From 66c1e2c7669021844079a3c4dd3da2e5de17e2fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Jan 2018 14:04:05 +0100 Subject: [PATCH 01/80] Generate tags for Vi, for Emacs and with Global --- .gitignore | 8 ++++++++ .globalrc | 3 +++ Makefile | 9 +++++++++ 3 files changed, 20 insertions(+) create mode 100644 .globalrc diff --git a/.gitignore b/.gitignore index f40064d5b..a662dedcd 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,11 @@ massif-* # CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: *.dir/ + +# Editor navigation files: +/GPATH +/GRTAGS +/GSYMS +/GTAGS +/TAGS +/tags diff --git a/.globalrc b/.globalrc new file mode 100644 index 000000000..01b2ea5a3 --- /dev/null +++ b/.globalrc @@ -0,0 +1,3 @@ +default:\ + :langmap=c\:.c.h.function:\ + diff --git a/Makefile b/Makefile index 87b5a0c0f..d1817b208 100644 --- a/Makefile +++ b/Makefile @@ -132,3 +132,12 @@ apidoc: apidoc_clean: rm -rf apidoc endif + +## Editor navigation files +C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) +tags: $(C_SOURCE_FILES) + ctags -o $@ $(C_SOURCE_FILES) +TAGS: $(C_SOURCE_FILES) + etags -o $@ $(C_SOURCE_FILES) +GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) + ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc From ceeea02d51dd9b35e6d907c08fea5e03240c5152 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 22:49:09 +0100 Subject: [PATCH 02/80] Improve .gitignore grouping and documentation --- .gitignore | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index a662dedcd..e13514319 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,17 @@ +# CMake build artifacts: CMakeCache.txt CMakeFiles CTestTestfile.cmake cmake_install.cmake Testing +# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: +*.dir/ +# MSVC files generated by CMake: +/*.sln +/*.vcxproj +/*.filters + +# Test coverage build artifacts: Coverage *.gcno *.gcda @@ -10,11 +19,6 @@ Coverage # generated by scripts/memory.sh massif-* -# MSVC files generated by CMake: -/*.sln -/*.vcxproj -/*.filters - # MSVC build artifacts: *.exe *.pdb @@ -24,8 +28,6 @@ massif-* # Python build artifacts: *.pyc -# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those: -*.dir/ # Editor navigation files: /GPATH From 81fb206a6a40f272bdd5bd1bf06c215f748786f3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 25 Feb 2019 22:49:33 +0100 Subject: [PATCH 03/80] Ignore more generated files: seedfile, apidoc --- .gitignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitignore b/.gitignore index e13514319..789f57ee0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Random seed file created by test scripts and sample programs +seedfile + # CMake build artifacts: CMakeCache.txt CMakeFiles @@ -28,6 +31,8 @@ massif-* # Python build artifacts: *.pyc +# Generated documentation: +/apidoc # Editor navigation files: /GPATH From 7346b312e12a54d77608fc6bb8aa3c55cf046d90 Mon Sep 17 00:00:00 2001 From: Qixiang Xu Date: Thu, 21 Feb 2019 14:55:13 +0800 Subject: [PATCH 04/80] Fix CMake build error on Cygwin and minGW platforms Signed-off-by: Qixiang Xu --- CMakeLists.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 19ab4eb5f..c41844854 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -88,8 +88,14 @@ set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} # to the corresponding path in the source directory. function(link_to_source base_name) # Get OS dependent path to use in `execute_process` - file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/${base_name}" link) - file(TO_NATIVE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}" target) + if (CMAKE_HOST_WIN32) + #mklink is an internal command of cmd.exe it can only work with \ + string(REPLACE "/" "\\" link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}") + string(REPLACE "/" "\\" target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}") + else() + set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}") + set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}") + endif() if (NOT EXISTS ${link}) if (CMAKE_HOST_UNIX) From 88aaf652b1cb8ac516e53ec55c3a52445682d3ea Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Dec 2017 08:17:40 +0000 Subject: [PATCH 05/80] Remove key length field from ssl_transform The `ssl_transform` security parameter structure contains opaque cipher contexts for use by the record encryption/decryption functions `ssl_decrypt_buf`/`ssl_encrypt_buf`, while the underlying key material is configured once in `ssl_derive_keys` and is not explicitly dealt with anymore afterwards. In particular, the key length is not needed explicitly by the encryption/decryption functions but is nonetheless stored in an explicit yet superfluous `keylen` field in `ssl_transform`. This commit removes this field. --- include/mbedtls/ssl_internal.h | 1 - library/ssl_tls.c | 27 +++++++++++++++------------ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 5dde239df..d1eeda07a 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -465,7 +465,6 @@ struct mbedtls_ssl_transform */ const mbedtls_ssl_ciphersuite_t *ciphersuite_info; /*!< Chosen cipersuite_info */ - unsigned int keylen; /*!< symmetric key length (bytes) */ size_t minlen; /*!< min. ciphertext length */ size_t ivlen; /*!< IV length */ size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index abe2450eb..ad8f02427 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -739,6 +739,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) size_t mac_key_len; size_t iv_copy_len; size_t taglen = 0; + unsigned keylen; const mbedtls_cipher_info_t *cipher_info; const mbedtls_md_info_t *md_info; @@ -992,7 +993,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * Determine the appropriate key, IV and MAC length. */ - transform->keylen = cipher_info->key_bitlen / 8; + keylen = cipher_info->key_bitlen / 8; if( cipher_info->mode == MBEDTLS_MODE_GCM || cipher_info->mode == MBEDTLS_MODE_CCM || @@ -1104,9 +1105,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d", - transform->keylen, transform->minlen, transform->ivlen, - transform->maclen ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u", + (unsigned) keylen, + (unsigned) transform->minlen, + (unsigned) transform->ivlen, + (unsigned) transform->maclen ) ); /* * Finally setup the cipher contexts, IVs and MAC secrets. @@ -1115,7 +1118,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { key1 = keyblk + mac_key_len * 2; - key2 = keyblk + mac_key_len * 2 + transform->keylen; + key2 = keyblk + mac_key_len * 2 + keylen; mac_enc = keyblk; mac_dec = keyblk + mac_key_len; @@ -1125,8 +1128,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) */ iv_copy_len = ( transform->fixed_ivlen ) ? transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len ); - memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len, + memcpy( transform->iv_enc, key2 + keylen, iv_copy_len ); + memcpy( transform->iv_dec, key2 + keylen + iv_copy_len, iv_copy_len ); } else @@ -1134,7 +1137,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_SRV_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) { - key1 = keyblk + mac_key_len * 2 + transform->keylen; + key1 = keyblk + mac_key_len * 2 + keylen; key2 = keyblk + mac_key_len * 2; mac_enc = keyblk + mac_key_len; @@ -1145,8 +1148,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) */ iv_copy_len = ( transform->fixed_ivlen ) ? transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len ); - memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len, + memcpy( transform->iv_dec, key1 + keylen, iv_copy_len ); + memcpy( transform->iv_enc, key1 + keylen + iv_copy_len, iv_copy_len ); } else @@ -1196,7 +1199,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); - if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, transform->keylen, + if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen, transform->iv_enc, transform->iv_dec, iv_copy_len, mac_enc, mac_dec, @@ -1213,7 +1216,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { ssl->conf->f_export_keys( ssl->conf->p_export_keys, session->master, keyblk, - mac_key_len, transform->keylen, + mac_key_len, keylen, iv_copy_len ); } #endif From e694c3ef3e08c1951ae86b1031a8abcfebc27d67 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Dec 2017 21:34:08 +0000 Subject: [PATCH 06/80] Remove ciphersuite_info from ssl_transform Prior to this commit, the security parameter struct `ssl_transform` contained a `ciphersuite_info` field pointing to the information structure for the negotiated ciphersuite. However, the only information extracted from that structure that was used in the core encryption and decryption functions `ssl_encrypt_buf`/`ssl_decrypt_buf` was the authentication tag length in case of an AEAD cipher. The present commit removes the `ciphersuite_info` field from the `ssl_transform` structure and adds an explicit `taglen` field for AEAD authentication tag length. This is in accordance with the principle that the `ssl_transform` structure should contain the raw parameters needed for the record encryption and decryption functions to work, but not the higher-level information that gave rise to them. For example, the `ssl_transform` structure implicitly contains the encryption/decryption keys within their cipher contexts, but it doesn't contain the SSL master or premaster secrets. Likewise, it contains an explicit `maclen`, while the status of the 'Truncated HMAC' extension -- which determines the value of `maclen` when the `ssl_transform` structure is created in `ssl_derive_keys` -- is not contained in `ssl_transform`. The `ciphersuite_info` pointer was used in other places outside the encryption/decryption functions during the handshake, and for these functions to work, this commit adds a `ciphersuite_info` pointer field to the handshake-local `ssl_handshake_params` structure. --- include/mbedtls/ssl_internal.h | 7 ++-- library/ssl_cli.c | 24 ++++++------ library/ssl_srv.c | 21 +++++----- library/ssl_tls.c | 72 +++++++++++++++++----------------- 4 files changed, 61 insertions(+), 63 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index d1eeda07a..deaa93fbd 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -420,6 +420,8 @@ struct mbedtls_ssl_handshake_params const unsigned char *, size_t, unsigned char *, size_t); + mbedtls_ssl_ciphersuite_t const *ciphersuite_info; + size_t pmslen; /*!< premaster length */ unsigned char randbytes[64]; /*!< random bytes */ @@ -463,12 +465,11 @@ struct mbedtls_ssl_transform /* * Session specific crypto layer */ - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - /*!< Chosen cipersuite_info */ size_t minlen; /*!< min. ciphertext length */ size_t ivlen; /*!< IV length */ size_t fixed_ivlen; /*!< Fixed part of IV (AEAD) */ - size_t maclen; /*!< MAC length */ + size_t maclen; /*!< MAC(CBC) len */ + size_t taglen; /*!< TAG(AEAD) len */ unsigned char iv_enc[16]; /*!< IV (encryption) */ unsigned char iv_dec[16]; /*!< IV (decryption) */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4e5b3a602..78059054a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1363,7 +1363,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, { int ret; - if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + if( ssl->handshake->ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); @@ -1726,9 +1726,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) /* * Initialize update checksum functions */ - ssl->transform_negotiate->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); - - if( ssl->transform_negotiate->ciphersuite_info == NULL ) + ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); + if( ssl->handshake->ciphersuite_info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -1736,7 +1735,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - mbedtls_ssl_optimize_checksum( ssl, ssl->transform_negotiate->ciphersuite_info ); + mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); @@ -2462,7 +2461,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) { int ret; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; unsigned char *p = NULL, *end = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); @@ -2832,7 +2831,7 @@ exit: static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); @@ -2854,7 +2853,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) size_t n = 0; size_t cert_type_len = 0, dn_len = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); @@ -3057,7 +3056,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) size_t header_len; size_t content_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); @@ -3495,7 +3494,7 @@ ecdh_calc_secret: static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; int ret; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); @@ -3521,7 +3520,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; size_t n = 0, offset = 0; unsigned char hash[48]; unsigned char *hash_start = hash; @@ -3627,8 +3626,7 @@ sign: * Reason: Otherwise we should have running hashes for SHA512 and SHA224 * in order to satisfy 'weird' needs from the server side. */ - if( ssl->transform_negotiate->ciphersuite_info->mac == - MBEDTLS_MD_SHA384 ) + if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) { md_alg = MBEDTLS_MD_SHA384; ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b8e10d6dc..33a38a652 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1195,7 +1195,7 @@ have_ciphersuite_v2: MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) ); ssl->session_negotiate->ciphersuite = ciphersuites[i]; - ssl->transform_negotiate->ciphersuite_info = ciphersuite_info; + ssl->handshake->ciphersuite_info = ciphersuite_info; /* * SSLv2 Client Hello relevant renegotiation security checks @@ -2039,7 +2039,7 @@ have_ciphersuite: MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) ); ssl->session_negotiate->ciphersuite = ciphersuites[i]; - ssl->transform_negotiate->ciphersuite_info = ciphersuite_info; + ssl->handshake->ciphersuite_info = ciphersuite_info; ssl->state++; @@ -2306,7 +2306,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *olen = 0; /* Skip costly computation if not needed */ - if( ssl->transform_negotiate->ciphersuite_info->key_exchange != + if( ssl->handshake->ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECJPAKE ) return; @@ -2684,7 +2684,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); @@ -2703,7 +2703,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; size_t dn_size, total_dn_size; /* excluding length bytes */ size_t ct_len, sa_len; /* including length bytes */ unsigned char *buf, *p; @@ -2926,7 +2926,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, size_t *signature_len ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; + #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED) unsigned char *dig_signed = NULL; @@ -3292,7 +3293,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) size_t signature_len = 0; #if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; #endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); @@ -3736,7 +3737,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) const mbedtls_ssl_ciphersuite_t *ciphersuite_info; unsigned char *p, *end; - ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; + ciphersuite_info = ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) ); @@ -4039,7 +4040,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); @@ -4066,7 +4067,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) #endif mbedtls_md_type_t md_alg; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; mbedtls_pk_context * peer_pk; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ad8f02427..f0f38c0b2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -738,8 +738,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) unsigned char *mac_dec; size_t mac_key_len; size_t iv_copy_len; - size_t taglen = 0; unsigned keylen; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; const mbedtls_cipher_info_t *cipher_info; const mbedtls_md_info_t *md_info; @@ -757,19 +757,21 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); - cipher_info = mbedtls_cipher_info_from_type( transform->ciphersuite_info->cipher ); + + ciphersuite_info = handshake->ciphersuite_info; + cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); if( cipher_info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found", - transform->ciphersuite_info->cipher ) ); + ciphersuite_info->cipher ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - md_info = mbedtls_md_info_from_type( transform->ciphersuite_info->mac ); + md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); if( md_info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found", - transform->ciphersuite_info->mac ) ); + ciphersuite_info->mac ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -797,7 +799,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - transform->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) + ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) { handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; @@ -852,12 +854,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) unsigned char const *salt = handshake->randbytes; size_t salt_len = 64; -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; - mbedtls_md_type_t const md_type = ciphersuite_info->mac; -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) { @@ -870,8 +866,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { #if defined(MBEDTLS_SHA512_C) - if( md_type == MBEDTLS_MD_SHA384 ) + if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) + { salt_len = 48; + } else #endif /* MBEDTLS_SHA512_C */ salt_len = 32; @@ -1003,6 +1001,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) transform->maclen = 0; mac_key_len = 0; + transform->taglen = + ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; /* All modes haves 96-bit IVs; * GCM and CCM has 4 implicit and 8 explicit bytes @@ -1014,14 +1014,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) else transform->fixed_ivlen = 4; - /* All modes have 128-bit tags, except CCM_8 (ciphersuite flag) */ - taglen = transform->ciphersuite_info->flags & - MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; - - /* Minimum length of encrypted record */ explicit_ivlen = transform->ivlen - transform->fixed_ivlen; - transform->minlen = explicit_ivlen + taglen; + transform->minlen = explicit_ivlen + transform->taglen; } else { @@ -1865,8 +1860,6 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) unsigned char add_data[13]; unsigned char iv[12]; mbedtls_ssl_transform *transform = ssl->transform_out; - unsigned char taglen = transform->ciphersuite_info->flags & - MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; size_t explicit_ivlen = transform->ivlen - transform->fixed_ivlen; /* @@ -1933,7 +1926,8 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) add_data, 13, enc_msg, enc_msglen, enc_msg, &olen, - enc_msg + enc_msglen, taglen ) ) != 0 ) + enc_msg + enc_msglen, + ssl->transform_out->taglen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); return( ret ); @@ -1945,10 +1939,11 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - ssl->out_msglen += taglen; + ssl->out_msglen += ssl->transform_out->taglen; auth_done++; - MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, taglen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, + ssl->transform_out->taglen ); } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ @@ -2156,21 +2151,19 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) unsigned char add_data[13]; unsigned char iv[12]; mbedtls_ssl_transform *transform = ssl->transform_in; - unsigned char taglen = transform->ciphersuite_info->flags & - MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; /* * Compute and update sizes */ - if( ssl->in_msglen < explicit_iv_len + taglen ) + if( ssl->in_msglen < explicit_iv_len + transform->taglen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " "+ taglen (%d)", ssl->in_msglen, - explicit_iv_len, taglen ) ); + explicit_iv_len, ssl->transform_in->taglen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } - dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; + dec_msglen = ssl->in_msglen - explicit_iv_len - transform->taglen; dec_msg = ssl->in_msg; dec_msg_result = ssl->in_msg; @@ -2216,7 +2209,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, taglen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, + transform->taglen ); /* * Decrypt and authenticate @@ -2226,7 +2220,8 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) add_data, 13, dec_msg, dec_msglen, dec_msg_result, &olen, - dec_msg + dec_msglen, taglen ) ) != 0 ) + dec_msg + dec_msglen, + ssl->transform_in->taglen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); @@ -2542,7 +2537,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) const size_t max_len = ssl->in_msglen + padlen; const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; - switch( ssl->transform_in->ciphersuite_info->mac ) + switch( ssl->handshake->ciphersuite_info->mac ) { #if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \ defined(MBEDTLS_SHA256_C) @@ -5603,7 +5598,8 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) /* No certificate support -> dummy functions */ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); @@ -5620,7 +5616,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) { - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); @@ -5643,7 +5640,8 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, n; const mbedtls_x509_crt *crt; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info = + ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); @@ -6005,7 +6003,7 @@ static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, int authmode ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) return( SSL_CERTIFICATE_SKIP ); @@ -6037,7 +6035,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, { int ret = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->transform_negotiate->ciphersuite_info; + ssl->handshake->ciphersuite_info; int have_ca_chain = 0; int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); From 52344c2972bc174ab817ea22c7c8bf7b5fc53ac5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 15:24:20 +0000 Subject: [PATCH 07/80] Correct space needed for MAC in case of NULL cipher The macro constant `MBEDTLS_SSL_MAC_ADD` defined in `ssl_internal.h` defines an upper bound for the amount of space needed for the record authentication tag. Its definition distinguishes between the presence of an ARC4 or CBC ciphersuite suite, in which case the maximum size of an enabled SHA digest is used; otherwise, `MBEDTLS_SSL_MAC_ADD` is set to 16 to accomodate AEAD authentication tags. This assignment has a flaw in the situation where confidentiality is not needed and the NULL cipher is in use. In this case, the authentication tag also uses a SHA digest, but the definition of `MBEDTLS_SSL_MAC_ADD` doesn't guarantee enough space. The present commit fixes this by distinguishing between the presence of *some* ciphersuite using a MAC, including those using a NULL cipher. For that, the previously internal macro `SSL_SOME_MODES_USE_MAC` from `ssl_tls.c` is renamed and moved to the public macro `MBEDTLS_SOME_MODES_USE_MAC` defined in `ssl_internal.h`. --- include/mbedtls/ssl_internal.h | 12 ++++++++++-- library/ssl_tls.c | 18 ++++++------------ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index deaa93fbd..40ff53f12 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -146,7 +146,15 @@ #define MBEDTLS_SSL_COMPRESSION_ADD 0 #endif -#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ + ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ + ( defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_CAMELLIA_C) || \ + defined(MBEDTLS_ARIA_C) ) ) +#define MBEDTLS_SSL_SOME_MODES_USE_MAC +#endif + +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) /* Ciphersuites using HMAC */ #if defined(MBEDTLS_SHA512_C) #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ @@ -155,7 +163,7 @@ #else #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ #endif -#else +#else /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ #define MBEDTLS_SSL_MAC_ADD 16 #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0f38c0b2..780a682cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1710,15 +1710,9 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ -#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ - ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ - ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C)) ) -#define SSL_SOME_MODES_USE_MAC -#endif - /* The function below is only used in the Lucky 13 counter-measure in * ssl_decrypt_buf(). These are the defines that guard the call site. */ -#if defined(SSL_SOME_MODES_USE_MAC) && \ +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) && \ ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) ) @@ -1761,7 +1755,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) /* * Add MAC before if needed */ -#if defined(SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) if( mode == MBEDTLS_MODE_STREAM || ( mode == MBEDTLS_MODE_CBC #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -1814,7 +1808,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) ssl->out_msglen += ssl->transform_out->maclen; auth_done++; } -#endif /* AEAD not the only option */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ /* * Encrypt @@ -2090,7 +2084,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) { mbedtls_cipher_mode_t mode; int auth_done = 0; -#if defined(SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) size_t padlen = 0, correct = 1; #endif @@ -2470,7 +2464,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) * Authenticate if not done yet. * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). */ -#if defined(SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) if( auth_done == 0 ) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; @@ -2618,7 +2612,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) */ if( correct == 0 ) return( MBEDTLS_ERR_SSL_INVALID_MAC ); -#endif /* SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ /* Make extra sure authentication was performed, exactly once */ if( auth_done != 1 ) From 34f88afdf1c384114820c6097a2d5ee7c8b1729c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Jul 2018 10:19:47 +0100 Subject: [PATCH 08/80] Fix definition of SSL_SOME_MODES_USE_MAC The previous definition was lacking the case of the ARIA and DES ciphers. --- include/mbedtls/ssl_internal.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 40ff53f12..9a0c70136 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -150,7 +150,8 @@ ( defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_AES_C) || \ defined(MBEDTLS_CAMELLIA_C) || \ - defined(MBEDTLS_ARIA_C) ) ) + defined(MBEDTLS_ARIA_C) || \ + defined(MBEDTLS_DES_C) ) ) #define MBEDTLS_SSL_SOME_MODES_USE_MAC #endif From 12a3a86b2d4dffb5896f38b2641346cbe1feb2ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 15:42:50 +0000 Subject: [PATCH 09/80] Add structure representing TLS records This commit adds a structure `mbedtls_record` whose instances represent (D)TLS records. This structure will be used in the subsequent adaptions of the record encryption and decryption routines `ssl_decrypt_buf` and `ssl_encrypt_buf`, which currently take the entire SSL context as input, but should only use the record to be acted on as well as the record transformation to use. --- include/mbedtls/ssl_internal.h | 36 ++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 9a0c70136..716c6cf26 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -504,6 +504,42 @@ struct mbedtls_ssl_transform #endif }; +/* + * Internal representation of record frames + * + * The header layout is chosen to facilitate the computation of + * authentication tags which often use the header bytes laid out + * exactly as in the struct; note that it does not match what's + * transferred on the wire. + * + * Instances come in two flavors: + * (1) Encrypted + * These always have data_offset = 0 + * (2) Unencrypted + * These have data_offset set to the length of the + * fixed part of the IV used for encryption. + * + * The reason for the data_offset in the unencrypted case + * is to allow for in-place conversion of an unencrypted to + * an encrypted record. If the offset wasn't included, the + * encrypted content would need to be shifted afterwards to + * make space for the fixed IV. + * + */ +typedef struct +{ + uint8_t ctr[8]; /*!< Record sequence number */ + uint8_t type; /*!< Record type */ + uint8_t ver[2]; /*!< SSL/TLS version */ + uint8_t len[2]; /*!< Content length, little endian */ + + unsigned char *buf; /*!< Memory buffer enclosing the record content */ + size_t buf_len; /*!< Buffer length */ + size_t data_offset; /*!< Offset of record content */ + size_t data_len; /*!< Length of record content */ + +} mbedtls_record; + #if defined(MBEDTLS_X509_CRT_PARSE_C) /* * List of certificate + private key pairs From d362dc504d3efa8a36ec6c2e1a344b1c213b224b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 15:23:11 +0000 Subject: [PATCH 10/80] Improve documentation of mbedtls_ssl_transform --- include/mbedtls/ssl_internal.h | 90 +++++++++++++++++++++++++++++++++- 1 file changed, 88 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 716c6cf26..600d4d104 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -466,8 +466,94 @@ struct mbedtls_ssl_handshake_params typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; /* - * This structure contains a full set of runtime transform parameters - * either in negotiation or active. + * Representation of decryption/encryption transformations on records + * + * There are the following general types of record transformations: + * - Stream transformations (TLS versions <= 1.2 only) + * Transformation adding a MAC and applying a stream-cipher + * to the authenticated message. + * - CBC block cipher transformations ([D]TLS versions <= 1.2 only) + * In addition to the distinction of the order of encryption and + * authentication, there's a fundamental difference between the + * handling in SSL3 & TLS 1.0 and TLS 1.1 and TLS 1.2: For SSL3 + * and TLS 1.0, the final IV after processing a record is used + * as the IV for the next record. No explicit IV is contained + * in an encrypted record. The IV for the first record is extracted + * at key extraction time. In contrast, for TLS 1.1 and 1.2, no + * IV is generated at key extraction time, but every encrypted + * record is explicitly prefixed by the IV with which it was encrypted. + * - AEAD transformations ([D]TLS versions >= 1.2 only) + * These come in two fundamentally different versions, the first one + * used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second + * one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3. + * In the first transformation, the IV to be used for a record is obtained + * as the concatenation of an explicit, static 4-byte IV and the 8-byte + * record sequence number, and explicitly prepending this sequence number + * to the encrypted record. In contrast, in the second transformation + * the IV is obtained by XOR'ing a static IV obtained at key extraction + * time with the 8-byte record sequence number, without prepending the + * latter to the encrypted record. + * + * In addition to type and version, the following parameters are relevant: + * - The symmetric cipher algorithm to be used. + * - The (static) encryption/decryption keys for the cipher. + * - For stream/CBC, the type of message digest to be used. + * - For stream/CBC, (static) encryption/decryption keys for the digest. + * - For AEAD transformations, the size (potentially 0) of an explicit + * initialization vector placed in encrypted records. + * - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0) + * an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC) + * and (if present) is combined with the explicit IV in a transformation- + * dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3). + * - For stream/CBC, a flag determining the order of encryption and MAC. + * - The details of the transformation depend on the SSL/TLS version. + * - The length of the authentication tag. + * + * The struct below refines this abstract view as follows: + * - The cipher underlying the transformation is managed in + * cipher contexts cipher_ctx_{enc/dec}, which must have the + * same cipher type. The mode of these cipher contexts determines + * the type of the transformation in the sense above: e.g., if + * the type is MBEDTLS_CIPHER_AES_256_CBC resp. MBEDTLS_CIPHER_AES_192_GCM + * then the transformation has type CBC resp. AEAD. + * - The cipher keys are never stored explicitly but + * are maintained within cipher_ctx_{enc/dec}. + * - For stream/CBC transformations, the message digest contexts + * used for the MAC's are stored in md_ctx_{enc/dec}. These contexts + * are unused for AEAD transformations. + * - For stream/CBC transformations and versions > SSL3, the + * MAC keys are not stored explicitly but maintained within + * md_ctx_{enc/dec}. + * - For stream/CBC transformations and version SSL3, the MAC + * keys are stored explicitly in mac_enc, mac_dec and have + * a fixed size of 20 bytes. These fields are unused for + * AEAD transformations or transformations >= TLS 1.0. + * - For transformations using an implicit IV maintained within + * the transformation context, its contents are stored within + * iv_{enc/dec}. + * - The value of ivlen indicates the length of the IV. + * This is redundant in case of stream/CBC transformations + * which always use 0 resp. the cipher's block length as the + * IV length, but is needed for AEAD ciphers and may be + * different from the underlying cipher's block length + * in this case. + * - The field fixed_ivlen is nonzero for AEAD transformations only + * and indicates the length of the static part of the IV which is + * constant throughout the communication, and which is stored in + * the first fixed_ivlen bytes of the iv_{enc/dec} arrays. + * Note: For CBC in SSL3 and TLS 1.0, the fields iv_{enc/dec} + * still store IV's for continued use across multiple transformations, + * so it is not true that fixed_ivlen == 0 means that iv_{enc/dec} are + * not being used! + * - minor_ver denotes the SSL/TLS version + * - For stream/CBC transformations, maclen denotes the length of the + * authentication tag, while taglen is unused and 0. + * - For AEAD transformations, taglen denotes the length of the + * authentication tag, while maclen is unused and 0. + * - For CBC transformations, encrypt_then_mac determines the + * order of encryption and authentication. This field is unused + * in other transformations. + * */ struct mbedtls_ssl_transform { From 9eddaebda57e710666045133f7e9937a2f4c41c6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Dec 2017 21:37:21 +0000 Subject: [PATCH 11/80] Provide standalone version of `ssl_encrypt_buf` The previous version of the record encryption function `ssl_encrypt_buf` takes the entire SSL context as an argument, while intuitively, it should only depend on the current security parameters and the record buffer. Analyzing the exact dependencies, it turned out that in addition to the currently active `ssl_transform` instance and the record information, the encryption function needs access to - the negotiated protocol version, and - the status of the encrypt-then-MAC extension. This commit moves these two fields into `ssl_transform` and changes the signature of `ssl_encrypt_buf` to only use an instance of `ssl_transform` and an instance of the new `ssl_record` type. The `ssl_context` instance is *solely* kept for the debugging macros which need an SSL context instance. The benefit of the change is twofold: 1) It avoids the need of the MPS to deal with instances of `ssl_context`. The MPS should only work with records and opaque security parameters, which is what the change in this commit makes progress towards. 2) It significantly eases testing of the encryption function: independent of any SSL context, the encryption function can be passed some record buffer to encrypt alongside some arbitrary choice of parameters, and e.g. be checked to not overflow the provided memory. --- include/mbedtls/ssl_internal.h | 12 +- library/ssl_tls.c | 350 ++++++++++++++++++++------------- 2 files changed, 221 insertions(+), 141 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 600d4d104..03a4473cc 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -581,6 +581,12 @@ struct mbedtls_ssl_transform mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + int encrypt_then_mac; /*!< flag for EtM activation */ +#endif + + int minor_ver; + /* * Session specific compression layer */ @@ -593,11 +599,6 @@ struct mbedtls_ssl_transform /* * Internal representation of record frames * - * The header layout is chosen to facilitate the computation of - * authentication tags which often use the header bytes laid out - * exactly as in the struct; note that it does not match what's - * transferred on the wire. - * * Instances come in two flavors: * (1) Encrypted * These always have data_offset = 0 @@ -617,7 +618,6 @@ typedef struct uint8_t ctr[8]; /*!< Record sequence number */ uint8_t type; /*!< Record type */ uint8_t ver[2]; /*!< SSL/TLS version */ - uint8_t len[2]; /*!< Content length, little endian */ unsigned char *buf; /*!< Memory buffer enclosing the record content */ size_t buf_len; /*!< Buffer length */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 780a682cc..b0dcf1d33 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -757,6 +757,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + transform->encrypt_then_mac = session->encrypt_then_mac; +#endif + transform->minor_ver = ssl->minor_ver; ciphersuite_info = handshake->ciphersuite_info; cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); @@ -1734,23 +1738,75 @@ static void ssl_read_memory( unsigned char *p, size_t len ) /* * Encryption/decryption functions */ -static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) + +static void ssl_extract_add_data_from_record( unsigned char* add_data, + mbedtls_record *rec ) +{ + memcpy( add_data, rec->ctr, sizeof( rec->ctr ) ); + add_data[8] = rec->type; + memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) ); + add_data[11] = ( rec->data_len >> 8 ) & 0xFF; + add_data[12] = rec->data_len & 0xFF; +} + +static int ssl_encrypt_buf( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { mbedtls_cipher_mode_t mode; int auth_done = 0; + unsigned char * data; + unsigned char add_data[13]; + size_t post_avail; + + /* The SSL context is only used for debugging purposes! */ +#if !defined(MBEDTLS_SSL_DEBUG_C) + ((void) ssl); +#endif + + /* The PRNG is used for dynamic IV generation that's used + * for CBC transformations in TLS 1.1 and TLS 1.2. */ +#if !( defined(MBEDTLS_CIPHER_MODE_CBC) && \ + ( defined(MBEDTLS_AES_C) || \ + defined(MBEDTLS_ARIA_C) || \ + defined(MBEDTLS_CAMELLIA_C) ) && \ + ( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) ) + ((void) f_rng); + ((void) p_rng); +#endif MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); - if( ssl->session_out == NULL || ssl->transform_out == NULL ) + if( transform == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + if( rec == NULL || + rec->buf == NULL || + rec->buf_len < rec->data_offset || + rec->buf_len - rec->data_offset < rec->data_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ); - + post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); + data = rec->buf + rec->data_offset; MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", - ssl->out_msg, ssl->out_msglen ); + data, rec->data_len ); + + mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); + + if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d", + (unsigned) rec->data_len, + MBEDTLS_SSL_OUT_CONTENT_LEN ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } /* * Add MAC before if needed @@ -1759,40 +1815,42 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) if( mode == MBEDTLS_MODE_STREAM || ( mode == MBEDTLS_MODE_CBC #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - && ssl->session_out->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED + && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED #endif ) ) { + if( post_avail < transform->maclen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { unsigned char mac[SSL_MAC_MAX_BYTES]; - - ssl_mac( &ssl->transform_out->md_ctx_enc, - ssl->transform_out->mac_enc, - ssl->out_msg, ssl->out_msglen, - ssl->out_ctr, ssl->out_msgtype, - mac ); - - memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen ); + ssl_mac( &transform->md_ctx_enc, transform->mac_enc, + data, rec->data_len, rec->ctr, rec->type, mac ); + memcpy( data + rec->data_len, mac, transform->maclen ); } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) + if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) { unsigned char mac[MBEDTLS_SSL_MAC_ADD]; - mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_ctr, 8 ); - mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_hdr, 3 ); - mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, ssl->out_len, 2 ); - mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, - ssl->out_msg, ssl->out_msglen ); - mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac ); - mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); + ssl_extract_add_data_from_record( add_data, rec ); - memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen ); + mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, + sizeof( add_data ) ); + mbedtls_md_hmac_update( &transform->md_ctx_enc, + data, rec->data_len ); + mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac ); + mbedtls_md_hmac_reset( &transform->md_ctx_enc ); + + memcpy( data + rec->data_len, mac, transform->maclen ); } else #endif @@ -1801,11 +1859,11 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", - ssl->out_msg + ssl->out_msglen, - ssl->transform_out->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len, + transform->maclen ); - ssl->out_msglen += ssl->transform_out->maclen; + rec->data_len += transform->maclen; + post_avail -= transform->maclen; auth_done++; } #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ @@ -1817,23 +1875,21 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) if( mode == MBEDTLS_MODE_STREAM ) { int ret; - size_t olen = 0; - + size_t olen; MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " - "including %d bytes of padding", - ssl->out_msglen, 0 ) ); + "including %d bytes of padding", + rec->data_len, 0 ) ); - if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, - ssl->transform_out->iv_enc, - ssl->transform_out->ivlen, - ssl->out_msg, ssl->out_msglen, - ssl->out_msg, &olen ) ) != 0 ) + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, + transform->iv_enc, transform->ivlen, + data, rec->data_len, + data, &olen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - if( ssl->out_msglen != olen ) + if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -1849,24 +1905,17 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) mode == MBEDTLS_MODE_CHACHAPOLY ) { int ret; - size_t enc_msglen, olen; - unsigned char *enc_msg; - unsigned char add_data[13]; unsigned char iv[12]; - mbedtls_ssl_transform *transform = ssl->transform_out; - size_t explicit_ivlen = transform->ivlen - transform->fixed_ivlen; + size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; - /* - * Prepare additional authenticated data - */ - memcpy( add_data, ssl->out_ctr, 8 ); - add_data[8] = ssl->out_msgtype; - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, add_data + 9 ); - add_data[11] = ( ssl->out_msglen >> 8 ) & 0xFF; - add_data[12] = ssl->out_msglen & 0xFF; - - MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 ); + /* Check that there's space for both the authentication tag + * and the explicit IV before and after the record content. */ + if( post_avail < transform->taglen || + rec->data_offset < explicit_iv_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } /* * Generate IV @@ -1875,9 +1924,10 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) { /* GCM and CCM: fixed || explicit (=seqnum) */ memcpy( iv, transform->iv_enc, transform->fixed_ivlen ); - memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 ); - memcpy( ssl->out_iv, ssl->out_ctr, 8 ); - + memcpy( iv + transform->fixed_ivlen, rec->ctr, + explicit_iv_len ); + /* Prefix record content with explicit IV. */ + memcpy( data - explicit_iv_len, rec->ctr, explicit_iv_len ); } else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) { @@ -1887,7 +1937,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) memcpy( iv, transform->iv_enc, transform->fixed_ivlen ); for( i = 0; i < 8; i++ ) - iv[i+4] ^= ssl->out_ctr[i]; + iv[i+4] ^= rec->ctr[i]; } else { @@ -1899,45 +1949,36 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", iv, transform->ivlen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", - ssl->out_iv, explicit_ivlen ); - - /* - * Fix message length with added IV - */ - enc_msg = ssl->out_msg; - enc_msglen = ssl->out_msglen; - ssl->out_msglen += explicit_ivlen; - + data - explicit_iv_len, explicit_iv_len ); + MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", + add_data, 13 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " "including 0 bytes of padding", - ssl->out_msglen ) ); + rec->data_len ) ); /* * Encrypt and authenticate */ + + ssl_extract_add_data_from_record( add_data, rec ); if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc, - iv, transform->ivlen, - add_data, 13, - enc_msg, enc_msglen, - enc_msg, &olen, - enc_msg + enc_msglen, - ssl->transform_out->taglen ) ) != 0 ) + iv, transform->ivlen, + add_data, 13, /* add data */ + data, rec->data_len, /* source */ + data, &rec->data_len, /* destination */ + data + rec->data_len, transform->taglen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); return( ret ); } - if( olen != enc_msglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", + data + rec->data_len, transform->taglen ); - ssl->out_msglen += ssl->transform_out->taglen; + rec->data_len += transform->taglen + explicit_iv_len; + rec->data_offset -= explicit_iv_len; + post_avail -= transform->taglen; auth_done++; - - MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", enc_msg + enc_msglen, - ssl->transform_out->taglen ); } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ @@ -1946,81 +1987,97 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) if( mode == MBEDTLS_MODE_CBC ) { int ret; - unsigned char *enc_msg; - size_t enc_msglen, padlen, olen = 0, i; + size_t padlen, i; + size_t olen; - padlen = ssl->transform_out->ivlen - ( ssl->out_msglen + 1 ) % - ssl->transform_out->ivlen; - if( padlen == ssl->transform_out->ivlen ) + /* Currently we're always using minimal padding + * (up to 255 bytes would be allowed). */ + padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen; + if( padlen == transform->ivlen ) padlen = 0; + /* Check there's enough space in the buffer for the padding. */ + if( post_avail < padlen + 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + for( i = 0; i <= padlen; i++ ) - ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen; + data[rec->data_len + i] = (unsigned char) padlen; - ssl->out_msglen += padlen + 1; - - enc_msglen = ssl->out_msglen; - enc_msg = ssl->out_msg; + rec->data_len += padlen + 1; + post_avail -= padlen + 1; #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) /* * Prepend per-record IV for block cipher in TLS v1.1 and up as per * Method 1 (6.2.3.2. in RFC4346 and RFC5246) */ - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) + if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) { + if( f_rng == NULL ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + if( rec->data_offset < transform->ivlen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + /* * Generate IV */ - ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->transform_out->iv_enc, - ssl->transform_out->ivlen ); + ret = f_rng( p_rng, transform->iv_enc, transform->ivlen ); if( ret != 0 ) return( ret ); - memcpy( ssl->out_iv, ssl->transform_out->iv_enc, - ssl->transform_out->ivlen ); + memcpy( data - transform->ivlen, transform->iv_enc, + transform->ivlen ); - /* - * Fix pointer positions and message length with added IV - */ - enc_msg = ssl->out_msg; - enc_msglen = ssl->out_msglen; - ssl->out_msglen += ssl->transform_out->ivlen; } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " "including %d bytes of IV and %d bytes of padding", - ssl->out_msglen, ssl->transform_out->ivlen, + rec->data_len, transform->ivlen, padlen + 1 ) ); - if( ( ret = mbedtls_cipher_crypt( &ssl->transform_out->cipher_ctx_enc, - ssl->transform_out->iv_enc, - ssl->transform_out->ivlen, - enc_msg, enc_msglen, - enc_msg, &olen ) ) != 0 ) + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, + transform->iv_enc, + transform->ivlen, + data, rec->data_len, + data, &olen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - if( enc_msglen != olen ) + if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) + if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) { /* * Save IV in SSL3 and TLS1 */ - memcpy( ssl->transform_out->iv_enc, - ssl->transform_out->cipher_ctx_enc.iv, - ssl->transform_out->ivlen ); + memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv, + transform->ivlen ); } + else #endif + { + data -= transform->ivlen; + rec->data_offset -= transform->ivlen; + rec->data_len += transform->ivlen; + } #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) if( auth_done == 0 ) @@ -2035,27 +2092,30 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl ) * IV + // except for TLS 1.0 * ENC(content + padding + padding_length)); */ - unsigned char pseudo_hdr[13]; + + if( post_avail < transform->maclen) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); + MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, + sizeof( add_data ) ); - memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 ); - memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 ); - pseudo_hdr[11] = (unsigned char)( ( ssl->out_msglen >> 8 ) & 0xFF ); - pseudo_hdr[12] = (unsigned char)( ( ssl->out_msglen ) & 0xFF ); + ssl_extract_add_data_from_record( add_data, rec ); - MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); + mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, + sizeof( add_data ) ); + mbedtls_md_hmac_update( &transform->md_ctx_enc, + data, rec->data_len ); + mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac ); + mbedtls_md_hmac_reset( &transform->md_ctx_enc ); - mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, pseudo_hdr, 13 ); - mbedtls_md_hmac_update( &ssl->transform_out->md_ctx_enc, - ssl->out_iv, ssl->out_msglen ); - mbedtls_md_hmac_finish( &ssl->transform_out->md_ctx_enc, mac ); - mbedtls_md_hmac_reset( &ssl->transform_out->md_ctx_enc ); + memcpy( data + rec->data_len, mac, transform->maclen ); - memcpy( ssl->out_iv + ssl->out_msglen, mac, - ssl->transform_out->maclen ); - - ssl->out_msglen += ssl->transform_out->maclen; + rec->data_len += transform->maclen; + post_avail -= transform->maclen; auth_done++; } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ @@ -3684,15 +3744,35 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) if( ssl->transform_out != NULL ) { - if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 ) + mbedtls_record rec; + + rec.buf = ssl->out_iv; + rec.buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - + ( ssl->out_iv - ssl->out_buf ); + rec.data_len = ssl->out_msglen; + rec.data_offset = ssl->out_msg - rec.buf; + + memcpy( &rec.ctr[0], ssl->out_ctr, 8 ); + mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, rec.ver ); + rec.type = ssl->out_msgtype; + + if( ( ret = ssl_encrypt_buf( ssl, ssl->transform_out, &rec, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); return( ret ); } - len = ssl->out_msglen; - ssl->out_len[0] = (unsigned char)( len >> 8 ); - ssl->out_len[1] = (unsigned char)( len ); + if( rec.data_offset != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + + ssl->out_msglen = rec.data_len; + ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); + ssl->out_len[1] = (unsigned char)( rec.data_len ); } protected_record_size = len + mbedtls_ssl_hdr_len( ssl ); From 2e24c3b6726b08cc2fffc00ec9fab3a2bbca942d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Dec 2017 21:28:58 +0000 Subject: [PATCH 12/80] Provide standalone version of `ssl_decrypt_buf` Analogous to the previous commit, but concerning the record decryption routine `ssl_decrypt_buf`. An important change regards the checking of CBC padding: Prior to this commit, the CBC padding check always read 256 bytes at the end of the internal record buffer, almost always going past the boundaries of the record under consideration. In order to stay within the bounds of the given record, this commit changes this behavior by always reading the last min(256, plaintext_len) bytes of the record plaintext buffer and taking into consideration the last `padlen` of these for the padding check. With this change, the memory access pattern and runtime of the padding check is entirely determined by the size of the encrypted record, in particular not giving away any information on the validity of the padding. The following depicts the different behaviors: 1) Previous CBC padding check 1.a) Claimed padding length <= plaintext length +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +------------------------------------... | read for padding check ... +------------------------------------... | contents discarded from here 1.b) Claimed padding length > plaintext length +----------------------------------------+----+ | Record plaintext buffer | PL | +----------------------------------------+----+ +-------------------------... | read for padding check ... +-------------------------... | contents discarded from here 2) New CBC padding check +----------------------------------------+----+ | Record plaintext buffer | | PL | +----------------------------------------+----+ \__ PL __/ +---------------------------------------+ | read for padding check | +---------------------------------------+ | contents discarded until here --- include/mbedtls/md.h | 6 + library/ssl_tls.c | 527 +++++++++++++++++++++++-------------------- 2 files changed, 291 insertions(+), 242 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 8bcf766a6..69ab21f40 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -74,6 +74,12 @@ typedef enum { #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */ #endif +#if defined(MBEDTLS_SHA512_C) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 128 +#else +#define MBEDTLS_MD_MAX_BLOCK_SIZE 64 +#endif + /** * Opaque struct defined in md_internal.h. */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b0dcf1d33..a2350803a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1897,6 +1897,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl, } else #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ + #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) @@ -2140,50 +2141,56 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( 0 ); } -static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) +static int ssl_decrypt_buf( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec ) { + size_t olen; mbedtls_cipher_mode_t mode; - int auth_done = 0; + int ret, auth_done = 0; #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) size_t padlen = 0, correct = 1; #endif + unsigned char* data; + unsigned char add_data[13]; + +#if !defined(MBEDTLS_SSL_DEBUG_C) + ((void) ssl); +#endif MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); - - if( ssl->session_in == NULL || ssl->transform_in == NULL ) + if( transform == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to decrypt_buf" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + if( rec == NULL || + rec->buf == NULL || + rec->buf_len < rec->data_offset || + rec->buf_len - rec->data_offset < rec->data_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - mode = mbedtls_cipher_get_cipher_mode( &ssl->transform_in->cipher_ctx_dec ); - - if( ssl->in_msglen < ssl->transform_in->minlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)", - ssl->in_msglen, ssl->transform_in->minlen ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } + data = rec->buf + rec->data_offset; + mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec ); #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) if( mode == MBEDTLS_MODE_STREAM ) { - int ret; - size_t olen = 0; - padlen = 0; - - if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, - ssl->transform_in->iv_dec, - ssl->transform_in->ivlen, - ssl->in_msg, ssl->in_msglen, - ssl->in_msg, &olen ) ) != 0 ) + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, + transform->iv_dec, + transform->ivlen, + data, rec->data_len, + data, &olen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - if( ssl->in_msglen != olen ) + if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -2198,42 +2205,19 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_MODE_CHACHAPOLY ) { - int ret; - size_t dec_msglen, olen; - unsigned char *dec_msg; - unsigned char *dec_msg_result; - unsigned char add_data[13]; unsigned char iv[12]; - mbedtls_ssl_transform *transform = ssl->transform_in; size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; /* * Compute and update sizes */ - if( ssl->in_msglen < explicit_iv_len + transform->taglen ) + if( rec->data_len < explicit_iv_len + transform->taglen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " - "+ taglen (%d)", ssl->in_msglen, - explicit_iv_len, ssl->transform_in->taglen ) ); + "+ taglen (%d)", rec->data_len, + explicit_iv_len, transform->taglen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } - dec_msglen = ssl->in_msglen - explicit_iv_len - transform->taglen; - - dec_msg = ssl->in_msg; - dec_msg_result = ssl->in_msg; - ssl->in_msglen = dec_msglen; - - /* - * Prepare additional authenticated data - */ - memcpy( add_data, ssl->in_ctr, 8 ); - add_data[8] = ssl->in_msgtype; - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, add_data + 9 ); - add_data[11] = ( ssl->in_msglen >> 8 ) & 0xFF; - add_data[12] = ssl->in_msglen & 0xFF; - - MBEDTLS_SSL_DEBUG_BUF( 4, "additional data for AEAD", add_data, 13 ); /* * Prepare IV @@ -2242,7 +2226,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) { /* GCM and CCM: fixed || explicit (transmitted) */ memcpy( iv, transform->iv_dec, transform->fixed_ivlen ); - memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 ); + memcpy( iv + transform->fixed_ivlen, data, 8 ); } else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) @@ -2253,7 +2237,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) memcpy( iv, transform->iv_dec, transform->fixed_ivlen ); for( i = 0; i < 8; i++ ) - iv[i+4] ^= ssl->in_ctr[i]; + iv[i+4] ^= rec->ctr[i]; } else { @@ -2262,20 +2246,32 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } + data += explicit_iv_len; + rec->data_offset += explicit_iv_len; + rec->data_len -= explicit_iv_len + transform->taglen; + + ssl_extract_add_data_from_record( add_data, rec ); + MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", + add_data, 13 ); + + memcpy( transform->iv_dec + transform->fixed_ivlen, + data - explicit_iv_len, explicit_iv_len ); + MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, + MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len, transform->taglen ); + /* * Decrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_decrypt( &ssl->transform_in->cipher_ctx_dec, - iv, transform->ivlen, - add_data, 13, - dec_msg, dec_msglen, - dec_msg_result, &olen, - dec_msg + dec_msglen, - ssl->transform_in->taglen ) ) != 0 ) + if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec, + iv, transform->ivlen, + add_data, 13, + data, rec->data_len, + data, &olen, + data + rec->data_len, + transform->taglen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); @@ -2286,7 +2282,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) } auth_done++; - if( olen != dec_msglen ) + if( olen != rec->data_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -2298,75 +2294,81 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) if( mode == MBEDTLS_MODE_CBC ) { - /* - * Decrypt and check the padding - */ - int ret; - unsigned char *dec_msg; - unsigned char *dec_msg_result; - size_t dec_msglen; size_t minlen = 0; - size_t olen = 0; /* * Check immediate ciphertext sanity */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - minlen += ssl->transform_in->ivlen; + if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) + { + /* The ciphertext is prefixed with the CBC IV. */ + minlen += transform->ivlen; + } #endif - if( ssl->in_msglen < minlen + ssl->transform_in->ivlen || - ssl->in_msglen < minlen + ssl->transform_in->maclen + 1 ) + /* Size considerations: + * + * - The CBC cipher text must not be empty and hence + * at least of size transform->ivlen. + * + * Together with the potential IV-prefix, this explains + * the first of the two checks below. + * + * - The record must contain a MAC, either in plain or + * encrypted, depending on whether Encrypt-then-MAC + * is used or not. + * - If it is, the message contains the IV-prefix, + * the CBC ciphertext, and the MAC. + * - If it is not, the padded plaintext, and hence + * the CBC ciphertext, has at least length maclen + 1 + * because there is at least the padding length byte. + * + * As the CBC ciphertext is not empty, both cases give the + * lower bound minlen + maclen + 1 on the record size, which + * we test for in the second check below. + */ + if( rec->data_len < minlen + transform->ivlen || + rec->data_len < minlen + transform->maclen + 1 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) " - "+ 1 ) ( + expl IV )", ssl->in_msglen, - ssl->transform_in->ivlen, - ssl->transform_in->maclen ) ); + "+ 1 ) ( + expl IV )", rec->data_len, + transform->ivlen, + transform->maclen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } - dec_msglen = ssl->in_msglen; - dec_msg = ssl->in_msg; - dec_msg_result = ssl->in_msg; - /* * Authenticate before decrypt if enabled */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( ssl->session_in->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) + if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; - unsigned char pseudo_hdr[13]; MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); - dec_msglen -= ssl->transform_in->maclen; - ssl->in_msglen -= ssl->transform_in->maclen; + /* Safe due to the check data_len >= minlen + maclen + 1 above. */ + rec->data_len -= transform->maclen; - memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 ); - memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 ); - pseudo_hdr[11] = (unsigned char)( ( ssl->in_msglen >> 8 ) & 0xFF ); - pseudo_hdr[12] = (unsigned char)( ( ssl->in_msglen ) & 0xFF ); + ssl_extract_add_data_from_record( add_data, rec ); - MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", pseudo_hdr, 13 ); + MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, 13 ); + mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, 13 ); + mbedtls_md_hmac_update( &transform->md_ctx_dec, + data, rec->data_len ); + mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect ); + mbedtls_md_hmac_reset( &transform->md_ctx_dec ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, pseudo_hdr, 13 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, - ssl->in_iv, ssl->in_msglen ); - mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); - mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); - - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_iv + ssl->in_msglen, - ssl->transform_in->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, + transform->maclen ); MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, - ssl->transform_in->maclen ); + transform->maclen ); - if( mbedtls_ssl_safer_memcmp( ssl->in_iv + ssl->in_msglen, mac_expect, - ssl->transform_in->maclen ) != 0 ) + if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect, + transform->maclen ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); } auth_done++; @@ -2376,10 +2378,10 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) /* * Check length sanity */ - if( ssl->in_msglen % ssl->transform_in->ivlen != 0 ) + if( rec->data_len % transform->ivlen != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0", - ssl->in_msglen, ssl->transform_in->ivlen ) ); + rec->data_len, transform->ivlen ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } @@ -2387,67 +2389,84 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) /* * Initialize for prepended IV for block cipher in TLS v1.1 and up */ - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) + if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) { - unsigned char i; - dec_msglen -= ssl->transform_in->ivlen; - ssl->in_msglen -= ssl->transform_in->ivlen; + /* This is safe because data_len >= minlen + maclen + 1 initially, + * and at this point we have at most subtracted maclen (note that + * minlen == transform->ivlen here). */ + memcpy( transform->iv_dec, data, transform->ivlen ); - for( i = 0; i < ssl->transform_in->ivlen; i++ ) - ssl->transform_in->iv_dec[i] = ssl->in_iv[i]; + data += transform->ivlen; + rec->data_offset += transform->ivlen; + rec->data_len -= transform->ivlen; } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - if( ( ret = mbedtls_cipher_crypt( &ssl->transform_in->cipher_ctx_dec, - ssl->transform_in->iv_dec, - ssl->transform_in->ivlen, - dec_msg, dec_msglen, - dec_msg_result, &olen ) ) != 0 ) + if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, + transform->iv_dec, transform->ivlen, + data, rec->data_len, data, &olen ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); return( ret ); } - if( dec_msglen != olen ) + if( rec->data_len != olen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) + if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) { /* * Save IV in SSL3 and TLS1 */ - memcpy( ssl->transform_in->iv_dec, - ssl->transform_in->cipher_ctx_dec.iv, - ssl->transform_in->ivlen ); + memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv, + transform->ivlen ); } #endif - padlen = 1 + ssl->in_msg[ssl->in_msglen - 1]; + /* Safe since data_len >= minlen + maclen + 1, so after having + * subtracted at most minlen and maclen up to this point, + * data_len > 0. */ + padlen = data[rec->data_len - 1]; - if( ssl->in_msglen < ssl->transform_in->maclen + padlen && - auth_done == 0 ) + if( auth_done == 1 ) + { + correct *= ( rec->data_len >= padlen + 1 ); + padlen *= ( rec->data_len >= padlen + 1 ); + } + else { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", - ssl->in_msglen, ssl->transform_in->maclen, padlen ) ); + if( rec->data_len < transform->maclen + padlen + 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)", + rec->data_len, + transform->maclen, + padlen + 1 ) ); + } #endif - padlen = 0; - correct = 0; + + correct *= ( rec->data_len >= transform->maclen + padlen + 1 ); + padlen *= ( rec->data_len >= transform->maclen + padlen + 1 ); } + padlen++; + + /* Regardless of the validity of the padding, + * we have data_len >= padlen here. */ + #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { - if( padlen > ssl->transform_in->ivlen ) + if( padlen > transform->ivlen ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, " - "should be no more than %d", - padlen, ssl->transform_in->ivlen ) ); + "should be no more than %d", + padlen, transform->ivlen ) ); #endif correct = 0; } @@ -2456,40 +2475,31 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) + if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) { - /* - * TLSv1+: always check the padding up to the first failure - * and fake check up to 256 bytes of padding - */ - size_t pad_count = 0, real_count = 1; - size_t padding_idx = ssl->in_msglen - padlen; - size_t i; + /* The padding check involves a series of up to 256 + * consecutive memory reads at the end of the record + * plaintext buffer. In order to hide the length and + * validity of the padding, always perform exactly + * `min(256,plaintext_len)` reads (but take into account + * only the last `padlen` bytes for the padding check). */ + size_t pad_count = 0; + size_t real_count = 0; + volatile unsigned char* const check = data; - /* - * Padding is guaranteed to be incorrect if: - * 1. padlen > ssl->in_msglen - * - * 2. padding_idx > MBEDTLS_SSL_IN_CONTENT_LEN + - * ssl->transform_in->maclen - * - * In both cases we reset padding_idx to a safe value (0) to - * prevent out-of-buffer reads. - */ - correct &= ( padlen <= ssl->in_msglen ); - correct &= ( padding_idx <= MBEDTLS_SSL_IN_CONTENT_LEN + - ssl->transform_in->maclen ); + /* Index of first padding byte; it has been ensured above + * that the subtraction is safe. */ + size_t const padding_idx = rec->data_len - padlen; + size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256; + size_t const start_idx = rec->data_len - num_checks; + size_t idx; - padding_idx *= correct; - - for( i = 0; i < 256; i++ ) + for( idx = start_idx; idx < rec->data_len; idx++ ) { - real_count &= ( i < padlen ); - pad_count += real_count * - ( ssl->in_msg[padding_idx + i] == padlen - 1 ); + real_count |= ( idx >= padding_idx ); + pad_count += real_count * ( check[idx] == padlen - 1 ); } - - correct &= ( pad_count == padlen ); /* Only 1 on correct padding */ + correct &= ( pad_count == padlen ); #if defined(MBEDTLS_SSL_DEBUG_ALL) if( padlen > 0 && correct == 0 ) @@ -2505,7 +2515,11 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - ssl->in_msglen -= padlen; + /* If the padding was found to be invalid, padlen == 0 + * and the subtraction is safe. If the padding was found valid, + * padlen hasn't been changed and the previous assertion + * data_len >= padlen still holds. */ + rec->data_len -= padlen; } else #endif /* MBEDTLS_CIPHER_MODE_CBC && @@ -2517,7 +2531,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_DEBUG_ALL) MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", - ssl->in_msg, ssl->in_msglen ); + data, rec->data_len ); #endif /* @@ -2529,25 +2543,37 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; - ssl->in_msglen -= ssl->transform_in->maclen; + /* If the initial value of padlen was such that + * data_len < maclen + padlen + 1, then padlen + * got reset to 1, and the initial check + * data_len >= minlen + maclen + 1 + * guarantees that at this point we still + * have at least data_len >= maclen. + * + * If the initial value of padlen was such that + * data_len >= maclen + padlen + 1, then we have + * subtracted either padlen + 1 (if the padding was correct) + * or 0 (if the padding was incorrect) since then, + * hence data_len >= maclen in any case. + */ + rec->data_len -= transform->maclen; - ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 ); - ssl->in_len[1] = (unsigned char)( ssl->in_msglen ); + ssl_extract_add_data_from_record( add_data, rec ); #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { - ssl_mac( &ssl->transform_in->md_ctx_dec, - ssl->transform_in->mac_dec, - ssl->in_msg, ssl->in_msglen, - ssl->in_ctr, ssl->in_msgtype, - mac_expect ); + ssl_mac( &transform->md_ctx_dec, + transform->mac_dec, + data, rec->data_len, + rec->ctr, rec->type, + mac_expect ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) + if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) { /* * Process MAC and always update for padlen afterwards to make @@ -2577,6 +2603,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) * linking an extra division function in some builds). */ size_t j, extra_run = 0; + unsigned char tmp[MBEDTLS_MD_MAX_BLOCK_SIZE]; /* * The next two sizes are the minimum and maximum values of @@ -2588,10 +2615,12 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) * Note that max_len + maclen is never more than the buffer * length, as we previously did in_msglen -= maclen too. */ - const size_t max_len = ssl->in_msglen + padlen; + const size_t max_len = rec->data_len + padlen; const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; - switch( ssl->handshake->ciphersuite_info->mac ) + memset( tmp, 0, sizeof( tmp ) ); + + switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) ) { #if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \ defined(MBEDTLS_SHA256_C) @@ -2599,15 +2628,15 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) case MBEDTLS_MD_SHA1: case MBEDTLS_MD_SHA256: /* 8 bytes of message size, 64-byte compression blocks */ - extra_run = ( 13 + ssl->in_msglen + padlen + 8 ) / 64 - - ( 13 + ssl->in_msglen + 8 ) / 64; + extra_run = ( 13 + rec->data_len + padlen + 8 ) / 64 - + ( 13 + rec->data_len + 8 ) / 64; break; #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA384: /* 16 bytes of message size, 128-byte compression blocks */ - extra_run = ( 13 + ssl->in_msglen + padlen + 16 ) / 128 - - ( 13 + ssl->in_msglen + 16 ) / 128; + extra_run = ( 13 + rec->data_len + padlen + 16 ) / 128 - + ( 13 + rec->data_len + 16 ) / 128; break; #endif default: @@ -2617,30 +2646,28 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) extra_run &= correct * 0xFF; - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_ctr, 8 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_hdr, 3 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_len, 2 ); - mbedtls_md_hmac_update( &ssl->transform_in->md_ctx_dec, ssl->in_msg, - ssl->in_msglen ); + mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, 13 ); + mbedtls_md_hmac_update( &transform->md_ctx_dec, data, + rec->data_len ); /* Make sure we access everything even when padlen > 0. This * makes the synchronisation requirements for just-in-time * Prime+Probe attacks much tighter and hopefully impractical. */ - ssl_read_memory( ssl->in_msg + ssl->in_msglen, padlen ); - mbedtls_md_hmac_finish( &ssl->transform_in->md_ctx_dec, mac_expect ); + ssl_read_memory( data + rec->data_len, padlen ); + mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect ); /* Call mbedtls_md_process at least once due to cache attacks * that observe whether md_process() was called of not */ for( j = 0; j < extra_run + 1; j++ ) - mbedtls_md_process( &ssl->transform_in->md_ctx_dec, ssl->in_msg ); + mbedtls_md_process( &transform->md_ctx_dec, tmp ); - mbedtls_md_hmac_reset( &ssl->transform_in->md_ctx_dec ); + mbedtls_md_hmac_reset( &transform->md_ctx_dec ); /* Make sure we access all the memory that could contain the MAC, * before we check it in the next code block. This makes the * synchronisation requirements for just-in-time Prime+Probe * attacks much tighter and hopefully impractical. */ - ssl_read_memory( ssl->in_msg + min_len, - max_len - min_len + ssl->transform_in->maclen ); + ssl_read_memory( data + min_len, + max_len - min_len + transform->maclen ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ @@ -2651,13 +2678,12 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, ssl->transform_in->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", ssl->in_msg + ssl->in_msglen, - ssl->transform_in->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen ); + MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, transform->maclen ); #endif - if( mbedtls_ssl_safer_memcmp( ssl->in_msg + ssl->in_msglen, mac_expect, - ssl->transform_in->maclen ) != 0 ) + if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect, + transform->maclen ) != 0 ) { #if defined(MBEDTLS_SSL_DEBUG_ALL) MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); @@ -2681,55 +2707,6 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - if( ssl->in_msglen == 0 ) - { -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 - && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { - /* TLS v1.2 explicitly disallows zero-length messages which are not application data */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - - ssl->nb_zero++; - - /* - * Three or more empty messages may be a DoS attack - * (excessive CPU consumption). - */ - if( ssl->nb_zero > 3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " - "messages, possible DoS attack" ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } - } - else - ssl->nb_zero = 0; - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - ; /* in_ctr read from peer, not maintained internally */ - } - else -#endif - { - unsigned char i; - for( i = 8; i > ssl_ep_len( ssl ); i-- ) - if( ++ssl->in_ctr[i - 1] != 0 ) - break; - - /* The loop goes to its end iff the counter is wrapping */ - if( i == ssl_ep_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); - } - } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); return( 0 ); @@ -4627,7 +4604,19 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ if( !done && ssl->transform_in != NULL ) { - if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 ) + mbedtls_record rec; + + rec.buf = ssl->in_iv; + rec.buf_len = MBEDTLS_SSL_IN_BUFFER_LEN + - ( ssl->in_iv - ssl->in_buf ); + rec.data_len = ssl->in_msglen; + rec.data_offset = 0; + + memcpy( &rec.ctr[0], ssl->in_ctr, 8 ); + mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, rec.ver ); + rec.type = ssl->in_msgtype; + if( ( ret = ssl_decrypt_buf( ssl, ssl->transform_in, &rec ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); return( ret ); @@ -4636,11 +4625,65 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", ssl->in_msg, ssl->in_msglen ); + ssl->in_msglen = rec.data_len; + ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); + ssl->in_len[1] = (unsigned char)( rec.data_len ); + if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } + else if( ssl->in_msglen == 0 ) + { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 + && ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) + { + /* TLS v1.2 explicitly disallows zero-length messages which are not application data */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + + ssl->nb_zero++; + + /* + * Three or more empty messages may be a DoS attack + * (excessive CPU consumption). + */ + if( ssl->nb_zero > 3 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " + "messages, possible DoS attack" ) ); + /* Q: Is that the right error code? */ + return( MBEDTLS_ERR_SSL_INVALID_MAC ); + } + } + else + ssl->nb_zero = 0; + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + ; /* in_ctr read from peer, not maintained internally */ + } + else +#endif + { + unsigned i; + for( i = 8; i > ssl_ep_len( ssl ); i-- ) + if( ++ssl->in_ctr[i - 1] != 0 ) + break; + + /* The loop goes to its end iff the counter is wrapping */ + if( i == ssl_ep_len( ssl ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); + return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + } + } + } #if defined(MBEDTLS_ZLIB_SUPPORT) From 8031d06cb2d9544d601f01a3657e77cfddb272b7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 15:32:31 +0000 Subject: [PATCH 13/80] Remove code from `ssl_derive_keys` if relevant modes are not enabled This commit guards code specific to AEAD, CBC and stream cipher modes in `ssl_derive_keys` by the respective configuration flags, analogous to the guards that are already in place in the record decryption and encryption functions `ssl_decrypt_buf` resp. `ssl_decrypt_buf`. --- library/ssl_tls.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a2350803a..d863f7d02 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -997,6 +997,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) keylen = cipher_info->key_bitlen / 8; +#if defined(MBEDTLS_GCM_C) || \ + defined(MBEDTLS_CCM_C) || \ + defined(MBEDTLS_CHACHAPOLY_C) if( cipher_info->mode == MBEDTLS_MODE_GCM || cipher_info->mode == MBEDTLS_MODE_CCM || cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) @@ -1023,6 +1026,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) transform->minlen = explicit_ivlen + transform->taglen; } else +#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) + if( cipher_info->mode == MBEDTLS_MODE_STREAM || + cipher_info->mode == MBEDTLS_MODE_CBC ) { /* Initialize HMAC contexts */ if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || @@ -1103,6 +1110,12 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } } } + else +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u", (unsigned) keylen, From d56ed2491be9f0a55729933ad90aa3b244a8ab3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 15:32:51 +0000 Subject: [PATCH 14/80] Reduce size of `ssl_transform` if no MAC ciphersuite is enabled The hash contexts `ssl_transform->md_ctx_{enc/dec}` are not used if only AEAD ciphersuites are enabled. This commit removes them from the `ssl_transform` struct in this case, saving a few bytes. --- include/mbedtls/ssl_internal.h | 9 ++++++--- library/ssl_tls.c | 11 ++++++++++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 03a4473cc..df9960c99 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -569,6 +569,8 @@ struct mbedtls_ssl_transform unsigned char iv_enc[16]; /*!< IV (encryption) */ unsigned char iv_dec[16]; /*!< IV (decryption) */ +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) + #if defined(MBEDTLS_SSL_PROTO_SSL3) /* Needed only for SSL v3.0 secret */ unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */ @@ -578,13 +580,14 @@ struct mbedtls_ssl_transform mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ - mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ - mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ - #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac; /*!< flag for EtM activation */ #endif +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ + + mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ + mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ int minor_ver; /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d863f7d02..933dfe2e3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1171,10 +1171,11 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_PROTO_SSL3) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) { - if( mac_key_len > sizeof transform->mac_enc ) + if( mac_key_len > sizeof( transform->mac_enc ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -1203,6 +1204,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) if( mbedtls_ssl_hw_record_init != NULL ) @@ -1221,6 +1223,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } } +#else + ((void) mac_dec); + ((void) mac_enc); #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) @@ -7424,8 +7429,10 @@ static void ssl_transform_init( mbedtls_ssl_transform *transform ) mbedtls_cipher_init( &transform->cipher_ctx_enc ); mbedtls_cipher_init( &transform->cipher_ctx_dec ); +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) mbedtls_md_init( &transform->md_ctx_enc ); mbedtls_md_init( &transform->md_ctx_dec ); +#endif } void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) @@ -9647,8 +9654,10 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_cipher_free( &transform->cipher_ctx_enc ); mbedtls_cipher_free( &transform->cipher_ctx_dec ); +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_dec ); +#endif mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); } From a18d1320daad8b2b76dd2179580c265c10477791 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 14:27:32 +0000 Subject: [PATCH 15/80] Add tests for record encryption/decryption This commit adds tests exercising mutually inverse pairs of record encryption and decryption transformations for the various transformation types allowed in TLS: Stream, CBC, and AEAD. --- include/mbedtls/debug.h | 1 - include/mbedtls/ssl_internal.h | 10 + library/ssl_tls.c | 29 +- tests/suites/test_suite_ssl.data | 2116 ++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 329 ++++ 5 files changed, 2470 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 736444bb7..10206762f 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -262,4 +262,3 @@ void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, #endif #endif /* debug.h */ - diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index df9960c99..60b5133d9 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -950,4 +950,14 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, } #endif +void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ); +int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); +int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec ); + #endif /* ssl_internal.h */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 933dfe2e3..79e0623f0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1767,11 +1767,11 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, add_data[12] = rec->data_len & 0xFF; } -static int ssl_encrypt_buf( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { mbedtls_cipher_mode_t mode; int auth_done = 0; @@ -1780,7 +1780,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl, size_t post_avail; /* The SSL context is only used for debugging purposes! */ -#if !defined(MBEDTLS_SSL_DEBUG_C) +#if !defined(MBEDTLS_DEBUG_C) ((void) ssl); #endif @@ -2159,9 +2159,9 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( 0 ); } -static int ssl_decrypt_buf( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec ) +int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec ) { size_t olen; mbedtls_cipher_mode_t mode; @@ -2172,7 +2172,7 @@ static int ssl_decrypt_buf( mbedtls_ssl_context *ssl, unsigned char* data; unsigned char add_data[13]; -#if !defined(MBEDTLS_SSL_DEBUG_C) +#if !defined(MBEDTLS_DEBUG_C) ((void) ssl); #endif @@ -3752,7 +3752,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) ssl->conf->transport, rec.ver ); rec.type = ssl->out_msgtype; - if( ( ret = ssl_encrypt_buf( ssl, ssl->transform_out, &rec, + if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); @@ -4634,7 +4634,8 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, ssl->conf->transport, rec.ver ); rec.type = ssl->in_msgtype; - if( ( ret = ssl_decrypt_buf( ssl, ssl->transform_in, &rec ) ) != 0 ) + if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, + &rec ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); return( ret ); @@ -7422,7 +7423,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif } -static void ssl_transform_init( mbedtls_ssl_transform *transform ) +void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) { memset( transform, 0, sizeof(mbedtls_ssl_transform) ); @@ -7489,7 +7490,7 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) /* Initialize structures */ mbedtls_ssl_session_init( ssl->session_negotiate ); - ssl_transform_init( ssl->transform_negotiate ); + mbedtls_ssl_transform_init( ssl->transform_negotiate ); ssl_handshake_params_init( ssl->handshake ); #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 147350744..68c694302 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -57,3 +57,2119 @@ ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0 SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice ssl_set_hostname_twice:"server0":"server1" + +Record crypt, AES-128-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-128-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-128-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-192-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-192-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-192-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, AES-256-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, AES-256-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-256-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, BLOWFISH-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, AES-128-GCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-GCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-GCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-GCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-GCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-GCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-GCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-GCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-GCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-GCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-GCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-GCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-128-CCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-192-CCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, AES-256-CCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-128-CCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-192-CCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, CAMELLIA-256-CCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-384 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-384, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-384, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-256 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-256, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-256, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARC4-128, 1.1, SHA-384 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-384, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-384, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-256 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-256, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-256, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARC4-128, 1.0, SHA-384 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-384, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-384, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-256 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-256, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-256, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARC4-128, SSL3, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARC4-128, SSL3, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARC4-128, SSL3, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARC4-128, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARC4-128, SSL3, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARC4-128, SSL3, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARC4-128, SSL3, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARC4-128, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, NULL cipher, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, NULL cipher, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, NULL cipher, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, NULL cipher, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ChachaPoly +depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 326f22d3b..7022dfcd3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1,6 +1,231 @@ /* BEGIN_HEADER */ #include #include + +/* + * Helper function setting up inverse record transformations + * using given cipher, hash, EtM mode, authentication tag length, + * and version. + */ + +#define CHK( x ) \ + do \ + { \ + if( !( x ) ) \ + return( 1 ); \ + } while( 0 ) + + +static int build_transforms( mbedtls_ssl_transform *t_in, + mbedtls_ssl_transform *t_out, + int cipher_type, int hash_id, + int etm, int tag_mode, int ver ) +{ + mbedtls_cipher_info_t const *cipher_info; + + size_t keylen, maclen, ivlen; + unsigned char *key0, *key1; + unsigned char iv_enc[16], iv_dec[16]; + + maclen = 0; + + /* Pick cipher */ + cipher_info = mbedtls_cipher_info_from_type( cipher_type ); + CHK( cipher_info != NULL ); + CHK( cipher_info->iv_size <= 16 ); + CHK( cipher_info->key_bitlen % 8 == 0 ); + + /* Pick keys */ + keylen = cipher_info->key_bitlen / 8; + CHK( ( key0 = malloc( keylen ) ) != NULL ); + CHK( ( key1 = malloc( keylen ) ) != NULL ); + memset( key0, 0x1, keylen ); + memset( key1, 0x2, keylen ); + + /* Setup cipher contexts */ + CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_enc, cipher_info ) == 0 ); + CHK( mbedtls_cipher_setup( &t_in->cipher_ctx_dec, cipher_info ) == 0 ); + CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_enc, cipher_info ) == 0 ); + CHK( mbedtls_cipher_setup( &t_out->cipher_ctx_dec, cipher_info ) == 0 ); + +#if defined(MBEDTLS_CIPHER_MODE_CBC) + if( cipher_info->mode == MBEDTLS_MODE_CBC ) + { + CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_enc, + MBEDTLS_PADDING_NONE ) == 0 ); + CHK( mbedtls_cipher_set_padding_mode( &t_in->cipher_ctx_dec, + MBEDTLS_PADDING_NONE ) == 0 ); + CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_enc, + MBEDTLS_PADDING_NONE ) == 0 ); + CHK( mbedtls_cipher_set_padding_mode( &t_out->cipher_ctx_dec, + MBEDTLS_PADDING_NONE ) == 0 ); + } +#endif /* MBEDTLS_CIPHER_MODE_CBC */ + + CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_enc, key0, + keylen << 3, MBEDTLS_ENCRYPT ) == 0 ); + CHK( mbedtls_cipher_setkey( &t_in->cipher_ctx_dec, key1, + keylen << 3, MBEDTLS_DECRYPT ) == 0 ); + CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_enc, key1, + keylen << 3, MBEDTLS_ENCRYPT ) == 0 ); + CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0, + keylen << 3, MBEDTLS_DECRYPT ) == 0 ); + free( key0 ); + free( key1 ); + + /* Setup MAC contexts */ +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) + if( cipher_info->mode == MBEDTLS_MODE_CBC || + cipher_info->mode == MBEDTLS_MODE_STREAM ) + { + mbedtls_md_info_t const *md_info; + unsigned char *md0, *md1; + + /* Pick hash */ + md_info = mbedtls_md_info_from_type( hash_id ); + CHK( md_info != NULL ); + + /* Pick hash keys */ + maclen = mbedtls_md_get_size( md_info ); + CHK( ( md0 = malloc( maclen ) ) != NULL ); + CHK( ( md1 = malloc( maclen ) ) != NULL ); + memset( md0, 0x5, maclen ); + memset( md1, 0x6, maclen ); + + CHK( mbedtls_md_setup( &t_out->md_ctx_enc, md_info, 1 ) == 0 ); + CHK( mbedtls_md_setup( &t_out->md_ctx_dec, md_info, 1 ) == 0 ); + CHK( mbedtls_md_setup( &t_in->md_ctx_enc, md_info, 1 ) == 0 ); + CHK( mbedtls_md_setup( &t_in->md_ctx_dec, md_info, 1 ) == 0 ); + + if( ver > MBEDTLS_SSL_MINOR_VERSION_0 ) + { + CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_enc, + md0, maclen ) == 0 ); + CHK( mbedtls_md_hmac_starts( &t_in->md_ctx_dec, + md1, maclen ) == 0 ); + CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_enc, + md1, maclen ) == 0 ); + CHK( mbedtls_md_hmac_starts( &t_out->md_ctx_dec, + md0, maclen ) == 0 ); + } +#if defined(MBEDTLS_SSL_PROTO_SSL3) + else + { + memcpy( &t_in->mac_enc, md0, maclen ); + memcpy( &t_in->mac_dec, md1, maclen ); + memcpy( &t_out->mac_enc, md1, maclen ); + memcpy( &t_out->mac_dec, md0, maclen ); + } +#endif + + free( md0 ); + free( md1 ); + } +#else + ((void) hash_id); +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ + + + /* Pick IV's (regardless of whether they + * are being used by the transform). */ + ivlen = cipher_info->iv_size; + memset( iv_enc, 0x3, sizeof( iv_enc ) ); + memset( iv_dec, 0x4, sizeof( iv_dec ) ); + + /* + * Setup transforms + */ + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + t_out->encrypt_then_mac = etm; + t_in->encrypt_then_mac = etm; +#else + ((void) etm); +#endif + + t_out->minor_ver = ver; + t_in->minor_ver = ver; + t_out->ivlen = ivlen; + t_in->ivlen = ivlen; + + switch( cipher_info->mode ) + { + case MBEDTLS_MODE_GCM: + case MBEDTLS_MODE_CCM: + t_out->fixed_ivlen = 4; + t_in->fixed_ivlen = 4; + t_out->maclen = 0; + t_in->maclen = 0; + switch( tag_mode ) + { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + return( 1 ); + } + break; + + case MBEDTLS_MODE_CHACHAPOLY: + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + t_out->maclen = 0; + t_in->maclen = 0; + switch( tag_mode ) + { + case 0: /* Full tag */ + t_out->taglen = 16; + t_in->taglen = 16; + break; + case 1: /* Partial tag */ + t_out->taglen = 8; + t_in->taglen = 8; + break; + default: + return( 1 ); + } + break; + + case MBEDTLS_MODE_STREAM: + case MBEDTLS_MODE_CBC: + t_out->fixed_ivlen = 0; /* redundant, must be 0 */ + t_in->fixed_ivlen = 0; /* redundant, must be 0 */ + t_out->taglen = 0; + t_in->taglen = 0; + switch( tag_mode ) + { + case 0: /* Full tag */ + t_out->maclen = maclen; + t_in->maclen = maclen; + break; + case 1: /* Partial tag */ + t_out->maclen = 10; + t_in->maclen = 10; + break; + default: + return( 1 ); + } + break; + default: + return( 1 ); + break; + } + + /* Setup IV's */ + + memcpy( &t_in->iv_dec, iv_dec, sizeof( iv_dec ) ); + memcpy( &t_in->iv_enc, iv_enc, sizeof( iv_enc ) ); + memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) ); + memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) ); + + return( 0 ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -52,3 +277,107 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) mbedtls_ssl_free( &ssl ); } /* END_CASE */ + +/* BEGIN_CASE */ +void ssl_crypt_record( int cipher_type, int hash_id, + int etm, int tag_mode, int ver ) +{ + /* + * Test several record encryptions and decryptions + * with plenty of space before and after the data + * within the record buffer. + */ + + int ret; + int num_records = 16; + mbedtls_ssl_context ssl; /* ONLY for debugging */ + + mbedtls_ssl_transform t0, t1; + unsigned char *buf; + size_t const buflen = 512; + mbedtls_record rec, rec_backup; + + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_transform_init( &t0 ); + mbedtls_ssl_transform_init( &t1 ); + TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id, + etm, tag_mode, ver ) == 0 ); + + TEST_ASSERT( ( buf = malloc( buflen ) ) != NULL ); + + while( num_records-- > 0 ) + { + mbedtls_ssl_transform *t_dec, *t_enc; + /* Take turns in who's sending and who's receiving. */ + if( num_records % 3 == 0 ) + { + t_dec = &t0; + t_enc = &t1; + } + else + { + t_dec = &t1; + t_enc = &t0; + } + + /* + * The record header affects the transformation in two ways: + * 1) It determines the AEAD additional data + * 2) The record counter sometimes determines the IV. + * + * Apart from that, the fields don't have influence. + * In particular, it is currently not the responsibility + * of ssl_encrypt/decrypt_buf to check if the transform + * version matches the record version, or that the + * type is sensible. + */ + + memset( rec.ctr, num_records, sizeof( rec.ctr ) ); + rec.type = 42; + rec.ver[0] = num_records; + rec.ver[1] = num_records; + + rec.buf = buf; + rec.buf_len = buflen; + rec.data_offset = 16; + /* Make sure to vary the length to exercise different + * paddings. */ + rec.data_len = 1 + num_records; + + memset( rec.buf + rec.data_offset, 42, rec.data_len ); + + /* Make a copy for later comparison */ + rec_backup = rec; + + /* Encrypt record */ + ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, + rnd_std_rand, NULL ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if( ret != 0 ) + { + continue; + } + + /* Decrypt record with t_dec */ + TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 ); + + /* Compare results */ + TEST_ASSERT( rec.type == rec_backup.type ); + TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 ); + TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] ); + TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] ); + TEST_ASSERT( rec.data_len == rec_backup.data_len ); + TEST_ASSERT( rec.data_offset == rec_backup.data_offset ); + TEST_ASSERT( memcmp( rec.buf + rec.data_offset, + rec_backup.buf + rec_backup.data_offset, + rec.data_len ) == 0 ); + } + + /* Cleanup */ + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_transform_free( &t0 ); + mbedtls_ssl_transform_free( &t1 ); + + free( buf ); +} +/* END_CASE */ From b3268dac006b19457d3597a94d0c5f4f1c5030eb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 15:20:24 +0000 Subject: [PATCH 16/80] Add encryption/decryption tests for small records This commit adds tests to check the behavior of the record encryption routine `ssl_encrypt_buf` when the buffer surrounding the plaintext is too small to hold the expansion in the beginning and end (due to IV's, padding, and MAC). Each test starts successively increases the space available at the beginning, end, or both, of the record buffer, and checks that the record encryption either fails with a BUFFER_TOO_SMALL error, or that it succeeds. Moreover, if it succeeds, it is checked that decryption succeeds, too, and results in the original record. --- tests/suites/test_suite_ssl.data | 2116 ++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 146 ++ 2 files changed, 2262 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 68c694302..fa8862318 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2173,3 +2173,2119 @@ ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSIO Record crypt, ChachaPoly depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ChachaPoly +depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-128-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-192-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, AES-256-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-128-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-192-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, CAMELLIA-256-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, AES-128-GCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-GCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-GCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-GCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-GCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-GCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-GCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-GCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-GCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-GCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-GCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-128-CCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-192-CCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CCM, 1.2 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, AES-256-CCM, 1.2, short tag +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CCM, 1.2 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-384 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-384, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-384, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-256 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-256, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-256, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARC4-128, 1.1, SHA-384 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-384, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-384, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-256 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-256, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-256, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARC4-128, 1.0, SHA-384 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-384, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-384, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-256 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-256, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-256, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARC4-128, SSL3, SHA-1 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARC4-128, SSL3, SHA-1, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARC4-128, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARC4-128, SSL3, MD5 +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARC4-128, SSL3, MD5, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARC4-128, SSL3, MD5, short tag +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARC4-128, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_ARC4_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARC4_128:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, NULL cipher, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, NULL cipher, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, NULL cipher, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7022dfcd3..487d3ce47 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -381,3 +381,149 @@ void ssl_crypt_record( int cipher_type, int hash_id, free( buf ); } /* END_CASE */ + +/* BEGIN_CASE */ +void ssl_crypt_record_small( int cipher_type, int hash_id, + int etm, int tag_mode, int ver ) +{ + /* + * Test pairs of encryption and decryption with an increasing + * amount of space in the record buffer - in more detail: + * 1) Try to encrypt with 0, 1, 2, ... bytes available + * in front of the plaintext, and expect the encryption + * to succeed starting from some offset. Always keep + * enough space in the end of the buffer. + * 2) Try to encrypt with 0, 1, 2, ... bytes available + * at the end of the plaintext, and expect the encryption + * to succeed starting from some offset. Always keep + * enough space at the beginning of the buffer. + * 3) Try to encrypt with 0, 1, 2, ... bytes available + * both at the front and end of the plaintext, + * and expect the encryption to succeed starting from + * some offset. + * + * If encryption succeeds, check that decryption succeeds + * and yields the original record. + */ + + mbedtls_ssl_context ssl; /* ONLY for debugging */ + + mbedtls_ssl_transform t0, t1; + unsigned char *buf; + size_t const buflen = 150; + mbedtls_record rec, rec_backup; + + int ret; + int mode; /* Mode 1, 2 or 3 as explained above */ + size_t offset; /* Available space at beginning/end/both */ + size_t threshold = 64; /* Maximum offset to test against */ + + size_t default_pre_padding = 64; /* Pre-padding to use in mode 2 */ + size_t default_post_padding = 64; /* Post-padding to use in mode 1 */ + + int seen_success; /* Indicates if in the current mode we've + * already seen a successful test. */ + + mbedtls_ssl_init( &ssl ); + mbedtls_ssl_transform_init( &t0 ); + mbedtls_ssl_transform_init( &t1 ); + TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id, + etm, tag_mode, ver ) == 0 ); + + TEST_ASSERT( ( buf = malloc( buflen ) ) != NULL ); + + for( mode=1; mode <= 3; mode++ ) + { + seen_success = 0; + for( offset=0; offset <= threshold; offset++ ) + { + mbedtls_ssl_transform *t_dec, *t_enc; + /* Take turns in who's sending and who's receiving. */ + if( offset % 3 == 0 ) + { + t_dec = &t0; + t_enc = &t1; + } + else + { + t_dec = &t1; + t_enc = &t0; + } + + memset( rec.ctr, offset, sizeof( rec.ctr ) ); + rec.type = 42; + rec.ver[0] = offset; + rec.ver[1] = offset; + rec.buf = buf; + rec.buf_len = buflen; + + switch( mode ) + { + case 1: /* Space in the beginning */ + rec.data_offset = offset; + rec.data_len = buflen - offset - default_post_padding; + break; + + case 2: /* Space in the end */ + rec.data_offset = default_pre_padding; + rec.data_len = buflen - default_pre_padding - offset; + break; + + case 3: /* Space in the beginning and end */ + rec.data_offset = offset; + rec.data_len = buflen - 2 * offset; + break; + + default: + TEST_ASSERT( 0 ); + break; + } + + memset( rec.buf + rec.data_offset, 42, rec.data_len ); + + /* Make a copy for later comparison */ + rec_backup = rec; + + /* Encrypt record */ + ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL ); + + if( ( mode == 1 || mode == 2 ) && seen_success ) + { + TEST_ASSERT( ret == 0 ); + } + else + { + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if( ret == 0 ) + seen_success = 1; + } + + if( ret != 0 ) + continue; + + /* Decrypt record with t_dec */ + TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 ); + + /* Compare results */ + TEST_ASSERT( rec.type == rec_backup.type ); + TEST_ASSERT( memcmp( rec.ctr, rec_backup.ctr, 8 ) == 0 ); + TEST_ASSERT( rec.ver[0] == rec_backup.ver[0] ); + TEST_ASSERT( rec.ver[1] == rec_backup.ver[1] ); + TEST_ASSERT( rec.data_len == rec_backup.data_len ); + TEST_ASSERT( rec.data_offset == rec_backup.data_offset ); + TEST_ASSERT( memcmp( rec.buf + rec.data_offset, + rec_backup.buf + rec_backup.data_offset, + rec.data_len ) == 0 ); + } + + TEST_ASSERT( seen_success == 1 ); + } + + /* Cleanup */ + mbedtls_ssl_free( &ssl ); + mbedtls_ssl_transform_free( &t0 ); + mbedtls_ssl_transform_free( &t1 ); + + free( buf ); +} +/* END_CASE */ From 1c0c37feed9ba4e292159c931dad1ae10e16fab0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 7 Aug 2018 14:29:29 +0100 Subject: [PATCH 17/80] Move debugging output after record decryption The debugging call printing the decrypted record payload happened before updating ssl->in_msglen. --- library/ssl_tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 79e0623f0..88b39b724 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4641,13 +4641,14 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) return( ret ); } - MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", - ssl->in_msg, ssl->in_msglen ); ssl->in_msglen = rec.data_len; ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); ssl->in_len[1] = (unsigned char)( rec.data_len ); + MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", + ssl->in_msg, ssl->in_msglen ); + if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); From 29800d2fd177a59de02fc2c1eb1027556b31758f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 7 Aug 2018 14:30:18 +0100 Subject: [PATCH 18/80] Double check that record expansion is as expected during decryption --- library/ssl_tls.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 88b39b724..dc6647d78 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4641,6 +4641,11 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl ) return( ret ); } + if( ssl->in_iv + rec.data_offset != ssl->in_msg ) + { + /* Should never happen */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } ssl->in_msglen = rec.data_len; ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); From 0db7e0ce68010b974c42200c794d2444d0f60ca5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 18 Oct 2018 15:39:53 +0100 Subject: [PATCH 19/80] Improve documentation of mbedtls_ssl_transform --- include/mbedtls/ssl_internal.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 60b5133d9..5797136ca 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -499,8 +499,8 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * - The (static) encryption/decryption keys for the cipher. * - For stream/CBC, the type of message digest to be used. * - For stream/CBC, (static) encryption/decryption keys for the digest. - * - For AEAD transformations, the size (potentially 0) of an explicit - * initialization vector placed in encrypted records. + * - For AEAD transformations, the size (potentially 0) of an explicit, + * random initialization vector placed in encrypted records. * - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0) * an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC) * and (if present) is combined with the explicit IV in a transformation- @@ -509,6 +509,11 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * - The details of the transformation depend on the SSL/TLS version. * - The length of the authentication tag. * + * Note: Except for CBC in SSL3 and TLS 1.0, these parameters are + * constant across multiple encryption/decryption operations. + * For CBC, the implicit IV needs to be updated after each + * operation. + * * The struct below refines this abstract view as follows: * - The cipher underlying the transformation is managed in * cipher contexts cipher_ctx_{enc/dec}, which must have the From d0fa2d7563999e8f650392314b0c12e1b4505745 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 18 Oct 2018 15:40:08 +0100 Subject: [PATCH 20/80] Add record encryption/decryption tests for ARIA to SSL test suite --- tests/suites/test_suite_ssl.data | 1344 ++++++++++++++++++++++++++++++ 1 file changed, 1344 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index fa8862318..2b3517dec 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -730,6 +730,678 @@ Record crypt, AES-256-CBC, SSL3, MD5, short tag, EtM depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 +Record crypt, ARIA-128-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-128-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-128-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-128-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-128-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-128-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-128-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-128-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-128-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-192-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-192-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-192-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-192-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, ARIA-256-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, ARIA-256-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, ARIA-256-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, ARIA-256-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 @@ -2850,6 +3522,678 @@ Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag, EtM depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-128-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-128-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-128-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-128-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-192-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_192_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.2, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.1, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-384, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA512_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-256, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, 1.0, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1 + +Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, SSL3, SHA-1, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, SSL3, MD5 +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, SSL3, MD5, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_0 + +Record crypt, little space, ARIA-256-CBC, SSL3, MD5, short tag, EtM +depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC +ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA512_C ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3 From b2ca87d2897fc270e7b36f6114f7b6b3825163b8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 18 Oct 2018 15:43:13 +0100 Subject: [PATCH 21/80] Rename ssl_decrypt_buf() to mbedtls_ssl_decrypt_buf() in comment --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index dc6647d78..f0347ac4a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1733,7 +1733,7 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, #endif /* MBEDTLS_SSL_PROTO_SSL3 */ /* The function below is only used in the Lucky 13 counter-measure in - * ssl_decrypt_buf(). These are the defines that guard the call site. */ + * mbedtls_ssl_decrypt_buf(). These are the defines that guard the call site. */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) && \ ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ From 81e16a34f56006f27d4506140aadb56f07fb4552 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Mar 2019 11:21:44 +0000 Subject: [PATCH 22/80] Fix memory leak on failure in test_suite_ssl --- tests/suites/test_suite_ssl.function | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 487d3ce47..c21b7287e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -12,7 +12,9 @@ do \ { \ if( !( x ) ) \ - return( 1 ); \ + { \ + goto cleanup; \ + } \ } while( 0 ) @@ -24,7 +26,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, mbedtls_cipher_info_t const *cipher_info; size_t keylen, maclen, ivlen; - unsigned char *key0, *key1; + unsigned char *key0 = NULL, *key1 = NULL; unsigned char iv_enc[16], iv_dec[16]; maclen = 0; @@ -70,8 +72,6 @@ static int build_transforms( mbedtls_ssl_transform *t_in, keylen << 3, MBEDTLS_ENCRYPT ) == 0 ); CHK( mbedtls_cipher_setkey( &t_out->cipher_ctx_dec, key0, keylen << 3, MBEDTLS_DECRYPT ) == 0 ); - free( key0 ); - free( key1 ); /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) @@ -223,6 +223,11 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memcpy( &t_out->iv_dec, iv_enc, sizeof( iv_enc ) ); memcpy( &t_out->iv_enc, iv_dec, sizeof( iv_dec ) ); +cleanup: + + free( key0 ); + free( key1 ); + return( 0 ); } @@ -293,7 +298,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, mbedtls_ssl_context ssl; /* ONLY for debugging */ mbedtls_ssl_transform t0, t1; - unsigned char *buf; + unsigned char *buf = NULL; size_t const buflen = 512; mbedtls_record rec, rec_backup; @@ -373,6 +378,8 @@ void ssl_crypt_record( int cipher_type, int hash_id, rec.data_len ) == 0 ); } +exit: + /* Cleanup */ mbedtls_ssl_free( &ssl ); mbedtls_ssl_transform_free( &t0 ); @@ -409,7 +416,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, mbedtls_ssl_context ssl; /* ONLY for debugging */ mbedtls_ssl_transform t0, t1; - unsigned char *buf; + unsigned char *buf = NULL; size_t const buflen = 150; mbedtls_record rec, rec_backup; @@ -519,6 +526,8 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, TEST_ASSERT( seen_success == 1 ); } +exit: + /* Cleanup */ mbedtls_ssl_free( &ssl ); mbedtls_ssl_transform_free( &t0 ); From 907ab20b38f3264a775a837add20f7b353ad00f8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 1 Mar 2019 11:21:54 +0000 Subject: [PATCH 23/80] Alternative between send/recv transform in SSL record test suite --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c21b7287e..fa74d6055 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -446,7 +446,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, { mbedtls_ssl_transform *t_dec, *t_enc; /* Take turns in who's sending and who's receiving. */ - if( offset % 3 == 0 ) + if( offset % 2 == 0 ) { t_dec = &t0; t_enc = &t1; From 78f839df943c512fffd99d46e08831ff632106f6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 14 Mar 2019 12:56:23 +0000 Subject: [PATCH 24/80] Adapt record length value after encryption --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f0347ac4a..26ba4e976 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3765,7 +3765,7 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - ssl->out_msglen = rec.data_len; + ssl->out_msglen = len = rec.data_len; ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); ssl->out_len[1] = (unsigned char)( rec.data_len ); } From cd430bc099086716dd5b9e5d770bc5ea1bd36cc5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Apr 2019 16:29:48 +0100 Subject: [PATCH 25/80] Improve documentation of mbedtls_record --- include/mbedtls/ssl_internal.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 5797136ca..ac4d96dbf 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -611,8 +611,11 @@ struct mbedtls_ssl_transform * (1) Encrypted * These always have data_offset = 0 * (2) Unencrypted - * These have data_offset set to the length of the - * fixed part of the IV used for encryption. + * These have data_offset set to the amount of + * pre-expansion during record protection. Concretely, + * this is the length of the fixed part of the explicit IV + * used for encryption, or 0 if no explicit IV is used + * (e.g. for CBC in TLS 1.0, or stream ciphers). * * The reason for the data_offset in the unencrypted case * is to allow for in-place conversion of an unencrypted to From 3ee5421f9c6e19c87ff331d5b07d45d1222c776f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Apr 2019 16:31:26 +0100 Subject: [PATCH 26/80] Use mbedtls_{calloc|free}() in SSL unit test suite --- tests/suites/test_suite_ssl.function | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index fa74d6055..4678d7a24 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -39,8 +39,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in, /* Pick keys */ keylen = cipher_info->key_bitlen / 8; - CHK( ( key0 = malloc( keylen ) ) != NULL ); - CHK( ( key1 = malloc( keylen ) ) != NULL ); + CHK( ( key0 = mbedtls_calloc( 1, keylen ) ) != NULL ); + CHK( ( key1 = mbedtls_calloc( 1, keylen ) ) != NULL ); memset( key0, 0x1, keylen ); memset( key1, 0x2, keylen ); @@ -87,8 +87,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in, /* Pick hash keys */ maclen = mbedtls_md_get_size( md_info ); - CHK( ( md0 = malloc( maclen ) ) != NULL ); - CHK( ( md1 = malloc( maclen ) ) != NULL ); + CHK( ( md0 = mbedtls_calloc( 1, maclen ) ) != NULL ); + CHK( ( md1 = mbedtls_calloc( 1, maclen ) ) != NULL ); memset( md0, 0x5, maclen ); memset( md1, 0x6, maclen ); @@ -118,8 +118,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in, } #endif - free( md0 ); - free( md1 ); + mbedtls_free( md0 ); + mbedtls_free( md1 ); } #else ((void) hash_id); @@ -225,8 +225,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in, cleanup: - free( key0 ); - free( key1 ); + mbedtls_free( key0 ); + mbedtls_free( key1 ); return( 0 ); } @@ -308,7 +308,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id, etm, tag_mode, ver ) == 0 ); - TEST_ASSERT( ( buf = malloc( buflen ) ) != NULL ); + TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); while( num_records-- > 0 ) { @@ -385,7 +385,7 @@ exit: mbedtls_ssl_transform_free( &t0 ); mbedtls_ssl_transform_free( &t1 ); - free( buf ); + mbedtls_free( buf ); } /* END_CASE */ @@ -437,7 +437,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, TEST_ASSERT( build_transforms( &t0, &t1, cipher_type, hash_id, etm, tag_mode, ver ) == 0 ); - TEST_ASSERT( ( buf = malloc( buflen ) ) != NULL ); + TEST_ASSERT( ( buf = mbedtls_calloc( 1, buflen ) ) != NULL ); for( mode=1; mode <= 3; mode++ ) { @@ -533,6 +533,6 @@ exit: mbedtls_ssl_transform_free( &t0 ); mbedtls_ssl_transform_free( &t1 ); - free( buf ); + mbedtls_free( buf ); } /* END_CASE */ From a5780f19936c5c23f2dbc6307aa32b78bde924b8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Apr 2019 09:55:37 +0100 Subject: [PATCH 27/80] Catch errors while building SSL test transforms --- tests/suites/test_suite_ssl.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4678d7a24..d8f022ff4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -13,6 +13,7 @@ { \ if( !( x ) ) \ { \ + ret = -1; \ goto cleanup; \ } \ } while( 0 ) @@ -24,6 +25,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, int etm, int tag_mode, int ver ) { mbedtls_cipher_info_t const *cipher_info; + int ret = 0; size_t keylen, maclen, ivlen; unsigned char *key0 = NULL, *key1 = NULL; @@ -228,7 +230,7 @@ cleanup: mbedtls_free( key0 ); mbedtls_free( key1 ); - return( 0 ); + return( ret ); } /* END_HEADER */ From 78d1f70ab6e631cc386b0f45c3e5bd151bf5b3fd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Apr 2019 09:56:10 +0100 Subject: [PATCH 28/80] Ensure non-NULL key buffer when building SSL test transforms --- tests/suites/test_suite_ssl.function | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d8f022ff4..05ecd8ad5 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -41,8 +41,11 @@ static int build_transforms( mbedtls_ssl_transform *t_in, /* Pick keys */ keylen = cipher_info->key_bitlen / 8; - CHK( ( key0 = mbedtls_calloc( 1, keylen ) ) != NULL ); - CHK( ( key1 = mbedtls_calloc( 1, keylen ) ) != NULL ); + /* Allocate `keylen + 1` bytes to ensure that we get + * a non-NULL pointers from `mbedtls_calloc` even if + * `keylen == 0` in the case of the NULL cipher. */ + CHK( ( key0 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL ); + CHK( ( key1 = mbedtls_calloc( 1, keylen + 1 ) ) != NULL ); memset( key0, 0x1, keylen ); memset( key1, 0x2, keylen ); From 22bf14559980d5404c63b6711779e0db0bf031c7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Apr 2019 11:21:08 +0100 Subject: [PATCH 29/80] Adapt PSA code to ssl_transform changes --- library/ssl_tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 26ba4e976..7c9007790 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -904,7 +904,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ssl->handshake->psk_opaque != 0 ) psk = ssl->handshake->psk_opaque; - if( md_type == MBEDTLS_MD_SHA384 ) + if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); else alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); @@ -1249,7 +1249,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, - cipher_info, taglen ); + cipher_info, transform->taglen ); if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); @@ -1292,7 +1292,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, - cipher_info, taglen ); + cipher_info, transform->taglen ); if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); From 1f10d7643ffe3fc86b7a8496207ad6581778eca0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 26 Apr 2019 13:34:37 +0100 Subject: [PATCH 30/80] Fix uninitialized variable access in debug output of record enc/dec --- library/ssl_tls.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7c9007790..da42ed7ae 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1965,6 +1965,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } + ssl_extract_add_data_from_record( add_data, rec ); + MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", iv, transform->ivlen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", @@ -1979,7 +1981,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Encrypt and authenticate */ - ssl_extract_add_data_from_record( add_data, rec ); if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc, iv, transform->ivlen, add_data, 13, /* add data */ @@ -2118,12 +2119,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } + ssl_extract_add_data_from_record( add_data, rec ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, sizeof( add_data ) ); - ssl_extract_add_data_from_record( add_data, rec ); - mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, sizeof( add_data ) ); mbedtls_md_hmac_update( &transform->md_ctx_enc, From af35383b89360179eefed23692f306117d8acb94 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 30 Apr 2019 11:18:43 +0100 Subject: [PATCH 31/80] crypto: Update to Mbed Crypto 461fd58fb2f5 Update the Mbed Crypto submodule to revision 461fd58fb2f5 ("Merge pull request #71 from Patater/remove-non-crypto"). This includes removing SSL, NET, and X.509 modules from Mbed Crypto. --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index 125a1e980..461fd58fb 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit 125a1e980e44a8b756ba3a9a3b7c4d1ce5cbf134 +Subproject commit 461fd58fb2f5f04d4beb894355fb14642e8a0724 From 4e952f6ebdbc1716fd1d9697c0b385d27ae016e4 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 25 Apr 2019 17:52:05 +0100 Subject: [PATCH 32/80] Regenerate errors.c Autogenerate errors.c There are changes in error.c due to updating the crypto submodule to a version that no longer has the SSL, X.509, or net modules. The errors are correctly sourced from Mbed TLS and not Mbed Crypto, but they do move around within the file due to how the error generator script is written. --- library/error.c | 82 ++++++++++++++++++++++++------------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/library/error.c b/library/error.c index c596f0bcc..608423b1f 100644 --- a/library/error.c +++ b/library/error.c @@ -137,10 +137,6 @@ #include "mbedtls/md5.h" #endif -#if defined(MBEDTLS_NET_C) -#include "mbedtls/net_sockets.h" -#endif - #if defined(MBEDTLS_OID_C) #include "mbedtls/oid.h" #endif @@ -193,22 +189,26 @@ #include "mbedtls/sha512.h" #endif -#if defined(MBEDTLS_SSL_TLS_C) -#include "mbedtls/ssl.h" -#endif - #if defined(MBEDTLS_THREADING_C) #include "mbedtls/threading.h" #endif -#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/x509.h" -#endif - #if defined(MBEDTLS_XTEA_C) #include "mbedtls/xtea.h" #endif +#if defined(MBEDTLS_NET_C) +#include "mbedtls/net_sockets.h" +#endif + +#if defined(MBEDTLS_SSL_TLS_C) +#include "mbedtls/ssl.h" +#endif + +#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) +#include "mbedtls/x509.h" +#endif + void mbedtls_strerror( int ret, char *buf, size_t buflen ) { @@ -790,35 +790,6 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" ); #endif /* MBEDTLS_MD5_C */ -#if defined(MBEDTLS_NET_C) - if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" ); - if( use_ret == -(MBEDTLS_ERR_NET_CONNECT_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - The connection to the given server / port failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_BIND_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Binding of the socket failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_LISTEN_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Could not listen on the socket" ); - if( use_ret == -(MBEDTLS_ERR_NET_ACCEPT_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Could not accept the incoming connection" ); - if( use_ret == -(MBEDTLS_ERR_NET_RECV_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Reading information from the socket failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_SEND_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Sending information through the socket failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_CONN_RESET) ) - mbedtls_snprintf( buf, buflen, "NET - Connection was reset by peer" ); - if( use_ret == -(MBEDTLS_ERR_NET_UNKNOWN_HOST) ) - mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" ); - if( use_ret == -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" ); - if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) ) - mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" ); - if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) ) - mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" ); - if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) ) - mbedtls_snprintf( buf, buflen, "NET - Input invalid" ); -#endif /* MBEDTLS_NET_C */ - #if defined(MBEDTLS_OID_C) if( use_ret == -(MBEDTLS_ERR_OID_NOT_FOUND) ) mbedtls_snprintf( buf, buflen, "OID - OID is not found" ); @@ -888,6 +859,35 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "XTEA - XTEA hardware accelerator failed" ); #endif /* MBEDTLS_XTEA_C */ + +#if defined(MBEDTLS_NET_C) + if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" ); + if( use_ret == -(MBEDTLS_ERR_NET_CONNECT_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - The connection to the given server / port failed" ); + if( use_ret == -(MBEDTLS_ERR_NET_BIND_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Binding of the socket failed" ); + if( use_ret == -(MBEDTLS_ERR_NET_LISTEN_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Could not listen on the socket" ); + if( use_ret == -(MBEDTLS_ERR_NET_ACCEPT_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Could not accept the incoming connection" ); + if( use_ret == -(MBEDTLS_ERR_NET_RECV_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Reading information from the socket failed" ); + if( use_ret == -(MBEDTLS_ERR_NET_SEND_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Sending information through the socket failed" ); + if( use_ret == -(MBEDTLS_ERR_NET_CONN_RESET) ) + mbedtls_snprintf( buf, buflen, "NET - Connection was reset by peer" ); + if( use_ret == -(MBEDTLS_ERR_NET_UNKNOWN_HOST) ) + mbedtls_snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" ); + if( use_ret == -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL) ) + mbedtls_snprintf( buf, buflen, "NET - Buffer is too small to hold the data" ); + if( use_ret == -(MBEDTLS_ERR_NET_INVALID_CONTEXT) ) + mbedtls_snprintf( buf, buflen, "NET - The context is invalid, eg because it was free()ed" ); + if( use_ret == -(MBEDTLS_ERR_NET_POLL_FAILED) ) + mbedtls_snprintf( buf, buflen, "NET - Polling the net context failed" ); + if( use_ret == -(MBEDTLS_ERR_NET_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "NET - Input invalid" ); +#endif /* MBEDTLS_NET_C */ // END generated code if( strlen( buf ) != 0 ) From 5d9c9636fae0f7f452341b2cf25832a3915a0822 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 1 May 2019 13:43:53 -0400 Subject: [PATCH 33/80] Add support for RSA PKCSv1.5 signatures using RIPEMD-160 --- ChangeLog | 2 ++ include/mbedtls/oid.h | 2 ++ library/oid.c | 6 ++++++ tests/suites/test_suite_rsa.data | 8 ++++++++ 4 files changed, 18 insertions(+) diff --git a/ChangeLog b/ChangeLog index 58ff14734..282241118 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,8 @@ Features rfc 5280 section 4.2.1.4. * It is now possible to use NIST key wrap mode via the mbedtls_cipher API. Contributed by Jack Lloyd and Fortanix Inc. + * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest. + Contributed by Jack Lloyd and Fortanix Inc. * Add the Wi-SUN Field Area Network (FAN) device extended key usage. * Add the oid certificate policy x509 extension. diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 55f72c8eb..f05a6ec31 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -259,6 +259,8 @@ #define MBEDTLS_OID_DIGEST_ALG_SHA512 MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */ +#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ + #define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ #define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ diff --git a/library/oid.c b/library/oid.c index 9f4094107..27c455e87 100644 --- a/library/oid.c +++ b/library/oid.c @@ -627,6 +627,12 @@ static const oid_md_alg_t oid_md_alg[] = MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_SHA512_C */ +#if defined(MBEDTLS_RIPEMD160_C) + { + { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ), "id-ripemd160", "RIPEMD-160" }, + MBEDTLS_MD_RIPEMD160, + }, +#endif /* MBEDTLS_RIPEMD160_C */ { { NULL, 0, NULL, NULL }, MBEDTLS_MD_NONE, diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 953b1ff92..20789e69f 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -258,6 +258,14 @@ RSA PKCS1 Sign #9 Verify (Invalid Digest type) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSA PKCS1 Sign #10 (RIPEMD160, 2048 bits RSA) +depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_sign:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 + +RSA PKCS1 Verify #10 (RIPEMD160, 2048 bits RSA) +depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 + RSA PKCS1 Encrypt #1 depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c":0 From 5ed7fff8cef42203c6a4807220e34da61be4182d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 6 May 2019 12:15:44 -0400 Subject: [PATCH 34/80] Add a test of the OID->MD map functions --- ChangeLog | 4 ++-- tests/suites/test_suite_oid.data | 32 ++++++++++++++++++++++++++++ tests/suites/test_suite_oid.function | 26 ++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 282241118..ef5b104f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,10 +7,10 @@ Features rfc 5280 section 4.2.1.4. * It is now possible to use NIST key wrap mode via the mbedtls_cipher API. Contributed by Jack Lloyd and Fortanix Inc. - * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest. - Contributed by Jack Lloyd and Fortanix Inc. * Add the Wi-SUN Field Area Network (FAN) device extended key usage. * Add the oid certificate policy x509 extension. + * It is now possible to perform RSA PKCS v1.5 signatures with RIPEMD-160 digest. + Contributed by Jack Lloyd and Fortanix Inc. Bugfix * Fix private key DER output in the key_app_writer example. File contents diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 3d5d9db3f..326193520 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -57,3 +57,35 @@ oid_get_x509_extension:"5533445566":0 OID get x509 extension - wrong oid - id-ce oid_get_x509_extension:"551D":0 + +OID hash id - id-md5 +depends_on:MBEDTLS_MD5_C +oid_get_md_alg_id:"2A864886f70d0205":MBEDTLS_MD_MD5 + +OID hash id - id-sha1 +depends_on:MBEDTLS_SHA1_C +oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1 + +OID hash id - id-sha224 +depends_on:MBEDTLS_SHA256_C +oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224 + +OID hash id - id-sha256 +depends_on:MBEDTLS_SHA256_C +oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256 + +OID hash id - id-sha384 +depends_on:MBEDTLS_SHA512_C +oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384 + +OID hash id - id-sha512 +depends_on:MBEDTLS_SHA512_C +oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512 + +OID hash id - id-ripemd160 +depends_on:MBEDTLS_RIPEMD160_C +oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 + +OID hash id - invalid oid +oid_get_md_alg_id:"2B864886f70d0204":-1 + diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index cb8abe638..065295a7a 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -78,3 +78,29 @@ void oid_get_x509_extension( data_t *oid, int exp_type ) } } /* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_md_alg_id( data_t *oid, int exp_md_id ) +{ + mbedtls_asn1_buf md_oid = { 0, 0, NULL }; + int ret; + mbedtls_md_type_t md_id = 0; + + md_oid.tag = MBEDTLS_ASN1_OID; + md_oid.p = oid->x; + md_oid.len = oid->len; + + ret = mbedtls_oid_get_md_alg( &md_oid, &md_id ); + + if( exp_md_id < 0 ) + { + TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND ); + TEST_ASSERT( md_id == 0); + } + else + { + TEST_ASSERT( ret == 0 ); + TEST_ASSERT( (mbedtls_md_type_t)exp_md_id == md_id ); + } +} +/* END_CASE */ From 3ded1c81b112869b0fbbef73a4e0dd69ff51c2f4 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 6 May 2019 12:16:32 -0400 Subject: [PATCH 35/80] Test the return value in the OID->X.509 map functions --- tests/suites/test_suite_oid.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 065295a7a..9e8d43739 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -28,6 +28,7 @@ void oid_get_certificate_policies( data_t *oid, char *result_str ) } else { + TEST_ASSERT( ret == 0 ); TEST_ASSERT( strcmp( ( char* )desc, result_str ) == 0 ); } } @@ -51,6 +52,7 @@ void oid_get_extended_key_usage( data_t *oid, char *result_str ) } else { + TEST_ASSERT( ret == 0 ); TEST_ASSERT( strcmp( ( char * )desc, result_str ) == 0 ); } } @@ -74,6 +76,7 @@ void oid_get_x509_extension( data_t *oid, int exp_type ) } else { + TEST_ASSERT( ret == 0 ); TEST_ASSERT( ext_type == exp_type ); } } From b2dc3fa72ed519eb739e41ac25d49eb943bca7a1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 21 Mar 2019 13:40:13 +0200 Subject: [PATCH 36/80] Suppport otherName of type hardware module name Add support of parsing of subject alternative name, of type otherName. Currently supports only hardware module name, as defined in rfc 4108. --- include/mbedtls/oid.h | 3 + include/mbedtls/x509.h | 22 ++ include/mbedtls/x509_crt.h | 61 +++- library/x509_crt.c | 305 ++++++++++++++++-- tests/data_files/Makefile | 6 + tests/data_files/multiple_san.crt | 12 + tests/data_files/server5-othername.crt | 11 + .../server5-unsupported_othername.crt | 12 + tests/data_files/test-ca.opensslconf | 19 ++ tests/suites/test_suite_x509parse.data | 36 ++- tests/suites/test_suite_x509parse.function | 108 +++++++ 11 files changed, 565 insertions(+), 30 deletions(-) create mode 100644 tests/data_files/multiple_san.crt create mode 100644 tests/data_files/server5-othername.crt create mode 100644 tests/data_files/server5-unsupported_othername.crt diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 55f72c8eb..c516b7aaf 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -214,6 +214,9 @@ */ #define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" +#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ +#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ + /* * PKCS definition OIDs */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index b63e864e3..054ff2ecc 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -109,6 +109,28 @@ /* \} name */ /* \} addtogroup x509_module */ +/* + * X.509 v3 Subject Alternative Name types. + * otherName [0] OtherName, + * rfc822Name [1] IA5String, + * dNSName [2] IA5String, + * x400Address [3] ORAddress, + * directoryName [4] Name, + * ediPartyName [5] EDIPartyName, + * uniformResourceIdentifier [6] IA5String, + * iPAddress [7] OCTET STRING, + * registeredID [8] OBJECT IDENTIFIER + */ +#define MBEDTLS_X509_SAN_OTHER_NAME 0 +#define MBEDTLS_X509_SAN_RFC822_NAME 1 +#define MBEDTLS_X509_SAN_DNS_NAME 2 +#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME 3 +#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 +#define MBEDTLS_X509_SAN_EDI_PARTY_NAME 5 +#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 +#define MBEDTLS_X509_SAN_IP_ADDRESS 7 +#define MBEDTLS_X509_SAN_REGISTERED_ID 8 + /* * X.509 v3 Key Usage Extension flags * Reminder: update x509_info_key_usage() when adding new flags. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index a0f32cb30..4a796173f 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -76,7 +76,7 @@ typedef struct mbedtls_x509_crt mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName supported). */ + mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName and OtherName supported). */ int ext_types; /**< Bit string containing detected and parsed extensions */ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ @@ -97,6 +97,44 @@ typedef struct mbedtls_x509_crt } mbedtls_x509_crt; +/* + * From RFC 5280 section 4.2.1.6: + * OtherName ::= SEQUENCE { + * type-id OBJECT IDENTIFIER, + * value [0] EXPLICIT ANY DEFINED BY type-id } + */ +typedef struct mbedtls_x509_san_other_name +{ + mbedtls_x509_buf type_id; /**< The type id. */ + union + { + /* + * From RFC 4108 section 5: + * HardwareModuleName ::= SEQUENCE { + * hwType OBJECT IDENTIFIER, + * hwSerialNum OCTET STRING } + */ + mbedtls_x509_name hardware_module_name; + } + value; +} +mbedtls_x509_san_other_name; + +/* + * A structure for holding the parsed Subject Alternative Name, according to type + */ +typedef struct mbedtls_x509_subject_alternative_name +{ + int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ + union { + mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ + mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ + } + san; /**< A union of the supported SAN types */ + struct mbedtls_x509_subject_alternative_name *next; /**< The next SAN in the list. */ +} +mbedtls_x509_subject_alternative_name; + /** * Build flag from an algorithm/curve identifier (pk, md, ecp) * Since 0 is always XXX_NONE, ignore it. @@ -347,7 +385,26 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); */ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); #endif /* MBEDTLS_FS_IO */ - +/** + * \brief Parses the subject alternative name list of a given certificate; + * + * \param crt The X509 certificate to parse. + * + * \param san A list holding the parsed certificate. + * + * \note Only "dnsName" and "otherName" of type hardware_module_name, + * as defined in RFC 4180 is supported. + * + * \note Any unsupported san type is ignored. + * + * \note The function allocates a list of mbedtls_x509_subject_alternative_name + * and it is the caller's responsibility to free it. + * + * \return Zero for success and negative + * value for any other failure. + */ +int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt, + mbedtls_x509_subject_alternative_name **san ); /** * \brief Returns an informational string about the * certificate. diff --git a/library/x509_crt.c b/library/x509_crt.c index 97a06d5f1..f9cbed0a2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -618,7 +618,8 @@ static int x509_get_ext_key_usage( unsigned char **p, * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } * - * NOTE: we only parse and use dNSName at this point. + * NOTE: we only parse and use dNSName at this point, + * and otherName of type HwModuleName, as defined in RFC 4108. */ static int x509_get_subject_alt_name( unsigned char **p, const unsigned char *end, @@ -657,13 +658,6 @@ static int x509_get_subject_alt_name( unsigned char **p, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); } - /* Skip everything but DNS name */ - if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) ) - { - *p += tag_len; - continue; - } - /* Allocate and assign next pointer */ if( cur->buf.p != NULL ) { @@ -1435,32 +1429,195 @@ cleanup: } #endif /* MBEDTLS_FS_IO */ +/* + * OtherName ::= SEQUENCE { + * type-id OBJECT IDENTIFIER, + * value [0] EXPLICIT ANY DEFINED BY type-id } + * + * HardwareModuleName ::= SEQUENCE { + * hwType OBJECT IDENTIFIER, + * hwSerialNum OCTET STRING } + * + * NOTE: we currently only parse and use otherName of type HwModuleName, + * as defined in RFC 4108. + */ +static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, + mbedtls_x509_san_other_name *other_name ) +{ + int ret; + size_t len; + unsigned char *p = subject_alt_name->p; + const unsigned char *end = p + subject_alt_name->len; + mbedtls_x509_buf cur_oid; + + if( ( subject_alt_name->tag & + ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) != + ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) ) + { + /* + * The given subject alternative name is not of type "othername". + */ + return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + } + + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_OID ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + cur_oid.tag = MBEDTLS_ASN1_OID; + cur_oid.p = p; + cur_oid.len = len; + + /* + * Only HwModuleName is currently supported. + */ + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 ) + { + return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + } + + if( p + len >= end ) + { + mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + p += len; + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; + other_name->value.hardware_module_name.oid.p = p; + other_name->value.hardware_module_name.oid.len = len; + + if( p + len >= end ) + { + mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + p += len; + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; + other_name->value.hardware_module_name.val.p = p; + other_name->value.hardware_module_name.val.len = len; + other_name->value.hardware_module_name.next = NULL; + other_name->value.hardware_module_name.next_merged = 0; + p += len; + if( p != end ) + { + mbedtls_platform_zeroize( other_name, + sizeof( other_name ) ); + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + return( 0 ); +} + static int x509_info_subject_alt_name( char **buf, size_t *size, - const mbedtls_x509_sequence *subject_alt_name ) + const mbedtls_x509_sequence *subject_alt_name, + const char *prefix ) { size_t i; + int ret; size_t n = *size; char *p = *buf; const mbedtls_x509_sequence *cur = subject_alt_name; - const char *sep = ""; - size_t sep_len = 0; while( cur != NULL ) { - if( cur->buf.len + sep_len >= n ) + switch( cur->buf.tag & + ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) { - *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + /* + * otherName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): + { + mbedtls_x509_san_other_name other_name; + + ret = x509_get_other_name( &cur->buf, &other_name ); + if( ret != 0 ) + { + /* + * In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, + * then the "otherName" is of an unsupported type. Ignore. + */ + if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + ret = 0; + return( ret ); + } + + ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, + &other_name.value.hardware_module_name.oid ) != 0 ) + { + ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = mbedtls_oid_get_numeric_string( p, n, &other_name.value.hardware_module_name.oid ); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( other_name.value.hardware_module_name.val.len >= n ) + { + *p = '\0'; + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + } + + for( i = 0; i < other_name.value.hardware_module_name.val.len; i++ ) + { + *p++ = other_name.value.hardware_module_name.val.p[i]; + } + n -= other_name.value.hardware_module_name.val.len; + + }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ + } + break; + + /* + * dNSName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): + { + + ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + if( cur->buf.len >= n ) + { + *p = '\0'; + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + } + n -= cur->buf.len; + for( i = 0; i < cur->buf.len; i++ ) + *p++ = cur->buf.p[i]; + } + break; + + /* + * Type not supported, skip item. + */ + default: + break; } - n -= cur->buf.len + sep_len; - for( i = 0; i < sep_len; i++ ) - *p++ = sep[i]; - for( i = 0; i < cur->buf.len; i++ ) - *p++ = cur->buf.p[i]; - - sep = ", "; - sep_len = 2; cur = cur->next; } @@ -1473,6 +1630,105 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, return( 0 ); } +int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt, + mbedtls_x509_subject_alternative_name **san ) +{ + int ret; + const mbedtls_x509_sequence *cur = &crt->subject_alt_names; + mbedtls_x509_subject_alternative_name *cur_san = *san, *prev_san = NULL; + + if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) + { + if( cur_san != NULL ) + { + return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + } + + while( cur != NULL ) + { + switch( cur->buf.tag & + ( MBEDTLS_ASN1_TAG_CLASS_MASK | + MBEDTLS_ASN1_TAG_VALUE_MASK ) ) + { + /* + * otherName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): + { + mbedtls_x509_san_other_name other_name; + + ret = x509_get_other_name( &cur->buf, &other_name ); + if( ret != 0 ) + { + /* + * In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, + * then the "otherName" is of an unsupported type. Ignore. + */ + if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + ret = 0; + cur = cur->next; + continue; + } + + cur_san = mbedtls_calloc( 1, sizeof( mbedtls_x509_subject_alternative_name ) ); + if( cur_san == NULL ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + + if( prev_san != NULL ) + prev_san->next = cur_san; + + cur_san->type = MBEDTLS_X509_SAN_OTHER_NAME; + memcpy( &cur_san->san.other_name, + &other_name, sizeof( other_name ) ); + + } + break; + + /* + * dNSName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): + { + cur_san = mbedtls_calloc( 1, sizeof( mbedtls_x509_subject_alternative_name ) ); + if( cur_san == NULL ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + + if( prev_san != NULL ) + prev_san->next = cur_san; + + memset( cur_san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + cur_san->type = MBEDTLS_X509_SAN_DNS_NAME; + + memcpy( &cur_san->san.unstructured_name, + &cur->buf, sizeof( cur->buf ) ); + + } + break; + + /* + * Type not supported, skip item. + */ + default: + break; + } + + if( *san == NULL ) + *san = cur_san; + + if( cur_san != NULL ) + { + prev_san = cur_san; + cur_san = cur_san->next; + } + + cur = cur->next; + }/* while( cur != NULL ) */ + }/* crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME */ + return( 0 ); +} + #define PRINT_ITEM(i) \ { \ ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ @@ -1659,11 +1915,12 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) { - ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix ); + ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; if( ( ret = x509_info_subject_alt_name( &p, &n, - &crt->subject_alt_names ) ) != 0 ) + &crt->subject_alt_names, + prefix) ) != 0 ) return( ret ); } diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 748514db1..6680c808f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -142,6 +142,12 @@ server5-ss-forgeca.crt: server5.key $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@ all_final += server5-ss-forgeca.crt +server5-othername.crt: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@ + +server5-unsupported_othername.crt: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@ + server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ all_final += server10-badsign.crt diff --git a/tests/data_files/multiple_san.crt b/tests/data_files/multiple_san.crt new file mode 100644 index 000000000..8cdc73061 --- /dev/null +++ b/tests/data_files/multiple_san.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy +bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD +VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11 +bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 +zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI +wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr +BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh +bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS +L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw== +-----END CERTIFICATE----- diff --git a/tests/data_files/server5-othername.crt b/tests/data_files/server5-othername.crt new file mode 100644 index 000000000..3be1a772c --- /dev/null +++ b/tests/data_files/server5-othername.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBnzCCAUWgAwIBAgIBTTAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIG90aGVybmFtZSBTQU4w +HhcNMTkwMzI0MDkwNjAyWhcNMjkwMzIxMDkwNjAyWjBBMQswCQYDVQQGEwJVSzER +MA8GA1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIG90aGVybmFtZSBT +QU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5 +BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqIwmt3DVXNiioO+gHItO3/oy4w +LDAqBgNVHREEIzAhoB8GCCsGAQUFBwgEoBMwEQYHKwYBBAERAwQGMTIzNDU2MAoG +CCqGSM49BAMCA0gAMEUCIQCijdm1AfArx2p4cLCVciHCTE8UXRiTm8f85k4aNzzf +sgIgCdmLyfZB9jsSPH3A3O1GATAR3O9OTtEDC+YSc+lvxSw= +-----END CERTIFICATE----- diff --git a/tests/data_files/server5-unsupported_othername.crt b/tests/data_files/server5-unsupported_othername.crt new file mode 100644 index 000000000..b46fc2d96 --- /dev/null +++ b/tests/data_files/server5-unsupported_othername.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtjCCAVygAwIBAgIBTTAKBggqhkjOPQQDAjBNMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxKzApBgNVBAMMIk1iZWQgVExTIHVuc3VwcG9ydGVkIG90 +aGVybmFtZSBTQU4wHhcNMTkwNTAxMDkxMDM1WhcNMjkwNDI4MDkxMDM1WjBNMQsw +CQYDVQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKzApBgNVBAMMIk1iZWQgVExT +IHVuc3VwcG9ydGVkIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMB +BwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0 +XV0WvYqIwmt3DVXNiioO+gHItO3/oy0wKzApBgNVHREEIjAgoB4GAyoDBKAXDBVz +b21lIG90aGVyIGlkZW50aWZpZXIwCgYIKoZIzj0EAwIDSAAwRQIhANkj6n9qHYVi +FLfb0IRZpIsvvuNCjSgT8yBLVjJYQj3nAiBffQKZ7y/F6rfon6L1GZU0BBja8BLX +rXp8WpY7Bc8myQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index f66b39e3c..d345fe99e 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -12,6 +12,25 @@ subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true +[othername_san] +subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name + +[unsupoported_othername_san] +subjectAltName=otherName:1.2.3.4;UTF8:some other identifier + +[alt_names] +DNS.1=example.com +otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name +DNS.2=example.net +DNS.3=*.example.org + +[multiple_san] +subjectAltName=@alt_names + +[hw_module_name] +hwtype = OID:1.3.6.1.4.1.17.3 +hwserial = OCT:123456 + [noext_ca] basicConstraints = CA:true diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index edd3a6fc5..f53ea8232 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -94,6 +94,10 @@ X509 Certificate information EC, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" +X509 Certificate information EC, SHA256 Digest, hardware module name SAN +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n" + X509 Certificate information, NS Cert Type depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" @@ -108,11 +112,15 @@ x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\ns X509 Certificate information, Subject Alt Name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n" +x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" + +X509 Certificate information, Multiple different Subject Alt Name +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n" X509 Certificate information, Subject Alt Name + Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \: www.shotokan-braunschweig.de, www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 Certificate information, Key Usage + Extended Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C @@ -128,11 +136,31 @@ x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number X509 Certificate information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: \next key usage \: TLS Web Client Authentication\n" +x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\next key usage \: TLS Web Client Authentication\n" X509 certificate v1 with extension depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C -x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \: identity-check.org, www.identity-check.org\n" +x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n" + +X509 SAN parsing otherName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n" + +X509 SAN parsing dNSName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n" + +X509 SAN parsing Multiple different types +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n" + +X509 SAN parsing, no subject alt name +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C +x509_parse_san:"data_files/server4.crt":"" + +X509 SAN parsing, unsupported otherName name +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_parse_san:"data_files/server5-unsupported_othername.crt":"" X509 CRL information #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index b11ab849a..beec52cc3 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -219,6 +219,79 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint return( 0 ); } + +int verify_parse_san( mbedtls_x509_subject_alternative_name *san, + char **buf, size_t *size ) +{ + int ret; + size_t i; + char *p = *buf; + size_t n = *size; + + ret = mbedtls_snprintf( p, n, "type : %u", san->type ); + MBEDTLS_X509_SAFE_SNPRINTF; + + switch( san->type ) + { + case( MBEDTLS_X509_SAN_OTHER_NAME ): + ret = mbedtls_snprintf( p, n, "\notherName :"); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, + &san->san.other_name.value.hardware_module_name.oid ) != 0 ) + { + ret = mbedtls_snprintf( p, n, " hardware module name :" ); + MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_snprintf( p, n, " hardware type : " ); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = mbedtls_oid_get_numeric_string( p, n, + &san->san.other_name.value.hardware_module_name.oid ); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = mbedtls_snprintf( p, n, ", hardware serial number : " ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( san->san.other_name.value.hardware_module_name.val.len >= n ) + { + *p = '\0'; + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + } + + for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ ) + { + *p++ = san->san.other_name.value.hardware_module_name.val.p[i]; + } + n -= san->san.other_name.value.hardware_module_name.val.len; + } + break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ + case( MBEDTLS_X509_SAN_DNS_NAME ): + ret = mbedtls_snprintf( p, n, "\ndNSName : " ); + MBEDTLS_X509_SAFE_SNPRINTF; + if( san->san.unstructured_name.len >= n ) + { + *p = '\0'; + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + } + n -= san->san.unstructured_name.len; + for( i = 0; i < san->san.unstructured_name.len; i++ ) + *p++ = san->san.unstructured_name.p[i]; + break;/* MBEDTLS_X509_SAN_DNS_NAME */ + + default: + /* + * Should not happen. + */ + return( -1 ); + } + ret = mbedtls_snprintf( p, n, "\n" ); + MBEDTLS_X509_SAFE_SNPRINTF; + + *size = n; + *buf = p; + + return( 0 ); +} #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ @@ -227,6 +300,41 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +void x509_parse_san( char * crt_file, char * result_str ) +{ + mbedtls_x509_crt crt; + mbedtls_x509_subject_alternative_name *cur, *next, *san = NULL; + char buf[2000]; + char *p = buf; + size_t n = sizeof( buf ); + + mbedtls_x509_crt_init( &crt ); + memset( buf, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); + TEST_ASSERT( mbedtls_x509_parse_subject_alternative_name( &crt, &san ) == 0 ); + cur = san; + while( cur != NULL ) + { + TEST_ASSERT( verify_parse_san( cur, &p, &n ) == 0 ); + cur = cur->next; + } + + TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + +exit: + + for( cur = san; cur != NULL; cur = next ) + { + next = cur->next; + mbedtls_free( cur ); + } + + mbedtls_x509_crt_free( &crt ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void x509_cert_info( char * crt_file, char * result_str ) { From 74d9acc144a398c6df238abd5ba154a9ae798a05 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 21 Mar 2019 14:00:03 +0200 Subject: [PATCH 37/80] Add support for certificate policies extension Add support for certificate policies, as defined in rfc 5280. Currently support only `anyPolicy` policy. --- include/mbedtls/x509_crt.h | 2 + library/x509_crt.c | 189 ++++++++++++++++++ tests/data_files/Makefile | 36 ++++ tests/data_files/test-ca-any_policy.crt | 19 ++ tests/data_files/test-ca-any_policy_ec.crt | 12 ++ .../test-ca-any_policy_with_qualifier.crt | 20 ++ .../test-ca-any_policy_with_qualifier_ec.crt | 13 ++ tests/data_files/test-ca-multi_policy.crt | 19 ++ tests/data_files/test-ca-multi_policy_ec.crt | 12 ++ .../data_files/test-ca-unsupported_policy.crt | 19 ++ .../test-ca-unsupported_policy_ec.crt | 12 ++ tests/data_files/test-ca.opensslconf | 20 ++ tests/suites/test_suite_x509parse.data | 32 +++ 13 files changed, 405 insertions(+) create mode 100644 tests/data_files/test-ca-any_policy.crt create mode 100644 tests/data_files/test-ca-any_policy_ec.crt create mode 100644 tests/data_files/test-ca-any_policy_with_qualifier.crt create mode 100644 tests/data_files/test-ca-any_policy_with_qualifier_ec.crt create mode 100644 tests/data_files/test-ca-multi_policy.crt create mode 100644 tests/data_files/test-ca-multi_policy_ec.crt create mode 100644 tests/data_files/test-ca-unsupported_policy.crt create mode 100644 tests/data_files/test-ca-unsupported_policy_ec.crt diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 4a796173f..acaafbe9f 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -78,6 +78,8 @@ typedef struct mbedtls_x509_crt mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName and OtherName supported). */ + mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate4 policies (Only anyPolicy supported). */ + int ext_types; /**< Bit string containing detected and parsed extensions */ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ diff --git a/library/x509_crt.c b/library/x509_crt.c index f9cbed0a2..f17c8b2ec 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -690,6 +690,139 @@ static int x509_get_subject_alt_name( unsigned char **p, return( 0 ); } +/* + * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } + * + * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } + * + * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + * + * PolicyInformation ::= SEQUENCE { + * policyIdentifier CertPolicyId, + * policyQualifiers SEQUENCE SIZE (1..MAX) OF + * PolicyQualifierInfo OPTIONAL } + * + * CertPolicyId ::= OBJECT IDENTIFIER + * + * PolicyQualifierInfo ::= SEQUENCE { + * policyQualifierId PolicyQualifierId, + * qualifier ANY DEFINED BY policyQualifierId } + * + * -- policyQualifierIds for Internet policy qualifiers + * + * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } + * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } + * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } + * + * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) + * + * Qualifier ::= CHOICE { + * cPSuri CPSuri, + * userNotice UserNotice } + * + * CPSuri ::= IA5String + * + * UserNotice ::= SEQUENCE { + * noticeRef NoticeReference OPTIONAL, + * explicitText DisplayText OPTIONAL } + * + * NoticeReference ::= SEQUENCE { + * organization DisplayText, + * noticeNumbers SEQUENCE OF INTEGER } + * + * DisplayText ::= CHOICE { + * ia5String IA5String (SIZE (1..200)), + * visibleString VisibleString (SIZE (1..200)), + * bmpString BMPString (SIZE (1..200)), + * utf8String UTF8String (SIZE (1..200)) } + * + * NOTE: we only parse and use anyPolicy without qualifiers at this point + * as defined in RFC 5280. + */ +static int x509_get_certificate_policies( unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *certificate_policies ) +{ + int ret; + size_t len; + mbedtls_asn1_buf *buf; + mbedtls_asn1_sequence *cur = certificate_policies; + + /* Get main sequence tag */ + ret = mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + if( *p + len != end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + /* + * Cannot be an empty sequence. + */ + if( len == 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + while( *p < end ) + { + mbedtls_x509_buf policy_oid; + const unsigned char *policy_end; + + /* + * Get the policy sequence + */ + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + policy_end = *p + len; + + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_OID ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + policy_oid.tag = MBEDTLS_ASN1_OID; + policy_oid.len = len; + policy_oid.p = *p; + + /* Allocate and assign next pointer */ + if( cur->buf.p != NULL ) + { + if( cur->next != NULL ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); + + cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + + if( cur->next == NULL ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + + cur = cur->next; + } + + buf = &( cur->buf ); + buf->tag = policy_oid.tag; + buf->p = policy_oid.p; + buf->len = policy_oid.len; + /* + * Skip the optional policy qualifiers, + * and set the pointer to the end of the policy. + */ + *p = (unsigned char *)policy_end; + } + + /* Set final sequence entry's next pointer to NULL */ + cur->next = NULL; + + if( *p != end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + return( 0 ); +} + /* * X.509 v3 extensions * @@ -817,6 +950,13 @@ static int x509_get_crt_ext( unsigned char **p, return( ret ); break; + case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: + /* Parse certificate policies type */ + if( ( ret = x509_get_certificate_policies( p, end_ext_octet, + &crt->certificate_policies ) ) != 0 ) + return( ret ); + break; + default: /* * If this is a non-critical extension, which the oid layer @@ -1820,6 +1960,35 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, return( 0 ); } +static int x509_info_cert_policies( char **buf, size_t *size, + const mbedtls_x509_sequence *certificate_policies ) +{ + int ret; + const char *desc; + size_t n = *size; + char *p = *buf; + const mbedtls_x509_sequence *cur = certificate_policies; + const char *sep = ""; + + while( cur != NULL ) + { + if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 ) + desc = "???"; + + ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); + MBEDTLS_X509_SAFE_SNPRINTF; + + sep = ", "; + + cur = cur->next; + } + + *size = n; + *buf = p; + + return( 0 ); +} + /* * Return an informational string about the certificate. */ @@ -1952,6 +2121,16 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, return( ret ); } + if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES ) + { + ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( ( ret = x509_info_cert_policies( &p, &n, + &crt->certificate_policies ) ) != 0 ) + return( ret ); + } + ret = mbedtls_snprintf( p, n, "\n" ); MBEDTLS_X509_SAFE_SNPRINTF; @@ -3078,6 +3257,16 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) mbedtls_free( seq_prv ); } + seq_cur = cert_cur->certificate_policies.next; + while( seq_cur != NULL ) + { + seq_prv = seq_cur; + seq_cur = seq_cur->next; + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); + mbedtls_free( seq_prv ); + } + if( cert_cur->raw.p != NULL && cert_cur->own_buffer ) { mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 6680c808f..d139bfa06 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -77,6 +77,42 @@ all_final += test-ca-good-alt.crt test_ca_crt_file_ec = test-ca2.crt test_ca_key_file_ec = test-ca2.key +test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ +all_final += test-ca-any_policy.crt + +test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ +all_final += test-ca-any_policy_ec.crt + +test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ +all_final += test-ca-any_policy_with_qualifier.crt + +test-ca-any_policy_with_qualifier_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_qualifier_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ +all_final += test-ca-any_policy_with_qualifier_ec.crt + +test-ca-multi_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ +all_final += test-ca-multi_policy.crt + +test-ca-multi_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_multi_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ +all_final += test-ca-multi_policy_ec.crt + +test-ca-unsupported_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ +all_final += test-ca-unsupported_policy.crt + +test-ca-unsupported_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256 + $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_unsupported_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@ +all_final += test-ca-unsupported_policy_ec.crt + +test-ca.req_ec.sha256: $(test_ca_key_file_ec) + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256 +all_intermediate += test-ca.req_ec.sha256 + test_ca_crt_cat12 = test-ca_cat12.crt $(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ diff --git a/tests/data_files/test-ca-any_policy.crt b/tests/data_files/test-ca-any_policy.crt new file mode 100644 index 000000000..af87439cf --- /dev/null +++ b/tests/data_files/test-ca-any_policy.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMzIxMTY0MDU5WhcNMjkwMzIxMTY0MDU5WjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +IzAhMAwGA1UdEwQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEB +CwUAA4IBAQCHadUDZiIjJhcrG+rYrpOVgMu548rc5kHLC7zVSVfszfdOJq/TdXQT +Lbn9i+AAVRYJU2kHWKD2fvgOYIIBeEGFJKohlKZ82irWxt0Ltph31cuygLcpqNq9 +KRQ/dh3S0w9vn1A1ubYGKTzTnZGELTVzMlXZGTRbAOylMu4eWac6LHymE2EBqmOq +fPCuWdFB62ewQWRa+dRO92Aphh870u43/iLbw7hs4s8hokZP7Ewg6AHb4qjVePdF +jjxAO6x5VCj/WQRnw7muAy0P3l5AhYXAIUdnkdYca5Ja6LfdEJiVeTdE3IU6UJg+ +gAu9swDhUlEuIlCrOdC3tOPDslsOIgTV +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-any_policy_ec.crt b/tests/data_files/test-ca-any_policy_ec.crt new file mode 100644 index 000000000..821a92c45 --- /dev/null +++ b/tests/data_files/test-ca-any_policy_ec.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBzDCCAVGgAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwMzI1MDkwMjQ1WhcNMjkwMzI1MDkwMjQ1WjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jIzAhMAwGA1UdEwQFMAMBAf8wEQYDVR0gBAow +CDAGBgRVHSAAMAoGCCqGSM49BAMCA2kAMGYCMQDWHgmWMckbGLd7XREnJVAv+XRp +XANOCbWLDu+Fik6c28S+qR6zGEKKGiPHYeDpjRACMQDnYcFBwlfuAB6td3fteG0P +AWngOaGHmUFEA6h24b5Z6/GSFD9FK9rVRdxQc4Olz7U= +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-any_policy_with_qualifier.crt b/tests/data_files/test-ca-any_policy_with_qualifier.crt new file mode 100644 index 000000000..a052bc626 --- /dev/null +++ b/tests/data_files/test-ca-any_policy_with_qualifier.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCAhqgAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNDI4MTMxNDMxWhcNMjkwNDI4MTMxNDMxWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +QTA/MAwGA1UdEwQFMAMBAf8wLwYDVR0gBCgwJjAkBgRVHSAAMBwwGgYIKwYBBQUH +AgEWDkNQUyB1cmkgc3RyaW5nMA0GCSqGSIb3DQEBCwUAA4IBAQBo3CLwvTakVDWs +XUZz3ehGgk39KzmYOb3m9bBfMpOplDfE8Zaj8TDZZsxXpNCXT85GgbrAdr6pONQJ +Mqd3TzTXCs6tmmIOVDToOj6nKtm2nNSf+1TUuLRgeavgCoicoQZOtW5tAehw/RTE +4VQXSm+ZWotYwK1jvlHS0LaehUy53GsNxWBJHCc3exD+iyutXTZ89jczIKuWpEIN +pTdI/EYVD2r6r/IITRnJpGjNXOhGB4zvgFlwv88GeF5lG6Si9YD+swO8JuJP35q6 +7cPA/vtrjoiyM3kXmmN1LZGIfEMKNwEcyVhvl+d6sReomI3HAKOj9IIG7umFKi6t +axMwzK3Y +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt b/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt new file mode 100644 index 000000000..5e1491da7 --- /dev/null +++ b/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB6DCCAW+gAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwNDI4MTAxNjA1WhcNMjkwNDI4MTAxNjA1WjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jQTA/MAwGA1UdEwQFMAMBAf8wLwYDVR0gBCgw +JjAkBgRVHSAAMBwwGgYIKwYBBQUHAgEWDkNQUyB1cmkgc3RyaW5nMAoGCCqGSM49 +BAMCA2cAMGQCMDvi5bBVplU3Gct+iYRmRW9ewty5b+1OX0ggzA+ExXpL1Obo6A16 +a2h1kb7Oy4+BSAIwXZHYb6OEWkOngISfwSZxDiiNXOTwvCu2/oFGC8xTENn0B88m +2WwPzh4jnvXhNh0w +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-multi_policy.crt b/tests/data_files/test-ca-multi_policy.crt new file mode 100644 index 000000000..168e99f2e --- /dev/null +++ b/tests/data_files/test-ca-multi_policy.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGzCCAgOgAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNDI4MTI1OTE5WhcNMjkwNDI4MTI1OTE5WjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +KjAoMAwGA1UdEwQFMAMBAf8wGAYDVR0gBBEwDzAFBgMqAwQwBgYEVR0gADANBgkq +hkiG9w0BAQsFAAOCAQEAPwOUmjnrcBA7dt5drCakEz9HOpj8gZQd1fyVGv221LCL +h2W1Ngd2WlcADhPQcTdqNx4Dk+KPiBjPEooE9M7d3K33Qn/dVkmOYiW6E/4wU2tM +cqFj7rg8Now4lBaEqEmBP+cpv+mYqavPcKy3tz4wn1SnA3MpT1hEazhNe4yInNAY +4YqRBbWuBGkePjbce6Lf+rTfaA7kJnyuC9SHguQRmWtV3xzNzLUFn+V/jYSqYvYU +2MjDFgCYCmW0xl5Wo8wMWWAvMbO2mRJ37OLUkSOkxgeEL6OihY1GPkbfxC2qV6mR +4VjmfclwXumiDAvVLhW8hWjCxg8gc69G7kCkVbljLA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-multi_policy_ec.crt b/tests/data_files/test-ca-multi_policy_ec.crt new file mode 100644 index 000000000..70ea2ebbd --- /dev/null +++ b/tests/data_files/test-ca-multi_policy_ec.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0zCCAVigAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwNDI4MTI1OTUxWhcNMjkwNDI4MTI1OTUxWjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jKjAoMAwGA1UdEwQFMAMBAf8wGAYDVR0gBBEw +DzAFBgMqAwQwBgYEVR0gADAKBggqhkjOPQQDAgNpADBmAjEAqyz2v+6i3xXF4qlr +o89qxwlpIn9sR0xU+qo9tgcM6Fa7IDdAU1lhweN8MpkJTtrGAjEAmgNI/08M8n6/ +sMM0Xutt5u9EUHb+4y0uyOfYMcEPr+pCUM4GPxBP6RdqI8Wu9OQf +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-unsupported_policy.crt b/tests/data_files/test-ca-unsupported_policy.crt new file mode 100644 index 000000000..bf47d9538 --- /dev/null +++ b/tests/data_files/test-ca-unsupported_policy.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNDI4MTMwMDEzWhcNMjkwNDI4MTMwMDEzWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +IjAgMAwGA1UdEwQFMAMBAf8wEAYDVR0gBAkwBzAFBgMqAwQwDQYJKoZIhvcNAQEL +BQADggEBAGvARX2orRXDmc2a7nSrbRFkdw/7qbL8Y+wLeM94SsZVgzGcxzRx1KvG +2H5nBvPKgAzBqWVPU7eDPjrETIfsCxSu+yklBIg5QYRuOcprLtQPkFVfl+WLd31F +lS1uMgZkahIr57aHoJLYPrEjW4CBHoliT8xfrvVZi4+ym7i/vFqXL7IJ+PIklNF8 +2/b4SAB9hRI5oPw1TV9Q0v2PqMXL/0cp/9Roe+H28Tcrody6jTtEdsU2wbaxhxMd +YK4Ak1FkhKItumINbtAUnHgBVwO2IivGZgsYulC/9y1uh5NU1HxMzqh04UEMgre+ +9SeEjhwFkq16Njc5Cdt/7iFLeiaHcNU= +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca-unsupported_policy_ec.crt b/tests/data_files/test-ca-unsupported_policy_ec.crt new file mode 100644 index 000000000..161e83cc1 --- /dev/null +++ b/tests/data_files/test-ca-unsupported_policy_ec.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByjCCAVCgAwIBAgIBADAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTkwNDI4MTMwMDE5WhcNMjkwNDI4MTMwMDE5WjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjU +UrSRlTkLI99fFyRiSPwalSnOLC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0 +X3WnR2/VGSlVaZpTOyC0ZhZgMx6jIjAgMAwGA1UdEwQFMAMBAf8wEAYDVR0gBAkw +BzAFBgMqAwQwCgYIKoZIzj0EAwIDaAAwZQIwKUY3aTL6UR2H1Q1OzIJw7vxUso4P +2PksCWb62kQeAnhYK85t1VGQiA49iHCXVKuXAjEAq+1qvlmwHX1E99ha/rvxcAYp +UmxXLmSb53RT0NvhEKnUVGGUp2pBNAVVJOH+G0NI +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index d345fe99e..5f71532ce 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -31,6 +31,26 @@ subjectAltName=@alt_names hwtype = OID:1.3.6.1.4.1.17.3 hwserial = OCT:123456 +[v3_any_policy_ca] +basicConstraints = CA:true +certificatePolicies = 2.5.29.32.0 + +[v3_any_policy_qualifier_ca] +basicConstraints = CA:true +certificatePolicies = @policy_info + +[v3_multi_policy_ca] +basicConstraints = CA:true +certificatePolicies = 1.2.3.4,2.5.29.32.0 + +[v3_unsupported_policy_ca] +basicConstraints = CA:true +certificatePolicies = 1.2.3.4 + +[policy_info] +policyIdentifier = 2.5.29.32.0 +CPS.1 ="CPS uri string" + [noext_ca] basicConstraints = CA:true diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f53ea8232..6fcf80564 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -122,6 +122,38 @@ X509 Certificate information, Subject Alt Name + Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +X509 Certificate information, RSA Certificate Policy any +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" + +X509 Certificate information, ECDSA Certificate Policy any +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" + +X509 Certificate information, RSA Certificate Policy any with qualifier +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" + +X509 Certificate information, ECDSA Certificate Policy any with qualifier +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" + +X509 Certificate information, RSA Certificate multiple Policies +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" + +X509 Certificate information, ECDSA Certificate multiple Policies +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" + +X509 Certificate information, RSA Certificate unsupported policy +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" + +X509 Certificate information, ECDSA Certificate unsupported policy +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" + X509 Certificate information, Key Usage + Extended Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" From 226991e624a1d5e339cf6b7123b46e8c852b7223 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 24 Mar 2019 13:39:51 +0200 Subject: [PATCH 38/80] Add ChangeLog entry for new extensions change Add an entry for the new x509 extension parsing support. --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 58ff14734..ce50950a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,10 @@ Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites from the default list (enabled by default). See https://sweet32.info/SWEET32_CCS16.pdf. + * Add support for parsing subject alternative name, of type otherName, + HardwareModuleName, as defined in rfc 4108 section 5. + * Add support for parsing certificate policies extension, as defined in + rfc 5280 section 4.2.1.4. Currently only supports "Any Policy" policy. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. From 3c4734a2a569c538350758bd456bc6e55af1eb64 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 25 Mar 2019 14:05:23 +0200 Subject: [PATCH 39/80] Add Wisun Fan device certificate Add certificate with Wisun fan device extended key usage, support parsing it and add tests. --- include/mbedtls/oid.h | 2 +- tests/data_files/Makefile | 3 +++ tests/data_files/server5-fan.crt | 10 ++++++++++ tests/data_files/test-ca.opensslconf | 3 +++ tests/suites/test_suite_x509parse.data | 4 ++++ 5 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 tests/data_files/server5-fan.crt diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index c516b7aaf..1e96856e2 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -212,7 +212,7 @@ * { iso(1) identified-organization(3) dod(6) internet(1) * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } */ -#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" +#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" #define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */ #define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */ diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d139bfa06..d1af18ce7 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -184,6 +184,9 @@ server5-othername.crt: server5.key server5-unsupported_othername.crt: server5.key $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@ +server5-fan.crt: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@ + server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ all_final += server10-badsign.crt diff --git a/tests/data_files/server5-fan.crt b/tests/data_files/server5-fan.crt new file mode 100644 index 000000000..dc1eb380c --- /dev/null +++ b/tests/data_files/server5-fan.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdTCCARugAwIBAgIBTTAKBggqhkjOPQQDAjA3MQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxFTATBgNVBAMMDE1iZWQgVExTIEZBTjAeFw0xOTAzMjUw +OTAzNDZaFw0yOTAzMjIwOTAzNDZaMDcxCzAJBgNVBAYTAlVLMREwDwYDVQQKDAhN +YmVkIFRMUzEVMBMGA1UEAwwMTWJlZCBUTFMgRkFOMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/ +6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MYMBYwFAYDVR0lBA0wCwYJKwYBBAGC +5CUBMAoGCCqGSM49BAMCA0gAMEUCIQDp/Q5FaVy3YNeJflQKLGycQZoH6V3FQnLq +ERUCeimLIAIgdyiA4KdHxkpQhC1L1KfmxG8YJqu31FBjmNw00Sv8J9k= +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index 5f71532ce..d2c5c0630 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -51,6 +51,9 @@ certificatePolicies = 1.2.3.4 policyIdentifier = 2.5.29.32.0 CPS.1 ="CPS uri string" +[fan_cert] +extendedKeyUsage = 1.3.6.1.4.1.45605.1 + [noext_ca] basicConstraints = CA:true diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6fcf80564..d3afe1f88 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -98,6 +98,10 @@ X509 Certificate information EC, SHA256 Digest, hardware module name SAN depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n" +X509 Certificate information EC, SHA256 Digest, Wisun Fan device +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +x509_cert_info:"data_files/server5-fan.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n" + X509 Certificate information, NS Cert Type depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n" From 5091bec3ea5b29aa0a745bdd17438178f842175f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 May 2019 15:23:08 +0100 Subject: [PATCH 40/80] Fix doxygen for new x509 structures The documentation for some new structures and members was only a C style comment and wasn't picked up by doxygen. This commit adds the missing asterisks. --- include/mbedtls/x509_crt.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index acaafbe9f..c93fefa22 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -99,7 +99,7 @@ typedef struct mbedtls_x509_crt } mbedtls_x509_crt; -/* +/** * From RFC 5280 section 4.2.1.6: * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, @@ -110,7 +110,7 @@ typedef struct mbedtls_x509_san_other_name mbedtls_x509_buf type_id; /**< The type id. */ union { - /* + /** * From RFC 4108 section 5: * HardwareModuleName ::= SEQUENCE { * hwType OBJECT IDENTIFIER, @@ -122,7 +122,7 @@ typedef struct mbedtls_x509_san_other_name } mbedtls_x509_san_other_name; -/* +/** * A structure for holding the parsed Subject Alternative Name, according to type */ typedef struct mbedtls_x509_subject_alternative_name From 11b41eb12beffb486f22e6fc34d7b0eed0b0026b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 May 2019 15:26:49 +0100 Subject: [PATCH 41/80] Fix typos in x509_crt.h --- include/mbedtls/x509_crt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index c93fefa22..ad39400a5 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -386,12 +386,12 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); * if partly successful or a specific X509 or PEM error code */ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); + #endif /* MBEDTLS_FS_IO */ /** - * \brief Parses the subject alternative name list of a given certificate; + * \brief Parses the subject alternative name list of a given certificate. * * \param crt The X509 certificate to parse. - * * \param san A list holding the parsed certificate. * * \note Only "dnsName" and "otherName" of type hardware_module_name, From d2dba36f4472a764c18bfc97543b3c7a8e3443a1 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Thu, 9 May 2019 13:03:05 +0100 Subject: [PATCH 42/80] Only use submodule if present Enabling the USE_CRYPTO_SUBMODULE option causes problems if the crypto submodule isn't present. For example, when building mbed-crypto as a submodule, it should use error.c from the parent project if USE_CRYPTO_SUBMODULE is set. However if the parent project isn't present, then the build will fail. Only enable it if the submodule actually exists. --- scripts/abi_check.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index f837f7a79..30c3fe517 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -148,7 +148,8 @@ class AbiChecker(object): my_environment = os.environ.copy() my_environment["CFLAGS"] = "-g -Og" my_environment["SHARED"] = "1" - my_environment["USE_CRYPTO_SUBMODULE"] = "1" + if os.path.exists(os.path.join(git_worktree_path, "crypto")): + my_environment["USE_CRYPTO_SUBMODULE"] = "1" make_output = subprocess.check_output( [self.make_command, "lib"], env=my_environment, From ab23cd1eae1afe30f11c06cf26034a0c0ee3f006 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 9 May 2019 13:53:57 +0100 Subject: [PATCH 43/80] Remove unneeded checks from x509_get_other_name Lengths are aleady checked in mbedtls_asn1_get_len() which is called in mbedtls_asn1_get_tag(), therefore it is not necessary to check the lengths explicitly afterwards. Also with the previous flow data was left in the output buffer on some errors. --- library/x509_crt.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index f17c8b2ec..cfd3b9d13 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1584,7 +1584,7 @@ cleanup: static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, mbedtls_x509_san_other_name *other_name ) { - int ret; + int ret = 0; size_t len; unsigned char *p = subject_alt_name->p; const unsigned char *end = p + subject_alt_name->len; @@ -1616,12 +1616,6 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); } - if( p + len >= end ) - { - mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } p += len; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) @@ -1638,30 +1632,31 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, other_name->value.hardware_module_name.oid.p = p; other_name->value.hardware_module_name.oid.len = len; - if( p + len >= end ) - { - mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } p += len; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + goto cleanup; other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.p = p; other_name->value.hardware_module_name.val.len = len; other_name->value.hardware_module_name.next = NULL; other_name->value.hardware_module_name.next_merged = 0; + p += len; if( p != end ) { - mbedtls_platform_zeroize( other_name, - sizeof( other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; } + +cleanup: + + if( ret != 0 ) + { + memset( other_name, 0, sizeof( *other_name ) ); + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + } + return( 0 ); } From 22f605fbab03c36f3ce32f0fdd681dbec480917c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 10 May 2019 10:37:17 +0100 Subject: [PATCH 44/80] Print unparseable SubjectAlternativeNames In x509_info_subject_alt_name() we silently dropped names that we couldn't parse because they are not supported or are malformed. (Being malformed might mean damaged file, but can be a sign of incompatibility between applications.) This commit adds code notifying the user that there is something, but we can't parse it. --- library/x509_crt.c | 34 +++++++++++++++----------- tests/suites/test_suite_x509parse.data | 4 +-- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index cfd3b9d13..54b42854b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1682,21 +1682,27 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, { mbedtls_x509_san_other_name other_name; - ret = x509_get_other_name( &cur->buf, &other_name ); - if( ret != 0 ) - { - /* - * In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, - * then the "otherName" is of an unsupported type. Ignore. - */ - if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - ret = 0; - return( ret ); - } + int parse_ret = x509_get_other_name( &cur->buf, &other_name ); ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; + if( parse_ret != 0 ) + { + if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + { + ret = mbedtls_snprintf( p, n, " " ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + else + { + ret = mbedtls_snprintf( p, n, " " ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + + break; + } + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &other_name.value.hardware_module_name.oid ) != 0 ) { @@ -1732,7 +1738,6 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, */ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): { - ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; if( cur->buf.len >= n ) @@ -1747,13 +1752,14 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, break; /* - * Type not supported, skip item. + * Type not supported. */ default: + ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; break; } - cur = cur->next; } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d3afe1f88..99dd0833f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -124,7 +124,7 @@ x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial num X509 Certificate information, Subject Alt Name + Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n \n \nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 Certificate information, RSA Certificate Policy any depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C @@ -172,7 +172,7 @@ x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number X509 Certificate information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\next key usage \: TLS Web Client Authentication\n" +x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n \next key usage \: TLS Web Client Authentication\n" X509 certificate v1 with extension depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C From 2f0ec1e3bf4a02d64251826231284044972f7f4f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 10 May 2019 11:06:31 +0100 Subject: [PATCH 45/80] Tidy up style in x509_info_subject_alt_name --- library/x509_crt.c | 122 ++++++++++++++++++++++++++------------------- 1 file changed, 70 insertions(+), 52 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 54b42854b..a01b53c3c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1661,7 +1661,8 @@ cleanup: } static int x509_info_subject_alt_name( char **buf, size_t *size, - const mbedtls_x509_sequence *subject_alt_name, + const mbedtls_x509_sequence + *subject_alt_name, const char *prefix ) { size_t i; @@ -1679,77 +1680,94 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, * otherName */ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): - { - mbedtls_x509_san_other_name other_name; - - int parse_ret = x509_get_other_name( &cur->buf, &other_name ); - - ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - - if( parse_ret != 0 ) { - if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + mbedtls_x509_san_other_name other_name; + + int parse_ret = x509_get_other_name( &cur->buf, + &other_name ); + + ret = mbedtls_snprintf( p, n, "\n%s otherName :", + prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( parse_ret != 0 ) { - ret = mbedtls_snprintf( p, n, " " ); - MBEDTLS_X509_SAFE_SNPRINTF; - } - else - { - ret = mbedtls_snprintf( p, n, " " ); - MBEDTLS_X509_SAFE_SNPRINTF; + if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + { + ret = mbedtls_snprintf( p, n, " " ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + else + { + ret = mbedtls_snprintf( p, n, " " ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + + break; } - break; + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, + &other_name.value.hardware_module_name.oid ) + != 0 ) + { + ret = mbedtls_snprintf( p, n, "\n%s " + "hardware module name :", + prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_snprintf( p, n, + "\n%s " + "hardware type : ", + prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = mbedtls_oid_get_numeric_string( p, n, + &other_name.value.hardware_module_name.oid ); + MBEDTLS_X509_SAFE_SNPRINTF; + + ret = mbedtls_snprintf( p, n, + "\n%s " + "hardware serial number : ", + prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( other_name.value.hardware_module_name.val.len >= n ) + { + *p = '\0'; + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + } + + for( i = 0; + i < other_name.value.hardware_module_name.val.len; + i++ ) + { + *p++ = + other_name.value.hardware_module_name.val.p[i]; + } + n -= other_name.value.hardware_module_name.val.len; + + }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ + } - - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name.value.hardware_module_name.oid ) != 0 ) - { - ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_oid_get_numeric_string( p, n, &other_name.value.hardware_module_name.oid ); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - - if( other_name.value.hardware_module_name.val.len >= n ) - { - *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); - } - - for( i = 0; i < other_name.value.hardware_module_name.val.len; i++ ) - { - *p++ = other_name.value.hardware_module_name.val.p[i]; - } - n -= other_name.value.hardware_module_name.val.len; - - }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ - } - break; + break; /* * dNSName */ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): - { ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; + if( cur->buf.len >= n ) { *p = '\0'; return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); } + n -= cur->buf.len; for( i = 0; i < cur->buf.len; i++ ) *p++ = cur->buf.p[i]; - } - break; + + break; /* * Type not supported. From 6c379b4b8091ede8d28becc6bf36c7a7c59c3b37 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 10 May 2019 14:17:16 +0100 Subject: [PATCH 46/80] Propogate error when parsing SubjectAltNames The previous behaviour of mbedtls_x509_parse_subject_alternative_name() was to silently ignore errors coming from x509_get_other_name(). The current commit fixes it and returns with an error. --- library/x509_crt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index a01b53c3c..047e4e6e2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1823,8 +1823,9 @@ int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt, * In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, * then the "otherName" is of an unsupported type. Ignore. */ - if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - ret = 0; + if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + return MBEDTLS_ERR_X509_INVALID_FORMAT; + cur = cur->next; continue; } From 293c3dae6dce53b03b5149f097009c147644e0e3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 10 May 2019 15:53:03 +0100 Subject: [PATCH 47/80] Remove redundant memset() The preceding calloc() already zeroizes that memory area, therfore the memset() is not necessary. Compilers are likely to optimize this out, but it still can be confusing to readers. --- library/x509_crt.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 047e4e6e2..f58b15694 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1858,7 +1858,6 @@ int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt, if( prev_san != NULL ) prev_san->next = cur_san; - memset( cur_san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); cur_san->type = MBEDTLS_X509_SAN_DNS_NAME; memcpy( &cur_san->san.unstructured_name, From 26cfd1361dd7e92aff4fd7cb6a951c1b0181c629 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 13 May 2019 15:48:38 +0300 Subject: [PATCH 48/80] Rephrase changeLog entries Rephrase the changeLog entries for clarity and capitalize RFC. --- ChangeLog | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index ce50950a3..f942ebbf5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,10 +61,11 @@ Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites from the default list (enabled by default). See https://sweet32.info/SWEET32_CCS16.pdf. - * Add support for parsing subject alternative name, of type otherName, - HardwareModuleName, as defined in rfc 4108 section 5. + * Add support for parsing otherName entries in the Subject Alternative Name + X.509 certificate extension, as defined in RFC 4108 section 5. * Add support for parsing certificate policies extension, as defined in - rfc 5280 section 4.2.1.4. Currently only supports "Any Policy" policy. + RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is + supported. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. From 78c3040347b5bdcbbaeeeafe9cfb587e8a9eccad Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 13 May 2019 15:49:53 +0300 Subject: [PATCH 49/80] Rephrase x509_crt extension member description Rephrase doxygen comments for subject alternative name and certificate policies. --- include/mbedtls/x509_crt.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index ad39400a5..dbfaf9c08 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -76,9 +76,9 @@ typedef struct mbedtls_x509_crt mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of Subject Alternative Names (Only dNSName and OtherName supported). */ + mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ - mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate4 policies (Only anyPolicy supported). */ + mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy supported). */ int ext_types; /**< Bit string containing detected and parsed extensions */ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ From 0806379e3e359d5d6f67e354767812dfc848c0e8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 13 May 2019 16:38:39 +0300 Subject: [PATCH 50/80] Add length checking in certificate policy parsing Change the extension parsing to `policy_end` and verify that the policy and qualifiers length don't exceed the end of the extension. --- library/x509_crt.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index f58b15694..977772676 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -779,7 +779,7 @@ static int x509_get_certificate_policies( unsigned char **p, policy_end = *p + len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, + if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); @@ -806,11 +806,27 @@ static int x509_get_certificate_policies( unsigned char **p, buf->tag = policy_oid.tag; buf->p = policy_oid.p; buf->len = policy_oid.len; - /* - * Skip the optional policy qualifiers, - * and set the pointer to the end of the policy. - */ - *p = (unsigned char *)policy_end; + + *p += len; + + /* + * If there is an optional qualifier, then *p < policy_end + * Check the Qualifier len to verify it doesn't exceed policy_end. + */ + if( *p < policy_end ) + { + if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + /* + * Skip the optional policy qualifiers. + */ + *p += len; + } + + if( *p != policy_end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } /* Set final sequence entry's next pointer to NULL */ From 890819a597bd7a67f0b8185a4409733504f792b3 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 13 May 2019 19:03:04 +0300 Subject: [PATCH 51/80] Change mbedtls_x509_subject_alternative_name Make `mbedtls_x509_subject_alternative_name` to be a single item rather than a list. Adapt the subject alternative name parsing function, to receive a signle `mbedtls_x509_buf` item from the subject_alt_names sequence of the certificate. --- include/mbedtls/x509_crt.h | 34 ++- library/x509_crt.c | 284 ++++++++------------- tests/suites/test_suite_x509parse.function | 29 ++- 3 files changed, 151 insertions(+), 196 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index dbfaf9c08..b321c4233 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -107,6 +107,11 @@ mbedtls_x509_crt; */ typedef struct mbedtls_x509_san_other_name { + /** + * The type_id is an OID as deifned in RFC 5280. + * To check the value of the type id, you should use + * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. + */ mbedtls_x509_buf type_id; /**< The type id. */ union { @@ -133,7 +138,6 @@ typedef struct mbedtls_x509_subject_alternative_name mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ } san; /**< A union of the supported SAN types */ - struct mbedtls_x509_subject_alternative_name *next; /**< The next SAN in the list. */ } mbedtls_x509_subject_alternative_name; @@ -389,24 +393,30 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); #endif /* MBEDTLS_FS_IO */ /** - * \brief Parses the subject alternative name list of a given certificate. + * \brief Parses a subject alternative name item + * to an identified structure; * - * \param crt The X509 certificate to parse. - * \param san A list holding the parsed certificate. + * \param san_buf The buffer holding the raw data item of the subject + * alternative name. + * \param san The target structure to populate with the parsed presentation + * of the subject alternative name encoded in \p san_raw. * * \note Only "dnsName" and "otherName" of type hardware_module_name, * as defined in RFC 4180 is supported. * - * \note Any unsupported san type is ignored. + * \note This function should be called on a single raw data of + * subject alternative name. For example, after successfult + * certificate parsing, one must iterate on every item in the + * \p crt->subject_alt_names sequence, and send it as parameter + * to this function. * - * \note The function allocates a list of mbedtls_x509_subject_alternative_name - * and it is the caller's responsibility to free it. - * - * \return Zero for success and negative - * value for any other failure. + * \return \c 0 on success + * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported + * SAN type + * \return Negative value for any other failure. */ -int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt, - mbedtls_x509_subject_alternative_name **san ); +int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san ); /** * \brief Returns an informational string about the * certificate. diff --git a/library/x509_crt.c b/library/x509_crt.c index 977772676..cce230bd2 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1632,6 +1632,12 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); } + if( p + len >= end ) + { + mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } p += len; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) @@ -1648,31 +1654,30 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, other_name->value.hardware_module_name.oid.p = p; other_name->value.hardware_module_name.oid.len = len; + if( p + len >= end ) + { + mbedtls_platform_zeroize( other_name, sizeof( other_name ) ); + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } p += len; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - goto cleanup; + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.p = p; other_name->value.hardware_module_name.val.len = len; other_name->value.hardware_module_name.next = NULL; other_name->value.hardware_module_name.next_merged = 0; - p += len; if( p != end ) { - ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + mbedtls_platform_zeroize( other_name, + sizeof( other_name ) ); + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } - -cleanup: - - if( ret != 0 ) - { - memset( other_name, 0, sizeof( *other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); - } - return( 0 ); } @@ -1686,107 +1691,91 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, size_t n = *size; char *p = *buf; const mbedtls_x509_sequence *cur = subject_alt_name; + mbedtls_x509_subject_alternative_name san; + int parse_ret; while( cur != NULL ) { - switch( cur->buf.tag & - ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) + memset( &san, 0, sizeof( san ) ); + parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); + if( parse_ret != 0 ) + { + if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + { + ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + else + { + ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + cur = cur->next; + continue; + } + + switch( san.type ) { /* * otherName */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): + case( MBEDTLS_X509_SAN_OTHER_NAME ): + { + mbedtls_x509_san_other_name *other_name = &san.san.other_name; + + ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, + &other_name->value.hardware_module_name.oid ) != 0 ) { - mbedtls_x509_san_other_name other_name; - - int parse_ret = x509_get_other_name( &cur->buf, - &other_name ); - - ret = mbedtls_snprintf( p, n, "\n%s otherName :", - prefix ); + ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; - if( parse_ret != 0 ) - { - if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - { - ret = mbedtls_snprintf( p, n, " " ); - MBEDTLS_X509_SAFE_SNPRINTF; - } - else - { - ret = mbedtls_snprintf( p, n, " " ); - MBEDTLS_X509_SAFE_SNPRINTF; - } + ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid ); + MBEDTLS_X509_SAFE_SNPRINTF; - break; + ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + + if( other_name->value.hardware_module_name.val.len >= n ) + { + *p = '\0'; + return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); } - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name.value.hardware_module_name.oid ) - != 0 ) + for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ ) { - ret = mbedtls_snprintf( p, n, "\n%s " - "hardware module name :", - prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, - "\n%s " - "hardware type : ", - prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; + *p++ = other_name->value.hardware_module_name.val.p[i]; + } + n -= other_name->value.hardware_module_name.val.len; - ret = mbedtls_oid_get_numeric_string( p, n, - &other_name.value.hardware_module_name.oid ); - MBEDTLS_X509_SAFE_SNPRINTF; - - ret = mbedtls_snprintf( p, n, - "\n%s " - "hardware serial number : ", - prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - - if( other_name.value.hardware_module_name.val.len >= n ) - { - *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); - } - - for( i = 0; - i < other_name.value.hardware_module_name.val.len; - i++ ) - { - *p++ = - other_name.value.hardware_module_name.val.p[i]; - } - n -= other_name.value.hardware_module_name.val.len; - - }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ - - } - break; + }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ + } + break; /* * dNSName */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): + case( MBEDTLS_X509_SAN_DNS_NAME ): + { ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; - - if( cur->buf.len >= n ) + if( san.san.unstructured_name.len >= n ) { *p = '\0'; return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); } - - n -= cur->buf.len; - for( i = 0; i < cur->buf.len; i++ ) - *p++ = cur->buf.p[i]; - - break; + n -= san.san.unstructured_name.len; + for( i = 0; i < san.san.unstructured_name.len; i++ ) + *p++ = san.san.unstructured_name.p[i]; + } + break; /* - * Type not supported. + * Type not supported, skip item. */ default: ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); @@ -1805,102 +1794,53 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, return( 0 ); } -int mbedtls_x509_parse_subject_alternative_name( const mbedtls_x509_crt *crt, - mbedtls_x509_subject_alternative_name **san ) +int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san ) { int ret; - const mbedtls_x509_sequence *cur = &crt->subject_alt_names; - mbedtls_x509_subject_alternative_name *cur_san = *san, *prev_san = NULL; - - if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) + switch( san_buf->tag & + ( MBEDTLS_ASN1_TAG_CLASS_MASK | + MBEDTLS_ASN1_TAG_VALUE_MASK ) ) { - if( cur_san != NULL ) + /* + * otherName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): { - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + mbedtls_x509_san_other_name other_name; + + ret = x509_get_other_name( san_buf, &other_name ); + if( ret != 0 ) + return( ret ); + + memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + san->type = MBEDTLS_X509_SAN_OTHER_NAME; + memcpy( &san->san.other_name, + &other_name, sizeof( other_name ) ); + } + break; - while( cur != NULL ) + /* + * dNSName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): { - switch( cur->buf.tag & - ( MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK ) ) - { - /* - * otherName - */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): - { - mbedtls_x509_san_other_name other_name; + memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + san->type = MBEDTLS_X509_SAN_DNS_NAME; - ret = x509_get_other_name( &cur->buf, &other_name ); - if( ret != 0 ) - { - /* - * In case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, - * then the "otherName" is of an unsupported type. Ignore. - */ - if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - return MBEDTLS_ERR_X509_INVALID_FORMAT; + memcpy( &san->san.unstructured_name, + san_buf, sizeof( *san_buf ) ); - cur = cur->next; - continue; - } + } + break; - cur_san = mbedtls_calloc( 1, sizeof( mbedtls_x509_subject_alternative_name ) ); - if( cur_san == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_ALLOC_FAILED ); - - if( prev_san != NULL ) - prev_san->next = cur_san; - - cur_san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy( &cur_san->san.other_name, - &other_name, sizeof( other_name ) ); - - } - break; - - /* - * dNSName - */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): - { - cur_san = mbedtls_calloc( 1, sizeof( mbedtls_x509_subject_alternative_name ) ); - if( cur_san == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_ALLOC_FAILED ); - - if( prev_san != NULL ) - prev_san->next = cur_san; - - cur_san->type = MBEDTLS_X509_SAN_DNS_NAME; - - memcpy( &cur_san->san.unstructured_name, - &cur->buf, sizeof( cur->buf ) ); - - } - break; - - /* - * Type not supported, skip item. - */ - default: - break; - } - - if( *san == NULL ) - *san = cur_san; - - if( cur_san != NULL ) - { - prev_san = cur_san; - cur_san = cur_san->next; - } - - cur = cur->next; - }/* while( cur != NULL ) */ - }/* crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME */ + /* + * Type not supported + */ + default: + return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + } return( 0 ); } diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index beec52cc3..b4e980210 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -303,8 +303,10 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void x509_parse_san( char * crt_file, char * result_str ) { + int ret; mbedtls_x509_crt crt; - mbedtls_x509_subject_alternative_name *cur, *next, *san = NULL; + mbedtls_x509_subject_alternative_name san; + mbedtls_x509_sequence *cur = NULL; char buf[2000]; char *p = buf; size_t n = sizeof( buf ); @@ -313,24 +315,27 @@ void x509_parse_san( char * crt_file, char * result_str ) memset( buf, 0, 2000 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); - TEST_ASSERT( mbedtls_x509_parse_subject_alternative_name( &crt, &san ) == 0 ); - cur = san; - while( cur != NULL ) + + if( crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) { - TEST_ASSERT( verify_parse_san( cur, &p, &n ) == 0 ); - cur = cur->next; + cur = &crt.subject_alt_names; + while( cur != NULL ) + { + ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); + TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + /* + * If san type not supported, ignore. + */ + if( ret == 0) + TEST_ASSERT( verify_parse_san( &san, &p, &n ) == 0 ); + cur = cur->next; + } } TEST_ASSERT( strcmp( buf, result_str ) == 0 ); exit: - for( cur = san; cur != NULL; cur = next ) - { - next = cur->next; - mbedtls_free( cur ); - } - mbedtls_x509_crt_free( &crt ); } /* END_CASE */ From f05f594acbd405104150f47b349e423cc1ba0241 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 13 May 2019 19:11:31 +0300 Subject: [PATCH 52/80] change the type of hardware_module_name member Change the type of `hardware_module_name` struct from `mbedtls_x509_name` to a unique struct, to distinguish it from the named data type. --- include/mbedtls/x509_crt.h | 7 ++++++- library/x509_crt.c | 2 -- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index b321c4233..81a2de2be 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -121,7 +121,12 @@ typedef struct mbedtls_x509_san_other_name * hwType OBJECT IDENTIFIER, * hwSerialNum OCTET STRING } */ - mbedtls_x509_name hardware_module_name; + struct + { + mbedtls_x509_buf oid; /**< The object identifier. */ + mbedtls_x509_buf val; /**< The named value. */ + } + hardware_module_name; } value; } diff --git a/library/x509_crt.c b/library/x509_crt.c index cce230bd2..9bc869652 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1668,8 +1668,6 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.p = p; other_name->value.hardware_module_name.val.len = len; - other_name->value.hardware_module_name.next = NULL; - other_name->value.hardware_module_name.next_merged = 0; p += len; if( p != end ) { From cc45cd177f89883ff54f1c54bbfc8f03a7cf8ef6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 10:20:09 +0300 Subject: [PATCH 53/80] Update SAN parsing documentation 1) Fix typo in `mbedtls_x509_parse_subject_alt_name()` documentation. 2) Add a not in `mbedtls_x509_parse_subject_alt_name()` documentation, stating that the lifetime of the target structure is restricted by the lifetime ofthe parsed certificate. --- include/mbedtls/x509_crt.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 81a2de2be..a5deb95e0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -410,11 +410,15 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); * as defined in RFC 4180 is supported. * * \note This function should be called on a single raw data of - * subject alternative name. For example, after successfult + * subject alternative name. For example, after successful * certificate parsing, one must iterate on every item in the * \p crt->subject_alt_names sequence, and send it as parameter * to this function. * + * \note The target structure contains pointers to the raw data of the + * parsed certificate, and its lifetime is restricted by the + * lifetime of the certificate. + * * \return \c 0 on success * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported * SAN type From 8b0c3c91e63fee5d62c965f10cc35a760d5fea7f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 12:20:00 +0300 Subject: [PATCH 54/80] Fail in case critical crt policy not supported In case the certificate policy is not of type `AnyPolicy` set the returned error code to `MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE` and continue parsing. If the extension is critical, return error anyway, unless `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` is configured. Fail parsing on any other error. --- library/x509_crt.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 9bc869652..3b68f01aa 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -743,7 +743,7 @@ static int x509_get_certificate_policies( unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *certificate_policies ) { - int ret; + int ret, parse_ret = 0; size_t len; mbedtls_asn1_buf *buf; mbedtls_asn1_sequence *cur = certificate_policies; @@ -787,6 +787,19 @@ static int x509_get_certificate_policies( unsigned char **p, policy_oid.len = len; policy_oid.p = *p; + /* + * Only AnyPolicy is currently supported when enforcing policy. + */ + if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 ) + { + /* + * Set the parsing return code but continue parsing, in case this + * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION + * is configured. + */ + parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } + /* Allocate and assign next pointer */ if( cur->buf.p != NULL ) { @@ -836,7 +849,7 @@ static int x509_get_certificate_policies( unsigned char **p, return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - return( 0 ); + return( parse_ret ); } /* @@ -970,7 +983,21 @@ static int x509_get_crt_ext( unsigned char **p, /* Parse certificate policies type */ if( ( ret = x509_get_certificate_policies( p, end_ext_octet, &crt->certificate_policies ) ) != 0 ) - return( ret ); + { +#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) + if( is_critical ) + return( ret ); + else +#endif + /* + * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, the we cannot + * interpret or enforce the policy. However, it is up to the user + * to choose how to enforce the policies, + * unless the extension is critical. + */ + if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + return( ret ); + } break; default: From e699270908f409ecc303bc0c1bb8e3b2675362d7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 7 May 2019 18:27:13 +0300 Subject: [PATCH 55/80] Add a single exit point in key derivation function Add a single exit point in `mbedtls_ssl_derive_keys()`. --- library/ssl_tls.c | 42 +++++++++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index da42ed7ae..c2903605c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1036,7 +1036,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); - return( ret ); + goto end; } /* Get MAC length */ @@ -1106,7 +1106,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } } } @@ -1168,7 +1169,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_SRV_C */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) @@ -1178,7 +1180,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( mac_key_len > sizeof( transform->mac_enc ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } memcpy( transform->mac_enc, mac_enc, mac_key_len ); @@ -1202,7 +1205,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) #endif { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; } #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ @@ -1220,7 +1224,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) mac_key_len ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; + goto end; } } #else @@ -1253,7 +1258,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - return( ret ); + goto end; } if( ret == 0 ) @@ -1279,7 +1284,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) cipher_info ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - return( ret ); + goto end; } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1296,7 +1301,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); - return( ret ); + goto end; } if( ret == 0 ) @@ -1322,7 +1327,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) cipher_info ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - return( ret ); + goto end; } if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, @@ -1330,7 +1335,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_ENCRYPT ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - return( ret ); + goto end; } if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, @@ -1338,7 +1343,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_DECRYPT ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - return( ret ); + goto end; } #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -1348,14 +1353,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_PADDING_NONE ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); - return( ret ); + goto end; } if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, MBEDTLS_PADDING_NONE ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); - return( ret ); + goto end; } } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -1375,7 +1380,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto end; } } @@ -1389,14 +1395,16 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) inflateInit( &transform->ctx_inflate ) != Z_OK ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); - return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); + ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED; + goto end; } } #endif /* MBEDTLS_ZLIB_SUPPORT */ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); +end: - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SSL_PROTO_SSL3) From a9f9a73920855ccb5fea2032bda6cf29bd9b50ea Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 7 May 2019 18:29:02 +0300 Subject: [PATCH 56/80] Zeroize secret data in the exit point Zeroize the secret data in `mbedtls_ssl_derive_keys()` in the single exit point. --- library/ssl_tls.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c2903605c..b5e850ada 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -988,9 +988,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", handshake->randbytes, 64 ); MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); - mbedtls_platform_zeroize( handshake->randbytes, - sizeof( handshake->randbytes ) ); - /* * Determine the appropriate key, IV and MAC length. */ @@ -1365,7 +1362,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); #if defined(MBEDTLS_ZLIB_SUPPORT) // Initialize compression @@ -1403,7 +1399,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); end: - + mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); + mbedtls_platform_zeroize( handshake->randbytes, + sizeof( handshake->randbytes ) ); return( ret ); } From 3b350856ff912eabd2ebf10c2c8be99e4280c01b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 7 May 2019 18:31:49 +0300 Subject: [PATCH 57/80] Have the temporary buffer allocated dynamically Change `tmp` buffer to be dynamically allocated, as it is now dependent on external label given as input, in `tls_prf_generic()`. --- library/ssl_tls.c | 57 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b5e850ada..e1415a893 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -425,7 +425,8 @@ static int tls1_prf( const unsigned char *secret, size_t slen, size_t nb, hs; size_t i, j, k; const unsigned char *S1, *S2; - unsigned char tmp[128]; + unsigned char *tmp; + size_t tmp_len = 0; unsigned char h_i[20]; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; @@ -433,8 +434,13 @@ static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_md_init( &md_ctx ); - if( sizeof( tmp ) < 20 + strlen( label ) + rlen ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + tmp_len = 20 + strlen( label ) + rlen; + tmp = mbedtls_calloc( 1, tmp_len ); + if( tmp == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } hs = ( slen + 1 ) / 2; S1 = secret; @@ -449,10 +455,15 @@ static int tls1_prf( const unsigned char *secret, size_t slen, * First compute P_md5(secret,label+random)[0..dlen] */ if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + { + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto exit; + } if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - return( ret ); + { + goto exit; + } mbedtls_md_hmac_starts( &md_ctx, S1, hs ); mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); @@ -480,10 +491,15 @@ static int tls1_prf( const unsigned char *secret, size_t slen, * XOR out with P_sha1(secret,label+random)[0..dlen] */ if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + { + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto exit; + } if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - return( ret ); + { + goto exit; + } mbedtls_md_hmac_starts( &md_ctx, S2, hs ); mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); @@ -505,12 +521,14 @@ static int tls1_prf( const unsigned char *secret, size_t slen, dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); } +exit: mbedtls_md_free( &md_ctx ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, tmp_len ); mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); - return( 0 ); + mbedtls_free( tmp ); + return( ret ); } #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ @@ -593,7 +611,8 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, { size_t nb; size_t i, j, k, md_len; - unsigned char tmp[128]; + unsigned char *tmp; + size_t tmp_len = 0; unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; @@ -606,8 +625,13 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, md_len = mbedtls_md_get_size( md_info ); - if( sizeof( tmp ) < md_len + strlen( label ) + rlen ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + tmp_len = md_len + strlen( label ) + rlen; + tmp = mbedtls_calloc( 1, tmp_len ); + if( tmp == NULL ) + { + ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; + goto exit; + } nb = strlen( label ); memcpy( tmp + md_len, label, nb ); @@ -618,7 +642,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, * Compute P_(secret, label + random)[0..dlen] */ if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - return( ret ); + goto exit; mbedtls_md_hmac_starts( &md_ctx, secret, slen ); mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); @@ -640,12 +664,15 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, dstbuf[i + j] = h_i[j]; } +exit: mbedtls_md_free( &md_ctx ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize( tmp, tmp_len ); mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); - return( 0 ); + mbedtls_free( tmp ); + + return( ret ); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SHA256_C) From f5cc10d93b6c04df741202e3a3af268e01b638e3 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 7 May 2019 18:33:40 +0300 Subject: [PATCH 58/80] Add an extra key export function Add an additional function `mbedtls_ssl_export_keys_ext_t()` for exporting key, that adds additional information such as the used `tls_prf` and the random bytes. --- include/mbedtls/ssl.h | 73 +++++++++++++++++++++++++++++++++++++++++++ library/ssl_tls.c | 18 +++++++++++ 2 files changed, 91 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 135be0501..766217c44 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -559,6 +559,25 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx, */ typedef int mbedtls_ssl_get_timer_t( void * ctx ); +/** + * \brief Function type: TLS-PRF function. + * + * \param secret Secret for the key derivation function. + * \param slen Length of the secret. + * \param label String label for the key derivation function, + * terminated with null character. + * \param random Random bytes. + * \param rlen Length of the random bytes buffer. + * \param dstbuf The buffer holding the derived key. + * \param dlen Length of the output buffer. + * + * \return 0 on sucess. An SSL specific error on failure. + */ +typedef int mbedtls_ssl_tls_prf( const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ); + /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_ssl_context mbedtls_ssl_context; @@ -920,6 +939,11 @@ struct mbedtls_ssl_config /** Callback to export key block and master secret */ int (*f_export_keys)( void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t ); + /** Callback to export key block, master secret, + * tls_prf and random bytes. Should replace f_export_keys */ + int (*f_export_keys_ext)( void *, const unsigned char *, + const unsigned char *, size_t, size_t, size_t, + mbedtls_ssl_tls_prf *, unsigned char[32], unsigned char[32]); void *p_export_keys; /*!< context for key export callback */ #endif @@ -1624,6 +1648,41 @@ typedef int mbedtls_ssl_export_keys_t( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen ); + +/** + * \brief Callback type: Export key block, master secret, + * handshake randbytes and the tls_prf function + * used to derive keys. + * + * \note This is required for certain uses of TLS, e.g. EAP-TLS + * (RFC 5216) and Thread. The key pointers are ephemeral and + * therefore must not be stored. The master secret and keys + * should not be used directly except as an input to a key + * derivation function. + * + * \param p_expkey Context for the callback. + * \param ms Pointer to master secret (fixed length: 48 bytes). + * \param kb Pointer to key block, see RFC 5246 section 6.3. + * (variable length: 2 * maclen + 2 * keylen + 2 * ivlen). + * \param maclen MAC length. + * \param keylen Key length. + * \param ivlen IV length. + * \param tls_prf The TLS PRF function used in the handshake. + * \param client_random The client random bytes. + * \param server_random The server random bytes. + * + * \return 0 if successful, or + * a specific MBEDTLS_ERR_XXX code. + */ +typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + mbedtls_ssl_tls_prf *tls_prf, + unsigned char client_random[32], + unsigned char server_random[32] ); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ /** @@ -1689,6 +1748,20 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, mbedtls_ssl_export_keys_t *f_export_keys, void *p_export_keys ); + +/** + * \brief Configure extended key export callback. + * (Default: none.) + * + * \note See \c mbedtls_ssl_export_keys_ext_t. + * + * \param conf SSL configuration context + * \param f_export_keys_ext Callback for exporting keys + * \param p_export_keys Context for the callback + */ +void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, + void *p_export_keys ); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e1415a893..6a6ed0e47 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1265,6 +1265,16 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) mac_key_len, keylen, iv_copy_len ); } + + if( ssl->conf->f_export_keys_ext != NULL ) + { + ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys, + session->master, keyblk, + mac_key_len, transform->keylen, + iv_copy_len, handshake->tls_prf, + handshake->randbytes + 32, + handshake->randbytes ); + } #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -8653,6 +8663,14 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, conf->f_export_keys = f_export_keys; conf->p_export_keys = p_export_keys; } + +void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, + void *p_export_keys ) +{ + conf->f_export_keys_ext = f_export_keys_ext; + conf->p_export_keys = p_export_keys; +} #endif #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) From c4d3ef472162081c79302fad615f08d92f54ca40 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 7 May 2019 18:35:49 +0300 Subject: [PATCH 59/80] Add ChangeLog entry Add ChangeLog entry describing the new key export feature. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 58ff14734..e205835bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -61,6 +61,8 @@ Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites from the default list (enabled by default). See https://sweet32.info/SWEET32_CCS16.pdf. + * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, + and the used tls-prf. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. From b7fd64ce2bb861d0ce2f3614ad0ac75b4dbf860d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 12 May 2019 11:03:32 +0300 Subject: [PATCH 60/80] Add eap-tls key derivation in the examples. Add support for eap-tls key derivation functionality, in `ssl_client2` and `ssl_server2` reference applications. --- library/ssl_tls.c | 2 +- programs/ssl/ssl_client2.c | 97 +++++++++++++++++++++++++++++++++++++- programs/ssl/ssl_server2.c | 96 +++++++++++++++++++++++++++++++++++++ 3 files changed, 193 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6a6ed0e47..620adf968 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1270,7 +1270,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys, session->master, keyblk, - mac_key_len, transform->keylen, + mac_key_len, keylen, iv_copy_len, handshake->tls_prf, handshake->randbytes + 32, handshake->randbytes ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2cddfb42a..353a5800f 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -126,7 +126,7 @@ int main( void ) #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 #define DFL_CA_CALLBACK 0 - +#define DFL_EAP_TLS 0 #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: " #define GET_REQUEST_END "\r\n\r\n" @@ -204,6 +204,13 @@ int main( void ) #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_EXPORT_KEYS) +#define USAGE_EAP_TLS \ + " eap_tls=%%d default: 0 (disabled)\n" +#else +#define USAGE_EAP_TLS "" +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #define USAGE_TRUNC_HMAC \ " trunc_hmac=%%d default: library default\n" @@ -348,6 +355,7 @@ int main( void ) " reco_delay=%%d default: 0 seconds\n" \ " reconnect_hard=%%d default: 0 (disabled)\n" \ USAGE_TICKETS \ + USAGE_EAP_TLS \ USAGE_MAX_FRAG_LEN \ USAGE_TRUNC_HMAC \ USAGE_CONTEXT_CRT_CB \ @@ -448,10 +456,44 @@ struct options int extended_ms; /* negotiate extended master secret? */ int etm; /* negotiate encrypt then mac? */ int context_crt_cb; /* use context-specific CRT verify callback */ + int eap_tls; /* derive EAP-TLS keying material? */ } opt; int query_config( const char *config ); +#if defined(MBEDTLS_SSL_EXPORT_KEYS) +typedef struct eap_tls_keys +{ + unsigned char master_secret[48]; + unsigned char randbytes[64]; + mbedtls_ssl_tls_prf *tls_prf; +} eap_tls_keys; + +static int eap_tls_key_derivation ( void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + mbedtls_ssl_tls_prf *tls_prf, + unsigned char client_random[32], + unsigned char server_random[32] ) +{ + eap_tls_keys *keys = (eap_tls_keys *)p_expkey; + + ( ( void ) kb ); + ( ( void ) maclen ); + ( ( void ) keylen ); + ( ( void ) ivlen ); + memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + memcpy( keys->randbytes, client_random, 32 ); + memcpy( keys->randbytes + 32, server_random, 32 ); + keys->tls_prf = tls_prf; + + return( 0 ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) @@ -713,6 +755,12 @@ int main( int argc, char *argv[] ) #endif char *p, *q; const int *list; +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + unsigned char eap_tls_keymaterial[16]; + unsigned char eap_tls_iv[8]; + const char* eap_tls_label = "client EAP encryption"; + eap_tls_keys eap_tls_keying; +#endif /* * Make sure memory references are valid. @@ -818,6 +866,7 @@ int main( int argc, char *argv[] ) opt.extended_ms = DFL_EXTENDED_MS; opt.etm = DFL_ETM; opt.dgram_packing = DFL_DGRAM_PACKING; + opt.eap_tls = DFL_EAP_TLS; for( i = 1; i < argc; i++ ) { @@ -1176,6 +1225,12 @@ int main( int argc, char *argv[] ) { return query_config( q ); } + else if( strcmp( p, "eap_tls" ) == 0 ) + { + opt.eap_tls = atoi( q ); + if( opt.eap_tls < 0 || opt.eap_tls > 1 ) + goto usage; + } else goto usage; } @@ -1652,6 +1707,12 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm ); #endif +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + if( opt.eap_tls != 0 ) + mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation, + &eap_tls_keying ); +#endif + #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) if( opt.recsplit != DFL_RECSPLIT ) mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit @@ -1917,6 +1978,40 @@ int main( int argc, char *argv[] ) } #endif +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + if( opt.eap_tls != 0 && + eap_tls_keying.tls_prf != NULL ) + { + size_t j = 0; + eap_tls_keying.tls_prf( eap_tls_keying.master_secret, + sizeof( eap_tls_keying.master_secret ), + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_keymaterial, + sizeof( eap_tls_keymaterial ) ); + mbedtls_printf( " EAP-TLS key material is:" ); + for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", eap_tls_keymaterial[j] ); + } + mbedtls_printf("\n"); + + eap_tls_keying.tls_prf( NULL, 0, eap_tls_label, eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), eap_tls_iv, + sizeof( eap_tls_iv ) ); + mbedtls_printf( " EAP-TLS IV is:" ); + for( j = 0; j < sizeof( eap_tls_iv ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", eap_tls_iv[j] ); + } + mbedtls_printf("\n"); + } +#endif if( opt.reconnect != 0 ) { mbedtls_printf(" . Saving session for reuse..." ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5ee90ac35..54e2e5197 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -168,6 +168,7 @@ int main( void ) #define DFL_EXTENDED_MS -1 #define DFL_ETM -1 #define DFL_CA_CALLBACK 0 +#define DFL_EAP_TLS 0 #define LONG_RESPONSE "

01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \ @@ -281,6 +282,13 @@ int main( void ) #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_EXPORT_KEYS) +#define USAGE_EAP_TLS \ + " eap_tls=%%d default: 0 (disabled)\n" +#else +#define USAGE_EAP_TLS "" +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ + #if defined(MBEDTLS_SSL_CACHE_C) #define USAGE_CACHE \ " cache_max=%%d default: cache default (50)\n" \ @@ -442,6 +450,7 @@ int main( void ) " exchanges=%%d default: 1\n" \ "\n" \ USAGE_TICKETS \ + USAGE_EAP_TLS \ USAGE_CACHE \ USAGE_MAX_FRAG_LEN \ USAGE_TRUNC_HMAC \ @@ -563,10 +572,44 @@ struct options int dtls_mtu; /* UDP Maximum tranport unit for DTLS */ int dgram_packing; /* allow/forbid datagram packing */ int badmac_limit; /* Limit of records with bad MAC */ + int eap_tls; /* derive EAP-TLS keying material? */ } opt; int query_config( const char *config ); +#if defined(MBEDTLS_SSL_EXPORT_KEYS) +typedef struct eap_tls_keys +{ + unsigned char master_secret[48]; + unsigned char randbytes[64]; + mbedtls_ssl_tls_prf *tls_prf; +} eap_tls_keys; + +static int eap_tls_key_derivation ( void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + mbedtls_ssl_tls_prf *tls_prf, + unsigned char client_random[32], + unsigned char server_random[32] ) +{ + eap_tls_keys *keys = (eap_tls_keys *)p_expkey; + + ( ( void ) kb ); + ( ( void ) maclen ); + ( ( void ) keylen ); + ( ( void ) ivlen ); + memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); + memcpy( keys->randbytes, client_random, 32 ); + memcpy( keys->randbytes + 32, server_random, 32 ); + keys->tls_prf = tls_prf; + + return( 0 ); +} +#endif + static void my_debug( void *ctx, int level, const char *file, int line, const char *str ) @@ -1444,6 +1487,12 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; #endif +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + unsigned char eap_tls_keymaterial[16]; + unsigned char eap_tls_iv[8]; + const char* eap_tls_label = "client EAP encryption"; + eap_tls_keys eap_tls_keying; +#endif #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) ); @@ -1585,6 +1634,7 @@ int main( int argc, char *argv[] ) opt.badmac_limit = DFL_BADMAC_LIMIT; opt.extended_ms = DFL_EXTENDED_MS; opt.etm = DFL_ETM; + opt.eap_tls = DFL_EAP_TLS; for( i = 1; i < argc; i++ ) { @@ -1975,6 +2025,12 @@ int main( int argc, char *argv[] ) { return query_config( q ); } + else if( strcmp( p, "eap_tls" ) == 0 ) + { + opt.eap_tls = atoi( q ); + if( opt.eap_tls < 0 || opt.eap_tls > 1 ) + goto usage; + } else goto usage; } @@ -2537,6 +2593,12 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm ); #endif +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + if( opt.eap_tls != 0 ) + mbedtls_ssl_conf_export_keys_ext_cb( &conf, eap_tls_key_derivation, + &eap_tls_keying ); +#endif + #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 ) @@ -3117,6 +3179,40 @@ handshake: } #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + if( opt.eap_tls != 0 && + eap_tls_keying.tls_prf != NULL ) + { + size_t j = 0; + eap_tls_keying.tls_prf( eap_tls_keying.master_secret, + sizeof( eap_tls_keying.master_secret ), + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_keymaterial, + sizeof( eap_tls_keymaterial ) ); + mbedtls_printf( " EAP-TLS key material is:" ); + for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", eap_tls_keymaterial[j] ); + } + mbedtls_printf("\n"); + + eap_tls_keying.tls_prf( NULL, 0, eap_tls_label, eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), eap_tls_iv, + sizeof( eap_tls_iv ) ); + mbedtls_printf( " EAP-TLS IV is:" ); + for( j = 0; j < sizeof( eap_tls_iv ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", eap_tls_iv[j] ); + } + mbedtls_printf("\n"); + } +#endif if( opt.exchanges == 0 ) goto close_notify; From 51d3ab544f46dc5eda6fbd5560f4fddba76215d6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 12 May 2019 14:54:30 +0300 Subject: [PATCH 61/80] Add public API for tls_prf Add a public API for key derivation, introducing an enum for `tls_prf` type. --- include/mbedtls/ssl.h | 60 +++++++++++++++++++++------------- include/mbedtls/ssl_internal.h | 8 +++-- library/ssl_tls.c | 58 ++++++++++++++++++++++++++++++-- programs/ssl/ssl_client2.c | 49 ++++++++++++++++++--------- programs/ssl/ssl_server2.c | 49 ++++++++++++++++++--------- 5 files changed, 164 insertions(+), 60 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 766217c44..a460e2073 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -450,6 +450,18 @@ typedef enum } mbedtls_ssl_states; +/* + * The tls_prf function types. + */ +typedef enum +{ + MBEDTLS_SSL_TLS_PRF_NONE, + MBEDTLS_SSL_TLS_PRF_SSL3, + MBEDTLS_SSL_TLS_PRF_TLS1, + MBEDTLS_SSL_TLS_PRF_SHA384, + MBEDTLS_SSL_TLS_PRF_SHA256 +} +mbedtls_tls_prf_types; /** * \brief Callback type: send data on the network. * @@ -559,25 +571,6 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx, */ typedef int mbedtls_ssl_get_timer_t( void * ctx ); -/** - * \brief Function type: TLS-PRF function. - * - * \param secret Secret for the key derivation function. - * \param slen Length of the secret. - * \param label String label for the key derivation function, - * terminated with null character. - * \param random Random bytes. - * \param rlen Length of the random bytes buffer. - * \param dstbuf The buffer holding the derived key. - * \param dlen Length of the output buffer. - * - * \return 0 on sucess. An SSL specific error on failure. - */ -typedef int mbedtls_ssl_tls_prf( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); - /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_ssl_context mbedtls_ssl_context; @@ -943,7 +936,7 @@ struct mbedtls_ssl_config * tls_prf and random bytes. Should replace f_export_keys */ int (*f_export_keys_ext)( void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, - mbedtls_ssl_tls_prf *, unsigned char[32], unsigned char[32]); + unsigned char[32], unsigned char[32], mbedtls_tls_prf_types ); void *p_export_keys; /*!< context for key export callback */ #endif @@ -1667,9 +1660,9 @@ typedef int mbedtls_ssl_export_keys_t( void *p_expkey, * \param maclen MAC length. * \param keylen Key length. * \param ivlen IV length. - * \param tls_prf The TLS PRF function used in the handshake. * \param client_random The client random bytes. * \param server_random The server random bytes. + * \param tls_prf_type The tls_prf enum type. * * \return 0 if successful, or * a specific MBEDTLS_ERR_XXX code. @@ -1680,9 +1673,9 @@ typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - mbedtls_ssl_tls_prf *tls_prf, unsigned char client_random[32], - unsigned char server_random[32] ); + unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ /** @@ -3560,6 +3553,27 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); */ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); +/** + * \brief TLS-PRF function for key derivation. + * + * \param prf The tls_prf type funtion type to be used. + * \param secret Secret for the key derivation function. + * \param slen Length of the secret. + * \param label String label for the key derivation function, + * terminated with null character. + * \param random Random bytes. + * \param rlen Length of the random bytes buffer. + * \param dstbuf The buffer holding the derived key. + * \param dlen Length of the output buffer. + * + * \return 0 on sucess. An SSL specific error on failure. + */ +int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ); + #ifdef __cplusplus } #endif diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index ac4d96dbf..9c4be53f7 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -276,6 +276,10 @@ struct mbedtls_ssl_sig_hash_set_t #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ +typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ); /* * This structure contains the parameters only needed during handshake. */ @@ -425,9 +429,7 @@ struct mbedtls_ssl_handshake_params void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); void (*calc_verify)(mbedtls_ssl_context *, unsigned char *); void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); - int (*tls_prf)(const unsigned char *, size_t, const char *, - const unsigned char *, size_t, - unsigned char *, size_t); + mbedtls_ssl_tls_prf_cb *tls_prf; mbedtls_ssl_ciphersuite_t const *ciphersuite_info; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 620adf968..df106a530 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -751,6 +751,43 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ +int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen ) +{ + mbedtls_ssl_tls_prf_cb *tls_prf = NULL; + + switch( prf ) + { +#if defined(MBEDTLS_SSL_PROTO_SSL3) + case MBEDTLS_SSL_TLS_PRF_SSL3: + tls_prf = ssl3_prf; + break; +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) + case MBEDTLS_SSL_TLS_PRF_TLS1: + tls_prf = tls1_prf; + break; +#endif +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_SSL_TLS_PRF_SHA384: + tls_prf = tls_prf_sha384; + break; +#endif +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_SSL_TLS_PRF_SHA256: + tls_prf = tls_prf_sha256; + break; +#endif + default: + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) ); +} + int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { int ret = 0; @@ -774,6 +811,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * "The master secret is always exactly 48 bytes in length." */ size_t const master_secret_len = 48; +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + mbedtls_tls_prf_types tls_prf_type = MBEDTLS_SSL_TLS_PRF_NONE; +#endif + #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) unsigned char session_hash[48]; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ @@ -815,6 +856,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = ssl3_prf; handshake->calc_verify = ssl_calc_verify_ssl; handshake->calc_finished = ssl_calc_finished_ssl; +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + tls_prf_type = MBEDTLS_SSL_TLS_PRF_SSL3; +#endif } else #endif @@ -824,6 +868,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls1_prf; handshake->calc_verify = ssl_calc_verify_tls; handshake->calc_finished = ssl_calc_finished_tls; +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + tls_prf_type = MBEDTLS_SSL_TLS_PRF_TLS1; +#endif } else #endif @@ -835,6 +882,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; handshake->calc_finished = ssl_calc_finished_tls_sha384; +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA384; +#endif } else #endif @@ -844,6 +894,9 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls_prf_sha256; handshake->calc_verify = ssl_calc_verify_tls_sha256; handshake->calc_finished = ssl_calc_finished_tls_sha256; +#if defined(MBEDTLS_SSL_EXPORT_KEYS) + tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA256; +#endif } else #endif @@ -1271,9 +1324,10 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys, session->master, keyblk, mac_key_len, keylen, - iv_copy_len, handshake->tls_prf, + iv_copy_len, handshake->randbytes + 32, - handshake->randbytes ); + handshake->randbytes, + tls_prf_type); } #endif diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 353a5800f..a9bcd01f3 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -466,7 +466,7 @@ typedef struct eap_tls_keys { unsigned char master_secret[48]; unsigned char randbytes[64]; - mbedtls_ssl_tls_prf *tls_prf; + mbedtls_tls_prf_types tls_prf_type; } eap_tls_keys; static int eap_tls_key_derivation ( void *p_expkey, @@ -475,9 +475,9 @@ static int eap_tls_key_derivation ( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - mbedtls_ssl_tls_prf *tls_prf, unsigned char client_random[32], - unsigned char server_random[32] ) + unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) { eap_tls_keys *keys = (eap_tls_keys *)p_expkey; @@ -488,7 +488,7 @@ static int eap_tls_key_derivation ( void *p_expkey, memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 ); - keys->tls_prf = tls_prf; + keys->tls_prf_type = tls_prf_type; return( 0 ); } @@ -1979,17 +1979,25 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( opt.eap_tls != 0 && - eap_tls_keying.tls_prf != NULL ) + if( opt.eap_tls != 0 ) { size_t j = 0; - eap_tls_keying.tls_prf( eap_tls_keying.master_secret, - sizeof( eap_tls_keying.master_secret ), - eap_tls_label, - eap_tls_keying.randbytes, - sizeof( eap_tls_keying.randbytes ), - eap_tls_keymaterial, - sizeof( eap_tls_keymaterial ) ); + + if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, + eap_tls_keying.master_secret, + sizeof( eap_tls_keying.master_secret ), + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_keymaterial, + sizeof( eap_tls_keymaterial ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + -ret ); + goto exit; + } + mbedtls_printf( " EAP-TLS key material is:" ); for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ ) { @@ -1999,9 +2007,18 @@ int main( int argc, char *argv[] ) } mbedtls_printf("\n"); - eap_tls_keying.tls_prf( NULL, 0, eap_tls_label, eap_tls_keying.randbytes, - sizeof( eap_tls_keying.randbytes ), eap_tls_iv, - sizeof( eap_tls_iv ) ); + if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0, + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_iv, + sizeof( eap_tls_iv ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + -ret ); + goto exit; + } + mbedtls_printf( " EAP-TLS IV is:" ); for( j = 0; j < sizeof( eap_tls_iv ); j++ ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 54e2e5197..363b2dc2d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -582,7 +582,7 @@ typedef struct eap_tls_keys { unsigned char master_secret[48]; unsigned char randbytes[64]; - mbedtls_ssl_tls_prf *tls_prf; + mbedtls_tls_prf_types tls_prf_type; } eap_tls_keys; static int eap_tls_key_derivation ( void *p_expkey, @@ -591,9 +591,9 @@ static int eap_tls_key_derivation ( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - mbedtls_ssl_tls_prf *tls_prf, unsigned char client_random[32], - unsigned char server_random[32] ) + unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type ) { eap_tls_keys *keys = (eap_tls_keys *)p_expkey; @@ -604,7 +604,7 @@ static int eap_tls_key_derivation ( void *p_expkey, memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 ); - keys->tls_prf = tls_prf; + keys->tls_prf_type = tls_prf_type; return( 0 ); } @@ -3180,17 +3180,25 @@ handshake: #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( opt.eap_tls != 0 && - eap_tls_keying.tls_prf != NULL ) + if( opt.eap_tls != 0 ) { size_t j = 0; - eap_tls_keying.tls_prf( eap_tls_keying.master_secret, - sizeof( eap_tls_keying.master_secret ), - eap_tls_label, - eap_tls_keying.randbytes, - sizeof( eap_tls_keying.randbytes ), - eap_tls_keymaterial, - sizeof( eap_tls_keymaterial ) ); + + if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, + eap_tls_keying.master_secret, + sizeof( eap_tls_keying.master_secret ), + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_keymaterial, + sizeof( eap_tls_keymaterial ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + -ret ); + goto exit; + } + mbedtls_printf( " EAP-TLS key material is:" ); for( j = 0; j < sizeof( eap_tls_keymaterial ); j++ ) { @@ -3200,9 +3208,18 @@ handshake: } mbedtls_printf("\n"); - eap_tls_keying.tls_prf( NULL, 0, eap_tls_label, eap_tls_keying.randbytes, - sizeof( eap_tls_keying.randbytes ), eap_tls_iv, - sizeof( eap_tls_iv ) ); + if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0, + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_iv, + sizeof( eap_tls_iv ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + -ret ); + goto exit; + } + mbedtls_printf( " EAP-TLS IV is:" ); for( j = 0; j < sizeof( eap_tls_iv ); j++ ) { From 824ad7b3513be4c0f68cb7136dbd049db5611ff9 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 13 May 2019 14:09:00 +0300 Subject: [PATCH 62/80] Add tests for the public tls_prf API Add tests for `mbedtls_ssl_tls_prf` wiht and without the function types dependencies. --- tests/suites/test_suite_ssl.data | 39 ++++++++++++++++++++++++++++ tests/suites/test_suite_ssl.function | 25 ++++++++++++++++++ 2 files changed, 64 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 2b3517dec..73585831a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -5633,3 +5633,42 @@ ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_ Record crypt, little space, NULL cipher, SSL3, MD5, short tag, EtM depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_0 + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3 +depends_on:MBEDTLS_SSL_PROTO_SSL3 +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":0 + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled +depends_on:MBEDTLS_SSL_PROTO_TLS1 +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0 + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.1 enabled +depends_on:MBEDTLS_SSL_PROTO_TLS1_1 +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":0 + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 +depends_on:MBEDTLS_SHA512_C:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0 + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_SSL_PROTO_TLS1_2 +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0 + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3 not enabled +depends_on:!MBEDTLS_SSL_PROTO_SSL3 +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled +depends_on:!MBEDTLS_SSL_PROTO_TLS1 +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 +depends_on:!MBEDTLS_SHA512_C +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE + +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 +depends_on:!MBEDTLS_SHA256_C +ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 05ecd8ad5..69b97789f 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -541,3 +541,28 @@ exit: mbedtls_free( buf ); } /* END_CASE */ + +/* BEGIN_CASE */ +void ssl_tls_prf( int type, data_t * secret, data_t * random, + char *label, data_t *result_hex_str, int exp_ret ) +{ + unsigned char *output; + + output = mbedtls_calloc( 1, result_hex_str->len ); + if( output == NULL ) + goto exit; + + TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len, + label, random->x, random->len, + output, result_hex_str->len ) == exp_ret ); + + if( exp_ret == 0 ) + { + TEST_ASSERT( hexcmp( output, result_hex_str->x, + result_hex_str->len, result_hex_str->len ) == 0 ); + } +exit: + + mbedtls_free( output ); +} +/* END_CASE */ From cf28009839be2bc5f9ed2de1f68180d71c64a3a1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 14 May 2019 20:19:13 +0300 Subject: [PATCH 63/80] Add function to retrieve the tls_prf type Add `tls_prf_get_type()` static function that returns the `mbedtls_tls_prf_types` according to the used `tls_prf` function. --- library/ssl_tls.c | 55 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 17 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index df106a530..0f05276f0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -751,6 +751,43 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ +#if defined(MBEDTLS_SSL_EXPORT_KEYS) +static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) +{ +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if( tls_prf == ssl3_prf ) + { + returnn( MBEDTLS_SSL_TLS_PRF_SSL3 ); + } + else +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) + if( tls_prf == tls1_prf ) + { + return( MBEDTLS_SSL_TLS_PRF_TLS1 ); + } + else +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) +#if defined(MBEDTLS_SHA512_C) + if( tls_prf == tls_prf_sha384 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA384 ); + } + else +#endif +#if defined(MBEDTLS_SHA256_C) + if( tls_prf == tls_prf_sha256 ) + { + return( MBEDTLS_SSL_TLS_PRF_SHA256 ); + } + else +#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + return( MBEDTLS_SSL_TLS_PRF_NONE ); +} +#endif /* MBEDTLS_SSL_EXPORT_KEYS */ + int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, const char *label, @@ -811,10 +848,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * "The master secret is always exactly 48 bytes in length." */ size_t const master_secret_len = 48; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - mbedtls_tls_prf_types tls_prf_type = MBEDTLS_SSL_TLS_PRF_NONE; -#endif - #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) unsigned char session_hash[48]; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ @@ -856,9 +889,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = ssl3_prf; handshake->calc_verify = ssl_calc_verify_ssl; handshake->calc_finished = ssl_calc_finished_ssl; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_SSL3; -#endif } else #endif @@ -868,9 +898,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls1_prf; handshake->calc_verify = ssl_calc_verify_tls; handshake->calc_finished = ssl_calc_finished_tls; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_TLS1; -#endif } else #endif @@ -882,9 +909,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; handshake->calc_finished = ssl_calc_finished_tls_sha384; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA384; -#endif } else #endif @@ -894,9 +918,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) handshake->tls_prf = tls_prf_sha256; handshake->calc_verify = ssl_calc_verify_tls_sha256; handshake->calc_finished = ssl_calc_finished_tls_sha256; -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - tls_prf_type = MBEDTLS_SSL_TLS_PRF_SHA256; -#endif } else #endif @@ -1327,7 +1348,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) iv_copy_len, handshake->randbytes + 32, handshake->randbytes, - tls_prf_type); + tls_prf_get_type( handshake->tls_prf ) ); } #endif From f75e252909fccf27818b63fbc8e10994ce714d2b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 14 May 2019 20:38:49 +0300 Subject: [PATCH 64/80] Add test for export keys functionality Add test in `ssl-opts.sh` that the export keys callback is actually called. --- programs/ssl/ssl_client2.c | 9 ++++++--- programs/ssl/ssl_server2.c | 9 ++++++--- tests/ssl-opt.sh | 12 ++++++++++++ 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a9bcd01f3..a33cfb5ad 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -482,14 +482,17 @@ static int eap_tls_key_derivation ( void *p_expkey, eap_tls_keys *keys = (eap_tls_keys *)p_expkey; ( ( void ) kb ); - ( ( void ) maclen ); - ( ( void ) keylen ); - ( ( void ) ivlen ); memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 ); keys->tls_prf_type = tls_prf_type; + if( opt.debug_level > 2 ) + { + mbedtls_printf("exported maclen is %zu\n",maclen); + mbedtls_printf("exported keylen is %zu\n",keylen); + mbedtls_printf("exported ivlen is %zu\n",ivlen); + } return( 0 ); } #endif diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 363b2dc2d..d246988bf 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -598,14 +598,17 @@ static int eap_tls_key_derivation ( void *p_expkey, eap_tls_keys *keys = (eap_tls_keys *)p_expkey; ( ( void ) kb ); - ( ( void ) maclen ); - ( ( void ) keylen ); - ( ( void ) ivlen ); memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) ); memcpy( keys->randbytes, client_random, 32 ); memcpy( keys->randbytes + 32, server_random, 32 ); keys->tls_prf_type = tls_prf_type; + if( opt.debug_level > 2 ) + { + mbedtls_printf("exported maclen is %zu\n",maclen); + mbedtls_printf("exported keylen is %zu\n",keylen); + mbedtls_printf("exported ivlen is %zu\n",ivlen); + } return( 0 ); } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 08d4be308..cef87bceb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7939,6 +7939,18 @@ run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -s "Extra-header:" \ -c "Extra-header:" +requires_config_enabled MBEDTLS_SSL_EXPORT_KEYS +run_test "export keys functionality" \ + "$P_SRV eap_tls=1 debug_level=3" \ + "$P_CLI eap_tls=1 debug_level=3" \ + 0 \ + -s "exported maclen is " \ + -s "exported keylen is " \ + -s "exported ivlen is " \ + -c "exported maclen is " \ + -c "exported keylen is " \ + -c "exported ivlen is " + # Final report echo "------------------------------------------------------------------------" From 780d8158f79f2aa217a929a65f3b498b2ac13733 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 14 May 2019 20:41:08 +0300 Subject: [PATCH 65/80] Add changeLog entry Add changeLog entry describing the new `mbedtls_ssl_tls_prf()` API. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index e205835bc..f01b870ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -63,6 +63,7 @@ Features https://sweet32.info/SWEET32_CCS16.pdf. * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, and the used tls-prf. + * Add public API for tls-prf function, according to requested enum. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. From aa947f1cef0fd44f4ad617deb8c9461b144300a7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 12:28:21 +0300 Subject: [PATCH 66/80] Fix ChangeLog entry location Move the ChangeLog entries to correct section, as it was in an already released section, due to rebase error. --- ChangeLog | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index f01b870ca..3aa84e73c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ Features Contributed by Jack Lloyd and Fortanix Inc. * Add the Wi-SUN Field Area Network (FAN) device extended key usage. * Add the oid certificate policy x509 extension. + * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, + and the used tls-prf. + * Add public API for tls-prf function, according to requested enum. Bugfix * Fix private key DER output in the key_app_writer example. File contents @@ -34,6 +37,11 @@ Bugfix * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl sni entry parameter. Reported by inestlerode in #560. +API Changes + * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, + and the used tls-prf. + * Add public API for tls-prf function, according to requested enum. + Changes * Server's RSA certificate in certs.c was SHA-1 signed. In the default mbedTLS configuration only SHA-2 signed certificates are accepted. @@ -61,9 +69,6 @@ Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites from the default list (enabled by default). See https://sweet32.info/SWEET32_CCS16.pdf. - * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, - and the used tls-prf. - * Add public API for tls-prf function, according to requested enum. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. From 0810f0babdb8ef6fd20deba9b2c3ecc060fe0159 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 12:32:32 +0300 Subject: [PATCH 67/80] Fix typo Fix typo `returnn` -> `return` --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0f05276f0..d8b5f2bc3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -757,7 +757,7 @@ static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) #if defined(MBEDTLS_SSL_PROTO_SSL3) if( tls_prf == ssl3_prf ) { - returnn( MBEDTLS_SSL_TLS_PRF_SSL3 ); + return( MBEDTLS_SSL_TLS_PRF_SSL3 ); } else #endif From d2f25f7ea8e7dcf7b57984aa82a7d529540b7c3f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 14:54:22 +0300 Subject: [PATCH 68/80] Fix missing tls version test failures Add checks for tls_prf tests with the relevant tls version configuration. --- library/ssl_tls.c | 11 +++++++---- tests/suites/test_suite_ssl.data | 8 ++++---- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d8b5f2bc3..d25dffd07 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -802,22 +802,25 @@ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, case MBEDTLS_SSL_TLS_PRF_SSL3: tls_prf = ssl3_prf; break; -#endif +#endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) case MBEDTLS_SSL_TLS_PRF_TLS1: tls_prf = tls1_prf; break; -#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_SSL_TLS_PRF_SHA384: tls_prf = tls_prf_sha384; break; -#endif +#endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA256_C) case MBEDTLS_SSL_TLS_PRF_SHA256: tls_prf = tls_prf_sha256; break; -#endif +#endif /* MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 73585831a..fd81ffec4 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -5661,14 +5661,14 @@ SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SSL3 not enabled depends_on:!MBEDTLS_SSL_PROTO_SSL3 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SSL3:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"3ff3d192aa599255339def5a9723444a":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.0 enabled -depends_on:!MBEDTLS_SSL_PROTO_TLS1 +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_TLS1 TLS 1.X not enabled +depends_on:!MBEDTLS_SSL_PROTO_TLS1:!MBEDTLS_SSL_PROTO_TLS1_1 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_TLS1:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"8defca540d41d4c79d390027295bb4e6":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-512 not enabled depends_on:!MBEDTLS_SHA512_C ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 +SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled depends_on:!MBEDTLS_SHA256_C ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE From 2e06a9fb24871d3c5473f2a4f0b2e67eaca133e6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 15:14:46 +0300 Subject: [PATCH 69/80] Fix ChangeLog entry Move the ChangeLog entries to correct location, and mention sppecifically the support for hardware module name othername. --- ChangeLog | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index f942ebbf5..f6763fc2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,12 @@ Features Contributed by Jack Lloyd and Fortanix Inc. * Add the Wi-SUN Field Area Network (FAN) device extended key usage. * Add the oid certificate policy x509 extension. + * Add support for parsing otherName entries in the Subject Alternative Name + X.509 certificate extension, specifically type hardware module name, + as defined in RFC 4108 section 5. + * Add support for parsing certificate policies extension, as defined in + RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is + supported. Bugfix * Fix private key DER output in the key_app_writer example. File contents @@ -61,11 +67,6 @@ Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites from the default list (enabled by default). See https://sweet32.info/SWEET32_CCS16.pdf. - * Add support for parsing otherName entries in the Subject Alternative Name - X.509 certificate extension, as defined in RFC 4108 section 5. - * Add support for parsing certificate policies extension, as defined in - RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is - supported. API Changes * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`. From c8b5f3f520b97dc1580f09b2850012bda184de5d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 15:15:55 +0300 Subject: [PATCH 70/80] Documentation fixes Rephrase documentation of the SAN to make it clearer. --- include/mbedtls/x509_crt.h | 18 +++++++++--------- library/x509_crt.c | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index a5deb95e0..cd3be09e0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -78,7 +78,7 @@ typedef struct mbedtls_x509_crt mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ - mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy supported). */ + mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ int ext_types; /**< Bit string containing detected and parsed extensions */ int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ @@ -398,31 +398,31 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); #endif /* MBEDTLS_FS_IO */ /** - * \brief Parses a subject alternative name item - * to an identified structure; + * \brief This function parses an item in the SubjectAlternativeNames + * extension. * * \param san_buf The buffer holding the raw data item of the subject * alternative name. * \param san The target structure to populate with the parsed presentation * of the subject alternative name encoded in \p san_raw. * - * \note Only "dnsName" and "otherName" of type hardware_module_name, + * \note Only "dnsName" and "otherName" of type hardware_module_name * as defined in RFC 4180 is supported. * * \note This function should be called on a single raw data of * subject alternative name. For example, after successful * certificate parsing, one must iterate on every item in the - * \p crt->subject_alt_names sequence, and send it as parameter - * to this function. + * \p crt->subject_alt_names sequence, and pass it to + * this function. * - * \note The target structure contains pointers to the raw data of the + * \warning The target structure contains pointers to the raw data of the * parsed certificate, and its lifetime is restricted by the * lifetime of the certificate. * * \return \c 0 on success * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported - * SAN type - * \return Negative value for any other failure. + * SAN type. + * \return Another negative value for any other failure. */ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 3b68f01aa..701b0142d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -618,8 +618,8 @@ static int x509_get_ext_key_usage( unsigned char **p, * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } * - * NOTE: we only parse and use dNSName at this point, - * and otherName of type HwModuleName, as defined in RFC 4108. + * NOTE: we list all types, but only use dNSName and otherName + * of type HwModuleName, as defined in RFC 4108, at this point. */ static int x509_get_subject_alt_name( unsigned char **p, const unsigned char *end, From dbbd96652ceff314a45f23be40b3820dbd540347 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 15:46:03 +0300 Subject: [PATCH 71/80] Check that SAN is not malformed when parsing Add a call to `mbedtls_x509_parse_subject_alt_name()` during certificate parsing, to verify the certificate is not malformed. --- library/x509_crt.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/library/x509_crt.c b/library/x509_crt.c index 701b0142d..754a65fdf 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -642,6 +642,9 @@ static int x509_get_subject_alt_name( unsigned char **p, while( *p < end ) { + mbedtls_x509_subject_alternative_name dummy_san_buf; + memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) ); + if( ( end - *p ) < 1 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA ); @@ -658,6 +661,29 @@ static int x509_get_subject_alt_name( unsigned char **p, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); } + /* + * Check that the SAN are structured correct. + */ + ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf ); + /* + * In case the extension is malformed, return an error, + * and clear the allocated sequences. + */ + if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) + { + mbedtls_x509_sequence *seq_cur = subject_alt_name->next; + mbedtls_x509_sequence *seq_prv; + while( seq_cur != NULL ) + { + seq_prv = seq_cur; + seq_cur = seq_cur->next; + mbedtls_platform_zeroize( seq_prv, + sizeof( mbedtls_x509_sequence ) ); + mbedtls_free( seq_prv ); + } + return( ret ); + } + /* Allocate and assign next pointer */ if( cur->buf.p != NULL ) { From 6b9b1b88fbebc9d7a6a7c350191c13c99446edac Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 17:04:33 +0300 Subject: [PATCH 72/80] Initialize psa_crypto in ssl test Call `psa_crypto_init()` in `tls_prf` ssl test in case `MBEDTLS_USE_PSA_CRYPTO` is defined since tls_prf may use psa crypto. --- tests/suites/test_suite_ssl.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 69b97789f..ecf186ed3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -552,6 +552,10 @@ void ssl_tls_prf( int type, data_t * secret, data_t * random, if( output == NULL ) goto exit; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + TEST_ASSERT( psa_crypto_init() == 0 ); +#endif + TEST_ASSERT( mbedtls_ssl_tls_prf( type, secret->x, secret->len, label, random->x, random->len, output, result_hex_str->len ) == exp_ret ); From 801faf0fa1518678976aa1d70226544eba0cdc50 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 17:45:24 +0300 Subject: [PATCH 73/80] Fix mingw CI failures Change `%z` formatting of `size_t` to `%u` and casting to unsigned. --- programs/ssl/ssl_client2.c | 6 +++--- programs/ssl/ssl_server2.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a33cfb5ad..9260fbf1a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -489,9 +489,9 @@ static int eap_tls_key_derivation ( void *p_expkey, if( opt.debug_level > 2 ) { - mbedtls_printf("exported maclen is %zu\n",maclen); - mbedtls_printf("exported keylen is %zu\n",keylen); - mbedtls_printf("exported ivlen is %zu\n",ivlen); + mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); + mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); + mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); } return( 0 ); } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d246988bf..0b2350236 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -605,9 +605,9 @@ static int eap_tls_key_derivation ( void *p_expkey, if( opt.debug_level > 2 ) { - mbedtls_printf("exported maclen is %zu\n",maclen); - mbedtls_printf("exported keylen is %zu\n",keylen); - mbedtls_printf("exported ivlen is %zu\n",ivlen); + mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); + mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); + mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); } return( 0 ); } From 51c4507b9c791df16591e83437631a1bfbc0328e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 15 May 2019 17:49:54 +0300 Subject: [PATCH 74/80] Remove unneeded whitespaces Delete extra whitespace in Changelog and in paramter alignment. --- ChangeLog | 4 ++-- programs/ssl/ssl_client2.c | 10 +++++----- programs/ssl/ssl_server2.c | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3aa84e73c..8044ae57f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,7 +9,7 @@ Features Contributed by Jack Lloyd and Fortanix Inc. * Add the Wi-SUN Field Area Network (FAN) device extended key usage. * Add the oid certificate policy x509 extension. - * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, + * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, and the used tls-prf. * Add public API for tls-prf function, according to requested enum. @@ -38,7 +38,7 @@ Bugfix sni entry parameter. Reported by inestlerode in #560. API Changes - * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, + * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes, and the used tls-prf. * Add public API for tls-prf function, according to requested enum. diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 9260fbf1a..62f2c5790 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2011,11 +2011,11 @@ int main( int argc, char *argv[] ) mbedtls_printf("\n"); if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0, - eap_tls_label, - eap_tls_keying.randbytes, - sizeof( eap_tls_keying.randbytes ), - eap_tls_iv, - sizeof( eap_tls_iv ) ) ) != 0 ) + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_iv, + sizeof( eap_tls_iv ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", -ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0b2350236..807f880f8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3212,11 +3212,11 @@ handshake: mbedtls_printf("\n"); if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0, - eap_tls_label, - eap_tls_keying.randbytes, - sizeof( eap_tls_keying.randbytes ), - eap_tls_iv, - sizeof( eap_tls_iv ) ) ) != 0 ) + eap_tls_label, + eap_tls_keying.randbytes, + sizeof( eap_tls_keying.randbytes ), + eap_tls_iv, + sizeof( eap_tls_iv ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", -ret ); From e269537b807ce066cc31fe10f5c8d975f19c8362 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 16 May 2019 11:52:57 +0300 Subject: [PATCH 75/80] Add ChangeLog entry about listing all SAN Add a ChangeLog entry that indicates that all SAN types are now listed in the corresponding certificate field. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index f6763fc2c..959904a33 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,8 @@ Features * Add support for parsing certificate policies extension, as defined in RFC 5280 section 4.2.1.4. Currently, only the "Any Policy" policy is supported. + * List all SAN types in the subject_alt_names field of the certificate. + Resolves #459. Bugfix * Fix private key DER output in the key_app_writer example. File contents From a29139177596aab29ea605c1f7e4fe482e63c343 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 16 May 2019 16:17:38 +0300 Subject: [PATCH 76/80] Fix minor issues 1. Typo fix. 2. Change byte by byte coipy to `memcpy`. 3. Remove parenthesis in switch cases. --- library/x509_crt.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 754a65fdf..8200374cd 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1016,9 +1016,9 @@ static int x509_get_crt_ext( unsigned char **p, else #endif /* - * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, the we cannot - * interpret or enforce the policy. However, it is up to the user - * to choose how to enforce the policies, + * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we + * cannot interpret or enforce the policy. However, it is up to + * the user to choose how to enforce the policies, * unless the extension is critical. */ if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) @@ -1737,7 +1737,6 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, *subject_alt_name, const char *prefix ) { - size_t i; int ret; size_t n = *size; char *p = *buf; @@ -1770,7 +1769,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, /* * otherName */ - case( MBEDTLS_X509_SAN_OTHER_NAME ): + case MBEDTLS_X509_SAN_OTHER_NAME: { mbedtls_x509_san_other_name *other_name = &san.san.other_name; @@ -1797,10 +1796,10 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); } - for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ ) - { - *p++ = other_name->value.hardware_module_name.val.p[i]; - } + memcpy( p, other_name->value.hardware_module_name.val.p, + other_name->value.hardware_module_name.val.len ); + p += other_name->value.hardware_module_name.val.len; + n -= other_name->value.hardware_module_name.val.len; }/* MBEDTLS_OID_ON_HW_MODULE_NAME */ @@ -1810,7 +1809,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, /* * dNSName */ - case( MBEDTLS_X509_SAN_DNS_NAME ): + case MBEDTLS_X509_SAN_DNS_NAME: { ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; @@ -1819,9 +1818,10 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, *p = '\0'; return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); } + + memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len ); + p += san.san.unstructured_name.len; n -= san.san.unstructured_name.len; - for( i = 0; i < san.san.unstructured_name.len; i++ ) - *p++ = san.san.unstructured_name.p[i]; } break; From 11818f2c172c995d072760c0eb5b77327dc78c52 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 16 May 2019 18:17:02 +0300 Subject: [PATCH 77/80] Add some negative test cases Add some invalid certificate tests for certifiate policies extension. --- tests/suites/test_suite_x509parse.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 99dd0833f..e331d6184 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1198,6 +1198,18 @@ X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, bool len missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d2001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data missing) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d20042801010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a302a0603551d200101FF0420301EA01C06082B06010505070804A010300E06082B060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA From 8a59d6b964add89108482c8235980cbdc23fd042 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 19 May 2019 12:32:15 +0300 Subject: [PATCH 78/80] Update test data Update the test data for the negative certificate policies extension tests with correct lengths, to test the correct behaviour. Add another test. --- tests/suites/test_suite_x509parse.data | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e331d6184..e0ab4050b 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1200,15 +1200,19 @@ x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d01010205003 X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, bool len missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d2001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300730050603551d2001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d20042801010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d2004010001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a302a0603551d200101FF0420301EA01C06082B06010505070804A010300E06082B060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30270603551d200420301EA01C06082B06010505070804A010300E06082B060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA + +X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier not complete) +depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a301F0603551d2004183020301F0603551D200418301630140604551D2000300C300A06082B0601050507020101010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C From 76a9c4a81fd61c48a7551b505623b5e5662a4eb5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 20 May 2019 11:58:59 +0300 Subject: [PATCH 79/80] Fix test data Fix test data to test what it actually intends to test. --- tests/suites/test_suite_x509parse.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index e0ab4050b..ab3880a05 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1204,11 +1204,11 @@ x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010205003 X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data missing) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d2004010001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30b300930070603551d20040001010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, data not oid) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30270603551d200420301EA01C06082B06010505070804A010300E06082B060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"3081bc3081b9a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba32e302c30290603551d2004223020301EA01C06082B06010505070804A010300E06082B060104010901030402022201010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext CertificatePolicies tag, qualifier not complete) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C From 6aeae9e962b665c826fc349538eb61b90c1f69c0 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 20 May 2019 12:00:36 +0300 Subject: [PATCH 80/80] Style fix Add whitespace before parenthesis. --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 8200374cd..708dbf771 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2115,7 +2115,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, if( ( ret = x509_info_subject_alt_name( &p, &n, &crt->subject_alt_names, - prefix) ) != 0 ) + prefix ) ) != 0 ) return( ret ); }