RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
-                              RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
+                            RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES
 int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
 {
--- a/library/rsa.c
+++ b/library/rsa.c
@ -520,9 +520,6 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
    mbedtls_rsa_set_padding( ctx, padding, hash_id );
 #if defined(MBEDTLS_THREADING_C)
    /* Set ctx->ver to nonzero to indicate that the mutex has been
     * initialized and will need to be freed. */
    ctx->ver = 1;
    mbedtls_mutex_init( &ctx->mutex );
 #endif
 }
@ -570,6 +567,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
    RSA_VALIDATE_RET( ctx != NULL );
    RSA_VALIDATE_RET( f_rng != NULL );
    if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    /*
     * If the modulus is 1024 bit long or shorter, then the security strength of
     * the RSA algorithm is less than or equal to 80 bits and therefore an error
@ -582,12 +582,6 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
    mbedtls_mpi_init( &G );
    mbedtls_mpi_init( &L );
    if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
    {
        ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
        goto cleanup;
    }
    /*
     * find primes P and Q with Q < P so that:
     * 1.  |P-Q| > 2^( nbits / 2 - 100 )
@ -665,9 +659,7 @@ cleanup:
    if( ret != 0 )
    {
        mbedtls_rsa_free( ctx );
-        if( ( -ret & ~0x7f ) == 0 )
+        return( MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret );
            ret = MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret;
        return( ret );
    }
    return( 0 );
@ -1114,10 +1106,10 @@ cleanup:
    mbedtls_mpi_free( &C );
    mbedtls_mpi_free( &I );
-    if( ret != 0 && ret >= -0x007f )
+    if( ret != 0 )
        return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
-    return( ret );
+    return( 0 );
 }
 #if defined(MBEDTLS_PKCS1_V21)
@ -2510,6 +2502,7 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
    RSA_VALIDATE_RET( dst != NULL );
    RSA_VALIDATE_RET( src != NULL );
    dst->ver = src->ver;
    dst->len = src->len;
    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
@ -2568,12 +2561,7 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
 #endif /* MBEDTLS_RSA_NO_CRT */
 #if defined(MBEDTLS_THREADING_C)
-    /* Free the mutex, but only if it hasn't been freed already. */
+    mbedtls_mutex_free( &ctx->mutex );
    if( ctx->ver != 0 )
    {
        mbedtls_mutex_free( &ctx->mutex );
        ctx->ver = 0;
    }
 #endif
 }
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -2209,7 +2209,6 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
                                       unsigned char *end )
 {
    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
    size_t dhm_actual_bitlen;
    /*
     * Ephemeral DH parameters:
@ -2227,11 +2226,10 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
        return( ret );
    }
-    dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
+    if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
    if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
-                                    (unsigned) dhm_actual_bitlen,
+                                    ssl->handshake->dhm_ctx.len * 8,
                                    ssl->conf->dhm_min_bitlen ) );
        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
    }
--- a/library/threading.c
+++ b/library/threading.c
@ -98,12 +98,6 @@ static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
    if( mutex == NULL )
        return;
    /* A nonzero value of is_valid indicates a successfully initialized
     * mutex. This is a workaround for not being able to return an error
     * code for this function. The lock/unlock functions return an error
     * if is_valid is nonzero. The Mbed TLS unit test code uses this field
     * to distinguish more states of the mutex; see helpers.function for
     * details. */
    mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
 }
--- a/library/version_features.c
+++ b/library/version_features.c
@ -553,9 +553,6 @@ static const char *features[] = {
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
    "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
 #if defined(MBEDTLS_TEST_HOOKS)
    "MBEDTLS_TEST_HOOKS",
 #endif /* MBEDTLS_TEST_HOOKS */
 #if defined(MBEDTLS_THREADING_ALT)
    "MBEDTLS_THREADING_ALT",
 #endif /* MBEDTLS_THREADING_ALT */
--- a/programs/.gitignore
+++ b/programs/.gitignore
@ -2,6 +2,7 @@
 *.sln
 *.vcxproj
 aes/aescrypt2
 aes/crypt_and_hash
 hash/generic_sum
 hash/hello
--- a/programs/Makefile
+++ b/programs/Makefile
@ -47,7 +47,7 @@ ifdef ZLIB
 LOCAL_LDFLAGS += -lz
 endif
-APPS =	aes/crypt_and_hash$(EXEXT)	\
+APPS =	aes/aescrypt2$(EXEXT)		aes/crypt_and_hash$(EXEXT)	\
 	hash/hello$(EXEXT)		hash/generic_sum$(EXEXT)	\
 					pkey/dh_client$(EXEXT)		\
 	pkey/dh_genprime$(EXEXT)	pkey/dh_server$(EXEXT)		\
@ -93,6 +93,10 @@ all: $(APPS)
 $(DEP):
 	$(MAKE) -C ../library
 aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
 	echo "  CC    aes/aescrypt2.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
 	echo "  CC    aes/crypt_and_hash.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
--- a/programs/README.md
+++ b/programs/README.md
@ -5,6 +5,9 @@ This subdirectory mostly contains sample programs that illustrate specific featu
 ## Symmetric cryptography (AES) examples
 * [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.  
  Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
 * [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
 ## Hash (digest) examples
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@ -1,6 +1,9 @@
 add_executable(aescrypt2 aescrypt2.c)
 target_link_libraries(aescrypt2 mbedtls)
 add_executable(crypt_and_hash crypt_and_hash.c)
 target_link_libraries(crypt_and_hash mbedtls)
-install(TARGETS crypt_and_hash
+install(TARGETS aescrypt2 crypt_and_hash
        DESTINATION "bin"
        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@ -0,0 +1,495 @@
 /*
 *  AES-256 file encryption program
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  **********
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /* Enable definition of fileno() even when compiling with -std=c99. Must be
 * set before config.h, which pulls in glibc's features.h indirectly.
 * Harmless on other platforms. */
 #define _POSIX_C_SOURCE 1
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_fprintf         fprintf
 #define mbedtls_printf          printf
 #define mbedtls_exit            exit
 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
 #endif /* MBEDTLS_PLATFORM_C */
 #include "mbedtls/aes.h"
 #include "mbedtls/md.h"
 #include "mbedtls/platform_util.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #if defined(_WIN32)
 #include <windows.h>
 #if !defined(_WIN32_WCE)
 #include <io.h>
 #endif
 #else
 #include <sys/types.h>
 #include <unistd.h>
 #endif
 #define MODE_ENCRYPT    0
 #define MODE_DECRYPT    1
 #define USAGE   \
    "\n  aescrypt2 <mode> <input filename> <output filename> <key>\n" \
    "\n   <mode>: 0 = encrypt, 1 = decrypt\n" \
    "\n  example: aescrypt2 0 file file.aes hex:E76B2413958B00E193\n" \
    "\n"
 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) || \
    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_MD_C)
 int main( void )
 {
    mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_SHA256_C "
                    "and/or MBEDTLS_FS_IO and/or MBEDTLS_MD_C "
                    "not defined.\n");
    mbedtls_exit( 0 );
 }
 #else
 int main( int argc, char *argv[] )
 {
    int ret = 0;
    int exit_code = MBEDTLS_EXIT_FAILURE;
    unsigned int i, n;
    int mode, lastn;
    size_t keylen;
    FILE *fkey, *fin = NULL, *fout = NULL;
    char *p;
    unsigned char IV[16];
    unsigned char tmp[16];
    unsigned char key[512];
    unsigned char digest[32];
    unsigned char buffer[1024];
    unsigned char diff;
    mbedtls_aes_context aes_ctx;
    mbedtls_md_context_t sha_ctx;
 #if defined(_WIN32_WCE)
    long filesize, offset;
 #elif defined(_WIN32)
       LARGE_INTEGER li_size;
    __int64 filesize, offset;
 #else
      off_t filesize, offset;
 #endif
    mbedtls_aes_init( &aes_ctx );
    mbedtls_md_init( &sha_ctx );
    ret = mbedtls_md_setup( &sha_ctx, mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), 1 );
    if( ret != 0 )
    {
        mbedtls_printf( "  ! mbedtls_md_setup() returned -0x%04x\n", -ret );
        goto exit;
    }
    /*
     * Parse the command-line arguments.
     */
    if( argc != 5 )
    {
        mbedtls_printf( USAGE );
 #if defined(_WIN32)
        mbedtls_printf( "\n  Press Enter to exit this program.\n" );
        fflush( stdout ); getchar();
 #endif
        goto exit;
    }
    mode = atoi( argv[1] );
    memset( IV,     0, sizeof( IV ) );
    memset( key,    0, sizeof( key ) );
    memset( digest, 0, sizeof( digest ) );
    memset( buffer, 0, sizeof( buffer ) );
    if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
    {
        mbedtls_fprintf( stderr, "invalide operation mode\n" );
        goto exit;
    }
    if( strcmp( argv[2], argv[3] ) == 0 )
    {
        mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
        goto exit;
    }
    if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
    {
        mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
        goto exit;
    }
    if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
    {
        mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
        goto exit;
    }
    /*
     * Read the secret key from file or command line
     */
    if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
    {
        keylen = fread( key, 1, sizeof( key ), fkey );
        fclose( fkey );
    }
    else
    {
        if( memcmp( argv[4], "hex:", 4 ) == 0 )
        {
            p = &argv[4][4];
            keylen = 0;
            while( sscanf( p, "%02X", &n ) > 0 &&
                   keylen < (int) sizeof( key ) )
            {
                key[keylen++] = (unsigned char) n;
                p += 2;
            }
        }
        else
        {
            keylen = strlen( argv[4] );
            if( keylen > (int) sizeof( key ) )
                keylen = (int) sizeof( key );
            memcpy( key, argv[4], keylen );
        }
    }
 #if defined(_WIN32_WCE)
    filesize = fseek( fin, 0L, SEEK_END );
 #else
 #if defined(_WIN32)
    /*
     * Support large files (> 2Gb) on Win32
     */
    li_size.QuadPart = 0;
    li_size.LowPart  =
        SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
                        li_size.LowPart, &li_size.HighPart, FILE_END );
    if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
    {
        mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
        goto exit;
    }
    filesize = li_size.QuadPart;
 #else
    if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
    {
        perror( "lseek" );
        goto exit;
    }
 #endif
 #endif
    if( fseek( fin, 0, SEEK_SET ) < 0 )
    {
        mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
        goto exit;
    }
    if( mode == MODE_ENCRYPT )
    {
        /*
         * Generate the initialization vector as:
         * IV = SHA-256( filesize || filename )[0..15]
         */
        for( i = 0; i < 8; i++ )
            buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
        p = argv[2];
        mbedtls_md_starts( &sha_ctx );
        mbedtls_md_update( &sha_ctx, buffer, 8 );
        mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
        mbedtls_md_finish( &sha_ctx, digest );
        memcpy( IV, digest, 16 );
        /*
         * The last four bits in the IV are actually used
         * to store the file size modulo the AES block size.
         */
        lastn = (int)( filesize & 0x0F );
        IV[15] = (unsigned char)
            ( ( IV[15] & 0xF0 ) | lastn );
        /*
         * Append the IV at the beginning of the output.
         */
        if( fwrite( IV, 1, 16, fout ) != 16 )
        {
            mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
            goto exit;
        }
        /*
         * Hash the IV and the secret key together 8192 times
         * using the result to setup the AES context and HMAC.
         */
        memset( digest, 0,  32 );
        memcpy( digest, IV, 16 );
        for( i = 0; i < 8192; i++ )
        {
            mbedtls_md_starts( &sha_ctx );
            mbedtls_md_update( &sha_ctx, digest, 32 );
            mbedtls_md_update( &sha_ctx, key, keylen );
            mbedtls_md_finish( &sha_ctx, digest );
        }
        mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
        mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
        /*
         * Encrypt and write the ciphertext.
         */
        for( offset = 0; offset < filesize; offset += 16 )
        {
            n = ( filesize - offset > 16 ) ? 16 : (int)
                ( filesize - offset );
            if( fread( buffer, 1, n, fin ) != (size_t) n )
            {
                mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", n );
                goto exit;
            }
            for( i = 0; i < 16; i++ )
                buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
            mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, buffer, buffer );
            mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
            if( fwrite( buffer, 1, 16, fout ) != 16 )
            {
                mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
                goto exit;
            }
            memcpy( IV, buffer, 16 );
        }
        /*
         * Finally write the HMAC.
         */
        mbedtls_md_hmac_finish( &sha_ctx, digest );
        if( fwrite( digest, 1, 32, fout ) != 32 )
        {
            mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
            goto exit;
        }
    }
    if( mode == MODE_DECRYPT )
    {
        /*
         *  The encrypted file must be structured as follows:
         *
         *        00 .. 15              Initialization Vector
         *        16 .. 31              AES Encrypted Block #1
         *           ..
         *      N*16 .. (N+1)*16 - 1    AES Encrypted Block #N
         *  (N+1)*16 .. (N+1)*16 + 32   HMAC-SHA-256(ciphertext)
         */
        if( filesize < 48 )
        {
            mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
            goto exit;
        }
        if( ( filesize & 0x0F ) != 0 )
        {
            mbedtls_fprintf( stderr, "File size not a multiple of 16.\n" );
            goto exit;
        }
        /*
         * Subtract the IV + HMAC length.
         */
        filesize -= ( 16 + 32 );
        /*
         * Read the IV and original filesize modulo 16.
         */
        if( fread( buffer, 1, 16, fin ) != 16 )
        {
            mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
            goto exit;
        }
        memcpy( IV, buffer, 16 );
        lastn = IV[15] & 0x0F;
        /*
         * Hash the IV and the secret key together 8192 times
         * using the result to setup the AES context and HMAC.
         */
        memset( digest, 0,  32 );
        memcpy( digest, IV, 16 );
        for( i = 0; i < 8192; i++ )
        {
            mbedtls_md_starts( &sha_ctx );
            mbedtls_md_update( &sha_ctx, digest, 32 );
            mbedtls_md_update( &sha_ctx, key, keylen );
            mbedtls_md_finish( &sha_ctx, digest );
        }
        mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
        mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
        /*
         * Decrypt and write the plaintext.
         */
        for( offset = 0; offset < filesize; offset += 16 )
        {
            if( fread( buffer, 1, 16, fin ) != 16 )
            {
                mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
                goto exit;
            }
            memcpy( tmp, buffer, 16 );
            mbedtls_md_hmac_update( &sha_ctx, buffer, 16 );
            mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_DECRYPT, buffer, buffer );
            for( i = 0; i < 16; i++ )
                buffer[i] = (unsigned char)( buffer[i] ^ IV[i] );
            memcpy( IV, tmp, 16 );
            n = ( lastn > 0 && offset == filesize - 16 )
                ? lastn : 16;
            if( fwrite( buffer, 1, n, fout ) != (size_t) n )
            {
                mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", n );
                goto exit;
            }
        }
        /*
         * Verify the message authentication code.
         */
        mbedtls_md_hmac_finish( &sha_ctx, digest );
        if( fread( buffer, 1, 32, fin ) != 32 )
        {
            mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 32 );
            goto exit;
        }
        /* Use constant-time buffer comparison */
        diff = 0;
        for( i = 0; i < 32; i++ )
            diff |= digest[i] ^ buffer[i];
        if( diff != 0 )
        {
            mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
                             "or file corrupted.\n" );
            goto exit;
        }
    }
    exit_code = MBEDTLS_EXIT_SUCCESS;
 exit:
    if( fin )
        fclose( fin );
    if( fout )
        fclose( fout );
    /* Zeroize all command line arguments to also cover
       the case when the user has missed or reordered some,
       in which case the key might not be in argv[4]. */
    for( i = 0; i < (unsigned int) argc; i++ )
        mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
    mbedtls_platform_zeroize( IV,     sizeof( IV ) );
    mbedtls_platform_zeroize( key,    sizeof( key ) );
    mbedtls_platform_zeroize( tmp,    sizeof( tmp ) );
    mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
    mbedtls_platform_zeroize( digest, sizeof( digest ) );
    mbedtls_aes_free( &aes_ctx );
    mbedtls_md_free( &sha_ctx );
    mbedtls_exit( exit_code );
 }
 #endif /* MBEDTLS_AES_C && MBEDTLS_SHA256_C && MBEDTLS_FS_IO */
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@ -218,7 +218,6 @@ int main( int argc, char *argv[] )
    mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
    mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
    mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
    if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
    {
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@ -114,7 +114,7 @@ int main( void )
 #include "mbedtls/ssl_cache.h"
 #endif
-#define READ_TIMEOUT_MS 10000   /* 10 seconds */
+#define READ_TIMEOUT_MS 10000   /* 5 seconds */
 #define DEBUG_LEVEL 0
@ -250,7 +250,6 @@ int main( void )
    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
    mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
    mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
 #if defined(MBEDTLS_SSL_CACHE_C)
    mbedtls_ssl_conf_session_cache( &conf, &cache,
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@ -1475,14 +1475,6 @@ int query_config( const char *config )
    }
 #endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
 #if defined(MBEDTLS_TEST_HOOKS)
    if( strcmp( "MBEDTLS_TEST_HOOKS", config ) == 0 )
    {
        MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_HOOKS );
        return( 0 );
    }
 #endif /* MBEDTLS_TEST_HOOKS */
 #if defined(MBEDTLS_THREADING_ALT)
    if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 )
    {
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@ -101,9 +101,6 @@ STANDARD_CATEGORIES = (
    b'Changes',
 )
 # The maximum line length for an entry
 MAX_LINE_LENGTH = 80
 CategoryContent = namedtuple('CategoryContent', [
    'name', 'title_line', # Title text and line number of the title
    'body', 'body_line', # Body text and starting line number of the body
@ -228,8 +225,6 @@ class ChangeLog:
    # a version that is not yet released. Something like "3.1a" is accepted.
    _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
    _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
    _only_url_re = re.compile(br'^\s*\w+://\S+\s*$')
    _has_url_re = re.compile(br'.*://.*')
    def add_categories_from_text(self, filename, line_offset,
                                 text, allow_unknown_category):
@ -246,21 +241,6 @@ class ChangeLog:
                                       line_offset + category.title_line,
                                       'Unknown category: "{}"',
                                       category.name.decode('utf8'))
            body_split = category.body.splitlines()
            for line_number, line in enumerate(body_split, 1):
                if not self._only_url_re.match(line) and \
                   len(line) > MAX_LINE_LENGTH:
                    long_url_msg = '. URL exceeding length limit must be alone in its line.' \
                        if self._has_url_re.match(line) else ""
                    raise InputFormatError(filename,
                                           category.body_line + line_number,
                                           'Line is longer than allowed: '
                                           'Length {} (Max {}){}',
                                           len(line), MAX_LINE_LENGTH,
                                           long_url_msg)
            self.categories[category.name] += category.body
    def __init__(self, input_stream, changelog_format):
--- a/scripts/config.pl
+++ b/scripts/config.pl
@ -66,9 +66,8 @@
 #
 # The baremetal configuration excludes options that require a library or
 # operating system feature that is typically not present on bare metal
-# systems. It also excludes debugging features that increase the code size
+# systems. Features that are excluded from "full" won't be in "baremetal"
-# of other modules.
+# either.
 # Features that are excluded from "full" won't be in "baremetal" either.
 use warnings;
 use strict;
@ -137,7 +136,6 @@ _ALT\s*$
 # Things that should be disabled in "baremetal"
 my @excluded_baremetal = qw(
 MBEDTLS_DEBUG_C
 MBEDTLS_ENTROPY_NV_SEED
 MBEDTLS_FS_IO
 MBEDTLS_HAVEGE_C
@ -149,7 +147,6 @@ MBEDTLS_NET_C
 MBEDTLS_PLATFORM_FPRINTF_ALT
 MBEDTLS_PLATFORM_NV_SEED_ALT
 MBEDTLS_PLATFORM_TIME_ALT
 MBEDTLS_TEST_HOOKS
 MBEDTLS_THREADING_C
 MBEDTLS_THREADING_PTHREAD
 MBEDTLS_TIMING_C
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@ -1052,16 +1052,6 @@ cert_md5.crt: cert_md5.csr
 	$(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@
 all_final += cert_md5.crt
 ################################################################
 #### Diffie-Hellman parameters
 ################################################################
 dh.998.pem:
 	$(OPENSSL) dhparam -out $@ -text 998
 dh.999.pem:
 	$(OPENSSL) dhparam -out $@ -text 999
 ################################################################
 #### Meta targets
 ################################################################
--- a/tests/data_files/dh.998.pem
+++ b/tests/data_files/dh.998.pem
@ -1,17 +0,0 @@
    DH Parameters: (998 bit)
        prime:
            39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
            b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
            6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
            48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
            9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
            fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
            c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
            8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
            de:f8:08:25:db
        generator: 2 (0x2)
 -----BEGIN DH PARAMETERS-----
 MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
 YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
 EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
 -----END DH PARAMETERS-----
--- a/tests/data_files/dh.999.pem
+++ b/tests/data_files/dh.999.pem
@ -1,17 +0,0 @@
    DH Parameters: (999 bit)
        prime:
            4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
            69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
            6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
            14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
            69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
            bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
            82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
            68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
            f2:e6:c4:94:03
        generator: 2 (0x2)
 -----BEGIN DH PARAMETERS-----
 MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
 cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
 vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
 -----END DH PARAMETERS-----
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -890,21 +890,11 @@ component_test_no_hmac_drbg () {
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make
-    msg "test: Full minus HMAC_DRBG - main suites"
+    msg "test: no HMAC_DRBG"
    make test
-    # Normally our ECDSA implementation uses deterministic ECDSA. But since
+    # No ssl-opt.sh/compat.sh as they never use HMAC_DRBG so far,
-    # HMAC_DRBG is disabled in this configuration, randomized ECDSA is used
+    # so there's little value in running those lengthy tests here.
    # instead.
    # Test SSL with non-deterministic ECDSA. Only test features that
    # might be affected by how ECDSA signature is performed.
    msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)"
    if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
    # To save time, only test one protocol version, since this part of
    # the protocol is identical in (D)TLS up to 1.2.
    msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)"
    if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
 }
 component_test_no_drbg_all_hashes () {
@ -1324,7 +1314,7 @@ component_test_malloc_0_null () {
    msg "build: malloc(0) returns NULL (ASan+UBSan build)"
    scripts/config.pl full
    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
-    make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' -O $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+    make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' -O -Werror -Wall -Wextra -fsanitize=address,undefined" LDFLAGS='-fsanitize=address,undefined'
    msg "test: malloc(0) returns NULL (ASan+UBSan build)"
    make test
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@ -55,6 +55,11 @@ EOF
    exit
 fi
 if grep --version|head -n1|grep GNU >/dev/null; then :; else
    echo "This script requires GNU grep.">&2
    exit 1
 fi
 trace=
 if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
  shift
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -130,8 +130,8 @@ print_usage() {
    echo "Usage: $0 [options]"
    printf "  -h|--help\tPrint this help.\n"
    printf "  -m|--memcheck\tCheck memory leaks and errors.\n"
-    printf "  -f|--filter\tOnly matching tests are executed (substring or BRE)\n"
+    printf "  -f|--filter\tOnly matching tests are executed (BRE)\n"
-    printf "  -e|--exclude\tMatching tests are excluded (substring or BRE)\n"
+    printf "  -e|--exclude\tMatching tests are excluded (BRE)\n"
    printf "  -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
    printf "  -s|--show-numbers\tShow test numbers in front of test names\n"
    printf "  -p|--preserve-logs\tPreserve logs of successful tests as well\n"
@ -184,14 +184,6 @@ get_options() {
    done
 }
 # Read boolean configuration options from config.h for easy and quick
 # testing. Skip non-boolean options (with something other than spaces
 # and a comment after "#define SYMBOL"). The variable contains a
 # space-separated list of symbols.
 CONFIGS_ENABLED=" $(<"$CONFIG_H" \
                    sed -n 's!^ *#define  *\([A-Za-z][0-9A-Z_a-z]*\) *\(/*\)*!\1!p' |
                    tr '\n' ' ')"
 # Skip next test; use this macro to skip tests which are legitimate
 # in theory and expected to be re-introduced at some point, but
 # aren't expected to succeed at the moment due to problems outside
@ -202,17 +194,16 @@ skip_next_test() {
 # skip next test if the flag is not enabled in config.h
 requires_config_enabled() {
-    case $CONFIGS_ENABLED in
+    if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
-        *" $1 "*) :;;
+        SKIP_NEXT="YES"
-        *) SKIP_NEXT="YES";;
+    fi
    esac
 }
 # skip next test if the flag is enabled in config.h
 requires_config_disabled() {
-    case $CONFIGS_ENABLED in
+    if grep "^#define $1" $CONFIG_H > /dev/null; then
-        *" $1 "*) SKIP_NEXT="YES";;
+        SKIP_NEXT="YES"
-    esac
+    fi
 }
 get_config_value_or_default() {
@ -431,21 +422,17 @@ fail() {
 # is_polar <cmd_line>
 is_polar() {
-    case "$1" in
+    echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
        *ssl_client2*) true;;
        *ssl_server2*) true;;
        *) false;;
    esac
 }
 # openssl s_server doesn't have -www with DTLS
 check_osrv_dtls() {
-    case "$SRV_CMD" in
+    if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
-        *s_server*-dtls*)
+        NEEDS_INPUT=1
-            NEEDS_INPUT=1
+        SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
-            SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";;
+    else
-        *) NEEDS_INPUT=0;;
+        NEEDS_INPUT=0
-    esac
+    fi
 }
 # provide input to commands that need it
@ -561,10 +548,11 @@ wait_client_done() {
 # check if the given command uses dtls and sets global variable DTLS
 detect_dtls() {
-    case "$1" in
+    if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
-        *dtls=1*|-dtls|-u) DTLS=1;;
+        DTLS=1
-        *) DTLS=0;;
+    else
-    esac
+        DTLS=0
    fi
 }
 # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
@ -580,7 +568,8 @@ run_test() {
    NAME="$1"
    shift 1
-    if is_excluded "$NAME"; then
+    if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
    else
        SKIP_NEXT="NO"
        return
    fi
@ -588,11 +577,10 @@ run_test() {
    print_name "$NAME"
    # Do we only run numbered tests?
-    if [ -n "$RUN_TEST_NUMBER" ]; then
+    if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
-        case ",$RUN_TEST_NUMBER," in
+    elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
-            *",$TESTS,"*) :;;
+    else
-            *) SKIP_NEXT="YES";;
+        SKIP_NEXT="YES"
        esac
    fi
    # should we skip?
@ -618,10 +606,10 @@ run_test() {
    shift 3
    # Check if test uses files
-    case "$SRV_CMD $CLI_CMD" in
+    TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" )
-        *data_files/*)
+    if [ ! -z "$TEST_USES_FILES" ]; then
-            requires_config_enabled MBEDTLS_FS_IO;;
+       requires_config_enabled MBEDTLS_FS_IO
-    esac
+    fi
    # should we skip?
    if [ "X$SKIP_NEXT" = "XYES" ]; then
@ -688,7 +676,6 @@ run_test() {
        # terminate the server (and the proxy)
        kill $SRV_PID
        wait $SRV_PID
        SRV_RET=$?
        if [ -n "$PXY_CMD" ]; then
            kill $PXY_PID >/dev/null 2>&1
@ -722,11 +709,9 @@ run_test() {
        fi
    fi
-    # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
+    # check server exit code
-    # exit with status 0 when interrupted by a signal, and we don't really
+    if [ $? != 0 ]; then
-    # care anyway), in case e.g. the server reports a memory leak.
+        fail "server fail"
    if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then
        fail "Server exited with status $SRV_RET"
        return
    fi
@ -852,46 +837,6 @@ cleanup() {
 get_options "$@"
 # Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
 # patterns rather than regular expressions, use a case statement instead
 # of calling grep. To keep the optimizer simple, it is incomplete and only
 # detects simple cases: plain substring, everything, nothing.
 #
 # As an exception, the character '.' is treated as an ordinary character
 # if it is the only special character in the string. This is because it's
 # rare to need "any one character", but needing a literal '.' is common
 # (e.g. '-f "DTLS 1.2"').
 need_grep=
 case "$FILTER" in
    '^$') simple_filter=;;
    '.*') simple_filter='*';;
    *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
        need_grep=1;;
    *) # No regexp or shell-pattern special character
        simple_filter="*$FILTER*";;
 esac
 case "$EXCLUDE" in
    '^$') simple_exclude=;;
    '.*') simple_exclude='*';;
    *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
        need_grep=1;;
    *) # No regexp or shell-pattern special character
        simple_exclude="*$EXCLUDE*";;
 esac
 if [ -n "$need_grep" ]; then
    is_excluded () {
        ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE"
    }
 else
    is_excluded () {
        case "$1" in
            $simple_exclude) true;;
            $simple_filter) false;;
            *) true;;
        esac
    }
 fi
 # sanity checks, avoid an avalanche of errors
 P_SRV_BIN="${P_SRV%%[  ]*}"
 P_CLI_BIN="${P_CLI%%[  ]*}"
@ -3960,20 +3905,6 @@ run_test    "DHM size: server 1024, client default, OK" \
            0 \
            -C "DHM prime too short:"
 run_test    "DHM size: server 999, client 999, OK" \
            "$P_SRV dhm_file=data_files/dh.999.pem" \
            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
                    debug_level=1 dhmlen=999" \
            0 \
            -C "DHM prime too short:"
 run_test    "DHM size: server 1000, client 1000, OK" \
            "$P_SRV dhm_file=data_files/dh.1000.pem" \
            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
                    debug_level=1 dhmlen=1000" \
            0 \
            -C "DHM prime too short:"
 run_test    "DHM size: server 1000, client default, rejected" \
            "$P_SRV dhm_file=data_files/dh.1000.pem" \
            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@ -3981,27 +3912,6 @@ run_test    "DHM size: server 1000, client default, rejected" \
            1 \
            -c "DHM prime too short:"
 run_test    "DHM size: server 1000, client 1001, rejected" \
            "$P_SRV dhm_file=data_files/dh.1000.pem" \
            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
                    debug_level=1 dhmlen=1001" \
            1 \
            -c "DHM prime too short:"
 run_test    "DHM size: server 999, client 1000, rejected" \
            "$P_SRV dhm_file=data_files/dh.999.pem" \
            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
                    debug_level=1 dhmlen=1000" \
            1 \
            -c "DHM prime too short:"
 run_test    "DHM size: server 998, client 999, rejected" \
            "$P_SRV dhm_file=data_files/dh.998.pem" \
            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
                    debug_level=1 dhmlen=999" \
            1 \
            -c "DHM prime too short:"
 run_test    "DHM size: server default, client 2049, rejected" \
            "$P_SRV" \
            "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@ -46,12 +46,6 @@ typedef UINT32 uint32_t;
 #include <strings.h>
 #endif
 #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
    defined(MBEDTLS_TEST_HOOKS)
 #include "mbedtls/threading.h"
 #define MBEDTLS_TEST_MUTEX_USAGE
 #endif
 /*
 * Define the two macros
 *
@ -377,9 +371,6 @@ static struct
    const char *test;
    const char *filename;
    int line_no;
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
    const char *mutex_usage_error;
 #endif
 }
 test_info;
@ -786,202 +777,3 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_le
    }
    return ret;
 }
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
 /** Mutex usage verification framework.
 *
 * The mutex usage verification code below aims to detect bad usage of
 * Mbed TLS's mutex abstraction layer at runtime. Note that this is solely
 * about the use of the mutex itself, not about checking whether the mutex
 * correctly protects whatever it is supposed to protect.
 *
 * The normal usage of a mutex is:
 * ```
 * digraph mutex_states {
 *   "UNINITIALIZED"; // the initial state
 *   "IDLE";
 *   "FREED";
 *   "LOCKED";
 *   "UNINITIALIZED" -> "IDLE" [label="init"];
 *   "FREED" -> "IDLE" [label="init"];
 *   "IDLE" -> "LOCKED" [label="lock"];
 *   "LOCKED" -> "IDLE" [label="unlock"];
 *   "IDLE" -> "FREED" [label="free"];
 * }
 * ```
 *
 * All bad transitions that can be unambiguously detected are reported.
 * An attempt to use an uninitialized mutex cannot be detected in general
 * since the memory content may happen to denote a valid state. For the same
 * reason, a double init cannot be detected.
 * All-bits-zero is the state of a freed mutex, which is distinct from an
 * initialized mutex, so attempting to use zero-initialized memory as a mutex
 * without calling the init function is detected.
 *
 * The framework attempts to detect missing calls to init and free by counting
 * calls to init and free. If there are more calls to init than free, this
 * means that a mutex is not being freed somewhere, which is a memory leak
 * on platforms where a mutex consumes resources other than the
 * mbedtls_threading_mutex_t object itself. If there are more calls to free
 * than init, this indicates a missing init, which is likely to be detected
 * by an attempt to lock the mutex as well. A limitation of this framework is
 * that it cannot detect scenarios where there is exactly the same number of
 * calls to init and free but the calls don't match. A bug like this is
 * unlikely to happen uniformly throughout the whole test suite though.
 *
 * If an error is detected, this framework will report what happened and the
 * test case will be marked as failed. Unfortunately, the error report cannot
 * indicate the exact location of the problematic call. To locate the error,
 * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error().
 */
 enum value_of_mutex_is_valid_field
 {
    /* Potential values for the is_valid field of mbedtls_threading_mutex_t.
     * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for
     * compatibility with threading_mutex_init_pthread() and
     * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero
     * value. */
    MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread
    MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock
    MUTEX_LOCKED = 2, //!< Set by our lock
 };
 typedef struct
 {
    void (*init)( mbedtls_threading_mutex_t * );
    void (*free)( mbedtls_threading_mutex_t * );
    int (*lock)( mbedtls_threading_mutex_t * );
    int (*unlock)( mbedtls_threading_mutex_t * );
 } mutex_functions_t;
 static mutex_functions_t mutex_functions;
 /** The total number of calls to mbedtls_mutex_init(), minus the total number
 * of calls to mbedtls_mutex_free().
 *
 * Reset to 0 after each test case.
 */
 static int live_mutexes;
 static void mbedtls_test_mutex_usage_error( mbedtls_threading_mutex_t *mutex,
                                            const char *msg )
 {
    (void) mutex;
    if( test_info.mutex_usage_error == NULL )
        test_info.mutex_usage_error = msg;
    mbedtls_fprintf( stdout, "[mutex: %s] ", msg );
    /* Don't mark the test as failed yet. This way, if the test fails later
     * for a functional reason, the test framework will report the message
     * and location for this functional reason. If the test passes,
     * mbedtls_test_mutex_usage_check() will mark it as failed. */
 }
 static void mbedtls_test_wrap_mutex_init( mbedtls_threading_mutex_t *mutex )
 {
    mutex_functions.init( mutex );
    if( mutex->is_valid )
        ++live_mutexes;
 }
 static void mbedtls_test_wrap_mutex_free( mbedtls_threading_mutex_t *mutex )
 {
    switch( mutex->is_valid )
    {
        case MUTEX_FREED:
            mbedtls_test_mutex_usage_error( mutex, "free without init or double free" );
            break;
        case MUTEX_IDLE:
            /* Do nothing. The underlying free function will reset is_valid
             * to 0. */
            break;
        case MUTEX_LOCKED:
            mbedtls_test_mutex_usage_error( mutex, "free without unlock" );
            break;
        default:
            mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
            break;
    }
    if( mutex->is_valid )
        --live_mutexes;
    mutex_functions.free( mutex );
 }
 static int mbedtls_test_wrap_mutex_lock( mbedtls_threading_mutex_t *mutex )
 {
    int ret = mutex_functions.lock( mutex );
    switch( mutex->is_valid )
    {
        case MUTEX_FREED:
            mbedtls_test_mutex_usage_error( mutex, "lock without init" );
            break;
        case MUTEX_IDLE:
            if( ret == 0 )
                mutex->is_valid = 2;
            break;
        case MUTEX_LOCKED:
            mbedtls_test_mutex_usage_error( mutex, "double lock" );
            break;
        default:
            mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
            break;
    }
    return( ret );
 }
 static int mbedtls_test_wrap_mutex_unlock( mbedtls_threading_mutex_t *mutex )
 {
    int ret = mutex_functions.unlock( mutex );
    switch( mutex->is_valid )
    {
        case MUTEX_FREED:
            mbedtls_test_mutex_usage_error( mutex, "unlock without init" );
            break;
        case MUTEX_IDLE:
            mbedtls_test_mutex_usage_error( mutex, "unlock without lock" );
            break;
        case MUTEX_LOCKED:
            if( ret == 0 )
                mutex->is_valid = MUTEX_IDLE;
            break;
        default:
            mbedtls_test_mutex_usage_error( mutex, "corrupted state" );
            break;
    }
    return( ret );
 }
 static void mbedtls_test_mutex_usage_init( void )
 {
    mutex_functions.init = mbedtls_mutex_init;
    mutex_functions.free = mbedtls_mutex_free;
    mutex_functions.lock = mbedtls_mutex_lock;
    mutex_functions.unlock = mbedtls_mutex_unlock;
    mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init;
    mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free;
    mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock;
    mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock;
 }
 static void mbedtls_test_mutex_usage_check( void )
 {
    if( live_mutexes != 0 )
    {
        /* A positive number (more init than free) means that a mutex resource
         * is leaking (on platforms where a mutex consumes more than the
         * mbedtls_threading_mutex_t object itself). The rare case of a
         * negative number means a missing init somewhere. */
        mbedtls_fprintf( stdout, "[mutex: %d leaked] ", live_mutexes );
        live_mutexes = 0;
        if( test_info.mutex_usage_error == NULL )
            test_info.mutex_usage_error = "missing free";
    }
    if( test_info.mutex_usage_error != NULL &&
        test_info.result != TEST_RESULT_FAILED )
    {
        /* Functionally, the test passed. But there was a mutex usage error,
         * so mark the test as failed after all. */
        test_fail( "Mutex usage error", __LINE__, __FILE__ );
    }
    test_info.mutex_usage_error = NULL;
 }
 #endif /* MBEDTLS_TEST_MUTEX_USAGE */
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@ -412,10 +412,6 @@ int execute_tests( int argc , const char ** argv )
    mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
 #endif
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
    mbedtls_test_mutex_usage_init( );
 #endif
    /*
     * The C standard doesn't guarantee that all-bits-0 is the representation
     * of a NULL pointer. We do however use that in our code for initializing
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@ -176,10 +176,6 @@ void execute_function_ptr(TestWrapper_t fp, void **params)
 #else
    fp( params );
 #endif
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
    mbedtls_test_mutex_usage_check( );
 #endif /* MBEDTLS_TEST_MUTEX_USAGE */
 }
 /**
--- a/tests/suites/test_suite_base64.data
+++ b/tests/suites/test_suite_base64.data
@ -151,20 +151,6 @@ base64_encode_hex:"0102030405060708":"AQIDBAUGBwg=":13:0
 Base64 encode hex #4
 base64_encode_hex:"01020304050607":"AQIDBAUGBw==":13:0
 # Rotate the bytes around so that they end up at each offset modulo 3 in
 # successive test cases.
 Base64 encode hex all valid input bytes #0
 base64_encode_hex:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==":345:0
 Base64 encode hex all valid input bytes #1
 base64_encode_hex:"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff00":"AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f7/AA==":345:0
 Base64 encode hex all valid input bytes #2
 base64_encode_hex:"02030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff0001":"AgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v8AAQ==":345:0
 Base64 encode all valid output characters at all offsets
 base64_encode_hex:"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":261:0
 Base64 decode hex #1
 base64_decode_hex:"AQIDBAUGBwgJ":"010203040506070809":9:0
@ -180,9 +166,6 @@ base64_decode_hex:"AQIDBAUGBw==":"01020304050607":7:0
 Base64 decode hex #5 (buffer too small)
 base64_decode_hex:"AQIDBAUGBw==":"01020304050607":6:MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
 Base64 decode all valid input characters at all offsets
 base64_decode_hex:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":195:0
 Base64 Selftest
 depends_on:MBEDTLS_SELF_TEST
 base64_selftest:
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@ -13,22 +13,13 @@ void mbedtls_base64_encode( char * src_string, char * dst_string,
 {
    unsigned char src_str[1000];
    unsigned char dst_str[1000];
-    size_t len, src_len;
+    size_t len;
    memset(src_str, 0x00, 1000);
    memset(dst_str, 0x00, 1000);
    strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 );
-    src_len = strlen( (char *) src_str );
+    TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, strlen( (char *) src_str ) ) == result );
    TEST_CF_SECRET( src_str, sizeof( src_str ) );
    TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, src_len) == result );
    TEST_CF_PUBLIC( src_str, sizeof( src_str ) );
    /* dest_str will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
       CF failures by unmarking it. */
    TEST_CF_PUBLIC( dst_str, len );
    if( result == 0 )
    {
        TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 );
@ -66,14 +57,7 @@ void base64_encode_hex( data_t * src, char * dst, int dst_buf_size,
    res = zero_alloc( dst_buf_size );
    TEST_CF_SECRET( src->x, src->len );
    TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
    TEST_CF_PUBLIC( src->x, src->len );
    /* res will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
       CF failures by unmarking it. */
    TEST_CF_PUBLIC( res, len );
    if( result == 0 )
    {
        TEST_ASSERT( len == strlen( dst ) );
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@ -200,11 +200,12 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
    unsigned char iv[13];
    unsigned char result[50];
    mbedtls_ccm_context ctx;
-    size_t iv_len, tag_len;
+    size_t i, iv_len, tag_len;
    int ret;
    mbedtls_ccm_init( &ctx );
    memset( iv, 0x00, sizeof( iv ) );
    memset( result, 0x00, sizeof( result ) );
    if( sec_level % 4 == 0)
@ -212,10 +213,12 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
    else
        tag_len = 1 << ( sec_level % 4 + 1);
-    TEST_ASSERT( source_address->len == 8 );
+    for( i = 0; i < source_address->len; i++ )
-    TEST_ASSERT( frame_counter->len == 4 );
+        iv[i] = source_address->x[i];
-    memcpy( iv, source_address->x, source_address->len );
+
-    memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
+    for( i = 0; i < frame_counter->len; i++ )
        iv[source_address->len + i] = frame_counter->x[i];
    iv[source_address->len + frame_counter->len] = sec_level;
    iv_len = sizeof( iv );
@ -250,7 +253,7 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id,
    unsigned char iv[13];
    unsigned char result[50];
    mbedtls_ccm_context ctx;
-    size_t iv_len, tag_len;
+    size_t i, iv_len, tag_len;
    int ret;
    mbedtls_ccm_init( &ctx );
@ -263,10 +266,12 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id,
    else
        tag_len = 1 << ( sec_level % 4 + 1);
-    TEST_ASSERT( source_address->len == 8 );
+    for( i = 0; i < source_address->len; i++ )
-    TEST_ASSERT( frame_counter->len == 4 );
+        iv[i] = source_address->x[i];
-    memcpy( iv, source_address->x, source_address->len );
+
-    memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
+    for( i = 0; i < frame_counter->len; i++ )
        iv[source_address->len + i] = frame_counter->x[i];
    iv[source_address->len + frame_counter->len] = sec_level;
    iv_len = sizeof( iv );
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@ -344,14 +344,6 @@ ECP point multiplication rng fail Curve25519
 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
 ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660"
 ECP point muladd secp256r1 #1
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
 ECP point muladd secp256r1 #2
 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
 ECP test vectors secp192k1
 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
 ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD"
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@ -699,52 +699,6 @@ exit:
 }
 /* END_CASE */
 /* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 void ecp_muladd( int id,
                 data_t *u1_bin, data_t *P1_bin,
                 data_t *u2_bin, data_t *P2_bin,
                 data_t *expected_result )
 {
    /* Compute R = u1 * P1 + u2 * P2 */
    mbedtls_ecp_group grp;
    mbedtls_ecp_point P1, P2, R;
    mbedtls_mpi u1, u2;
    uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN];
    size_t len;
    mbedtls_ecp_group_init( &grp );
    mbedtls_ecp_point_init( &P1 );
    mbedtls_ecp_point_init( &P2 );
    mbedtls_ecp_point_init( &R );
    mbedtls_mpi_init( &u1 );
    mbedtls_mpi_init( &u2 );
    TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, id ) );
    TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u1, u1_bin->x, u1_bin->len ) );
    TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u2, u2_bin->x, u2_bin->len ) );
    TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P1,
                                                  P1_bin->x, P1_bin->len ) );
    TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P2,
                                                  P2_bin->x, P2_bin->len ) );
    TEST_EQUAL( 0, mbedtls_ecp_muladd( &grp, &R, &u1, &P1, &u2, &P2 ) );
    TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
                    &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
                    &len, actual_result, sizeof( actual_result ) ) );
    ASSERT_COMPARE( expected_result->x, expected_result->len,
                    actual_result, len );
 exit:
    mbedtls_ecp_group_free( &grp );
    mbedtls_ecp_point_free( &P1 );
    mbedtls_ecp_point_free( &P2 );
    mbedtls_ecp_point_free( &R );
    mbedtls_mpi_free( &u1 );
    mbedtls_mpi_free( &u2 );
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void ecp_fast_mod( int id, char * N_str )
 {
--- a/tests/suites/test_suite_entropy.data
+++ b/tests/suites/test_suite_entropy.data
@ -1,9 +1,3 @@
 Entropy init-free-free
 entropy_init_free:0
 Entropy init-free-init-free
 entropy_init_free:1
 Create NV seed_file
 nv_seed_file_create:
@ -13,9 +7,6 @@ entropy_seed_file:"data_files/entropy_seed":0
 Entropy write/update seed file
 entropy_seed_file:"no_such_dir/file":MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
 Entropy write/update seed file: base NV seed file
 entropy_write_base_seed_file:0
 Entropy too many sources
 entropy_too_many_sources:
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@ -125,28 +125,6 @@ int read_nv_seed( unsigned char *buf, size_t buf_len )
 * END_DEPENDENCIES
 */
 /* BEGIN_CASE */
 void entropy_init_free( int reinit )
 {
    mbedtls_entropy_context ctx;
    /* Double free is not explicitly documented to work, but it is convenient
     * to call mbedtls_entropy_free() unconditionally on an error path without
     * checking whether it has already been called in the success path. */
    mbedtls_entropy_init( &ctx );
    mbedtls_entropy_free( &ctx );
    if( reinit )
        mbedtls_entropy_init( &ctx );
    mbedtls_entropy_free( &ctx );
    /* This test case always succeeds, functionally speaking. A plausible
     * bug might trigger an invalid pointer dereference or a memory leak. */
    goto exit;
 }
 /* END_CASE */
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
 void entropy_seed_file( char * path, int ret )
 {
@ -162,21 +140,6 @@ exit:
 }
 /* END_CASE */
 /* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
 void entropy_write_base_seed_file( int ret )
 {
    mbedtls_entropy_context ctx;
    mbedtls_entropy_init( &ctx );
    TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
    TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
 exit:
    mbedtls_entropy_free( &ctx );
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void entropy_too_many_sources(  )
 {
@ -228,9 +191,6 @@ void entropy_func_len( int len, int ret )
    for( j = len; j < sizeof( buf ); j++ )
        TEST_ASSERT( acc[j] == 0 );
 exit:
    mbedtls_entropy_free( &ctx );
 }
 /* END_CASE */
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@ -10,39 +10,21 @@ mpi_null:
 Base test mpi_read_write_string #1
 mpi_read_write_string:10:"128":10:"128":100:0:0
 Base test mpi_read_write_string #1 (Leading 0)
 mpi_read_write_string:10:"0128":10:"128":100:0:0
 Base test mpi_read_write_string #2
 mpi_read_write_string:10:"128":16:"80":100:0:0
-Base test mpi_read_write_string #3 (Read zero decimal)
+Base test mpi_read_write_string #3 (Read zero)
 mpi_read_write_string:10:"0":10:"0":100:0:0
 Base test mpi_read_write_string #3 (Read zero hex)
 mpi_read_write_string:16:"0":16:"00":100:0:0
 Base test mpi_read_write_string #3 (Read minus zero decimal)
 mpi_read_write_string:10:"-0":10:"0":100:0:0
 Base test mpi_read_write_string #3 (Read minus zero hex)
 mpi_read_write_string:16:"-0":16:"00":100:0:0
 Base test mpi_read_write_string #3 (Negative decimal)
 mpi_read_write_string:10:"-23":10:"-23":100:0:0
-Base test mpi_read_write_string #3 (Negative decimal, leading 0)
+Base test mpi_read_write_string #3 (Negative hex)
 mpi_read_write_string:10:"-023":10:"-23":100:0:0
 Base test mpi_read_write_string #3 (Negative hex -> decimal)
 mpi_read_write_string:16:"-20":10:"-32":100:0:0
-Base test mpi_read_write_string #3 (Negative hex)
+Base test mpi_read_write_string #3 (Negative decimal)
 mpi_read_write_string:16:"-23":16:"-23":100:0:0
 Base test mpi_read_write_string #3 (Negative hex, leading 0)
 mpi_read_write_string:16:"-023":16:"-23":100:0:0
 Base test mpi_read_write_string #4 (Buffer just fits)
 mpi_read_write_string:16:"-4":4:"-10":4:0:0
@ -67,18 +49,12 @@ mpi_read_write_string:10:"29":15:"1e":100:0:0
 Test mpi_read_write_string #7
 mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0
-Test mpi_read_write_string #8 (Empty MPI hex -> hex)
+Test mpi_read_write_string #8 (Empty MPI -> hex)
 mpi_read_write_string:16:"":16:"00":4:0:0
-Test mpi_read_write_string #9 (Empty MPI hex -> dec)
+Test mpi_read_write_string #9 (Empty MPI -> dec)
 mpi_read_write_string:16:"":10:"0":4:0:0
 Test mpi_read_write_string #8 (Empty MPI dec -> hex)
 mpi_read_write_string:10:"":16:"00":4:0:0
 Test mpi_read_write_string #9 (Empty MPI dec -> dec)
 mpi_read_write_string:10:"":10:"0":4:0:0
 Test mpi_write_string #10 (Negative hex with odd number of digits)
 mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
@ -496,30 +472,18 @@ mbedtls_mpi_add_int:10:"20395687835640197740576586692903457728019399331434826309
 Test mbedtls_mpi_add_int #2
 mbedtls_mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097"
-Base test mbedtls_mpi_sub_abs #1 (|B| > |A|)
+Base test mbedtls_mpi_sub_abs #1 (Test with larger second input)
 mbedtls_mpi_sub_abs:10:"5":10:"7":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
-Base test mbedtls_mpi_sub_abs #2 (|B| > |A|)
+Base test mbedtls_mpi_sub_abs #2 (Test with larger second input)
 mbedtls_mpi_sub_abs:10:"-5":10:"-7":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
-Base test mbedtls_mpi_sub_abs #3 (|B| > |A|)
+Base test mbedtls_mpi_sub_abs #3 (Test with larger second input)
 mbedtls_mpi_sub_abs:10:"-5":10:"7":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
-Base test mbedtls_mpi_sub_abs #4 (|B| > |A|)
+Base test mbedtls_mpi_sub_abs #4 (Test with larger second input)
 mbedtls_mpi_sub_abs:10:"5":10:"-7":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 Base test mbedtls_mpi_sub_abs #1 (|B| >> |A| with more limbs)
 mbedtls_mpi_sub_abs:10:"5":16:"123456789abcdef01":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 Base test mbedtls_mpi_sub_abs #2 (|B| >> |A| with more limbs)
 mbedtls_mpi_sub_abs:10:"-5":16:"-123456789abcdef01":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 Base test mbedtls_mpi_sub_abs #3 (|B| >> |A| with more limbs)
 mbedtls_mpi_sub_abs:10:"-5":16:"123456789abcdef01":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 Base test mbedtls_mpi_sub_abs #4 (|B| >> |A| with more limbs)
 mbedtls_mpi_sub_abs:10:"5":16:"-123456789abcdef01":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
 Base test mbedtls_mpi_sub_abs #1
 mbedtls_mpi_sub_abs:10:"7":10:"5":10:"2":0
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@ -1,12 +1,6 @@
 RSA parameter validation
 rsa_invalid_param:
 RSA init-free-free
 rsa_init_free:0
 RSA init-free-init-free
 rsa_init_free:1
 RSA PKCS1 Verify v1.5 CAVS #1
 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15
 # Good padding but wrong hash
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@ -465,29 +465,6 @@ exit:
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void rsa_init_free( int reinit )
 {
    mbedtls_rsa_context ctx;
    /* Double free is not explicitly documented to work, but we rely on it
     * even inside the library so that you can call mbedtls_rsa_free()
     * unconditionally on an error path without checking whether it has
     * already been called in the success path. */
    mbedtls_rsa_init( &ctx, 0, 0 );
    mbedtls_rsa_free( &ctx );
    if( reinit )
        mbedtls_rsa_init( &ctx, 0, 0 );
    mbedtls_rsa_free( &ctx );
    /* This test case always succeeds, functionally speaking. A plausible
     * bug might trigger an invalid pointer dereference or a memory leak. */
    goto exit;
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode,
                             int digest, int mod, int radix_P, char * input_P,
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@ -1,8 +1,8 @@
 Check compiletime library version
-check_compiletime_version:"2.16.10"
+check_compiletime_version:"2.16.9"
 Check runtime library version
-check_runtime_version:"2.16.10"
+check_runtime_version:"2.16.9"
 Check for MBEDTLS_VERSION_C
 check_feature:"MBEDTLS_VERSION_C":0
--- a/visualc/VS2010/aescrypt2.vcxproj
+++ b/visualc/VS2010/aescrypt2.vcxproj
@ -0,0 +1,173 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <ItemGroup Label="ProjectConfigurations">
    <ProjectConfiguration Include="Debug|Win32">
      <Configuration>Debug</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Debug|x64">
      <Configuration>Debug</Configuration>
      <Platform>x64</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Release|Win32">
      <Configuration>Release</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Release|x64">
      <Configuration>Release</Configuration>
      <Platform>x64</Platform>
    </ProjectConfiguration>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="..\..\programs\aes\aescrypt2.c" />
  </ItemGroup>
  <ItemGroup>
    <ProjectReference Include="mbedTLS.vcxproj">
      <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
      <LinkLibraryDependencies>true</LinkLibraryDependencies>
    </ProjectReference>
  </ItemGroup>
  <PropertyGroup Label="Globals">
    <ProjectGuid>{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}</ProjectGuid>
    <Keyword>Win32Proj</Keyword>
    <RootNamespace>aescrypt2</RootNamespace>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>true</UseDebugLibraries>
    <CharacterSet>Unicode</CharacterSet>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>true</UseDebugLibraries>
    <CharacterSet>Unicode</CharacterSet>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>false</UseDebugLibraries>
    <WholeProgramOptimization>true</WholeProgramOptimization>
    <CharacterSet>Unicode</CharacterSet>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>false</UseDebugLibraries>
    <WholeProgramOptimization>true</WholeProgramOptimization>
    <CharacterSet>Unicode</CharacterSet>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
  <ImportGroup Label="ExtensionSettings">
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <PropertyGroup Label="UserMacros" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <LinkIncremental>true</LinkIncremental>
    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <LinkIncremental>true</LinkIncremental>
    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <LinkIncremental>false</LinkIncremental>
    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <LinkIncremental>false</LinkIncremental>
    <IntDir>$(Configuration)\$(TargetName)\</IntDir>
  </PropertyGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <ClCompile>
      <PrecompiledHeader>
      </PrecompiledHeader>
      <WarningLevel>Level3</WarningLevel>
      <Optimization>Disabled</Optimization>
      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
    </ClCompile>
    <Link>
      <SubSystem>Console</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <ShowProgress>NotSet</ShowProgress>
      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
    </Link>
    <ProjectReference>
      <LinkLibraryDependencies>false</LinkLibraryDependencies>
    </ProjectReference>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <ClCompile>
      <PrecompiledHeader>
      </PrecompiledHeader>
      <WarningLevel>Level3</WarningLevel>
      <Optimization>Disabled</Optimization>
      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
    </ClCompile>
    <Link>
      <SubSystem>Console</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <ShowProgress>NotSet</ShowProgress>
      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
    </Link>
    <ProjectReference>
      <LinkLibraryDependencies>false</LinkLibraryDependencies>
    </ProjectReference>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <PrecompiledHeader>
      </PrecompiledHeader>
      <Optimization>MaxSpeed</Optimization>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
    </ClCompile>
    <Link>
      <SubSystem>Console</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <EnableCOMDATFolding>true</EnableCOMDATFolding>
      <OptimizeReferences>true</OptimizeReferences>
      <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <PrecompiledHeader>
      </PrecompiledHeader>
      <Optimization>MaxSpeed</Optimization>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <PreprocessorDefinitions>WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <AdditionalIncludeDirectories>../../include</AdditionalIncludeDirectories>
    </ClCompile>
    <Link>
      <SubSystem>Console</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <EnableCOMDATFolding>true</EnableCOMDATFolding>
      <OptimizeReferences>true</OptimizeReferences>
      <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
      <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
    </Link>
  </ItemDefinitionGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Label="ExtensionTargets">
  </ImportGroup>
 </Project>
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@ -3,6 +3,11 @@ Microsoft Visual Studio Solution File, Format Version 11.00
 # Visual C++ Express 2010
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}"
 	ProjectSection(ProjectDependencies) = postProject
 		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
 	EndProjectSection
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}"
 	ProjectSection(ProjectDependencies) = postProject
 		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@ -254,6 +259,14 @@ Global
 		{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32
 		{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64
 		{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.ActiveCfg = Debug|Win32
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.Build.0 = Debug|Win32
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.ActiveCfg = Debug|x64
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.Build.0 = Debug|x64
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.ActiveCfg = Release|Win32
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.Build.0 = Release|Win32
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.ActiveCfg = Release|x64
 		{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.Build.0 = Release|x64
 		{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.ActiveCfg = Debug|Win32
 		{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.Build.0 = Debug|Win32
 		{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.ActiveCfg = Debug|x64
		`@ -1,2 +0,0 @@`
			`Changes`
			`* Fix the setting of the read timeout in the DTLS sample programs.`
		`@ -1,2 +0,0 @@`
			`Bugfix`
			`* Fix an incorrect error code when parsing a PKCS#8 private key.`