From 0b740bc85b4c99a8dfba9247617d35094d0fcbad Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 18 Jan 2023 17:02:52 +0800 Subject: [PATCH 001/430] TLS 1.3: SRV: Check ticket_flags in kex mode determination When determining the key exchange mode, ticket_flags should be checked so that the server won't select the kex mode that is forbidden from session ticket. Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index ef90f69a2..26ef0f915 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -980,6 +980,16 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + if (ssl->handshake->resume) { + if (!mbedtls_ssl_session_get_ticket_flags( + ssl->session_negotiate, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) { + return 0; + } + } +#endif + return mbedtls_ssl_conf_tls13_psk_enabled(ssl) && mbedtls_ssl_tls13_psk_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); @@ -993,6 +1003,16 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + if (ssl->handshake->resume) { + if (!mbedtls_ssl_session_get_ticket_flags( + ssl->session_negotiate, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) { + return 0; + } + } +#endif + return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); From f8e50a9607f4ad0236424495a98aee9e84bb4c3e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 18 Jan 2023 17:07:19 +0800 Subject: [PATCH 002/430] TLS 1.3: SRV: Validate kex modes when parsing psk On resumption, after the psk identity is matched, we should check if psk and/or psk_ephemeral, which are allowed by session ticket, are valid to be selected. Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 26ef0f915..858a7a364 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -104,6 +104,10 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_OFFERED_PSK_MATCH 0 #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl); +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match_ticket( @@ -115,6 +119,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ticket_buffer; + unsigned int ticket_flags; + unsigned int key_exchanges; #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t now; uint64_t age_in_s; @@ -169,14 +175,22 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * * We regard the ticket with incompatible key exchange modes as not match. */ - ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, - session->ticket_flags); - if (mbedtls_ssl_tls13_check_kex_modes( - ssl, - mbedtls_ssl_session_get_ticket_flags( - session, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) { + MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); + ticket_flags = mbedtls_ssl_session_get_ticket_flags( + session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); + + key_exchanges = 0; + if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) && + ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { + key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + } + if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) && + ssl_tls13_check_psk_key_exchange(ssl)) { + key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; + } + + if (key_exchanges == 0) { + ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode")); goto exit; } From dadeb20383956f6b8654fce1501ab2d572f09058 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 18 Jan 2023 17:32:34 +0800 Subject: [PATCH 003/430] TLS 1.3: SRV: Don't select ephemeral mode on resumption Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 858a7a364..90869d6c3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -982,7 +982,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && + return !ssl->handshake->resume && + mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); #else ((void) ssl); From 1cc613476891740fb8e497f15f65b11e2d53aada Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 17 Jan 2023 12:14:58 +0800 Subject: [PATCH 004/430] Add addition options to detect the correct kex mode Signed-off-by: Pengyu Lv --- tests/opt-testcases/tls13-misc.sh | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 821a37bf3..ab45a39ff 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -349,7 +349,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" + -s "found matched identity" \ + -s "key exchange mode: psk$" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -377,7 +378,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" + -s "found matched identity" \ + -s "key exchange mode: psk$" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -421,7 +423,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemera 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -433,7 +436,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -463,7 +467,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" + -s "found matched identity" \ + -s "key exchange mode: psk$" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -476,7 +481,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -489,5 +495,6 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" + -s "found matched identity" \ + -s "key exchange mode: psk_ephemeral" From 766796839b91defb7e362565876bd2845a98425c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 2 Feb 2023 15:04:27 +0800 Subject: [PATCH 005/430] Revert "TLS 1.3: SRV: Validate kex modes when parsing psk" This reverts commit f8e50a9607f4ad0236424495a98aee9e84bb4c3e. Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 90869d6c3..6f8973e73 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -104,10 +104,6 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_OFFERED_PSK_MATCH 0 #if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl); -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match_ticket( @@ -119,8 +115,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ticket_buffer; - unsigned int ticket_flags; - unsigned int key_exchanges; #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t now; uint64_t age_in_s; @@ -175,22 +169,14 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * * We regard the ticket with incompatible key exchange modes as not match. */ - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); - ticket_flags = mbedtls_ssl_session_get_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); - - key_exchanges = 0; - if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) && - ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { - key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } - if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) && - ssl_tls13_check_psk_key_exchange(ssl)) { - key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } - - if (key_exchanges == 0) { - ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; + ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; + MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, + session->ticket_flags); + if (mbedtls_ssl_tls13_check_kex_modes( + ssl, + mbedtls_ssl_session_get_ticket_flags( + session, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) { MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode")); goto exit; } From 306a01da4d69e6462c84fa54077b33702a95d84e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 2 Feb 2023 16:35:47 +0800 Subject: [PATCH 006/430] refactor: move ticket_flags check into a function Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 48 +++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6f8973e73..f82393303 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -964,6 +964,26 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_check_psk_mode_allowed_by_ticket(mbedtls_ssl_context *ssl, + unsigned int kex_mode) +{ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + if (ssl->handshake->resume) { + if (!mbedtls_ssl_session_get_ticket_flags( + ssl->session_negotiate, kex_mode)) { + return 0; + } + } +#else + ((void) ssl); + ((void) kex_mode); +#endif + return 1; +} +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ + MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl) { @@ -981,17 +1001,9 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->resume) { - if (!mbedtls_ssl_session_get_ticket_flags( - ssl->session_negotiate, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) { - return 0; - } - } -#endif - - return mbedtls_ssl_conf_tls13_psk_enabled(ssl) && + return ssl_tls13_check_psk_mode_allowed_by_ticket( + ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && + mbedtls_ssl_conf_tls13_psk_enabled(ssl) && mbedtls_ssl_tls13_psk_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); #else @@ -1004,17 +1016,9 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->resume) { - if (!mbedtls_ssl_session_get_ticket_flags( - ssl->session_negotiate, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) { - return 0; - } - } -#endif - - return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && + return ssl_tls13_check_psk_mode_allowed_by_ticket( + ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && + mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); #else From 52ad33304019dad602ea78c23bb7e7a5d0404764 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 14 Feb 2023 14:32:37 +0800 Subject: [PATCH 007/430] simplify helper function name Rename ssl_tls13_check_psk_mode_allowed_by_ticket to ssl_tls13_ticket_permission_check Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index f82393303..7bf32c689 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -966,8 +966,8 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_psk_mode_allowed_by_ticket(mbedtls_ssl_context *ssl, - unsigned int kex_mode) +static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl, + unsigned int kex_mode) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->handshake->resume) { @@ -1001,7 +1001,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) - return ssl_tls13_check_psk_mode_allowed_by_ticket( + return ssl_tls13_ticket_permission_check( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && mbedtls_ssl_conf_tls13_psk_enabled(ssl) && mbedtls_ssl_tls13_psk_enabled(ssl) && @@ -1016,7 +1016,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) - return ssl_tls13_check_psk_mode_allowed_by_ticket( + return ssl_tls13_ticket_permission_check( ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) && mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) && From 1bdd76e950ca3d96b7b4bf8d26c611c58e86b876 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Aug 2023 10:32:24 +0200 Subject: [PATCH 008/430] Update old dependency to MBEDTLS_MD_CAN This is a follow-up to 0b8095d96ac57fa3b385cdb57cc94479795550df. Some test cases had a typo in the old dependency name (MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA instead of MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA) which caused us to miss them. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.data | 40 ++++++++++++++-------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 8e272bd10..b3a23a9ab 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1,77 +1,77 @@ Parse RSA Key #1 (No password when required) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #2 (Correct password) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 Parse RSA Key #3 (Wrong password) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #4 (DES Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_des.pem":"testkey":0 Parse RSA Key #5 (3DES Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_3des.pem":"testkey":0 Parse RSA Key #6 (AES-128 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes128.pem":"testkey":0 Parse RSA Key #7 (AES-192 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes192.pem":"testkey":0 Parse RSA Key #8 (AES-256 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_1024_aes256.pem":"testkey":0 Parse RSA Key #9 (2048-bit, DES Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_des.pem":"testkey":0 Parse RSA Key #10 (2048-bit, 3DES Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_3des.pem":"testkey":0 Parse RSA Key #11 (2048-bit, AES-128 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes128.pem":"testkey":0 Parse RSA Key #12 (2048-bit, AES-192 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes192.pem":"testkey":0 Parse RSA Key #13 (2048-bit, AES-256 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0 Parse RSA Key #14 (4096-bit, DES Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_des.pem":"testkey":0 Parse RSA Key #15 (4096-bit, 3DES Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_3des.pem":"testkey":0 Parse RSA Key #16 (4096-bit, AES-128 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0 Parse RSA Key #17 (4096-bit, AES-192 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0 Parse RSA Key #18 (4096-bit, AES-256 Encrypted) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0 Parse RSA Key #19 (PKCS#8 wrapped) -depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0 Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES) @@ -1003,7 +1003,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA +depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 Parse EC Key #4 (PKCS8 DER) From 46712c644e83ba0b0e0685a870e2fa39f9ccabf7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Aug 2023 11:54:25 +0200 Subject: [PATCH 009/430] Add missing PSA init Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index df139c60f..9bcdb55a5 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -78,7 +78,7 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) int res; mbedtls_pk_init(&ctx); - USE_PSA_INIT(); + MD_PSA_INIT(); res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); @@ -99,7 +99,7 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) exit: mbedtls_pk_free(&ctx); - USE_PSA_DONE(); + MD_PSA_DONE(); } /* END_CASE */ From 422a77f7165bdfac0f437d204672f9d61ccc1c5b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 7 Jul 2023 10:12:05 +0800 Subject: [PATCH 010/430] aes.c: clean up and fix wrong comment in #endif Signed-off-by: Yanray Wang --- library/aes.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/library/aes.c b/library/aes.c index 47a5e3e82..753bc78ad 100644 --- a/library/aes.c +++ b/library/aes.c @@ -122,8 +122,8 @@ static const unsigned char FSb[256] = 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || + !MBEDTLS_AES_SETKEY_DEC_ALT */ /* * Forward tables @@ -216,7 +216,7 @@ static const uint32_t FT3[256] = { FT }; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT */ #undef FT @@ -259,7 +259,7 @@ static const unsigned char RSb[256] = 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D }; -#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT */ /* * Reverse tables @@ -353,7 +353,7 @@ static const uint32_t RT3[256] = { RT }; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ #undef RT @@ -367,7 +367,7 @@ static const uint32_t RCON[10] = 0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x0000001B, 0x00000036 }; -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ #else /* MBEDTLS_AES_ROM_TABLES */ @@ -377,8 +377,8 @@ static const uint32_t RCON[10] = #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static unsigned char FSb[256]; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || + !MBEDTLS_AES_SETKEY_DEC_ALT */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -386,14 +386,14 @@ static uint32_t FT1[256]; static uint32_t FT2[256]; static uint32_t FT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT */ /* * Reverse S-box & tables */ -#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || !defined(MBEDTLS_AES_DECRYPT_ALT) static unsigned char RSb[256]; -#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT || !MBEDTLS_AES_DECRYPT_ALT */ #if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static uint32_t RT0[256]; @@ -402,7 +402,7 @@ static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* @@ -494,11 +494,11 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ } } -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ #undef ROTL8 @@ -615,8 +615,8 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf) return 0; } -#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +#endif /* MAY_NEED_TO_ALIGN || !MBEDTLS_AES_SETKEY_DEC_ALT || + !MBEDTLS_AES_SETKEY_ENC_ALT */ /* * AES key schedule (encryption) From 427424768a34e7e05d0e63b9d8a99ebcc6316e11 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 7 Jul 2023 17:28:24 +0800 Subject: [PATCH 011/430] aes.c: provide finer guard for RSb Variable RSb is only used for either computing reverse tables in aes_gen_tables or AES-decryption function. This commit provides more guards for when RSb is defined and used. Signed-off-by: Yanray Wang --- library/aes.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/library/aes.c b/library/aes.c index 753bc78ad..95ab3921c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -391,9 +391,14 @@ static uint32_t FT3[256]; /* * Reverse S-box & tables */ -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || !defined(MBEDTLS_AES_DECRYPT_ALT) + +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static unsigned char RSb[256]; -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT || !MBEDTLS_AES_DECRYPT_ALT */ +#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ +#if !defined(MBEDTLS_AES_DECRYPT_ALT) +static unsigned char RSb[256]; +#endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ #if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) static uint32_t RT0[256]; @@ -447,7 +452,9 @@ static void aes_gen_tables(void) * generate the forward and reverse S-boxes */ FSb[0x00] = 0x63; +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) RSb[0x63] = 0x00; +#endif for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; @@ -459,7 +466,9 @@ static void aes_gen_tables(void) x ^= y ^ 0x63; FSb[i] = x; +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) RSb[x] = (unsigned char) i; +#endif } /* @@ -481,9 +490,9 @@ static void aes_gen_tables(void) FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) x = RSb[i]; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x0D, x) << 16) ^ From 78ee0c9e4fc65d2fdffa1f9e5b6488b6ac4c88a1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 15 May 2023 11:23:50 +0800 Subject: [PATCH 012/430] aes.c: add config option to support cipher_encrypt_only Signed-off-by: Yanray Wang --- include/mbedtls/aes.h | 4 ++ library/aes.c | 95 +++++++++++++++++++++++++++---------------- 2 files changed, 65 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 7c92162d1..0780ece3b 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -167,6 +167,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief This function sets the decryption key. * @@ -185,6 +186,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -604,6 +606,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Internal AES block decryption function. This is only * exposed to allow overriding it using see @@ -619,6 +622,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MBEDTLS_SELF_TEST) /** diff --git a/library/aes.c b/library/aes.c index 95ab3921c..b604cb75c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -86,7 +86,7 @@ static int aes_padlock_ace = -1; * Forward S-box */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, @@ -123,7 +123,7 @@ static const unsigned char FSb[256] = 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; #endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - !MBEDTLS_AES_SETKEY_DEC_ALT */ + (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ /* * Forward tables @@ -220,7 +220,7 @@ static const uint32_t FT3[256] = { FT }; #undef FT -#if !defined(MBEDTLS_AES_DECRYPT_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /* * Reverse S-box */ @@ -259,7 +259,7 @@ static const unsigned char RSb[256] = 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D }; -#endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /* * Reverse tables @@ -331,7 +331,8 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) #define V(a, b, c, d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; @@ -352,8 +353,8 @@ static const uint32_t RT3[256] = { RT }; #undef V #endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #undef RT @@ -375,10 +376,10 @@ static const uint32_t RCON[10] = * Forward S-box & tables */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) static unsigned char FSb[256]; #endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - !MBEDTLS_AES_SETKEY_DEC_ALT */ + (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -391,23 +392,27 @@ static uint32_t FT3[256]; /* * Reverse S-box & tables */ - -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static unsigned char RSb[256]; -#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) +#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static unsigned char RSb[256]; -#endif /* !MBEDTLS_AES_DECRYPT_ALT */ -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY*/ +#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static uint32_t RT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* @@ -452,9 +457,11 @@ static void aes_gen_tables(void) * generate the forward and reverse S-boxes */ FSb[0x00] = 0x63; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) RSb[0x63] = 0x00; -#endif +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; @@ -466,9 +473,11 @@ static void aes_gen_tables(void) x ^= y ^ 0x63; FSb[i] = x; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) RSb[x] = (unsigned char) i; -#endif +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ } /* @@ -490,7 +499,8 @@ static void aes_gen_tables(void) FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) x = RSb[i]; RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ @@ -503,7 +513,8 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && + !MBEDTLS_CIPHER_ENCRYPT_ONLY */ } } @@ -586,8 +597,8 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) #define MAY_NEED_TO_ALIGN #endif -#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) +#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) static unsigned mbedtls_aes_rk_offset(uint32_t *buf) { #if defined(MAY_NEED_TO_ALIGN) @@ -624,8 +635,8 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf) return 0; } -#endif /* MAY_NEED_TO_ALIGN || !MBEDTLS_AES_SETKEY_DEC_ALT || - !MBEDTLS_AES_SETKEY_ENC_ALT */ +#endif /* MAY_NEED_TO_ALIGN || !MBEDTLS_AES_SETKEY_ENC_ALT || + (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ /* * AES key schedule (encryption) @@ -741,7 +752,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, /* * AES key schedule (decryption) */ -#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -810,7 +821,7 @@ exit: return ret; } -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ +#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MBEDTLS_CIPHER_MODE_XTS) static int mbedtls_aes_xts_decode_keys(const unsigned char *key, @@ -999,7 +1010,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, /* * AES-ECB block decryption */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) @@ -1056,7 +1067,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, return 0; } -#endif /* !MBEDTLS_AES_DECRYPT_ALT */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ #if defined(MAY_NEED_TO_ALIGN) /* VIA Padlock and our intrinsics-based implementation of AESNI require @@ -1113,13 +1124,16 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (mode == MBEDTLS_AES_ENCRYPT) { return mbedtls_internal_aes_encrypt(ctx, input, output); } else { return mbedtls_internal_aes_decrypt(ctx, input, output); } +#else + return mbedtls_internal_aes_encrypt(ctx, input, output); #endif - +#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -1545,6 +1559,7 @@ exit: * * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static const unsigned char aes_test_ecb_dec[][16] = { { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, @@ -1556,6 +1571,7 @@ static const unsigned char aes_test_ecb_dec[][16] = 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE } #endif }; +#endif static const unsigned char aes_test_ecb_enc[][16] = { @@ -1937,7 +1953,7 @@ int mbedtls_aes_self_test(int verbose) */ { static const int num_tests = - sizeof(aes_test_ecb_dec) / sizeof(*aes_test_ecb_dec); + sizeof(aes_test_ecb_enc) / sizeof(*aes_test_ecb_enc); for (i = 0; i < num_tests << 1; i++) { u = i >> 1; @@ -1948,13 +1964,24 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES-ECB-%3u (%s): ", keybits, (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); } +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (mode == MBEDTLS_AES_DECRYPT) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } + continue; + } +#endif memset(buf, 0, 16); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (mode == MBEDTLS_AES_DECRYPT) { ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_ecb_dec[u]; - } else { + } else +#endif + { ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); aes_tests = aes_test_ecb_enc[u]; } From 590c9b7abe3aa447ce826f6b7384f731994a1bf3 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 15:40:23 +0800 Subject: [PATCH 013/430] AESCE: add macro guard of CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- library/aesce.c | 9 +++++++++ library/aesce.h | 2 ++ 2 files changed, 11 insertions(+) diff --git a/library/aesce.c b/library/aesce.c index 6f75a67d7..650f75fb9 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -199,6 +199,7 @@ rounds_10: /* Two rounds of AESCE decryption */ #define AESCE_DECRYPT_ROUND_X2 AESCE_DECRYPT_ROUND; AESCE_DECRYPT_ROUND +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static uint8x16_t aesce_decrypt_block(uint8x16_t block, unsigned char *keys, int rounds) @@ -230,6 +231,7 @@ rounds_10: return block; } +#endif /* * AES-ECB block en(de)cryption @@ -242,11 +244,16 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (mode == MBEDTLS_AES_ENCRYPT) { block = aesce_encrypt_block(block, keys, ctx->nr); } else { block = aesce_decrypt_block(block, keys, ctx->nr); } +#else + (void) mode; + block = aesce_encrypt_block(block, keys, ctx->nr); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ vst1q_u8(&output[0], block); return 0; @@ -255,6 +262,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, /* * Compute decryption round keys from encryption round keys */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) @@ -269,6 +277,7 @@ void mbedtls_aesce_inverse_key(unsigned char *invkey, vst1q_u8(invkey + i * 16, vld1q_u8(fwdkey + j * 16)); } +#endif static inline uint32_t aes_rot_word(uint32_t word) { diff --git a/library/aesce.h b/library/aesce.h index 735c8cfad..ccc0fd3e5 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -102,6 +102,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], const unsigned char b[16]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -113,6 +114,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Internal key expansion for encryption From 380be5af3a1f81771973225f886b2fe2a19b0b95 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 15:40:34 +0800 Subject: [PATCH 014/430] AESNI: add macro guard of CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- library/aesni.c | 33 +++++++++++++++++++++++++-------- library/aesni.h | 2 ++ 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/library/aesni.c b/library/aesni.c index 5f25a8249..f7c99df51 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,21 +93,32 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; - if (mode == 0) { - while (nr != 0) { - state = _mm_aesdec_si128(state, *rk); - ++rk; - --nr; - } - state = _mm_aesdeclast_si128(state, *rk); - } else { +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (mode == MBEDTLS_AES_ENCRYPT) { while (nr != 0) { state = _mm_aesenc_si128(state, *rk); ++rk; --nr; } state = _mm_aesenclast_si128(state, *rk); + } else { + while (nr != 0) { + state = _mm_aesdec_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesdeclast_si128(state, *rk); } +#else + (void) mode; + while (nr != 0) { + + state = _mm_aesenc_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesenclast_si128(state, *rk); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ memcpy(output, &state, 16); return 0; @@ -217,6 +228,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { @@ -229,6 +241,7 @@ void mbedtls_aesni_inverse_key(unsigned char *invkey, } *ik = *fk; } +#endif /* * Key expansion, 128-bit case @@ -455,6 +468,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key AESENCLAST(xmm1_xmm0) // last round +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) "jmp 3f \n\t" "2: \n\t" // decryption loop @@ -465,6 +479,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, "jnz 2b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key AESDECLAST(xmm1_xmm0) // last round +#endif "3: \n\t" "movdqu %%xmm0, (%4) \n\t" // export output @@ -591,6 +606,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { @@ -610,6 +626,7 @@ void mbedtls_aesni_inverse_key(unsigned char *invkey, memcpy(ik, fk, 16); } +#endif /* * Key expansion, 128-bit case diff --git a/library/aesni.h b/library/aesni.h index 332a0f072..15143de83 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -141,6 +141,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], const unsigned char a[16], const unsigned char b[16]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -155,6 +156,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Internal key expansion for encryption From 67208fdba85a431776570f148a7cc65dff8aac95 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 15 May 2023 18:02:46 +0800 Subject: [PATCH 015/430] PSA: auto-enable CIPHER_ENCRYPT_ONLY if cipher-decrypt is not needed Some cipher modes use cipher-encrypt to encrypt and decrypt. (E.g: ECB, CBC). This commit adds support to automatically enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't need cipher_decrypt. Signed-off-by: Yanray Wang --- include/mbedtls/config_psa.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 3b30c0277..f558ed82b 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -598,6 +598,19 @@ #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ +/* + * ECB, CBC, XTS modes require both ENCRYPT and DECRYPT directions. + * CIPHER_ENCRYPT_ONLY is only enabled when those modes are not requested + * via the PSA API. + * + * Note: XTS is not yet supported via the PSA API in Mbed TLS. + */ +#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ + !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ + !defined(PSA_WANT_ALG_CBC_PKCS7) +#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 +#endif + #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_ECP_DP_BP256R1_ENABLED From a8ac23a758c82924de78a30cf469a9150b280bcb Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 15 May 2023 18:03:10 +0800 Subject: [PATCH 016/430] all.sh: add test case for CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8e978ac72..fea4e0f1f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4166,6 +4166,29 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } +component_test_cipher_encrypt_only () { + msg "build: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPHER_ENCRYPT_ONLY" + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_NIST_KW_C + + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + + make CC=gcc CFLAGS="-Werror -Wall -Wextra -I '$PWD' \ + -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + make test + + msg "selftest: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + programs/test/selftest + + rm -f psa_cipher_encrypt_only.h +} + component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" scripts/config.py full From 9141ad12239f98fdbb866aad25bd12a2bdffe861 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 24 Aug 2023 14:53:16 +0800 Subject: [PATCH 017/430] aria/camellia/des: guard setkey_dec by CIPHER_ENCRYPT_ONLY This is a pre-step to remove *setkey_dec_func in cipher_wrap ctx when CIPHER_ENCRYPT_ONLY is enabled. Signed-off-by: Yanray Wang --- include/mbedtls/aria.h | 2 ++ include/mbedtls/camellia.h | 2 ++ include/mbedtls/des.h | 6 ++++++ library/aria.c | 8 ++++++++ library/camellia.c | 16 +++++++++++++++- library/des.c | 21 +++++++++++++++++++++ 6 files changed, 54 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 7e55df7ec..e725ea044 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -110,6 +110,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief This function sets the decryption key. * @@ -128,6 +129,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief This function performs an ARIA single-block encryption or diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 8033c13ff..74a8e3434 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -93,6 +93,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Perform a CAMELLIA key schedule operation for decryption. * @@ -108,6 +109,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index f445102d9..f10ac90d7 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -182,6 +182,7 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief DES key schedule (56-bit, decryption) * @@ -196,6 +197,7 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (112-bit, encryption) @@ -213,6 +215,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (112-bit, decryption) * @@ -228,6 +231,7 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (168-bit, encryption) @@ -245,6 +249,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (168-bit, decryption) * @@ -260,6 +265,7 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief DES-ECB block encryption/decryption diff --git a/library/aria.c b/library/aria.c index 098036225..0bd489e68 100644 --- a/library/aria.c +++ b/library/aria.c @@ -425,6 +425,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, /* * Set decryption key */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -454,6 +455,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, return 0; } +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /* * Encrypt a block @@ -884,12 +886,18 @@ int mbedtls_aria_self_test(int verbose) /* test ECB decryption */ if (verbose) { mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i); +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + mbedtls_printf("skipped\n"); +#endif } + +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i); mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk); ARIA_SELF_TEST_ASSERT( memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE) != 0); +#endif } if (verbose) { mbedtls_printf("\n"); diff --git a/library/camellia.c b/library/camellia.c index 409727d04..634978294 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -411,6 +411,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, /* * Camellia key schedule (decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits) @@ -456,6 +457,7 @@ exit: return ret; } +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /* * Camellia-ECB block encryption/decryption @@ -900,14 +902,26 @@ int mbedtls_camellia_self_test(int verbose) (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); } +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } + continue; + } +#endif + for (i = 0; i < CAMELLIA_TESTS_ECB; i++) { memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) if (v == MBEDTLS_CAMELLIA_DECRYPT) { mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); memcpy(src, camellia_test_ecb_cipher[u][i], 16); memcpy(dst, camellia_test_ecb_plain[i], 16); - } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ + } else +#endif + { /* MBEDTLS_CAMELLIA_ENCRYPT */ mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64); memcpy(src, camellia_test_ecb_plain[i], 16); memcpy(dst, camellia_test_ecb_cipher[u][i], 16); diff --git a/library/des.c b/library/des.c index eaddf282a..a6a6b2fb8 100644 --- a/library/des.c +++ b/library/des.c @@ -483,6 +483,7 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE /* * DES key schedule (56-bit, decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; @@ -496,6 +497,7 @@ int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBE return 0; } +#endif static void des3_set2key(uint32_t esk[96], uint32_t dsk[96], @@ -538,6 +540,7 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (112-bit, decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { @@ -548,6 +551,7 @@ int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, return 0; } +#endif static void des3_set3key(uint32_t esk[96], uint32_t dsk[96], @@ -588,6 +592,7 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (168-bit, decryption) */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { @@ -598,6 +603,7 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, return 0; } +#endif /* * DES-ECB block encryption/decryption @@ -869,28 +875,43 @@ int mbedtls_des_self_test(int verbose) (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); } +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + if (v == MBEDTLS_DES_DECRYPT) { + if (verbose != 0) { + mbedtls_printf("skipped\n"); + } + continue; + } +#endif + memcpy(buf, des3_test_buf, 8); switch (i) { +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 0: ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); break; +#endif case 1: ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); break; +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 2: ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); break; +#endif case 3: ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); break; +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 4: ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); break; +#endif case 5: ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); From db9b3095fb60f01cb8965d4c6f44c22b938d5271 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 24 Aug 2023 15:47:53 +0800 Subject: [PATCH 018/430] cipher_wrap: remove *setkey_dec_func in CIPHER_ENCRYPT_ONLY There is no need to set decrypt key under CIPHER_ENCRYPT_ONLY, so we can remove *setkey_dec_func from ctx to save extra code size. Signed-off-by: Yanray Wang --- library/cipher.c | 5 +++++ library/cipher_wrap.c | 42 ++++++++++++++++++++++++++++++++++++++++++ library/cipher_wrap.h | 2 ++ 3 files changed, 49 insertions(+) diff --git a/library/cipher.c b/library/cipher.c index de7f8378e..cefd9e125 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -396,6 +396,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, ctx->key_bitlen = key_bitlen; ctx->operation = operation; +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /* * For OFB, CFB and CTR mode always use the encryption key schedule */ @@ -413,6 +414,10 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, } return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; +#else + return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, + ctx->key_bitlen); +#endif } int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 6ab2f5f13..20bb9847d 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -238,11 +238,13 @@ static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation, } #endif /* MBEDTLS_CIPHER_MODE_XTS */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen); } +#endif static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -291,7 +293,9 @@ static const mbedtls_cipher_base_t aes_info = { NULL, #endif aes_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) aes_setkey_dec_wrap, +#endif aes_ctx_alloc, aes_ctx_free }; @@ -587,7 +591,9 @@ static const mbedtls_cipher_base_t gcm_aes_info = { NULL, #endif gcm_aes_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) gcm_aes_setkey_wrap, +#endif gcm_ctx_alloc, gcm_ctx_free, }; @@ -656,7 +662,9 @@ static const mbedtls_cipher_base_t ccm_aes_info = { NULL, #endif ccm_aes_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) ccm_aes_setkey_wrap, +#endif ccm_ctx_alloc, ccm_ctx_free, }; @@ -769,11 +777,13 @@ static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen); } +#endif static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -823,7 +833,9 @@ static const mbedtls_cipher_base_t camellia_info = { NULL, #endif camellia_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) camellia_setkey_dec_wrap, +#endif camellia_ctx_alloc, camellia_ctx_free }; @@ -996,7 +1008,9 @@ static const mbedtls_cipher_base_t gcm_camellia_info = { NULL, #endif gcm_camellia_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) gcm_camellia_setkey_wrap, +#endif gcm_ctx_alloc, gcm_ctx_free, }; @@ -1065,7 +1079,9 @@ static const mbedtls_cipher_base_t ccm_camellia_info = { NULL, #endif ccm_camellia_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) ccm_camellia_setkey_wrap, +#endif ccm_ctx_alloc, ccm_ctx_free, }; @@ -1179,11 +1195,13 @@ static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen); } +#endif static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1233,7 +1251,9 @@ static const mbedtls_cipher_base_t aria_info = { NULL, #endif aria_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) aria_setkey_dec_wrap, +#endif aria_ctx_alloc, aria_ctx_free }; @@ -1406,7 +1426,9 @@ static const mbedtls_cipher_base_t gcm_aria_info = { NULL, #endif gcm_aria_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) gcm_aria_setkey_wrap, +#endif gcm_ctx_alloc, gcm_ctx_free, }; @@ -1475,7 +1497,9 @@ static const mbedtls_cipher_base_t ccm_aria_info = { NULL, #endif ccm_aria_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) ccm_aria_setkey_wrap, +#endif ccm_ctx_alloc, ccm_ctx_free, }; @@ -1583,6 +1607,7 @@ static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t } #endif /* MBEDTLS_CIPHER_MODE_CBC */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1590,6 +1615,7 @@ static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key); } +#endif static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1599,6 +1625,7 @@ static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1606,6 +1633,7 @@ static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key); } +#endif static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1615,6 +1643,7 @@ static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1622,6 +1651,7 @@ static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key); } +#endif static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1692,7 +1722,9 @@ static const mbedtls_cipher_base_t des_info = { NULL, #endif des_setkey_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) des_setkey_dec_wrap, +#endif des_ctx_alloc, des_ctx_free }; @@ -1743,7 +1775,9 @@ static const mbedtls_cipher_base_t des_ede_info = { NULL, #endif des3_set2key_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) des3_set2key_dec_wrap, +#endif des3_ctx_alloc, des3_ctx_free }; @@ -1794,7 +1828,9 @@ static const mbedtls_cipher_base_t des_ede3_info = { NULL, #endif des3_set3key_enc_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) des3_set3key_dec_wrap, +#endif des3_ctx_alloc, des3_ctx_free }; @@ -1895,7 +1931,9 @@ static const mbedtls_cipher_base_t chacha20_base_info = { chacha20_stream_wrap, #endif chacha20_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) chacha20_setkey_wrap, +#endif chacha20_ctx_alloc, chacha20_ctx_free }; @@ -1970,7 +2008,9 @@ static const mbedtls_cipher_base_t chachapoly_base_info = { NULL, #endif chachapoly_setkey_wrap, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) chachapoly_setkey_wrap, +#endif chachapoly_ctx_alloc, chachapoly_ctx_free }; @@ -2038,7 +2078,9 @@ static const mbedtls_cipher_base_t null_base_info = { null_crypt_stream, #endif null_setkey, +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) null_setkey, +#endif null_ctx_alloc, null_ctx_free }; diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index c85a4efa8..2cbc21671 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -93,9 +93,11 @@ struct mbedtls_cipher_base_t { int (*setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** Set key for decryption purposes */ int (*setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); +#endif /** Allocate a new context */ void * (*ctx_alloc_func)(void); From d7058b0a351de110ff934da4f5b642f3340bff1d Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 24 Aug 2023 15:50:38 +0800 Subject: [PATCH 019/430] dh_client: removed under CIPHER_ENCRYPT_ONLY dh_client requests AES-ECB to do decryption. So it needs to be removed under CIPHER_ENCRYPT_ONLY. Signed-off-by: Yanray Wang --- programs/pkey/dh_client.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 5a2c30fc2..9dd38bc6e 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -56,6 +56,13 @@ int main(void) "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n"); mbedtls_exit(0); } + +#elif defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +int main(void) +{ + mbedtls_printf("MBEDTLS_CIPHER_ENCRYPT_ONLY implicitly defined.\n"); + mbedtls_exit(0); +} #else From 85c3023c60f91d93ef0c9d17a136d89022fb4c11 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 16 May 2023 10:07:56 +0800 Subject: [PATCH 020/430] AES-ECB: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_aes.function | 6 +- tests/suites/test_suite_cipher.aes.data | 116 ++++++++++++------------ 2 files changed, 62 insertions(+), 60 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index d495b49ed..2aa27d320 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -6,6 +6,7 @@ * master, enc and dec must be AES context objects. They don't need to * be initialized, and are left freed. */ +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) static int test_copy(const data_t *key, mbedtls_aes_context *master, mbedtls_aes_context *enc, @@ -55,6 +56,7 @@ exit: * with alternative implementations. */ return 0; } +#endif /* END_HEADER */ @@ -86,7 +88,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void aes_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { @@ -523,7 +525,7 @@ void aes_misc_params() } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void aes_ecb_copy_context(data_t *key) { /* We test context copying multiple times, with different alignments diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 134970f5f..557d56d29 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1595,47 +1595,47 @@ depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a":0 AES-128-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"a81738252621dd180a34f3455b4baa2f":"ff800000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"77e2b508db7fd89234caf7939ee5621a":"ffc00000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"dc43be40be0e53712f7e2bf5ca707209":"6a118a874519e64e9963798a503f1d35":0 AES-128-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"92beedab1895a94faa69b632e5cc47ce":"cb9fceec81286ca3e989bd979b0cb284":0 AES-128-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"459264f4798f6a78bacb89c15ed3d601":"b26aeb1874e47ca8358ff22378f09144":0 AES-128-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"71b5c08a1993e1362e4d0ce9b22b78d5":"c2dabd117f8a3ecabfbb11d12194d9d0":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"e234cdca2606b81f29408d5f6da21206":"fff60a4740086b3b9c56195b98d91a7b":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff0000000000000000":"84be19e053635f09f2665e7bae85b42d":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0 AES-192-ECB Encrypt NIST KAT #1 @@ -1687,51 +1687,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffe00000000000000000000":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46":0 AES-192-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff800000000000000":"1b9f5fbd5e8a4264c0a85b80409afa5e":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffc00000000000000":"30dab809f85a917fe924733f424ac589":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"b0ab0a6a818baef2d11fa33eac947284fb7d748cfb75e570":"d2eafd86f63b109b91f5dbb3a3fb7e13":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ee053aa011c8b428cdcc3636313c54d6a03cac01c71579d6":"9b9fdd1c5975655f539998b306a324af":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 AES-192-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 AES-192-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 AES-192-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0 AES-192-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"a6cae46fb6fadfe7a2c302a34242817b":"ffffffffffffffffffffe00000000000":0 AES-192-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"026a7024d6a902e0b3ffccbaa910cc3f":"fffffffffffffffffffff00000000000":0 AES-256-ECB Encrypt NIST KAT #1 @@ -1783,51 +1783,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b":0 AES-256-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff80000000000000000":"6168b00ba7859e0970ecfd757efecf7c":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffffc0000000000000000":"d1415447866230d28bb1ea18a4cdfd02":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e":"a74289fe73a4c123ca189ea1e1b49ad5":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707":"b91d4ea4488644b56cf0812fa7fcf5fc":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 AES-256-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"38f2c7ae10612415d27ca190d27da8b4":"8a560769d605868ad80d819bdba03771":0 AES-256-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"1bc704f1bce135ceb810341b216d7abe":"91fbef2d15a97816060bee1feaa49afe":0 AES-256-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 AES-128-ECB crypt Encrypt NIST KAT #1 @@ -1843,15 +1843,15 @@ depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0:0 AES-128-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C +depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Encrypt NIST KAT #1 @@ -1871,19 +1871,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0:0 AES-192-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:0 AES-192-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0:0 AES-256-ECB crypt Encrypt NIST KAT #1 @@ -1903,19 +1903,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0:0 AES-256-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0:0 AES-256-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:0 AES-128-CBC crypt Encrypt NIST KAT #1 @@ -2127,19 +2127,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1 AES-128-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1 AES-192-ECB crypt Encrypt NIST KAT #1 PSA @@ -2159,19 +2159,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1 AES-192-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1 AES-256-ECB crypt Encrypt NIST KAT #1 PSA @@ -2191,19 +2191,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1 AES-256-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1 AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 From 702c220809317760ec9783406c41411f14e2e547 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 11:20:26 +0800 Subject: [PATCH 021/430] aria: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_aria.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 579dddf3b..ab1ce00ec 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -86,7 +86,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void aria_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *expected_output, int setkey_result) { From ba473b1c827a253a30bc93ac9983a3adc8d99812 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 11:24:14 +0800 Subject: [PATCH 022/430] camellia: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_camellia.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 1cef97a9f..8454c5ffe 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -67,7 +67,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void camellia_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { From 3c565275c48f1ffc00b5854b1cfecb4dfeacf844 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 11:27:09 +0800 Subject: [PATCH 023/430] des: add CIPHER_ENCRYPT_ONLY dependency for test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_cipher.des.data | 10 +++++----- tests/suites/test_suite_des.function | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 77f7515b9..2ab7fe7f1 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -575,15 +575,15 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_ENCRYPT:"FEDCBA9876543210":"0123456789ABCDEF":"ED39D950FA74BCC4":0 DES ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"0000000000000000":"8CA64DE9C1B123A7":"0000000000000000":0 DES ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF":"7359B2163E4EDC58":"FFFFFFFFFFFFFFFF":0 DES ECB Decrypt test vector (OpenSSL) #3 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"43297FAD38E373FE":"EA676B2CB7DB2B7A":"762514B829BF486A":0 DES3-EDE ECB Encrypt test vector (OpenSSL) #1 @@ -595,9 +595,9 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_ENCRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"FFFFFFFFFFFFFFFF":"199E9D6DF39AA816":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"0000000000000000FFFFFFFFFFFFFFFF":"9295B59BB384736E":"0000000000000000":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C +depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"199E9D6DF39AA816":"FFFFFFFFFFFFFFFF":0 diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index b846d777a..61ec8b8dc 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -34,7 +34,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void des_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst) { unsigned char output[100]; @@ -133,7 +133,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ void des3_decrypt_ecb(int key_count, data_t *key_str, data_t *src_str, data_t *dst) { From 72d7bb4bca913a5ef46f3b992e1a9416ea2cfc39 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 30 Aug 2023 13:58:15 +0800 Subject: [PATCH 024/430] check_config.h: add checks for CIPHER_ENCRYPT_ONLY MBEDTLS_CIPHER_ENCRYPT_ONLY is an internal configuration which is automatically enabled via the PSA. Typically, once MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled, MBEDTLS_PSA_CRYPTO_CONFIG must be enabled. This check is only used to prevent user explicitly enabling MBEDTLS_CIPHER_ENCRYPT_ONLY. In addition, we shouldn't enable MBEDTLS_CIPHER_ENCRYPT_ONLY if either CIPHER_MODE_CBC, CIPHER_MODE_XTS or NIST_KW_C is enabled. Since three of them always need AES-decrypt. Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 8 ++++++++ include/mbedtls/config_psa.h | 13 ++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ca267bdd8..c64e9c3de 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -84,6 +84,14 @@ #error "MBEDTLS_NIST_KW_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) && \ + (!defined(MBEDTLS_PSA_CRYPTO_CONFIG) || \ + (defined(MBEDTLS_CIPHER_MODE_CBC) || \ + defined(MBEDTLS_CIPHER_MODE_XTS) || \ + defined(MBEDTLS_NIST_KW_C))) +#error "MBEDTLS_CIPHER_ENCRYPT_ONLY defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index f558ed82b..9d68a3428 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -599,15 +599,18 @@ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ /* - * ECB, CBC, XTS modes require both ENCRYPT and DECRYPT directions. - * CIPHER_ENCRYPT_ONLY is only enabled when those modes are not requested - * via the PSA API. + * ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions. + * MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes + * are not requested via the PSA API and are not enabled in the legacy API. * - * Note: XTS is not yet supported via the PSA API in Mbed TLS. + * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. */ #if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - !defined(PSA_WANT_ALG_CBC_PKCS7) + !defined(PSA_WANT_ALG_CBC_PKCS7) && \ + !defined(MBEDTLS_CIPHER_MODE_CBC) && \ + !defined(MBEDTLS_CIPHER_MODE_XTS) && \ + !defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 #endif From dbcc0c61721f67feabac1c36f3413fb489be8e53 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 30 Aug 2023 15:04:01 +0800 Subject: [PATCH 025/430] aes: define internal macro to simplify #if Directive No semantic changes, only yo simplify #if Directive with introduction of MBEDTLS_AES_NEED_FORWARD_S_BOXES and MBEDTLS_AES_NEED_REVERSE_TABLES. Signed-off-by: Yanray Wang --- library/aes.c | 66 ++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 37 deletions(-) diff --git a/library/aes.c b/library/aes.c index b604cb75c..da0ab3239 100644 --- a/library/aes.c +++ b/library/aes.c @@ -75,6 +75,16 @@ #include "mbedtls/platform.h" +#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) +#define MBEDTLS_AES_NEED_FORWARD_S_BOXES +#endif + +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ + !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#define MBEDTLS_AES_NEED_REVERSE_TABLES +#endif + #if !defined(MBEDTLS_AES_ALT) #if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) @@ -85,8 +95,7 @@ static int aes_padlock_ace = -1; /* * Forward S-box */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) +#if defined(MBEDTLS_AES_NEED_FORWARD_S_BOXES) static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, @@ -122,8 +131,7 @@ static const unsigned char FSb[256] = 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; -#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ +#endif /* MBEDTLS_AES_NEED_FORWARD_S_BOXES */ /* * Forward tables @@ -331,8 +339,7 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) #define V(a, b, c, d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; @@ -353,8 +360,7 @@ static const uint32_t RT3[256] = { RT }; #undef V #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ #undef RT @@ -375,11 +381,9 @@ static const uint32_t RCON[10] = /* * Forward S-box & tables */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY)) +#if defined(MBEDTLS_AES_NEED_FORWARD_S_BOXES) static unsigned char FSb[256]; -#endif /* !MBEDTLS_AES_ENCRYPT_ALT || !MBEDTLS_AES_SETKEY_ENC_ALT || - (!MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY) */ +#endif #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -392,27 +396,21 @@ static uint32_t FT3[256]; /* * Reverse S-box & tables */ -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) || \ + !defined(MBEDTLS_AES_DECRYPT_ALT) static unsigned char RSb[256]; -#else /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) -static unsigned char RSb[256]; -#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY*/ -#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT && !MBEDTLS_AES_SETKEY_DEC_ALT && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif +#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) static uint32_t RT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; static uint32_t RT2[256]; static uint32_t RT3[256]; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* @@ -457,11 +455,9 @@ static void aes_gen_tables(void) * generate the forward and reverse S-boxes */ FSb[0x00] = 0x63; -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) RSb[0x63] = 0x00; -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; @@ -473,11 +469,9 @@ static void aes_gen_tables(void) x ^= y ^ 0x63; FSb[i] = x; -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) RSb[x] = (unsigned char) i; -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif } /* @@ -499,8 +493,7 @@ static void aes_gen_tables(void) FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) x = RSb[i]; RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ @@ -513,8 +506,7 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* (!MBEDTLS_AES_DECRYPT_ALT || !MBEDTLS_AES_SETKEY_DEC_ALT) && - !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ } } From 207c991d56ad9849e55a5e5ba9196f38d065d8ee Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 31 Aug 2023 11:42:49 +0800 Subject: [PATCH 026/430] all.sh: ciper_encrypt_only: cover AESNI and C Implementation Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fea4e0f1f..4d6ec30b5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4166,8 +4166,8 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } -component_test_cipher_encrypt_only () { - msg "build: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPHER_ENCRYPT_ONLY" +component_test_cipher_encrypt_only_aesni () { + # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS @@ -4177,13 +4177,43 @@ component_test_cipher_encrypt_only () { echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - make CC=gcc CFLAGS="-Werror -Wall -Wextra -I '$PWD' \ - -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # test AESNI intrinsics + scripts/config.py set MBEDTLS_AESNI_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + make clean + make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" make test - msg "selftest: default config + PSA_CRYPTO_CONFIG + implicitly enable CIPER_ENCRYPT_ONLY" + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + programs/test/selftest + + # test AESNI assembly + scripts/config.py set MBEDTLS_AESNI_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + make clean + make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + programs/test/selftest + + # test AES C implementation + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + scripts/config.py unset MBEDTLS_AESNI_C + make clean + make CC=gcc CFLAGS="-Werror -Wall -Wextra \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" programs/test/selftest rm -f psa_cipher_encrypt_only.h From bf66ef9085998bc5e97f2734e9bf24b37d737517 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 31 Aug 2023 14:47:01 +0800 Subject: [PATCH 027/430] all.sh: ciper_encrypt_only: cover baremetal build for AESCE Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4d6ec30b5..812942163 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4219,6 +4219,45 @@ component_test_cipher_encrypt_only_aesni () { rm -f psa_cipher_encrypt_only.h } +support_test_cipher_encrypt_only_aesce_armcc () { + armc6_cc="$ARMC6_BIN_DIR/armclang" + (check_tools "$armc6_cc" > /dev/null 2>&1) +} + +component_test_cipher_encrypt_only_aesce_armcc () { + scripts/config.py baremetal + + # armc[56] don't support SHA-512 intrinsics + scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + + # Stop armclang warning about feature detection for A64_CRYPTO. + # With this enabled, the library does build correctly under armclang, + # but in baremetal builds (as tested here), feature detection is + # unavailable, and the user is notified via a #warning. So enabling + # this feature would prevent us from building with -Werror on + # armclang. Tracked in #7198. + scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + scripts/config.py set MBEDTLS_HAVE_ASM + + # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_NIST_KW_C + + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + + # test AESCE baremetal build + scripts/config.py set MBEDTLS_AESCE_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESCE" + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + rm -f psa_cipher_encrypt_only.h +} + component_test_ctr_drbg_aes_256_sha_256 () { msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)" scripts/config.py full From 782190417c5a7755eed60ac70bb8665a28506ffe Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 31 Aug 2023 15:00:57 +0800 Subject: [PATCH 028/430] all.sh: ciper_encrypt_only: cover VIA PADLOCK Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 812942163..4cc67be75 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4219,6 +4219,48 @@ component_test_cipher_encrypt_only_aesni () { rm -f psa_cipher_encrypt_only.h } +component_test_cipher_encrypt_only_aesni_m32 () { + # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_NIST_KW_C + + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + + # test AESNI intrinsics for i386 with VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py set MBEDTLS_PADLOCK_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + programs/test/selftest + + # test AESNI intrinsics for i386 without VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_PADLOCK_C + msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ + -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + + msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + make test + + msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + programs/test/selftest + + rm -f psa_cipher_encrypt_only.h +} + support_test_cipher_encrypt_only_aesce_armcc () { armc6_cc="$ARMC6_BIN_DIR/armclang" (check_tools "$armc6_cc" > /dev/null 2>&1) From a6757765c0bc03be51dc83a25b88dcac8db76313 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Sep 2023 18:24:54 +0800 Subject: [PATCH 029/430] Add ChangeLog entry for MBEDTLS_CIPHER_ENCRYPT_ONLY Signed-off-by: Yanray Wang --- ChangeLog.d/add-cipher-encrypt-only.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/add-cipher-encrypt-only.txt diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt new file mode 100644 index 000000000..1a0181d6d --- /dev/null +++ b/ChangeLog.d/add-cipher-encrypt-only.txt @@ -0,0 +1,6 @@ +Features + * Add support to remove xxx_setkey_dec and xxx_decrypt for cipher type of + AES, ARIA, CAMELLIA and DES. This is achieved by implicitly enabling + MBEDTLS_CIPHER_ENCRYPT_ONLY when + - ECB and CBC cipher modes are not requested via the PSA API. + - ECB, CBC, XTS and KW are not enabled in the legacy API. From 4f4822c55392e19e2ae97e431e30e663e3dde047 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 16:22:01 +0800 Subject: [PATCH 030/430] Revert "des: add CIPHER_ENCRYPT_ONLY dependency for test cases" This reverts commit 3c565275c48f1ffc00b5854b1cfecb4dfeacf844. Signed-off-by: Yanray Wang --- tests/suites/test_suite_cipher.des.data | 10 +++++----- tests/suites/test_suite_des.function | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index 2ab7fe7f1..77f7515b9 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -575,15 +575,15 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_ENCRYPT:"FEDCBA9876543210":"0123456789ABCDEF":"ED39D950FA74BCC4":0 DES ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"0000000000000000":"8CA64DE9C1B123A7":"0000000000000000":0 DES ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF":"7359B2163E4EDC58":"FFFFFFFFFFFFFFFF":0 DES ECB Decrypt test vector (OpenSSL) #3 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_ECB:MBEDTLS_DECRYPT:"43297FAD38E373FE":"EA676B2CB7DB2B7A":"762514B829BF486A":0 DES3-EDE ECB Encrypt test vector (OpenSSL) #1 @@ -595,9 +595,9 @@ depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_ENCRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"FFFFFFFFFFFFFFFF":"199E9D6DF39AA816":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #1 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"0000000000000000FFFFFFFFFFFFFFFF":"9295B59BB384736E":"0000000000000000":0 DES3-EDE ECB Decrypt test vector (OpenSSL) #2 -depends_on:MBEDTLS_DES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_DES_C test_vec_ecb:MBEDTLS_CIPHER_DES_EDE_ECB:MBEDTLS_DECRYPT:"FFFFFFFFFFFFFFFF3000000000000000":"199E9D6DF39AA816":"FFFFFFFFFFFFFFFF":0 diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 61ec8b8dc..b846d777a 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -34,7 +34,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE */ void des_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst) { unsigned char output[100]; @@ -133,7 +133,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE */ void des3_decrypt_ecb(int key_count, data_t *key_str, data_t *src_str, data_t *dst) { From 56e27b9938d8357b923f78d772a6753846ddc233 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 16:25:22 +0800 Subject: [PATCH 031/430] des: don't consider DES for CIPHER_ENCRYPT_ONLY We only support ECB and CBC modes for DES. Those two modes require both encrypt and decrypt directions, so we don't consider DES with CIPHER_ENCRYPT_ONLY. Signed-off-by: Yanray Wang --- include/mbedtls/des.h | 6 ------ library/des.c | 21 --------------------- 2 files changed, 27 deletions(-) diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index f10ac90d7..f445102d9 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -182,7 +182,6 @@ int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief DES key schedule (56-bit, decryption) * @@ -197,7 +196,6 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE */ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (112-bit, encryption) @@ -215,7 +213,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (112-bit, decryption) * @@ -231,7 +228,6 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief Triple-DES key schedule (168-bit, encryption) @@ -249,7 +245,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) /** * \brief Triple-DES key schedule (168-bit, decryption) * @@ -265,7 +260,6 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ /** * \brief DES-ECB block encryption/decryption diff --git a/library/des.c b/library/des.c index a6a6b2fb8..eaddf282a 100644 --- a/library/des.c +++ b/library/des.c @@ -483,7 +483,6 @@ int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBE /* * DES key schedule (56-bit, decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; @@ -497,7 +496,6 @@ int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBE return 0; } -#endif static void des3_set2key(uint32_t esk[96], uint32_t dsk[96], @@ -540,7 +538,6 @@ int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (112-bit, decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { @@ -551,7 +548,6 @@ int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, return 0; } -#endif static void des3_set3key(uint32_t esk[96], uint32_t dsk[96], @@ -592,7 +588,6 @@ int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, /* * Triple-DES key schedule (168-bit, decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { @@ -603,7 +598,6 @@ int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, return 0; } -#endif /* * DES-ECB block encryption/decryption @@ -875,43 +869,28 @@ int mbedtls_des_self_test(int verbose) (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); } -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) - if (v == MBEDTLS_DES_DECRYPT) { - if (verbose != 0) { - mbedtls_printf("skipped\n"); - } - continue; - } -#endif - memcpy(buf, des3_test_buf, 8); switch (i) { -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 0: ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys); break; -#endif case 1: ret = mbedtls_des_setkey_enc(&ctx, des3_test_keys); break; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 2: ret = mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); break; -#endif case 3: ret = mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); break; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) case 4: ret = mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); break; -#endif case 5: ret = mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); From c5944d4a3c2983831d145508fdf3797a9751107e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 17:58:49 +0800 Subject: [PATCH 032/430] all.sh: fix a typo Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 79f5d97e3..aee68c571 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4215,41 +4215,41 @@ component_test_cipher_encrypt_only_aesni () { # test AESNI intrinsics scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" make clean make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI intrinsics" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" programs/test/selftest # test AESNI assembly scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" make clean make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AESNI assembly" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" programs/test/selftest # test AES C implementation - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" scripts/config.py unset MBEDTLS_AESNI_C make clean make CC=gcc CFLAGS="-Werror -Wall -Wextra \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY with AES C Implementation" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" programs/test/selftest rm -f psa_cipher_encrypt_only.h @@ -4269,29 +4269,29 @@ component_test_cipher_encrypt_only_aesni_m32 () { # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" make clean make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" programs/test/selftest # test AESNI intrinsics for i386 without VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" make clean make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" - msg "test: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" make test - msg "selftest: implicitly enable CIPER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" programs/test/selftest rm -f psa_cipher_encrypt_only.h @@ -4329,7 +4329,7 @@ component_test_cipher_encrypt_only_aesce_armcc () { # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C - msg "build: implicitly enable CIPER_ENCRYPT_ONLY with AESCE" + msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESCE" armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" From 3caaf0c61eac1707e15eb027828bad687813c7c2 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 17:50:14 +0800 Subject: [PATCH 033/430] Enable CIPHER_ENCRYPT_ONLY when DES is disabled Signed-off-by: Yanray Wang --- ChangeLog.d/add-cipher-encrypt-only.txt | 1 + include/mbedtls/config_adjust_legacy_crypto.h | 6 ++++++ tests/scripts/all.sh | 6 ++++++ 3 files changed, 13 insertions(+) diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt index 1a0181d6d..434c294d2 100644 --- a/ChangeLog.d/add-cipher-encrypt-only.txt +++ b/ChangeLog.d/add-cipher-encrypt-only.txt @@ -4,3 +4,4 @@ Features MBEDTLS_CIPHER_ENCRYPT_ONLY when - ECB and CBC cipher modes are not requested via the PSA API. - ECB, CBC, XTS and KW are not enabled in the legacy API. + - DES is not requested in the PSA API and the legacy API. diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 4480b8cae..c2fbb2432 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -39,14 +39,20 @@ * MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes * are not requested via the PSA API and are not enabled in the legacy API. * + * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and + * insecure block cipher, MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled when DES + * is not requested via the PSA API and is not enabled in the legacy API. + * * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. */ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ !defined(PSA_WANT_ALG_CBC_PKCS7) && \ + !defined(PSA_WANT_KEY_TYPE_DES) && \ !defined(MBEDTLS_CIPHER_MODE_CBC) && \ !defined(MBEDTLS_CIPHER_MODE_XTS) && \ + !defined(MBEDTLS_DES_C) && \ !defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 #endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index aee68c571..8223a889d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4207,11 +4207,13 @@ component_test_cipher_encrypt_only_aesni () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h # test AESNI intrinsics scripts/config.py set MBEDTLS_AESNI_C @@ -4260,11 +4262,13 @@ component_test_cipher_encrypt_only_aesni_m32 () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C @@ -4321,11 +4325,13 @@ component_test_cipher_encrypt_only_aesce_armcc () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C From ef1b04db9485c246723fe5b6f1e3e22b4a85e311 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Sep 2023 11:09:26 +0800 Subject: [PATCH 034/430] all.sh: make sure CIPHER_ENCRYPT_ONLY is enabled in tests grep corresponding mbedtls_xxx_setkey_dec and mbedtls_xxx_decrypt symbols in cipher_only tests to make sure CIPHER_ENCRYPT_ONLY is enabled as expected. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 48 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 45 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8223a889d..2107de088 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4210,7 +4210,7 @@ component_test_cipher_encrypt_only_aesni () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h @@ -4222,6 +4222,13 @@ component_test_cipher_encrypt_only_aesni () { make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" make test @@ -4235,6 +4242,13 @@ component_test_cipher_encrypt_only_aesni () { make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" make test @@ -4248,6 +4262,13 @@ component_test_cipher_encrypt_only_aesni () { make CC=gcc CFLAGS="-Werror -Wall -Wextra \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" make test @@ -4265,7 +4286,7 @@ component_test_cipher_encrypt_only_aesni_m32 () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h @@ -4278,6 +4299,13 @@ component_test_cipher_encrypt_only_aesni_m32 () { make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" make test @@ -4292,6 +4320,13 @@ component_test_cipher_encrypt_only_aesni_m32 () { make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" make test @@ -4328,7 +4363,7 @@ component_test_cipher_encrypt_only_aesce_armcc () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' >> psa_cipher_encrypt_only.h + echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h @@ -4339,6 +4374,13 @@ component_test_cipher_encrypt_only_aesce_armcc () { armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + rm -f psa_cipher_encrypt_only.h } From bc7716cddc9021398044fc32f6b115b639035e59 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 8 Sep 2023 11:20:59 +0800 Subject: [PATCH 035/430] all.sh: run make clean before make lib in armc6_build_test We should run make clean before we build libraries in armc6_build_test. On the one hand, this makes sure we do have a clean build directory initially. On the other hand, we can do extra actions after building the library with armc6_build_test. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2107de088..a69f03ffc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -412,13 +412,12 @@ armc6_build_test() FLAGS="$1" msg "build: ARM Compiler 6 ($FLAGS)" + make clean ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ WARNING_CFLAGS='-Werror -xc -std=c99' make lib msg "size: ARM Compiler 6 ($FLAGS)" "$ARMC6_FROMELF" -z library/*.o - - make clean } err_msg() @@ -3676,7 +3675,6 @@ component_build_tfm_armcc() { cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, armclang armv7-m thumb2" - make clean armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" } @@ -4853,8 +4851,6 @@ component_build_armcc () { msg "size: ARM Compiler 5" "$ARMC5_FROMELF" -z library/*.o - make clean - # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0. # ARM Compiler 6 - Target ARMv7-A From 9d87a38976cb0b9f8df8228c47acb0ebefe0c00f Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 11 Jul 2023 10:15:16 +0800 Subject: [PATCH 036/430] test_suite_ssl: improve variable naming in ssl_set_hostname_twice Signed-off-by: Pengyu Lv --- tests/suites/test_suite_ssl.function | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 29bc1c496..a4473cae8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1146,21 +1146,21 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -void ssl_set_hostname_twice(char *hostname0, char *hostname1) +void ssl_set_hostname_twice(char *input_hostname0, char *input_hostname1) { - const char *hostname; + const char *output_hostname; mbedtls_ssl_context ssl; mbedtls_ssl_init(&ssl); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0); - hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(hostname0, hostname) == 0); + TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname0) == 0); + output_hostname = mbedtls_ssl_get_hostname(&ssl); + TEST_ASSERT(strcmp(input_hostname0, output_hostname) == 0); - TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0); - hostname = mbedtls_ssl_get_hostname(&ssl); - TEST_ASSERT(strcmp(hostname1, hostname) == 0); + TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, input_hostname1) == 0); + output_hostname = mbedtls_ssl_get_hostname(&ssl); + TEST_ASSERT(strcmp(input_hostname1, output_hostname) == 0); exit: mbedtls_ssl_free(&ssl); From 6f0259e6da4d7677b48701a68adb529ea02b4473 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 21 Sep 2023 10:34:32 +0800 Subject: [PATCH 037/430] AESNI: improve comments on some guards in aesni.h Signed-off-by: Pengyu Lv --- library/aesni.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aesni.h b/library/aesni.h index ba1429029..5c5a0266b 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -165,6 +165,6 @@ int mbedtls_aesni_setkey_enc(unsigned char *rk, #endif #endif /* MBEDTLS_AESNI_HAVE_CODE */ -#endif /* MBEDTLS_AESNI_C */ +#endif /* MBEDTLS_AESNI_C && (MBEDTLS_ARCH_IS_X64 || MBEDTLS_ARCH_IS_X86) */ #endif /* MBEDTLS_AESNI_H */ From 28648236710155d30538638428b935dd1cf4d20f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 6 Sep 2023 11:50:45 +0800 Subject: [PATCH 038/430] configs: move TFM config to a subdirectory Signed-off-by: Yanray Wang --- configs/{ => ext}/crypto_config_profile_medium.h | 0 configs/{ => ext}/tfm_mbedcrypto_config_profile_medium.h | 0 scripts/code_size_compare.py | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename configs/{ => ext}/crypto_config_profile_medium.h (100%) rename configs/{ => ext}/tfm_mbedcrypto_config_profile_medium.h (100%) diff --git a/configs/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h similarity index 100% rename from configs/crypto_config_profile_medium.h rename to configs/ext/crypto_config_profile_medium.h diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h similarity index 100% rename from configs/tfm_mbedcrypto_config_profile_medium.h rename to configs/ext/tfm_mbedcrypto_config_profile_medium.h diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 53d859edf..b45f45599 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -156,8 +156,8 @@ def detect_arch() -> str: print("Unknown host architecture, cannot auto-detect arch.") sys.exit(1) -TFM_MEDIUM_CONFIG_H = 'configs/tfm_mbedcrypto_config_profile_medium.h' -TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/crypto_config_profile_medium.h' +TFM_MEDIUM_CONFIG_H = 'configs/ext/tfm_mbedcrypto_config_profile_medium.h' +TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/ext/crypto_config_profile_medium.h' CONFIG_H = 'include/mbedtls/mbedtls_config.h' CRYPTO_CONFIG_H = 'include/psa/crypto_config.h' From b153aaed9e16672f16312fd6dd31f034b778d42d Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 6 Sep 2023 12:32:10 +0800 Subject: [PATCH 039/430] configs: add config_tfm.h which includes TFM configs Signed-off-by: Yanray Wang --- configs/config-tfm.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 configs/config-tfm.h diff --git a/configs/config-tfm.h b/configs/config-tfm.h new file mode 100644 index 000000000..ec9dc98df --- /dev/null +++ b/configs/config-tfm.h @@ -0,0 +1,27 @@ +/** + * \file config-tfm.h + * + * \brief TF-M configuration with tweaks for a successful build and test. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* TF-M Configuration Options */ +#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h" + +/* TF-M PSA Crypto Configuration */ +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/ext/crypto_config_profile_medium.h" From 0c98f9f8423c74fcd2a04a0f1c17e3f9fb37448b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 6 Sep 2023 15:47:49 +0800 Subject: [PATCH 040/430] test-ref-configs: test config-tfm.h Tweak some configurations based on TF-M config in order to get a successful build and test. Signed-off-by: Yanray Wang --- configs/config-tfm.h | 20 ++++++++++++++++++++ tests/scripts/test-ref-configs.pl | 3 +++ 2 files changed, 23 insertions(+) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index ec9dc98df..772e6e5e3 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -25,3 +25,23 @@ /* TF-M PSA Crypto Configuration */ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/ext/crypto_config_profile_medium.h" + +/*****************************************************************************/ +/* Tweak configuration based on TF-M config for a successful build and test. */ +/*****************************************************************************/ + +/* MBEDTLS_PSA_CRYPTO_SPM needs third party files, so disable it. */ +#undef MBEDTLS_PSA_CRYPTO_SPM +/* TF-M provides its own (dummy) implemenations which Mbed TLS doesn't need. */ +#undef MBEDTLS_AES_SETKEY_DEC_ALT +#undef MBEDTLS_AES_DECRYPT_ALT +/* pkparse.c fails to link without this. */ +#define MBEDTLS_OID_C + +/* Since MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled, we need to disable this to + pass test_suite_psa_crypto_slot_management. */ +#undef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +/* Use built-in platform entropy functions. */ +#undef MBEDTLS_NO_PLATFORM_ENTROPY +/* Disable buffer-based memory allocator */ +#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 15209b4a0..9fd98be8d 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -53,6 +53,9 @@ my %configs = ( 'opt' => '-f ECJPAKE.*nolog', 'test_again_with_use_psa' => 1, }, + 'config-tfm.h' => { + 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice + }, ); # If no config-name is provided, use all known configs. From 5f573f8301267a8d8b443f61530ab279358107b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Sep 2023 16:17:55 +0200 Subject: [PATCH 041/430] Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER When testing the lifecycle of a transient key, it doesn't make much sense to try psa_open_key: that expects a persistent key and the lookup takes a different path. The error from psa_open_key is also different depending on whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled. To check that the key ownership is taken into account, try to access the same key id with a different owner without expecting that this is a persistent key. Just call psa_get_key_attributes, which works fine for a transient key. This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled. Signed-off-by: Gilles Peskine --- configs/config-tfm.h | 3 --- tests/suites/test_suite_psa_crypto_slot_management.function | 5 ++--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 772e6e5e3..500cb243f 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -38,9 +38,6 @@ /* pkparse.c fails to link without this. */ #define MBEDTLS_OID_C -/* Since MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled, we need to disable this to - pass test_suite_psa_crypto_slot_management. */ -#undef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER /* Use built-in platform entropy functions. */ #undef MBEDTLS_NO_PLATFORM_ENTROPY /* Disable buffer-based memory allocator */ diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 5bd12eb09..b4f2d234e 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -142,7 +142,6 @@ void transient_slot_lifecycle(int owner_id_arg, #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) { - psa_key_handle_t handle; mbedtls_svc_key_id_t key_with_invalid_owner = mbedtls_svc_key_id_make(owner_id + 1, MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key)); @@ -150,8 +149,8 @@ void transient_slot_lifecycle(int owner_id_arg, TEST_ASSERT(mbedtls_key_owner_id_equal( owner_id, MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key))); - TEST_EQUAL(psa_open_key(key_with_invalid_owner, &handle), - PSA_ERROR_DOES_NOT_EXIST); + TEST_EQUAL(psa_get_key_attributes(key_with_invalid_owner, &attributes), + PSA_ERROR_INVALID_HANDLE); } #endif From eaa1c5619aa1a32900323c89a5f60ff92ba16d1a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Sep 2023 16:23:13 +0200 Subject: [PATCH 042/430] Update location of TFM config files Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c85d4865e..7d91430ae 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3851,8 +3851,8 @@ support_build_tfm_armcc () { component_build_tfm_armcc() { # test the TF-M configuration can build cleanly with various warning flags enabled - cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" - cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" + cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, armclang armv7-m thumb2" make clean @@ -3860,9 +3860,13 @@ component_build_tfm_armcc() { } component_build_tfm() { - # test the TF-M configuration can build cleanly with various warning flags enabled - cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" - cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + # Check that the TF-M configuration can build cleanly with various + # warning flags enabled. We don't build or run tests, since the + # TF-M configuration needs a TF-M platform. A tweaked version of + # the configuration that works on mainstream platforms is in + # configs/config-tfm.h, tested via test-ref-configs.pl. + cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" + cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" From da26a5172c005f5b06b6469b534c9ab4f99c875e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Sep 2023 17:15:49 +0200 Subject: [PATCH 043/430] Disable PK_PARSE and PK_WRITE This is what TF-M intended and they have done so since we copied the file. It's either disable these options, or enable MBEDTLS_OID_C. Signed-off-by: Gilles Peskine --- configs/config-tfm.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 500cb243f..64dce4874 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -35,8 +35,17 @@ /* TF-M provides its own (dummy) implemenations which Mbed TLS doesn't need. */ #undef MBEDTLS_AES_SETKEY_DEC_ALT #undef MBEDTLS_AES_DECRYPT_ALT -/* pkparse.c fails to link without this. */ -#define MBEDTLS_OID_C +/* The configuration we have enables MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C + * but not MBEDTLS_OID_C. This is inconsistent, and leads to a link error + * when using one of the mbedtls_pk_parse_xxx or mbedtls_pk_write_xxx + * functions that depend on an mbedtls_oid_xxx function. + * Mbed TLS needs PK parse/write for RSA with PSA, but the medium + * profile doesn't have RSA. Later versions of TF-M no longer enable + * PK parse/write: it wasn't a wanted feature. So disable it here + * (otherwise we'd have to enable MBEDTLS_OID_C). + */ +#undef MBEDTLS_PK_PARSE_C +#undef MBEDTLS_PK_WRITE_C /* Use built-in platform entropy functions. */ #undef MBEDTLS_NO_PLATFORM_ENTROPY From e23fa41f1090807121414c9826c2602fb470aba7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Sep 2023 17:16:36 +0200 Subject: [PATCH 044/430] Documentation improvements Signed-off-by: Gilles Peskine --- configs/config-tfm.h | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 64dce4874..7ca83b6c9 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -1,7 +1,7 @@ /** * \file config-tfm.h * - * \brief TF-M configuration with tweaks for a successful build and test. + * \brief TF-M medium profile, adapted to work on other platforms. */ /* * Copyright The Mbed TLS Contributors @@ -20,19 +20,26 @@ * limitations under the License. */ -/* TF-M Configuration Options */ -#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h" +/* TF-M medium profile: mbedtls legacy configuration */ +#include "ext/tfm_mbedcrypto_config_profile_medium.h" -/* TF-M PSA Crypto Configuration */ +/* TF-M medium profile: PSA crypto configuration */ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/ext/crypto_config_profile_medium.h" -/*****************************************************************************/ -/* Tweak configuration based on TF-M config for a successful build and test. */ -/*****************************************************************************/ +/***********************************************************/ +/* Tweak the configuration to remove dependencies on TF-M. */ +/***********************************************************/ -/* MBEDTLS_PSA_CRYPTO_SPM needs third party files, so disable it. */ +/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ #undef MBEDTLS_PSA_CRYPTO_SPM -/* TF-M provides its own (dummy) implemenations which Mbed TLS doesn't need. */ + +/* TF-M provides its own dummy implementations to save code size. + * We don't have any way to disable the tests that need these feature, + * so we just keep AES decryption enabled. We will resolve this though + * an official way to disable AES decryption, then this deviation + * will no longer be needed: + * https://github.com/Mbed-TLS/mbedtls/issues/7368 + */ #undef MBEDTLS_AES_SETKEY_DEC_ALT #undef MBEDTLS_AES_DECRYPT_ALT /* The configuration we have enables MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C @@ -47,7 +54,10 @@ #undef MBEDTLS_PK_PARSE_C #undef MBEDTLS_PK_WRITE_C -/* Use built-in platform entropy functions. */ +/* Use built-in platform entropy functions (TF-M provides its own). */ #undef MBEDTLS_NO_PLATFORM_ENTROPY -/* Disable buffer-based memory allocator */ + +/* Disable buffer-based memory allocator. This isn't strictly required, + * but using the native allocator is faster and works better with + * memory management analysis frameworks such as ASan. */ #undef MBEDTLS_MEMORY_BUFFER_ALLOC_C From 5baf66755c5dd80f5266dc0452a799b683bdc218 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Sep 2023 17:17:10 +0200 Subject: [PATCH 045/430] Keep the list in alphabetical order Signed-off-by: Gilles Peskine --- tests/scripts/test-ref-configs.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 9fd98be8d..80aa87a99 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -49,13 +49,13 @@ my %configs = ( 'config-symmetric-only.h' => { 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice }, + 'config-tfm.h' => { + 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice + }, 'config-thread.h' => { 'opt' => '-f ECJPAKE.*nolog', 'test_again_with_use_psa' => 1, }, - 'config-tfm.h' => { - 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice - }, ); # If no config-name is provided, use all known configs. From 4419d38a1559fdea57f70e3cf8658701d3e89062 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 7 Sep 2023 11:28:27 +0800 Subject: [PATCH 046/430] config-tfm.h: include TF-M medium profile properly config-tfm.h is copied into mbedtls_config.h in test-ref-config.pl. The relative path is include/ not configs/. Signed-off-by: Yanray Wang --- configs/config-tfm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 7ca83b6c9..dab13814e 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -21,7 +21,7 @@ */ /* TF-M medium profile: mbedtls legacy configuration */ -#include "ext/tfm_mbedcrypto_config_profile_medium.h" +#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h" /* TF-M medium profile: PSA crypto configuration */ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/ext/crypto_config_profile_medium.h" @@ -35,7 +35,7 @@ /* TF-M provides its own dummy implementations to save code size. * We don't have any way to disable the tests that need these feature, - * so we just keep AES decryption enabled. We will resolve this though + * so we just keep AES decryption enabled. We will resolve this through * an official way to disable AES decryption, then this deviation * will no longer be needed: * https://github.com/Mbed-TLS/mbedtls/issues/7368 From 7050504bdcd2cfe24fb560df4c9f346e27a4a0ee Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 21 Sep 2023 17:11:40 +0800 Subject: [PATCH 047/430] all.sh: simplify common_tfm_config Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91430ae..1e92d6ff0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2893,25 +2893,18 @@ component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { # - component_test_tfm_config() common_tfm_config () { # Enable TF-M config - cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" - cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - - # Adjust for the fact that we're building outside the TF-M environment. - # - # TF-M has separation, our build doesn't - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SPM - scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - # TF-M provdes its own (dummy) implemenation, from their tree - scripts/config.py unset MBEDTLS_AES_DECRYPT_ALT - scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT - # We have an OS that provides entropy, use it - scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY + cp configs/config-tfm.h "$CONFIG_H" + echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H" + cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" # Other config adjustments to make the tests pass. # Those should probably be adopted upstream. # # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H" + # PK_[PARSE/WRITE]_C used to avoid build and link errors in test_suite_pk.c + echo "#define MBEDTLS_PK_PARSE_C" >> "$CONFIG_H" + echo "#define MBEDTLS_PK_WRITE_C" >> "$CONFIG_H" # pkparse.c and pkwrite.c fail to link without this echo "#define MBEDTLS_OID_C" >> "$CONFIG_H" # - ASN1_[PARSE/WRITE]_C found by check_config.h for pkparse/pkwrite @@ -2925,8 +2918,6 @@ common_tfm_config () { # # Enable filesystem I/O for the benefit of PK parse/write tests. echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" - # Disable this for maximal ASan efficiency - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # Config adjustments for features that are not supported # when using only drivers / by p256-m From 382966d1a75021a8ef337e669468847ffb3617d1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 21 Sep 2023 17:18:49 +0800 Subject: [PATCH 048/430] all.sh: fix a comment in common_tfm_config Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1e92d6ff0..85fadf4f8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2922,7 +2922,7 @@ common_tfm_config () { # Config adjustments for features that are not supported # when using only drivers / by p256-m # - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) + # Disable all the features that auto-enable ECP_LIGHT (see config_adjust_legacy_crypto.h) scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Disable deterministic ECDSA as p256-m only does randomized scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From 09f9300c013ed754653a315500ac4342a562ec0b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 25 Sep 2023 10:54:24 +0800 Subject: [PATCH 049/430] config-tfm.h: remove PK_[PARSE/WRITE]_C As we have removed PK_[PARSE_WRITE]_C in TF-M config, we do not have to undef them in config-tfm.h Signed-off-by: Yanray Wang --- configs/config-tfm.h | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index dab13814e..b8233e900 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -42,17 +42,6 @@ */ #undef MBEDTLS_AES_SETKEY_DEC_ALT #undef MBEDTLS_AES_DECRYPT_ALT -/* The configuration we have enables MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C - * but not MBEDTLS_OID_C. This is inconsistent, and leads to a link error - * when using one of the mbedtls_pk_parse_xxx or mbedtls_pk_write_xxx - * functions that depend on an mbedtls_oid_xxx function. - * Mbed TLS needs PK parse/write for RSA with PSA, but the medium - * profile doesn't have RSA. Later versions of TF-M no longer enable - * PK parse/write: it wasn't a wanted feature. So disable it here - * (otherwise we'd have to enable MBEDTLS_OID_C). - */ -#undef MBEDTLS_PK_PARSE_C -#undef MBEDTLS_PK_WRITE_C /* Use built-in platform entropy functions (TF-M provides its own). */ #undef MBEDTLS_NO_PLATFORM_ENTROPY From 4eaf5adda995e4296eefccce6e4f93254f300c37 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 25 Sep 2023 10:57:16 +0800 Subject: [PATCH 050/430] all.sh: remove define MD_C in common_tfm_config We have set MBEDTLS_MD_C in tfm_mbedcrypto_config_profile_medium.h so there is no need to enable it again. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 85fadf4f8..88d741454 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2910,8 +2910,6 @@ common_tfm_config () { # - ASN1_[PARSE/WRITE]_C found by check_config.h for pkparse/pkwrite echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H" echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H" - # - MD_C for HKDF_C - echo "#define MBEDTLS_MD_C" >> "$CONFIG_H" # Config adjustments for better test coverage in our environment. # These are not needed just to build and pass tests. From 145bb2946e0d18448caab07300fd34be7614fa0d Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 25 Sep 2023 11:10:25 +0800 Subject: [PATCH 051/430] check_config: add check of ASN1_[WRITE/PARSE]_C This commit adds dependency check when PK_CAN_ECDSA_SIGN or PK_CAN_ECDSA_VERIFY is enabled but no corresponding ASN1_WRITE_C or ASN1_PARSE_C is enabled under PSA. Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 17eb0340c..5c96223d7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -106,6 +106,15 @@ #error "MBEDTLS_ECDSA_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && !defined(MBEDTLS_ASN1_WRITE_C) +#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_WRITE_C for ECDSA signature" +#endif +#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && !defined(MBEDTLS_ASN1_PARSE_C) +#error "MBEDTLS_PK_C with MBEDTLS_USE_PSA_CRYPTO needs MBEDTLS_ASN1_PARSE_C for ECDSA verification" +#endif +#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_ECJPAKE_C) && \ ( !defined(MBEDTLS_ECP_C) || \ !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) ) From 73bb2318785b997ad0ba729c512d5d97b5f3205c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 25 Sep 2023 11:21:15 +0800 Subject: [PATCH 052/430] all.sh: remove not needed #define in common_tfm_config Since we have removed PK_C, PK_[WRITE/PARSE]_C, there is no need to define PK related configurations again. Therefore we removed them in common_tfm_config to make a simpler. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 88d741454..0557ee359 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2897,22 +2897,14 @@ common_tfm_config () { echo "#undef MBEDTLS_PSA_CRYPTO_CONFIG_FILE" >> "$CONFIG_H" cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - # Other config adjustments to make the tests pass. - # Those should probably be adopted upstream. + # Other config adjustment to make the tests pass. + # This should probably be adopted upstream. # # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H" - # PK_[PARSE/WRITE]_C used to avoid build and link errors in test_suite_pk.c - echo "#define MBEDTLS_PK_PARSE_C" >> "$CONFIG_H" - echo "#define MBEDTLS_PK_WRITE_C" >> "$CONFIG_H" - # pkparse.c and pkwrite.c fail to link without this - echo "#define MBEDTLS_OID_C" >> "$CONFIG_H" - # - ASN1_[PARSE/WRITE]_C found by check_config.h for pkparse/pkwrite - echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H" - echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H" - # Config adjustments for better test coverage in our environment. - # These are not needed just to build and pass tests. + # Config adjustment for better test coverage in our environment. + # This is not needed just to build and pass tests. # # Enable filesystem I/O for the benefit of PK parse/write tests. echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" @@ -2924,7 +2916,6 @@ common_tfm_config () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # Disable deterministic ECDSA as p256-m only does randomized scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - } # Keep this in sync with component_test_tfm_config() as they are both meant From 61f96608ccf71b8314b9d85b5ae7953f8ba00b5a Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 25 Sep 2023 14:13:22 +0800 Subject: [PATCH 053/430] test_suite_pk: add extra dependency for pk_psa_sign pk_psa_sign is guarded by MBEDTLS_TEST_PK_PSA_SIGN which is set under: - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. - The build has built-in ECC and ECDSA signature. Signed-off-by: Yanray Wang --- tests/suites/test_suite_pk.function | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 881429c2d..fa0b03b34 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -24,6 +24,17 @@ #define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS #define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) +/* MBEDTLS_TEST_PK_PSA_SIGN is enabled when: + * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. + * - The build has built-in ECC and ECDSA signature. + */ +#if (defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ + ((defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)) || \ + defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \ + (defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_CAN_ECDSA_SIGN)) +#define MBEDTLS_TEST_PK_PSA_SIGN +#endif + #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { @@ -1274,7 +1285,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ void pk_psa_sign(int parameter_arg, int psa_type_arg, int expected_bits_arg) { From 079b3bb97b4c1a769fdc517340e73d1eff45bcbb Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 26 Sep 2023 12:19:15 +0800 Subject: [PATCH 054/430] test_suite_asn1parse.data: remove {} in test data description In analyze_outcomes.py, if a test case passes in reference_test but not in driver_test, we log the key by key.format in python. However, this causes error because of the grammar {} in python string format. So removing {} to avoid KeyError for sys.stderr.write((fmt + '\n').format(*args, **kwargs)) Signed-off-by: Yanray Wang --- tests/suites/test_suite_asn1parse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_asn1parse.data b/tests/suites/test_suite_asn1parse.data index c129e3c8f..4b1372962 100644 --- a/tests/suites/test_suite_asn1parse.data +++ b/tests/suites/test_suite_asn1parse.data @@ -514,13 +514,13 @@ traverse_sequence_of:"300705000203123456":0:0:0xff:0x02:"6,0x02,3":0 Traverse SEQUENCE of INTEGER, skip everything traverse_sequence_of:"30080203123456020178":0xff:0x02:0:1:"":0 -Traverse SEQUENCE of {NULL, OCTET STRING}, skip NULL: OS, NULL +Traverse SEQUENCE of NULL, OCTET STRING, skip NULL: OS, NULL traverse_sequence_of:"300704031234560500":0xfe:0x04:0xff:0x04:"4,0x04,3":0 -Traverse SEQUENCE of {NULL, OCTET STRING}, skip NULL: NULL, OS +Traverse SEQUENCE of NULL, OCTET STRING, skip NULL: NULL, OS traverse_sequence_of:"300705000403123456":0xfe:0x04:0xff:0x04:"6,0x04,3":0 -Traverse SEQUENCE of {NULL, OCTET STRING}, skip everything +Traverse SEQUENCE of NULL, OCTET STRING, skip everything traverse_sequence_of:"300705000403123456":0xfe:0x04:0:1:"":0 Traverse SEQUENCE of INTEGER, stop at 0: NULL From ffbdd33f043534016fe562d2552c29df71de15bb Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 26 Sep 2023 15:16:30 +0800 Subject: [PATCH 055/430] Revert "test_suite_asn1parse.data: remove {} in test data description" This reverts commit 929311e9a7c092b54a05d84bc74daa8efdb07422. Signed-off-by: Yanray Wang --- tests/suites/test_suite_asn1parse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_asn1parse.data b/tests/suites/test_suite_asn1parse.data index 4b1372962..c129e3c8f 100644 --- a/tests/suites/test_suite_asn1parse.data +++ b/tests/suites/test_suite_asn1parse.data @@ -514,13 +514,13 @@ traverse_sequence_of:"300705000203123456":0:0:0xff:0x02:"6,0x02,3":0 Traverse SEQUENCE of INTEGER, skip everything traverse_sequence_of:"30080203123456020178":0xff:0x02:0:1:"":0 -Traverse SEQUENCE of NULL, OCTET STRING, skip NULL: OS, NULL +Traverse SEQUENCE of {NULL, OCTET STRING}, skip NULL: OS, NULL traverse_sequence_of:"300704031234560500":0xfe:0x04:0xff:0x04:"4,0x04,3":0 -Traverse SEQUENCE of NULL, OCTET STRING, skip NULL: NULL, OS +Traverse SEQUENCE of {NULL, OCTET STRING}, skip NULL: NULL, OS traverse_sequence_of:"300705000403123456":0xfe:0x04:0xff:0x04:"6,0x04,3":0 -Traverse SEQUENCE of NULL, OCTET STRING, skip everything +Traverse SEQUENCE of {NULL, OCTET STRING}, skip everything traverse_sequence_of:"300705000403123456":0xfe:0x04:0:1:"":0 Traverse SEQUENCE of INTEGER, stop at 0: NULL From 0e319ae5776f1c03617a1f78cbc2a6337f81b4f6 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 26 Sep 2023 16:19:18 +0800 Subject: [PATCH 056/430] analyze_outcomes: escape {} in string format for test description {} are valid characters in test description, but they're not escaped properly in python string format(). To resolve the bug of KeyError when it tries to log test description which contains {}, we replace {XXX} format with {{XXX}} in order to escape {} in python string format() properly. In addition, the calls to Results.log() are also handled to avoid similar potential problems. Signed-off-by: Yanray Wang --- tests/scripts/analyze_outcomes.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 119dbb57a..085bff2f2 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -60,13 +60,13 @@ def execute_reference_driver_tests(ref_component, driver_component, outcome_file # If the outcome file already exists, we assume that the user wants to # perform the comparison analysis again without repeating the tests. if os.path.exists(outcome_file): - Results.log("Outcome file (" + outcome_file + ") already exists. " + \ - "Tests will be skipped.") + Results.log("Outcome file {} already exists. Tests will be skipped.", + outcome_file) return shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \ " " + ref_component + " " + driver_component - Results.log("Running: " + shell_command) + Results.log("Running: {}", shell_command) ret_val = subprocess.run(shell_command.split(), check=False).returncode if ret_val != 0: @@ -101,6 +101,7 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver, """ available = check_test_cases.collect_available_test_cases() result = True + escape_curly_brace = lambda x: x.replace('{', '{{').replace('}', '}}') for key in available: # Continue if test was not executed by any component @@ -125,7 +126,7 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver, if component_ref in entry: reference_test_passed = True if(reference_test_passed and not driver_test_passed): - Results.log(key) + Results.log(escape_curly_brace(key)) result = False return result @@ -172,8 +173,8 @@ def do_analyze_driver_vs_reference(outcome_file, args): ignored_suites = ['test_suite_' + x for x in args['ignored_suites']] outcomes = read_outcome_file(outcome_file) - Results.log("\n*** Analyze driver {} vs reference {} ***\n".format( - args['component_driver'], args['component_ref'])) + Results.log("\n*** Analyze driver {} vs reference {} ***\n", + args['component_driver'], args['component_ref']) return analyze_driver_vs_reference(outcomes, args['component_ref'], args['component_driver'], ignored_suites, args['ignored_tests']) @@ -652,7 +653,7 @@ def main(): for task in tasks: if task not in TASKS: - Results.log('Error: invalid task: {}'.format(task)) + Results.log('Error: invalid task: {}', task) sys.exit(1) TASKS['analyze_coverage']['args']['full_coverage'] = \ From 5c0c858026189b106864b2763fb3f1884286b580 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 26 Sep 2023 16:52:33 +0800 Subject: [PATCH 057/430] analyze_outcomes: ignore asn1parse and asn1write in result analysis By default, we disable ASN1_[PARSE/WRITE]_C in common_tfm_config. In fact, this is what happens for accelerated p256m driver, which means all asn1[parse/write] tests are skipped in driver_accel test. However, those two macros are automatically enabled for built-in ECDSA via PSA, which means all asn1[parse/write] tests are passed in tfm_config test. This commit simply ignores the whole asn1[parse/write] test suite when analyzing between driver and reference. Signed-off-by: Yanray Wang --- tests/scripts/analyze_outcomes.py | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 085bff2f2..0c63eff4f 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -530,6 +530,8 @@ TASKS = { 'ignored_suites': [ # Ignore test suites for the modules that are disabled in the # accelerated test case. + 'asn1parse', + 'asn1write', 'ecp', 'ecdsa', 'ecdh', @@ -593,28 +595,6 @@ TASKS = { 'test_suite_psa_crypto_pake': [ 'PSA PAKE: ecjpake size macros', ], - 'test_suite_asn1parse': [ - # This test depends on BIGNUM_C - 'INTEGER too large for mpi', - ], - 'test_suite_asn1write': [ - # Following tests depends on BIGNUM_C - 'ASN.1 Write mpi 0 (1 limb)', - 'ASN.1 Write mpi 0 (null)', - 'ASN.1 Write mpi 0x100', - 'ASN.1 Write mpi 0x7f', - 'ASN.1 Write mpi 0x7f with leading 0 limb', - 'ASN.1 Write mpi 0x80', - 'ASN.1 Write mpi 0x80 with leading 0 limb', - 'ASN.1 Write mpi 0xff', - 'ASN.1 Write mpi 1', - 'ASN.1 Write mpi, 127*8 bits', - 'ASN.1 Write mpi, 127*8+1 bits', - 'ASN.1 Write mpi, 127*8-1 bits', - 'ASN.1 Write mpi, 255*8 bits', - 'ASN.1 Write mpi, 255*8-1 bits', - 'ASN.1 Write mpi, 256*8-1 bits', - ], } } } From 89c88bb44bf2b4e35ecce38bd38e502ed6cebbf5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 27 Sep 2023 10:31:44 +0800 Subject: [PATCH 058/430] analyze_outcomes: fix incorrect use of Results.log() Signed-off-by: Yanray Wang --- tests/scripts/analyze_outcomes.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 0c63eff4f..48457e67a 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -101,7 +101,6 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver, """ available = check_test_cases.collect_available_test_cases() result = True - escape_curly_brace = lambda x: x.replace('{', '{{').replace('}', '}}') for key in available: # Continue if test was not executed by any component @@ -126,7 +125,7 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver, if component_ref in entry: reference_test_passed = True if(reference_test_passed and not driver_test_passed): - Results.log(escape_curly_brace(key)) + Results.log('{}', key) result = False return result @@ -621,7 +620,7 @@ def main(): if options.list: for task in TASKS: - Results.log(task) + Results.log('{}', task) sys.exit(0) result = True From 02e3a074a35cb1cc0e2319f160e17013a7a40062 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 15:13:20 +0800 Subject: [PATCH 059/430] Add max_early_data_size into ticket Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 4 ++++ library/ssl_tls.c | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index debb1cc2c..ad5fbc57a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1252,6 +1252,10 @@ struct mbedtls_ssl_session { #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + uint32_t MBEDTLS_PRIVATE(max_early_data_size); /*!< max_early_data_size of ticket */ +#endif + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d3a7ddb42..2c88da59b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2466,6 +2466,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( * uint32 ticket_age_add; * uint8 ticket_flags; * opaque resumption_key<0..255>; + * uint32 max_early_data_size; * select ( endpoint ) { * case client: ClientOnlyData; * case server: uint64 start_time; @@ -2498,6 +2499,10 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, } needed += session->resumption_key_len; /* resumption_key */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + needed += 4; /* max_early_data_size */ +#endif + #if defined(MBEDTLS_HAVE_TIME) needed += 8; /* start_time or ticket_received */ #endif @@ -2537,6 +2542,11 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, memcpy(p, session->resumption_key, session->resumption_key_len); p += session->resumption_key_len; +#if defined(MBEDTLS_SSL_EARLY_DATA) + MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); + p += 4; +#endif + #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { MBEDTLS_PUT_UINT64_BE((uint64_t) session->start, p, 0); @@ -2605,6 +2615,14 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, memcpy(session->resumption_key, p, session->resumption_key_len); p += session->resumption_key_len; +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (end - p < 4) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); + p += 4; +#endif + #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { if (end - p < 8) { From 33bf240e53447d92269e2e8670d595bff1fca7a6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 16:01:43 +0800 Subject: [PATCH 060/430] Add max_early_data_size into copy list Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b8201f086..3e6c0385d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -467,6 +467,10 @@ static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst, } memcpy(dst->resumption_key, src->resumption_key, src->resumption_key_len); +#if defined(MBEDTLS_SSL_EARLY_DATA) + dst->max_early_data_size = src->max_early_data_size; +#endif + return 0; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ From 34e9516cb69225c0e50c8257f1461c5aaf63d0b4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 15:14:56 +0800 Subject: [PATCH 061/430] Add unit test for max_early_data_size of ticket Signed-off-by: Jerry Yu --- tests/src/test_helpers/ssl_helpers.c | 4 ++++ tests/suites/test_suite_ssl.function | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 5c305cb0a..a55d06701 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1638,6 +1638,10 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, session->resumption_key_len = 32; memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); +#if defined(MBEDTLS_SSL_EARLY_DATA) + session->max_early_data_size = 0x87654321; +#endif + #if defined(MBEDTLS_HAVE_TIME) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { session->start = mbedtls_time(NULL) - 42; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index eb2407d2e..07f1d97ef 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2042,6 +2042,12 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, restored.resumption_key, original.resumption_key_len) == 0); } + +#if defined(MBEDTLS_SSL_EARLY_DATA) + TEST_ASSERT( + original.max_early_data_size == restored.max_early_data_size); +#endif + #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { TEST_ASSERT(original.start == restored.start); From adb3cc4d433466f00ba827d5288577e367fbf1f3 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Tue, 17 Oct 2023 11:50:50 +0200 Subject: [PATCH 062/430] Fixes #8377. Signed-off-by: Matthias Schulz --- library/x509_csr.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/x509_csr.c b/library/x509_csr.c index 0b2bb6f3b..bd45c5665 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -78,6 +78,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, int ret; size_t len; unsigned char *end_ext_data; + int critical; while (*p < end) { mbedtls_x509_buf extn_oid = { 0, 0, NULL }; int ext_type = 0; @@ -100,6 +101,9 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, extn_oid.p = *p; *p += extn_oid.len; + /* Get and ignore optional critical flag */ + (void)mbedtls_asn1_get_bool(p, end_ext_data, &critical); + /* Data should be octet string type */ if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { From cc923f307ed3b99299034d17ed042151e4cc0712 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Tue, 17 Oct 2023 12:36:23 +0200 Subject: [PATCH 063/430] Added missing like between variables and function body. Signed-off-by: Matthias Schulz --- library/x509_csr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509_csr.c b/library/x509_csr.c index bd45c5665..ce4c081e3 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -79,6 +79,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, size_t len; unsigned char *end_ext_data; int critical; + while (*p < end) { mbedtls_x509_buf extn_oid = { 0, 0, NULL }; int ext_type = 0; From 0ca58e3c1000d067fb28bfb41dc90a1db9308b0d Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Tue, 17 Oct 2023 13:11:52 +0200 Subject: [PATCH 064/430] Added testcase with certificate that contains extensions with critical fields. Signed-off-by: Matthias Schulz --- tests/suites/test_suite_x509parse.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 4b75f1763..a38a3ff32 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2940,6 +2940,10 @@ X509 CSR ASN.1 (OK) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n":0 +X509 CSR ASN.1 (critical extensions) +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 + X509 CSR ASN.1 (bad first tag) mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 873a202d18915abe1ca15976389768eb3c1e18ba Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Tue, 17 Oct 2023 16:02:20 +0200 Subject: [PATCH 065/430] Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions. Signed-off-by: Matthias Schulz --- library/x509_csr.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/library/x509_csr.c b/library/x509_csr.c index ce4c081e3..baf260664 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -75,13 +75,13 @@ static int x509_csr_get_version(unsigned char **p, static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, unsigned char **p, const unsigned char *end) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *end_ext_data; - int critical; while (*p < end) { mbedtls_x509_buf extn_oid = { 0, 0, NULL }; + int is_critical = 0; /* DEFAULT FALSE */ int ext_type = 0; /* Read sequence tag */ @@ -102,8 +102,11 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, extn_oid.p = *p; *p += extn_oid.len; - /* Get and ignore optional critical flag */ - (void)mbedtls_asn1_get_bool(p, end_ext_data, &critical); + /* Get optional critical */ + if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && + (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); + } /* Data should be octet string type */ if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, @@ -157,6 +160,12 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, default: break; } + } else { + if (is_critical) { + /* Data is marked as critical: fail */ + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } } *p = end_ext_data; } From a3d911b0ae1b49dfa94142a56ac28c7b58abb6f2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 23 May 2023 17:21:52 +0800 Subject: [PATCH 066/430] add script for server9_bad_saltlen Signed-off-by: Jerry Yu --- .../generate_server9_bad_saltlen.py | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100755 scripts/mbedtls_dev/generate_server9_bad_saltlen.py diff --git a/scripts/mbedtls_dev/generate_server9_bad_saltlen.py b/scripts/mbedtls_dev/generate_server9_bad_saltlen.py new file mode 100755 index 000000000..68a8a5f15 --- /dev/null +++ b/scripts/mbedtls_dev/generate_server9_bad_saltlen.py @@ -0,0 +1,100 @@ +#!/usr/bin/env python3 +"""Generate server9-bad-saltlen.crt + +`server9-bad-saltlen.crt (announcing saltlen = 0xDE, signed with another len)`. It can not generate +with normal command. This script is to generate the file. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import subprocess +import argparse +from asn1crypto import pem, x509, core #type: ignore #pylint: disable=import-error + +OPENSSL_RSA_PSS_CERT_COMMAND = r''' +openssl x509 -req -CA {ca_name}.crt -CAkey {ca_name}.key -set_serial 24 {ca_password} \ + {openssl_extfile} -days 3650 -outform DER -in {csr} \ + -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{anounce_saltlen} \ + -sigopt rsa_mgf1_md:sha256 +''' +SIG_OPT = \ + r'-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{saltlen} -sigopt rsa_mgf1_md:sha256' +OPENSSL_RSA_PSS_DGST_COMMAND = r'''openssl dgst -sign {ca_name}.key {ca_password} \ + -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:{actual_saltlen} \ + -sigopt rsa_mgf1_md:sha256''' + + +def auto_int(x): + return int(x, 0) + + +def build_argparser(parser): + """Build argument parser""" + parser.description = __doc__ + parser.add_argument('--ca-name', type=str, required=True, + help='Basename of CA files') + parser.add_argument('--ca-password', type=str, + required=True, help='CA key file password') + parser.add_argument('--csr', type=str, required=True, + help='CSR file for generating certificate') + parser.add_argument('--openssl-extfile', type=str, + required=True, help='X905 v3 extension config file') + parser.add_argument('--anounce_saltlen', type=auto_int, + required=True, help='Announced salt length') + parser.add_argument('--actual_saltlen', type=auto_int, + required=True, help='Actual salt length') + parser.add_argument('--output', type=str, required=True) + + +def main(): + parser = argparse.ArgumentParser() + build_argparser(parser) + args = parser.parse_args() + + return generate(**vars(args)) + +def generate(**kwargs): + """Generate different slt length certificate file.""" + ca_password = kwargs.get('ca_password', '') + if ca_password: + kwargs['ca_password'] = r'-passin "pass:{ca_password}"'.format( + **kwargs) + else: + kwargs['ca_password'] = '' + extfile = kwargs.get('openssl_extfile', '') + if extfile: + kwargs['openssl_extfile'] = '-extfile {openssl_extfile}'.format( + **kwargs) + else: + kwargs['openssl_extfile'] = '' + + cmd = OPENSSL_RSA_PSS_CERT_COMMAND.format(**kwargs) + der_bytes = subprocess.check_output(cmd, shell=True) + target_certificate = x509.Certificate.load(der_bytes) + + cmd = OPENSSL_RSA_PSS_DGST_COMMAND.format(**kwargs) + #pylint: disable=unexpected-keyword-arg + der_bytes = subprocess.check_output(cmd, + input=target_certificate['tbs_certificate'].dump(), + shell=True) + + with open(kwargs.get('output'), 'wb') as f: + target_certificate['signature_value'] = core.OctetBitString(der_bytes) + f.write(pem.armor('CERTIFICATE', target_certificate.dump())) + + +if __name__ == '__main__': + main() From 09977e230754ce52c3cd4bc96232da702878d1dc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 25 May 2023 10:53:38 +0800 Subject: [PATCH 067/430] Add asn1crypto to python maintainer requirements Signed-off-by: Jerry Yu --- scripts/maintainer.requirements.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/maintainer.requirements.txt b/scripts/maintainer.requirements.txt index b149921a2..dd2826486 100644 --- a/scripts/maintainer.requirements.txt +++ b/scripts/maintainer.requirements.txt @@ -8,3 +8,6 @@ clang # For building some test vectors pycryptodomex pycryptodome-test-vectors + +# For building `tests/data_files/server9-bad-saltlen.crt` +asn1crypto From ca3790d6538de1bec60c7d7ca09a94a35f83e8d7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 24 May 2023 18:00:54 +0800 Subject: [PATCH 068/430] Add server9-bad-saltlen generate command Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 15 +++++++++++---- tests/data_files/opensslcnf/server9.crt.v3_ext | 4 ++++ 2 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 tests/data_files/opensslcnf/server9.crt.v3_ext diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 21ca489c1..1c0bde4df 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -577,10 +577,6 @@ server9-with-ca.crt: server9.crt $(test_ca_crt) cat $^ > $@ all_final += server9-with-ca.crt -# FIXME: This file needs special sequence. It should be update manually -server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) - false - server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \ @@ -590,6 +586,17 @@ server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) -in $< -out $@ all_final += server9-bad-mgfhash.crt +server9-bad-saltlen.crt: server9.csr \ + $(test_ca_crt) $(test_ca_key_file_rsa) \ + opensslcnf/server9.crt.v3_ext \ + ../../scripts/mbedtls_dev/generate_server9_bad_saltlen.py + ../../scripts/mbedtls_dev/generate_server9_bad_saltlen.py --ca-name test-ca \ + --ca-password $(test_ca_pwd_rsa) --csr server9.csr \ + --openssl-extfile opensslcnf/server9.crt.v3_ext \ + --anounce_saltlen 0xde --actual_saltlen 0x20 \ + --output $@ +all_final += server9-bad-saltlen.crt + # server10* server10.crt: server10.key test-int-ca3.crt test-int-ca3.key diff --git a/tests/data_files/opensslcnf/server9.crt.v3_ext b/tests/data_files/opensslcnf/server9.crt.v3_ext new file mode 100644 index 000000000..f8d201bea --- /dev/null +++ b/tests/data_files/opensslcnf/server9.crt.v3_ext @@ -0,0 +1,4 @@ +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + From 2f3f9680331cd9c692fe4395c578e927d1a32132 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 18 Oct 2023 15:06:54 +0800 Subject: [PATCH 069/430] fix wrong typo and indent issue Signed-off-by: Jerry Yu --- .../generate_server9_bad_saltlen.py | 2 +- tests/data_files/Makefile | 25 ++++++++----------- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/scripts/mbedtls_dev/generate_server9_bad_saltlen.py b/scripts/mbedtls_dev/generate_server9_bad_saltlen.py index 68a8a5f15..813e6dc0f 100755 --- a/scripts/mbedtls_dev/generate_server9_bad_saltlen.py +++ b/scripts/mbedtls_dev/generate_server9_bad_saltlen.py @@ -67,7 +67,7 @@ def main(): return generate(**vars(args)) def generate(**kwargs): - """Generate different slt length certificate file.""" + """Generate different salt length certificate file.""" ca_password = kwargs.get('ca_password', '') if ca_password: kwargs['ca_password'] = r'-passin "pass:{ca_password}"'.format( diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 1c0bde4df..4ab5786e1 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -203,10 +203,8 @@ test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test- $(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \ -signkey $(test_ca_key_file_ec) -days 3653 -out $@ -all_final += test-ca2.ku-crl.crt \ - test-ca2.ku-crt.crt \ - test-ca2.ku-crt_crl.crt \ - test-ca2.ku-ds.crt +all_final += test-ca2.ku-crl.crt test-ca2.ku-crt.crt test-ca2.ku-crt_crl.crt \ + test-ca2.ku-ds.crt test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ @@ -586,10 +584,9 @@ server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) -in $< -out $@ all_final += server9-bad-mgfhash.crt -server9-bad-saltlen.crt: server9.csr \ - $(test_ca_crt) $(test_ca_key_file_rsa) \ - opensslcnf/server9.crt.v3_ext \ - ../../scripts/mbedtls_dev/generate_server9_bad_saltlen.py +server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) \ + opensslcnf/server9.crt.v3_ext \ + ../../scripts/mbedtls_dev/generate_server9_bad_saltlen.py ../../scripts/mbedtls_dev/generate_server9_bad_saltlen.py --ca-name test-ca \ --ca-password $(test_ca_pwd_rsa) --csr server9.csr \ --openssl-extfile opensslcnf/server9.crt.v3_ext \ @@ -1549,9 +1546,9 @@ server6-ss-child.csr : server6.key all_intermediate += server6-ss-child.csr server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \ - -extfile server6-ss-child.crt.openssl.v3_ext \ - -set_serial 0x53a2cb5822399474a7ec79ec \ - -days 3650 -sha256 -in $< -out $@ + -extfile server6-ss-child.crt.openssl.v3_ext \ + -set_serial 0x53a2cb5822399474a7ec79ec \ + -days 3650 -sha256 -in $< -out $@ all_final += server6-ss-child.crt @@ -1718,9 +1715,9 @@ crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) $(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@ crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \ - $(test_ca_config_file) \ - test-ca.server1.future-crl.db \ - test-ca.server1.future-crl.opensslconf + $(test_ca_config_file) \ + test-ca.server1.future-crl.db \ + test-ca.server1.future-crl.opensslconf $(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \ -config test-ca.server1.future-crl.opensslconf -crldays 365 \ -passin "pass:$(test_ca_pwd_rsa)" -out $@ From ab4082290ee9e1a175255940ebba6af90827ba4f Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Wed, 18 Oct 2023 13:20:59 +0200 Subject: [PATCH 070/430] Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases. Signed-off-by: Matthias Schulz --- include/mbedtls/x509_csr.h | 58 +++++++++ library/x509_csr.c | 136 ++++++++++++++------- tests/suites/test_suite_x509parse.data | 12 +- tests/suites/test_suite_x509parse.function | 57 +++++++++ 4 files changed, 218 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 513a83edd..a4bdc9413 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -102,6 +102,64 @@ mbedtls_x509write_csr; int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen); +/** + * \brief The type of certificate extension callbacks. + * + * Callbacks of this type are passed to and used by the + * mbedtls_x509_csr_parse_der_with_ext_cb() routine when + * it encounters either an unsupported extension. + * Future versions of the library may invoke the callback + * in other cases, if and when the need arises. + * + * \param p_ctx An opaque context passed to the callback. + * \param csr The CSR being parsed. + * \param oid The OID of the extension. + * \param critical Whether the extension is critical. + * \param p Pointer to the start of the extension value + * (the content of the OCTET STRING). + * \param end End of extension value. + * + * \note The callback must fail and return a negative error code + * if it can not parse or does not support the extension. + * When the callback fails to parse a critical extension + * mbedtls_x509_csr_parse_der_with_ext_cb() also fails. + * When the callback fails to parse a non critical extension + * mbedtls_x509_csr_parse_der_with_ext_cb() simply skips + * the extension and continues parsing. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx, + mbedtls_x509_csr const *csr, + mbedtls_x509_buf const *oid, + int critical, + const unsigned char *p, + const unsigned char *end); + +/** + * \brief Load a Certificate Signing Request (CSR) in DER format + * + * \note CSR attributes (if any) are currently silently ignored. + * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * + * \param csr CSR context to fill + * \param buf buffer holding the CRL data + * \param buflen size of the buffer + * \param cb A callback invoked for every unsupported certificate + * extension. + * \param p_ctx An opaque context passed to the callback. + * + * \return 0 if successful, or a specific X509 error code + */ +int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx); + /** * \brief Load a Certificate Signing Request (CSR), DER or PEM format * diff --git a/library/x509_csr.c b/library/x509_csr.c index baf260664..9e4a01ab6 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -73,11 +73,13 @@ static int x509_csr_get_version(unsigned char **p, * Parse CSR extension requests in DER format */ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, - unsigned char **p, const unsigned char *end) + unsigned char **p, const unsigned char *end, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - unsigned char *end_ext_data; + unsigned char *end_ext_data, *end_ext_octet; while (*p < end) { mbedtls_x509_buf extn_oid = { 0, 0, NULL }; @@ -114,7 +116,9 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } - if (*p + len != end_ext_data) { + end_ext_octet = *p + len; + + if (end_ext_octet != end_ext_data) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } @@ -124,50 +128,72 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, */ ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); - if (ret == 0) { - /* Forbid repeated extensions */ - if ((csr->ext_types & ext_type) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_DATA); + if (ret != 0) { + /* Give the callback (if any) a chance to handle the extension */ + if (cb != NULL) { + ret = cb(p_ctx, csr, &extn_oid, is_critical, *p, end_ext_octet); + if (ret != 0 && is_critical) { + return ret; + } + *p = end_ext_octet; + continue; } - csr->ext_types |= ext_type; + /* No parser found, skip extension */ + *p = end_ext_octet; - switch (ext_type) { - case MBEDTLS_X509_EXT_KEY_USAGE: - /* Parse key usage */ - if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data, - &csr->key_usage)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name */ - if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data, - &csr->subject_alt_names)) != 0) { - return ret; - } - break; - - case MBEDTLS_X509_EXT_NS_CERT_TYPE: - /* Parse netscape certificate type */ - if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data, - &csr->ns_cert_type)) != 0) { - return ret; - } - break; - default: - break; - } - } else { if (is_critical) { /* Data is marked as critical: fail */ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } + continue; + } + + /* Forbid repeated extensions */ + if ((csr->ext_types & ext_type) != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_DATA); + } + + csr->ext_types |= ext_type; + + switch (ext_type) { + case MBEDTLS_X509_EXT_KEY_USAGE: + /* Parse key usage */ + if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data, + &csr->key_usage)) != 0) { + return ret; + } + break; + + case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: + /* Parse subject alt name */ + if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data, + &csr->subject_alt_names)) != 0) { + return ret; + } + break; + + case MBEDTLS_X509_EXT_NS_CERT_TYPE: + /* Parse netscape certificate type */ + if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data, + &csr->ns_cert_type)) != 0) { + return ret; + } + break; + default: + /* + * If this is a non-critical extension, which the oid layer + * supports, but there isn't an x509 parser for it, + * skip the extension. + */ + if (is_critical) { + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + } else { + *p = end_ext_octet; + } } - *p = end_ext_data; } if (*p != end) { @@ -182,7 +208,9 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, * Parse CSR attributes in DER format */ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr, - const unsigned char *start, const unsigned char *end) + const unsigned char *start, const unsigned char *end, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx) { int ret; size_t len; @@ -221,7 +249,7 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); } - if ((ret = x509_csr_parse_extensions(csr, p, *p + len)) != 0) { + if ((ret = x509_csr_parse_extensions(csr, p, *p + len, cb, p_ctx)) != 0) { return ret; } @@ -245,8 +273,10 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr, /* * Parse a CSR in DER format */ -int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen) +static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -370,7 +400,7 @@ int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); } - if ((ret = x509_csr_parse_attributes(csr, p, p + len)) != 0) { + if ((ret = x509_csr_parse_attributes(csr, p, p + len, cb, p_ctx)) != 0) { mbedtls_x509_csr_free(csr); return ret; } @@ -409,6 +439,26 @@ int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, return 0; } +/* + * Parse a CSR in DER format + */ +int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen) +{ + return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, NULL, NULL); +} + +/* + * Parse a CSR in DER format with callback for unknown extensions + */ +int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx) +{ + return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, cb, p_ctx); +} + /* * Parse a CSR, allowing for PEM or raw DER encoding */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a38a3ff32..9817536d7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2940,9 +2940,17 @@ X509 CSR ASN.1 (OK) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n":0 -X509 CSR ASN.1 (critical extensions) +X509 CSR ASN.1 (Unsupported critical extension) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 +mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CSR ASN.1 (Unsupported critical extension accepted by callback) +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0:1 + +X509 CSR ASN.1 (Unsupported critical extension rejected by callback) +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0 X509 CSR ASN.1 (bad first tag) mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 114bd5277..8cdca82e0 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -412,6 +412,33 @@ int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } } + +int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, + int critical, const unsigned char *cp, const unsigned char *end) +{ + (void) p_ctx; + (void) csr; + (void) oid; + (void) critical; + (void) cp; + (void) end; + + return 0; +} + +int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, + int critical, const unsigned char *cp, const unsigned char *end) +{ + (void) p_ctx; + (void) csr; + (void) oid; + (void) critical; + (void) cp; + (void) end; + + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); +} #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ @@ -1245,6 +1272,36 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ +void mbedtls_x509_csr_parse_with_ext_cb(data_t *csr_der, char *ref_out, int ref_ret, int accept) +{ + mbedtls_x509_csr csr; + char my_out[1000]; + int my_ret; + + mbedtls_x509_csr_init(&csr); + USE_PSA_INIT(); + + memset(my_out, 0, sizeof(my_out)); + + my_ret = mbedtls_x509_csr_parse_der_with_ext_cb(&csr, csr_der->x, csr_der->len, + accept ? parse_csr_ext_accept_cb : + parse_csr_ext_reject_cb, + NULL); + TEST_EQUAL(my_ret, ref_ret); + + if (ref_ret == 0) { + size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr); + TEST_EQUAL(my_out_len, strlen(ref_out)); + TEST_EQUAL(strcmp(my_out, ref_out), 0); + } + +exit: + mbedtls_x509_csr_free(&csr); + USE_PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret) { From 03bd095a76bbc46ba73f30d6a0cb9e4176c424b9 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 19 Oct 2023 09:52:59 +0200 Subject: [PATCH 071/430] Fix dependency check for helper functions. Signed-off-by: Matthias Schulz --- tests/suites/test_suite_x509parse.function | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 8cdca82e0..cdbbcfd73 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -412,7 +412,9 @@ int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } } +#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_X509_CSR_PARSE_C) int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, int critical, const unsigned char *cp, const unsigned char *end) { @@ -439,7 +441,7 @@ int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x5 return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CSR_PARSE_C */ /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ From edc32eaf1ac8d967d093692c36902d1b3186cd3f Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 19 Oct 2023 16:09:08 +0200 Subject: [PATCH 072/430] Uncrustified Signed-off-by: Matthias Schulz --- include/mbedtls/x509_csr.h | 6 ++--- library/x509_csr.c | 28 +++++++++++----------- tests/suites/test_suite_x509parse.function | 9 +++---- 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index a4bdc9413..f3ac57045 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -156,9 +156,9 @@ typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx, * \return 0 if successful, or a specific X509 error code */ int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx); + const unsigned char *buf, size_t buflen, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx); /** * \brief Load a Certificate Signing Request (CSR), DER or PEM format diff --git a/library/x509_csr.c b/library/x509_csr.c index 9e4a01ab6..a8fef7c54 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -153,7 +153,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, /* Forbid repeated extensions */ if ((csr->ext_types & ext_type) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, - MBEDTLS_ERR_ASN1_INVALID_DATA); + MBEDTLS_ERR_ASN1_INVALID_DATA); } csr->ext_types |= ext_type; @@ -162,7 +162,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, case MBEDTLS_X509_EXT_KEY_USAGE: /* Parse key usage */ if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data, - &csr->key_usage)) != 0) { + &csr->key_usage)) != 0) { return ret; } break; @@ -170,7 +170,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: /* Parse subject alt name */ if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data, - &csr->subject_alt_names)) != 0) { + &csr->subject_alt_names)) != 0) { return ret; } break; @@ -178,16 +178,16 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr, case MBEDTLS_X509_EXT_NS_CERT_TYPE: /* Parse netscape certificate type */ if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data, - &csr->ns_cert_type)) != 0) { + &csr->ns_cert_type)) != 0) { return ret; } break; default: /* - * If this is a non-critical extension, which the oid layer - * supports, but there isn't an x509 parser for it, - * skip the extension. - */ + * If this is a non-critical extension, which the oid layer + * supports, but there isn't an x509 parser for it, + * skip the extension. + */ if (is_critical) { return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } else { @@ -274,9 +274,9 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr, * Parse a CSR in DER format */ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) + const unsigned char *buf, size_t buflen, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -452,9 +452,9 @@ int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, * Parse a CSR in DER format with callback for unknown extensions */ int mbedtls_x509_csr_parse_der_with_ext_cb(mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen, - mbedtls_x509_csr_ext_cb_t cb, - void *p_ctx) + const unsigned char *buf, size_t buflen, + mbedtls_x509_csr_ext_cb_t cb, + void *p_ctx) { return mbedtls_x509_csr_parse_der_internal(csr, buf, buflen, cb, p_ctx); } diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index cdbbcfd73..67d93d03a 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -250,7 +250,8 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san, ret = mbedtls_oid_get_numeric_string(p, n, - &san->san.other_name.value.hardware_module_name.oid); + &san->san.other_name.value.hardware_module_name + .oid); MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf(p, n, ", hardware serial number : "); @@ -416,7 +417,7 @@ int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf #if defined(MBEDTLS_X509_CSR_PARSE_C) int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) + int critical, const unsigned char *cp, const unsigned char *end) { (void) p_ctx; (void) csr; @@ -429,7 +430,7 @@ int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x5 } int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, - int critical, const unsigned char *cp, const unsigned char *end) + int critical, const unsigned char *cp, const unsigned char *end) { (void) p_ctx; (void) csr; @@ -1288,7 +1289,7 @@ void mbedtls_x509_csr_parse_with_ext_cb(data_t *csr_der, char *ref_out, int ref_ my_ret = mbedtls_x509_csr_parse_der_with_ext_cb(&csr, csr_der->x, csr_der->len, accept ? parse_csr_ext_accept_cb : - parse_csr_ext_reject_cb, + parse_csr_ext_reject_cb, NULL); TEST_EQUAL(my_ret, ref_ret); From 83d0dbf087dcb8ba8ce5b910606f38aeb597fe2e Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 19 Oct 2023 16:25:53 +0200 Subject: [PATCH 073/430] Added changelog. Signed-off-by: Matthias Schulz --- ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt diff --git a/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt b/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt new file mode 100644 index 000000000..5b155121f --- /dev/null +++ b/ChangeLog.d/fix-csr-parsing-with-critical-fields-fails.txt @@ -0,0 +1,6 @@ +Features + * Add new mbedtls_x509_csr_parse_der_with_ext_cb() routine which allows + parsing unsupported certificate extensions via user provided callback. + +Bugfix + * Fix parsing of CSRs with critical extensions. From 11120f9c4d1ea1f951dd36a405e92fc672a72470 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 19 Oct 2023 15:27:59 +0100 Subject: [PATCH 074/430] Modify lcov.sh to work in tf-psa-crypto as well Add repository detection (credit to davidhorstmann-arm for adding this in all.sh previously) and use repository detection to set the library directory and title variables. Signed-off-by: Thomas Daubney --- scripts/lcov.sh | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 6bba02fd2..9e52b9844 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -42,16 +42,21 @@ EOF set -eu +# Repository detection +in_mbedtls_repo () { + test -d include -a -d library -a -d programs -a -d tests + } + # Collect stats and build a HTML report. lcov_library_report () { rm -rf Coverage mkdir Coverage Coverage/tmp - lcov --capture --initial --directory library -o Coverage/tmp/files.info - lcov --rc lcov_branch_coverage=1 --capture --directory library -o Coverage/tmp/tests.info + lcov --capture --initial --directory $library_dir -o Coverage/tmp/files.info + lcov --rc lcov_branch_coverage=1 --capture --directory $library_dir -o Coverage/tmp/tests.info lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h' gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions - genhtml --title "Mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info + genhtml --title "$title" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info rm -f Coverage/tmp/*.info Coverage/tmp/descriptions echo "Coverage report in: Coverage/index.html" } @@ -59,9 +64,9 @@ lcov_library_report () { # Reset the traces to 0. lcov_reset_traces () { # Location with plain make - rm -f library/*.gcda + rm -f $library_dir/*.gcda # Location with CMake - rm -f library/CMakeFiles/*.dir/*.gcda + rm -f $library_dir/CMakeFiles/*.dir/*.gcda } if [ $# -gt 0 ] && [ "$1" = "--help" ]; then @@ -69,6 +74,14 @@ if [ $# -gt 0 ] && [ "$1" = "--help" ]; then exit fi +if in_mbedtls_repo; then + library_dir='library' + title='Mbed TLS' +else + library_dir='build/core' + title='TF-PSA-Crypto' +fi + main=lcov_library_report while getopts r OPTLET; do case $OPTLET in From fb81f77f888e683b080ac9666bda7bf75a43887f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 18 Oct 2023 17:44:59 +0100 Subject: [PATCH 075/430] Add build preset full_no_platform Add build preset as above, and utilise it in all.sh:component_test_no_platform. Signed-off-by: Paul Elliott --- scripts/config.py | 20 ++++++++++++++++++++ tests/scripts/all.sh | 13 ++----------- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 17fbe653a..af9372d6d 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -358,6 +358,22 @@ def no_deprecated_adapter(adapter): return adapter(name, active, section) return continuation +def no_platform_adapter(adapter): + """Modify an adapter to disable platform symbols. + + ``no_platform_adapter(adapter)(name, active, section)`` is like + ``adapter(name, active, section)``, but unsets all platform symbols other + ``than MBEDTLS_PLATFORM_C. + """ + def continuation(name, active, section): + # Allow MBEDTLS_PLATFORM_C but remove all other platform symbols. + if name.startswith('MBEDTLS_PLATFORM_') and name != 'MBEDTLS_PLATFORM_C': + return False + if adapter is None: + return active + return adapter(name, active, section) + return continuation + class ConfigFile(Config): """Representation of the Mbed TLS configuration read for a file. @@ -540,6 +556,10 @@ if __name__ == '__main__': """Uncomment most non-deprecated features. Like "full", but without deprecated features. """) + add_adapter('full_no_platform', no_platform_adapter(full_adapter), + """Uncomment most non-platform features. + Like "full", but without platform features. + """) add_adapter('realfull', realfull_adapter, """Uncomment all boolean #defines. Suitable for generating documentation, but not for building.""") diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9290aa6d9..7b4bbea98 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4027,23 +4027,14 @@ component_test_no_platform () { # This should catch missing mbedtls_printf definitions, and by disabling file # IO, it should catch missing '#include ' msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s - scripts/config.py full + scripts/config.py full_no_platform scripts/config.py unset MBEDTLS_PLATFORM_C scripts/config.py unset MBEDTLS_NET_C - scripts/config.py unset MBEDTLS_PLATFORM_MEMORY - scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT - scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT - scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT - scripts/config.py unset MBEDTLS_PLATFORM_VSNPRINTF_ALT - scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT - scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT - scripts/config.py unset MBEDTLS_PLATFORM_SETBUF_ALT - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED scripts/config.py unset MBEDTLS_FS_IO scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C + scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs From c0ae5690669871b6e00e90eec211aaa1b17f99b0 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 23 Oct 2023 17:25:52 +0100 Subject: [PATCH 076/430] Make lcov.sh run from the build directory lcov.sh can now be called from any build directory and also still works with in-place builds too. Signed-off-by: Thomas Daubney --- scripts/lcov.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 9e52b9844..2cf566a8d 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -43,8 +43,8 @@ EOF set -eu # Repository detection -in_mbedtls_repo () { - test -d include -a -d library -a -d programs -a -d tests +in_mbedtls_build_dir () { + test -d library } # Collect stats and build a HTML report. @@ -74,11 +74,11 @@ if [ $# -gt 0 ] && [ "$1" = "--help" ]; then exit fi -if in_mbedtls_repo; then +if in_mbedtls_build_dir; then library_dir='library' title='Mbed TLS' else - library_dir='build/core' + library_dir='core' title='TF-PSA-Crypto' fi From 974be516dc84f780298cbddfaaf221b815f47cfa Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 24 Oct 2023 15:42:30 +0800 Subject: [PATCH 077/430] move asn1crypto to ci.requirements.txt Signed-off-by: Jerry Yu --- scripts/ci.requirements.txt | 4 ++++ scripts/maintainer.requirements.txt | 3 --- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 7dbcfe8e0..69c2db07a 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -18,3 +18,7 @@ mypy >= 0.780 # for mypy and pylint under Python 3.5, and we also get something good enough # to run audit-validity-dates.py on Python >=3.6. cryptography # >= 35.0.0 + +# For building `tests/data_files/server9-bad-saltlen.crt` and check python +# files. +asn1crypto diff --git a/scripts/maintainer.requirements.txt b/scripts/maintainer.requirements.txt index dd2826486..b149921a2 100644 --- a/scripts/maintainer.requirements.txt +++ b/scripts/maintainer.requirements.txt @@ -8,6 +8,3 @@ clang # For building some test vectors pycryptodomex pycryptodome-test-vectors - -# For building `tests/data_files/server9-bad-saltlen.crt` -asn1crypto From baf7ba44c489d54a8f727497cb51fe88c5550595 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 24 Oct 2023 15:44:00 +0800 Subject: [PATCH 078/430] improve document Signed-off-by: Jerry Yu --- scripts/mbedtls_dev/generate_server9_bad_saltlen.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/generate_server9_bad_saltlen.py b/scripts/mbedtls_dev/generate_server9_bad_saltlen.py index 813e6dc0f..36682152a 100755 --- a/scripts/mbedtls_dev/generate_server9_bad_saltlen.py +++ b/scripts/mbedtls_dev/generate_server9_bad_saltlen.py @@ -1,8 +1,7 @@ #!/usr/bin/env python3 """Generate server9-bad-saltlen.crt -`server9-bad-saltlen.crt (announcing saltlen = 0xDE, signed with another len)`. It can not generate -with normal command. This script is to generate the file. +Generate a certificate signed with RSA-PSS, with an incorrect salt length. """ # Copyright The Mbed TLS Contributors From 6f21dd5694c92ba4d8d188ddce62df07350fa3ee Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 24 Oct 2023 15:45:41 +0800 Subject: [PATCH 079/430] move script to `tests/scripts` Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 4 ++-- .../scripts}/generate_server9_bad_saltlen.py | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {scripts/mbedtls_dev => tests/scripts}/generate_server9_bad_saltlen.py (100%) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 4ab5786e1..1d5257fa7 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -586,8 +586,8 @@ all_final += server9-bad-mgfhash.crt server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa) \ opensslcnf/server9.crt.v3_ext \ - ../../scripts/mbedtls_dev/generate_server9_bad_saltlen.py - ../../scripts/mbedtls_dev/generate_server9_bad_saltlen.py --ca-name test-ca \ + ../scripts/generate_server9_bad_saltlen.py + ../scripts/generate_server9_bad_saltlen.py --ca-name test-ca \ --ca-password $(test_ca_pwd_rsa) --csr server9.csr \ --openssl-extfile opensslcnf/server9.crt.v3_ext \ --anounce_saltlen 0xde --actual_saltlen 0x20 \ diff --git a/scripts/mbedtls_dev/generate_server9_bad_saltlen.py b/tests/scripts/generate_server9_bad_saltlen.py similarity index 100% rename from scripts/mbedtls_dev/generate_server9_bad_saltlen.py rename to tests/scripts/generate_server9_bad_saltlen.py From 7b711710b289f6d5c36d2c240ec6fde06e8c3d6d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 24 Oct 2023 17:07:14 +0800 Subject: [PATCH 080/430] Add check_ticket_flags helper function Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 6 ++++++ library/ssl_tls13_server.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a99bb3343..9444c29c2 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2779,6 +2779,12 @@ static inline unsigned int mbedtls_ssl_session_get_ticket_flags( (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); } +static inline unsigned int mbedtls_ssl_session_check_ticket_flags( + mbedtls_ssl_session *session, unsigned int flags) +{ + return mbedtls_ssl_session_get_ticket_flags(session, flags) == 0; +} + static inline void mbedtls_ssl_session_set_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 87eaa192f..2561239a0 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -998,7 +998,7 @@ static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_SESSION_TICKETS) if (ssl->handshake->resume) { - if (!mbedtls_ssl_session_get_ticket_flags( + if (mbedtls_ssl_session_check_ticket_flags( ssl->session_negotiate, kex_mode)) { return 0; } From 27e3c87fc1b33438a7a17b11e4aa9f1a69cfbc1a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 10:29:26 +0100 Subject: [PATCH 081/430] Suppport AESCE on A32 and T32 Signed-off-by: Dave Rodgman --- library/aes.c | 6 ++-- library/aesce.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++--- library/aesce.h | 2 +- 3 files changed, 84 insertions(+), 8 deletions(-) diff --git a/library/aes.c b/library/aes.c index b61d089fa..037a91837 100644 --- a/library/aes.c +++ b/library/aes.c @@ -35,9 +35,9 @@ #include "mbedtls/error.h" #if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#if !((defined(MBEDTLS_ARCH_IS_ARM64) && defined(MBEDTLS_AESCE_C)) || \ - (defined(MBEDTLS_ARCH_IS_X64) && defined(MBEDTLS_AESNI_C)) || \ - (defined(MBEDTLS_ARCH_IS_X86) && defined(MBEDTLS_AESNI_C))) +#if !((defined(MBEDTLS_ARCH_IS_ARMV8) && defined(MBEDTLS_AESCE_C)) || \ + (defined(MBEDTLS_ARCH_IS_X64) && defined(MBEDTLS_AESNI_C)) || \ + (defined(MBEDTLS_ARCH_IS_X86) && defined(MBEDTLS_AESNI_C))) #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" #endif #endif diff --git a/library/aesce.c b/library/aesce.c index 8b42b034f..cc0015bc7 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -17,8 +17,17 @@ * limitations under the License. */ -#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \ - defined(__clang__) && __clang_major__ >= 4 +#if defined(__clang__) && (__clang_major__ >= 4) + +/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8 in the following #if, + * but that is defined by build_info.h, and we need this block to happen first. */ +#if defined(__ARM_ARCH) +#if __ARM_ARCH >= 8 +#define MBEDTLS_AESCE_ARCH_IS_ARMV8 +#endif +#endif + +#if defined(MBEDTLS_AESCE_ARCH_IS_ARMV8) && !defined(__ARM_FEATURE_CRYPTO) /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. * * The intrinsic declaration are guarded by predefined ACLE macros in clang: @@ -39,6 +48,8 @@ #define MBEDTLS_ENABLE_ARM_CRYPTO_EXTENSIONS_COMPILER_FLAG #endif +#endif /* defined(__clang__) && (__clang_major__ >= 4) */ + #include #include "common.h" @@ -46,7 +57,7 @@ #include "aesce.h" -#if defined(MBEDTLS_ARCH_IS_ARM64) +#if defined(MBEDTLS_ARCH_IS_ARMV8) /* Compiler version checks. */ #if defined(__clang__) @@ -68,6 +79,71 @@ #ifdef __ARM_NEON #include + +#if defined(MBEDTLS_ARCH_IS_ARM32) +#if defined(__clang__) +/* On clang for A32/T32, work around some missing intrinsics and types */ + +#ifndef vreinterpretq_p64_u8 +#define vreinterpretq_p64_u8 (poly64x2_t) +#endif +#ifndef vreinterpretq_u8_p128 +#define vreinterpretq_u8_p128 (uint8x16_t) +#endif +#ifndef vreinterpretq_u64_p64 +#define vreinterpretq_u64_p64 (uint64x2_t) +#endif + +typedef uint8x16_t poly128_t; + +static inline poly128_t vmull_p64(poly64_t a, poly64_t b) +{ + poly128_t r; + asm ("vmull.p64 %[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :); + return r; +} + +static inline poly64x1_t vget_low_p64(poly64x2_t a) +{ + return (poly64x1_t) vget_low_u64(vreinterpretq_u64_p64(a)); +} + +static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b) +{ + return vmull_p64((poly64_t) (vget_high_u64((uint64x2_t) a)), + (poly64_t) (vget_high_u64((uint64x2_t) b))); +} + +#endif /* defined(__clang__) */ + +static inline uint8x16_t vrbitq_u8(uint8x16_t x) +{ + /* There is no vrbitq_u8 instruction in A32/T32, so provide + * an equivalent non-Neon implementation. Reverse bit order in each + * byte with 4x rbit, rev. */ + asm ("ldm %[p], { r2-r5 } \n\t" + "rbit r2, r2 \n\t" + "rev r2, r2 \n\t" + "rbit r3, r3 \n\t" + "rev r3, r3 \n\t" + "rbit r4, r4 \n\t" + "rev r4, r4 \n\t" + "rbit r5, r5 \n\t" + "rev r5, r5 \n\t" + "stm %[p], { r2-r5 } \n\t" + : + /* Output: 16 bytes of memory pointed to by &x */ + "+m" (*(uint8_t(*)[16]) &x) + : + [p] "r" (&x) + : + "r2", "r3", "r4", "r5" + ); + return x; +} + +#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */ + #else #error "Target does not support NEON instructions" #endif @@ -510,6 +586,6 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], #undef MBEDTLS_POP_TARGET_PRAGMA #endif -#endif /* MBEDTLS_ARCH_IS_ARM64 */ +#endif /* MBEDTLS_ARCH_IS_ARMV8 */ #endif /* MBEDTLS_AESCE_C */ diff --git a/library/aesce.h b/library/aesce.h index d24c423b8..97e242416 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -31,7 +31,7 @@ #include "mbedtls/aes.h" -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARM64) +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8) #define MBEDTLS_AESCE_HAVE_CODE From 851cf5a325c6c1e3a794009e873cec02b4597b1d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 12:26:41 +0100 Subject: [PATCH 082/430] Fix runtime detection on A32/T32 Signed-off-by: Dave Rodgman --- library/aesce.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/library/aesce.c b/library/aesce.c index cc0015bc7..11a22f6b6 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -190,6 +190,16 @@ int mbedtls_aesce_has_support_impl(void) * once, but that is harmless. */ if (mbedtls_aesce_has_support_result == -1) { +#if defined(MBEDTLS_ARCH_IS_ARM32) + unsigned long auxval = getauxval(AT_HWCAP); + unsigned long auxval2 = getauxval(AT_HWCAP2); + if (((auxval & HWCAP_NEON) == HWCAP_NEON) && + ((auxval2 & HWCAP2_AES) == HWCAP2_AES)) { + mbedtls_aesce_has_support_result = 1; + } else { + mbedtls_aesce_has_support_result = 0; + } +#else unsigned long auxval = getauxval(AT_HWCAP); if ((auxval & (HWCAP_ASIMD | HWCAP_AES)) == (HWCAP_ASIMD | HWCAP_AES)) { @@ -197,6 +207,7 @@ int mbedtls_aesce_has_support_impl(void) } else { mbedtls_aesce_has_support_result = 0; } +#endif } return mbedtls_aesce_has_support_result; } From 0c584039896625b0784519547d03f68a79528439 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 12:26:54 +0100 Subject: [PATCH 083/430] Add build tests for AESCE on A32/T32 Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f76edda4e..638696468 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4391,6 +4391,38 @@ component_build_aes_aesce_armcc () { armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" } +support_build_aes_armce() { + # clang >= 4 is required to build with AES extensions + ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')" + [ "${ver}" -ge 4 ] +} + +component_build_aes_armce () { + # Test variations of AES with Armv8 crypto extensions + scripts/config.py set MBEDTLS_AESCE_C + scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY + + msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + + msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + + msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" + + scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY + + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" +} + support_build_sha_armce() { if command -v clang > /dev/null ; then # clang >= 4 is required to build with SHA extensions From 18838f6c1ac0db987afe6c3036884bd58211963e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 12:28:51 +0100 Subject: [PATCH 084/430] Fix docs for MBEDTLS_AESCE_C Signed-off-by: Dave Rodgman --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 73229ea91..f8811055a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2247,7 +2247,7 @@ /** * \def MBEDTLS_AESCE_C * - * Enable AES cryptographic extension support on 64-bit Arm. + * Enable AES cryptographic extension support on Armv8. * * Module: library/aesce.c * Caller: library/aes.c From f82e0c470186a6489b182c184a087d3a512f566f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 12:30:49 +0100 Subject: [PATCH 085/430] Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/armv8-aesce.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/armv8-aesce.txt diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt new file mode 100644 index 000000000..bc26e617a --- /dev/null +++ b/ChangeLog.d/armv8-aesce.txt @@ -0,0 +1,3 @@ +Features + * Support use of Arm Crypto Extensions for hardware acclerated AES on + Thumb and Arm targets. From ece803b0aeb1956d75f1b7fee557d63e45b71bf1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 20:24:48 +0100 Subject: [PATCH 086/430] Fix behaviour for Armv8 targets without Neon Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- library/aesce.h | 12 +++++++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 11a22f6b6..ba09288fa 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -57,7 +57,7 @@ #include "aesce.h" -#if defined(MBEDTLS_ARCH_IS_ARMV8) +#if defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON) /* Compiler version checks. */ #if defined(__clang__) diff --git a/library/aesce.h b/library/aesce.h index 97e242416..2cec2f3a1 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -2,7 +2,7 @@ * \file aesce.h * * \brief Support hardware AES acceleration on Armv8-A processors with - * the Armv8-A Cryptographic Extension in AArch64 execution state. + * the Armv8-A Cryptographic Extension. * * \warning These functions are only for internal use by other library * functions; you must not call them directly. @@ -31,7 +31,7 @@ #include "mbedtls/aes.h" -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8) +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON) #define MBEDTLS_AESCE_HAVE_CODE @@ -128,6 +128,12 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, } #endif -#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARM64 */ +#else + +#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) +#error "AES hardware acceleration not supported on this platform" +#endif + +#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8 && __ARM_NEON */ #endif /* MBEDTLS_AESCE_H */ From 4b8e8dc04304241e97378a562a2bb6901e086395 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 21:41:40 +0100 Subject: [PATCH 087/430] Improve compiler version checking + docs + testing for armclang Signed-off-by: Dave Rodgman --- include/mbedtls/mbedtls_config.h | 7 ++++--- library/aesce.c | 9 +++++++++ library/aesce.h | 2 +- tests/scripts/all.sh | 13 ++++++++++--- 4 files changed, 24 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f8811055a..4be2a21a0 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2258,13 +2258,14 @@ * system, Armv8-A Cryptographic Extensions must be supported by * the CPU when this option is enabled. * - * \note Minimum compiler versions for this feature are Clang 4.0, - * armclang 6.6, GCC 6.0 or MSVC 2019 version 16.11.2. + * \note Minimum compiler versions for this feature are Clang 4.0; + * armclang 6.6 when targeting aarch64, or 6.20 when targeting + * Thumb or 32-bit Arm; GCC 6.0; or MSVC 2019 version 16.11.2. * * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for * armclang <= 6.9 * - * This module adds support for the AES Armv8-A Cryptographic Extensions on Aarch64 systems. + * This module adds support for the AES Armv8-A Cryptographic Extensions on Armv8 systems. */ #define MBEDTLS_AESCE_C diff --git a/library/aesce.c b/library/aesce.c index ba09288fa..2b45a9f99 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -75,6 +75,15 @@ # if _MSC_VER < 1929 # error "Minimum version of MSVC for MBEDTLS_AESCE_C is 2019 version 16.11.2." # endif +#elif defined(__ARMCC_VERSION) +# if defined(MBEDTLS_ARCH_IS_ARM32) && (__ARMCC_VERSION < 6200002) +/* TODO: We haven't verified armclang for 32-bit Arm/Thumb prior to 6.20. + * If someone verified that, please update this and document of + * `MBEDTLS_AESCE_C` in `mbedtls_config.h`. */ +# error "Minimum version of armclang for MBEDTLS_AESCE_C on 32-bit Arm is 6.20." +# elif defined(MBEDTLS_ARCH_IS_ARM64) && (__ARMCC_VERSION < 6060000) +# error "Minimum version of armclang for MBEDTLS_AESCE_C on aarch64 is 6.6." +# endif #endif #ifdef __ARM_NEON diff --git a/library/aesce.h b/library/aesce.h index 2cec2f3a1..149845976 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -130,7 +130,7 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, #else -#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) +#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8) #error "AES hardware acceleration not supported on this platform" #endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 638696468..9f2952d2a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5044,6 +5044,9 @@ component_build_armcc () { # armc[56] don't support SHA-512 intrinsics scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + # older versions of armcc/armclang don't support AESCE_C on 32-bit Arm + scripts/config.py unset MBEDTLS_AESCE_C + # Stop armclang warning about feature detection for A64_CRYPTO. # With this enabled, the library does build correctly under armclang, # but in baremetal builds (as tested here), feature detection is @@ -5078,14 +5081,18 @@ component_build_armcc () { # ARM Compiler 6 - Target ARMv8-M armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main" - # ARM Compiler 6 - Target ARMv8.2-A - AArch64 - armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" - # ARM Compiler 6 - Target Cortex-M0 - no optimisation armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" # ARM Compiler 6 - Target Cortex-M0 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" + + # ARM Compiler 6 - Target ARMv8.2-A - AArch64 + # + # Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang + # that we have in our CI + scripts/config.py set MBEDTLS_AESCE_C + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" } support_build_armcc () { From 472a1906d5d37a2a17cbac5e91b5ae74e929b4b6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 22:14:41 +0100 Subject: [PATCH 088/430] fix tabs Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index 2b45a9f99..3ba6a6059 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -108,7 +108,7 @@ typedef uint8x16_t poly128_t; static inline poly128_t vmull_p64(poly64_t a, poly64_t b) { poly128_t r; - asm ("vmull.p64 %[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :); + asm ("vmull.p64 %[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :); return r; } From b622ff8ac0586ea85706df4c8f390461a5427011 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 8 Oct 2023 22:25:16 +0100 Subject: [PATCH 089/430] Fix tests for older versions of clang Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9f2952d2a..91d0a255e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4403,7 +4403,7 @@ component_build_aes_armce () { scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" @@ -4414,7 +4414,7 @@ component_build_aes_armce () { scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" From 48b965d9413515a6dedd60c2bc7e09dd5bcb1485 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 9 Oct 2023 12:19:44 +0100 Subject: [PATCH 090/430] Update clang version requirements Signed-off-by: Dave Rodgman --- include/mbedtls/mbedtls_config.h | 7 ++++--- library/aesce.c | 6 ++++-- tests/scripts/all.sh | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 4be2a21a0..cbcffa4c3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2258,9 +2258,10 @@ * system, Armv8-A Cryptographic Extensions must be supported by * the CPU when this option is enabled. * - * \note Minimum compiler versions for this feature are Clang 4.0; - * armclang 6.6 when targeting aarch64, or 6.20 when targeting - * Thumb or 32-bit Arm; GCC 6.0; or MSVC 2019 version 16.11.2. + * \note Minimum compiler versions for this feature when targeting aarch64 + * are Clang 4.0; armclang 6.6; GCC 6.0; or MSVC 2019 version 16.11.2. + * Minimum compiler versions for this feature when targeting 32-bit + * Arm or Thumb are Clang 11.0; armclang 6.20; or GCC 6.0. * * \note \c CFLAGS must be set to a minimum of \c -march=armv8-a+crypto for * armclang <= 6.9 diff --git a/library/aesce.c b/library/aesce.c index 3ba6a6059..caf9560cd 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -61,8 +61,10 @@ /* Compiler version checks. */ #if defined(__clang__) -# if __clang_major__ < 4 -# error "Minimum version of Clang for MBEDTLS_AESCE_C is 4.0." +# if defined(MBEDTLS_ARCH_IS_ARM32) && (__clang_major__ < 11) +# error "Minimum version of Clang for MBEDTLS_AESCE_C on 32-bit Arm or Thumb is 111.0." +# elif defined(MBEDTLS_ARCH_IS_ARM64) && (__clang_major__ < 4) +# error "Minimum version of Clang for MBEDTLS_AESCE_C on aarch64 is 4.0." # endif #elif defined(__GNUC__) # if __GNUC__ < 6 diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 91d0a255e..d84bdb7bd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4394,7 +4394,7 @@ component_build_aes_aesce_armcc () { support_build_aes_armce() { # clang >= 4 is required to build with AES extensions ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')" - [ "${ver}" -ge 4 ] + [ "${ver}" -ge 11 ] } component_build_aes_armce () { From f60e44d0633d2585cc2a0b2336dd565c6076ed08 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 9 Oct 2023 13:40:36 +0100 Subject: [PATCH 091/430] Add link to ACLE docs in comment Co-authored-by: Jerry Yu Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index caf9560cd..6a6504331 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -93,7 +93,7 @@ #if defined(MBEDTLS_ARCH_IS_ARM32) #if defined(__clang__) -/* On clang for A32/T32, work around some missing intrinsics and types */ +/* On clang for A32/T32, work around some missing intrinsics and types which are listed in [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) */ #ifndef vreinterpretq_p64_u8 #define vreinterpretq_p64_u8 (poly64x2_t) From 2c25bdb7cfbb74b69cda03e8e60ebabaeb987c92 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 9 Oct 2023 13:41:51 +0100 Subject: [PATCH 092/430] Don't use #ifdef on vreinterpretq_xxx Co-authored-by: Jerry Yu Signed-off-by: Dave Rodgman --- library/aesce.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 6a6504331..8c1db91fc 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -95,15 +95,9 @@ #if defined(__clang__) /* On clang for A32/T32, work around some missing intrinsics and types which are listed in [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) */ -#ifndef vreinterpretq_p64_u8 #define vreinterpretq_p64_u8 (poly64x2_t) -#endif -#ifndef vreinterpretq_u8_p128 #define vreinterpretq_u8_p128 (uint8x16_t) -#endif -#ifndef vreinterpretq_u64_p64 #define vreinterpretq_u64_p64 (uint64x2_t) -#endif typedef uint8x16_t poly128_t; From f4ee5d4c94d834e3814ecafeac4ff1bde22ae047 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 9 Oct 2023 13:42:38 +0100 Subject: [PATCH 093/430] Code style Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index 8c1db91fc..4c85941b2 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -104,7 +104,7 @@ typedef uint8x16_t poly128_t; static inline poly128_t vmull_p64(poly64_t a, poly64_t b) { poly128_t r; - asm ("vmull.p64 %[r], %[a], %[b]": [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :); + asm ("vmull.p64 %[r], %[a], %[b]" : [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :); return r; } From 46267f6a2d80902aaea2c7468e0849d1cfc1d273 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 9 Oct 2023 14:47:50 +0100 Subject: [PATCH 094/430] Tidy-up: move GCM code into one place Signed-off-by: Dave Rodgman --- library/aesce.c | 131 +++++++++++++++++++++++++----------------------- 1 file changed, 68 insertions(+), 63 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 4c85941b2..ffebbfd27 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -90,65 +90,6 @@ #ifdef __ARM_NEON #include - -#if defined(MBEDTLS_ARCH_IS_ARM32) -#if defined(__clang__) -/* On clang for A32/T32, work around some missing intrinsics and types which are listed in [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) */ - -#define vreinterpretq_p64_u8 (poly64x2_t) -#define vreinterpretq_u8_p128 (uint8x16_t) -#define vreinterpretq_u64_p64 (uint64x2_t) - -typedef uint8x16_t poly128_t; - -static inline poly128_t vmull_p64(poly64_t a, poly64_t b) -{ - poly128_t r; - asm ("vmull.p64 %[r], %[a], %[b]" : [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :); - return r; -} - -static inline poly64x1_t vget_low_p64(poly64x2_t a) -{ - return (poly64x1_t) vget_low_u64(vreinterpretq_u64_p64(a)); -} - -static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b) -{ - return vmull_p64((poly64_t) (vget_high_u64((uint64x2_t) a)), - (poly64_t) (vget_high_u64((uint64x2_t) b))); -} - -#endif /* defined(__clang__) */ - -static inline uint8x16_t vrbitq_u8(uint8x16_t x) -{ - /* There is no vrbitq_u8 instruction in A32/T32, so provide - * an equivalent non-Neon implementation. Reverse bit order in each - * byte with 4x rbit, rev. */ - asm ("ldm %[p], { r2-r5 } \n\t" - "rbit r2, r2 \n\t" - "rev r2, r2 \n\t" - "rbit r3, r3 \n\t" - "rev r3, r3 \n\t" - "rbit r4, r4 \n\t" - "rev r4, r4 \n\t" - "rbit r5, r5 \n\t" - "rev r5, r5 \n\t" - "stm %[p], { r2-r5 } \n\t" - : - /* Output: 16 bytes of memory pointed to by &x */ - "+m" (*(uint8_t(*)[16]) &x) - : - [p] "r" (&x) - : - "r2", "r3", "r4", "r5" - ); - return x; -} - -#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */ - #else #error "Target does not support NEON instructions" #endif @@ -457,24 +398,87 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, #if defined(MBEDTLS_GCM_C) -#if !defined(__clang__) && defined(__GNUC__) && __GNUC__ == 5 +#if defined(MBEDTLS_ARCH_IS_ARM32) + +#if defined(__clang__) +/* On clang for A32/T32, work around some missing intrinsics and types which are listed in + * [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) + * These are only required for GCM. + */ +#define vreinterpretq_p64_u8(a) ((poly64x2_t) a) +#define vreinterpretq_u8_p128(a) ((uint8x16_t) a) +#define vreinterpretq_u64_p64(a) ((uint64x2_t) a) + +typedef uint8x16_t poly128_t; + +static inline poly128_t vmull_p64(poly64_t a, poly64_t b) +{ + poly128_t r; + asm ("vmull.p64 %[r], %[a], %[b]" : [r] "=w" (r) : [a] "w" (a), [b] "w" (b) :); + return r; +} + +static inline poly64x1_t vget_low_p64(poly64x2_t a) +{ + uint64x1_t r = vget_low_u64(vreinterpretq_u64_p64(a)); + return (poly64x1_t) r; +} + +static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b) +{ + return vmull_p64((poly64_t) (vget_high_u64((uint64x2_t) a)), + (poly64_t) (vget_high_u64((uint64x2_t) b))); +} + +#endif /* defined(__clang__) */ + +static inline uint8x16_t vrbitq_u8(uint8x16_t x) +{ + /* There is no vrbitq_u8 instruction in A32/T32, so provide + * an equivalent non-Neon implementation. Reverse bit order in each + * byte with 4x rbit, rev. */ + asm ("ldm %[p], { r2-r5 } \n\t" + "rbit r2, r2 \n\t" + "rev r2, r2 \n\t" + "rbit r3, r3 \n\t" + "rev r3, r3 \n\t" + "rbit r4, r4 \n\t" + "rev r4, r4 \n\t" + "rbit r5, r5 \n\t" + "rev r5, r5 \n\t" + "stm %[p], { r2-r5 } \n\t" + : + /* Output: 16 bytes of memory pointed to by &x */ + "+m" (*(uint8_t(*)[16]) &x) + : + [p] "r" (&x) + : + "r2", "r3", "r4", "r5" + ); + return x; +} +#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */ + + +#if defined(MBEDTLS_COMPILER_IS_GCC) && __GNUC__ == 5 /* Some intrinsics are not available for GCC 5.X. */ #define vreinterpretq_p64_u8(a) ((poly64x2_t) a) #define vreinterpretq_u8_p128(a) ((uint8x16_t) a) + static inline poly64_t vget_low_p64(poly64x2_t __a) { uint64x2_t tmp = (uint64x2_t) (__a); uint64x1_t lo = vcreate_u64(vgetq_lane_u64(tmp, 0)); return (poly64_t) (lo); } -#endif /* !__clang__ && __GNUC__ && __GNUC__ == 5*/ +#endif /* MBEDTLS_COMPILER_IS_GCC && __GNUC__ == 5 */ /* vmull_p64/vmull_high_p64 wrappers. * * Older compilers miss some intrinsic functions for `poly*_t`. We use * uint8x16_t and uint8x16x3_t as input/output parameters. */ -#if defined(__GNUC__) && !defined(__clang__) +#if defined(MBEDTLS_COMPILER_IS_GCC) /* GCC reports incompatible type error without cast. GCC think poly64_t and * poly64x1_t are different, that is different with MSVC and Clang. */ #define MBEDTLS_VMULL_P64(a, b) vmull_p64((poly64_t) a, (poly64_t) b) @@ -483,7 +487,8 @@ static inline poly64_t vget_low_p64(poly64x2_t __a) * error with/without cast. And I think poly64_t and poly64x1_t are same, no * cast for clang also. */ #define MBEDTLS_VMULL_P64(a, b) vmull_p64(a, b) -#endif +#endif /* MBEDTLS_COMPILER_IS_GCC */ + static inline uint8x16_t pmull_low(uint8x16_t a, uint8x16_t b) { From 7057c08d10a3772e78ba2c456b1242d8602885e4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 9 Oct 2023 17:54:29 +0100 Subject: [PATCH 095/430] Don't fail tests if hwcap.h not present Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d84bdb7bd..53810014c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4411,16 +4411,21 @@ component_build_aes_armce () { msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY + # we need asm/hwcap.h available for runtime detection + if (echo '#include ' | clang -E - >/dev/null 2>&1); then + scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" - make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" - make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" + else + msg "can't include - skipping runtime detection tests" + fi } support_build_sha_armce() { From 90291dfe3354bf7084e0e97b6212ed8a53fffee8 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 10 Oct 2023 09:51:16 +0100 Subject: [PATCH 096/430] Share some definitions that are common for clang and GCC 5 Signed-off-by: Dave Rodgman --- library/aesce.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index ffebbfd27..8ce8fe29c 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -405,8 +405,6 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, * [ACLE](https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#polynomial-1) * These are only required for GCM. */ -#define vreinterpretq_p64_u8(a) ((poly64x2_t) a) -#define vreinterpretq_u8_p128(a) ((uint8x16_t) a) #define vreinterpretq_u64_p64(a) ((uint64x2_t) a) typedef uint8x16_t poly128_t; @@ -418,11 +416,8 @@ static inline poly128_t vmull_p64(poly64_t a, poly64_t b) return r; } -static inline poly64x1_t vget_low_p64(poly64x2_t a) -{ - uint64x1_t r = vget_low_u64(vreinterpretq_u64_p64(a)); - return (poly64x1_t) r; -} +/* This is set to cause some more missing intrinsics to be defined below */ +#define COMMON_MISSING_INTRINSICS static inline poly128_t vmull_high_p64(poly64x2_t a, poly64x2_t b) { @@ -457,21 +452,30 @@ static inline uint8x16_t vrbitq_u8(uint8x16_t x) ); return x; } -#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */ +#endif /* defined(MBEDTLS_ARCH_IS_ARM32) */ #if defined(MBEDTLS_COMPILER_IS_GCC) && __GNUC__ == 5 /* Some intrinsics are not available for GCC 5.X. */ -#define vreinterpretq_p64_u8(a) ((poly64x2_t) a) +#define COMMON_MISSING_INTRINSICS +#endif /* MBEDTLS_COMPILER_IS_GCC && __GNUC__ == 5 */ + + +#if defined(COMMON_MISSING_INTRINSICS) + +/* Missing intrinsics common to both GCC 5, and Clang on 32-bit */ + +#define vreinterpretq_p64_u8(a) ((poly64x2_t) a) #define vreinterpretq_u8_p128(a) ((uint8x16_t) a) -static inline poly64_t vget_low_p64(poly64x2_t __a) +static inline poly64x1_t vget_low_p64(poly64x2_t a) { - uint64x2_t tmp = (uint64x2_t) (__a); - uint64x1_t lo = vcreate_u64(vgetq_lane_u64(tmp, 0)); - return (poly64_t) (lo); + uint64x1_t r = vget_low_u64(vreinterpretq_u64_p64(a)); + return (poly64x1_t) r; + } -#endif /* MBEDTLS_COMPILER_IS_GCC && __GNUC__ == 5 */ + +#endif /* COMMON_MISSING_INTRINSICS */ /* vmull_p64/vmull_high_p64 wrappers. * From b34fe8b88b9f4c0bfa55c5699a635aa11b0a8ec2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 10 Oct 2023 09:52:46 +0100 Subject: [PATCH 097/430] Fix #error typo Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index 8ce8fe29c..752e00822 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -62,7 +62,7 @@ /* Compiler version checks. */ #if defined(__clang__) # if defined(MBEDTLS_ARCH_IS_ARM32) && (__clang_major__ < 11) -# error "Minimum version of Clang for MBEDTLS_AESCE_C on 32-bit Arm or Thumb is 111.0." +# error "Minimum version of Clang for MBEDTLS_AESCE_C on 32-bit Arm or Thumb is 11.0." # elif defined(MBEDTLS_ARCH_IS_ARM64) && (__clang_major__ < 4) # error "Minimum version of Clang for MBEDTLS_AESCE_C on aarch64 is 4.0." # endif From cb5c9fb0c23a3ecf3e69a5be0e3dc11f1bed148f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 10 Oct 2023 10:06:02 +0100 Subject: [PATCH 098/430] Add volatile to prevent asm being optimised out Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index 752e00822..e36c6d42d 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -568,7 +568,7 @@ static inline uint8x16_t poly_mult_reduce(uint8x16x3_t input) /* use 'asm' as an optimisation barrier to prevent loading MODULO from * memory. It is for GNUC compatible compilers. */ - asm ("" : "+w" (r)); + asm volatile ("" : "+w" (r)); #endif uint8x16_t const MODULO = vreinterpretq_u8_u64(vshrq_n_u64(r, 64 - 8)); uint8x16_t h, m, l; /* input high/middle/low 128b */ From 9fd1b526c332d314b3cb235e28cd1fc12a1ace19 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 10 Oct 2023 15:23:44 +0100 Subject: [PATCH 099/430] Use MBEDTLS_ARCH_IS_ARMV8_A not MBEDTLS_ARCH_IS_ARMV8 Signed-off-by: Dave Rodgman --- library/aes.c | 6 +++--- library/aesce.c | 10 +++++----- library/aesce.h | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/aes.c b/library/aes.c index 037a91837..4972fba1a 100644 --- a/library/aes.c +++ b/library/aes.c @@ -35,9 +35,9 @@ #include "mbedtls/error.h" #if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#if !((defined(MBEDTLS_ARCH_IS_ARMV8) && defined(MBEDTLS_AESCE_C)) || \ - (defined(MBEDTLS_ARCH_IS_X64) && defined(MBEDTLS_AESNI_C)) || \ - (defined(MBEDTLS_ARCH_IS_X86) && defined(MBEDTLS_AESNI_C))) +#if !((defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(MBEDTLS_AESCE_C)) || \ + (defined(MBEDTLS_ARCH_IS_X64) && defined(MBEDTLS_AESNI_C)) || \ + (defined(MBEDTLS_ARCH_IS_X86) && defined(MBEDTLS_AESNI_C))) #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" #endif #endif diff --git a/library/aesce.c b/library/aesce.c index e36c6d42d..2f9ccb541 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -19,15 +19,15 @@ #if defined(__clang__) && (__clang_major__ >= 4) -/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8 in the following #if, +/* Ideally, we would simply use MBEDTLS_ARCH_IS_ARMV8_A in the following #if, * but that is defined by build_info.h, and we need this block to happen first. */ #if defined(__ARM_ARCH) #if __ARM_ARCH >= 8 -#define MBEDTLS_AESCE_ARCH_IS_ARMV8 +#define MBEDTLS_AESCE_ARCH_IS_ARMV8_A #endif #endif -#if defined(MBEDTLS_AESCE_ARCH_IS_ARMV8) && !defined(__ARM_FEATURE_CRYPTO) +#if defined(MBEDTLS_AESCE_ARCH_IS_ARMV8_A) && !defined(__ARM_FEATURE_CRYPTO) /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. * * The intrinsic declaration are guarded by predefined ACLE macros in clang: @@ -57,7 +57,7 @@ #include "aesce.h" -#if defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON) +#if defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON) /* Compiler version checks. */ #if defined(__clang__) @@ -611,6 +611,6 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], #undef MBEDTLS_POP_TARGET_PRAGMA #endif -#endif /* MBEDTLS_ARCH_IS_ARMV8 */ +#endif /* MBEDTLS_ARCH_IS_ARMV8_A */ #endif /* MBEDTLS_AESCE_C */ diff --git a/library/aesce.h b/library/aesce.h index 149845976..819413bea 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -31,7 +31,7 @@ #include "mbedtls/aes.h" -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8) && defined(__ARM_NEON) +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARMV8_A) && defined(__ARM_NEON) #define MBEDTLS_AESCE_HAVE_CODE @@ -130,10 +130,10 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, #else -#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8) +#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && defined(MBEDTLS_ARCH_IS_ARMV8_A) #error "AES hardware acceleration not supported on this platform" #endif -#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8 && __ARM_NEON */ +#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARMV8_A && __ARM_NEON */ #endif /* MBEDTLS_AESCE_H */ From 2fe5b8563741441a1fc18c0de4485b1c94dfa58b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 10 Oct 2023 15:26:45 +0100 Subject: [PATCH 100/430] Update Changelog to specify Armv8-A Signed-off-by: Dave Rodgman --- ChangeLog.d/armv8-aesce.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt index bc26e617a..999d439ed 100644 --- a/ChangeLog.d/armv8-aesce.txt +++ b/ChangeLog.d/armv8-aesce.txt @@ -1,3 +1,3 @@ Features - * Support use of Arm Crypto Extensions for hardware acclerated AES on + * Support use of Armv8-A Crypto Extensions for hardware acclerated AES on Thumb and Arm targets. From f3501b454fe9cf6f3a45dcb5c34e07b84d168e13 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 11 Oct 2023 16:21:25 +0100 Subject: [PATCH 101/430] Test for presence/absence of AES instructions Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 53810014c..3c2c632b0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4426,6 +4426,31 @@ component_build_aes_armce () { else msg "can't include - skipping runtime detection tests" fi + + # test for presence of AES instructions + scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY + msg "clang, test A32 crypto instructions built" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S" + grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o + msg "clang, test T32 crypto instructions built" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S" + grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o + msg "clang, test aarch64 crypto instructions built" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S" + grep -E 'aes[a-z]+\s*[qv]' library/aesce.o + + # test for absence of AES instructions + scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY + scripts/config.py unset MBEDTLS_AESCE_C + msg "clang, test A32 crypto instructions not built" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S" + not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o + msg "clang, test T32 crypto instructions not built" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S" + not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o + msg "clang, test aarch64 crypto instructions not built" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S" + not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o } support_build_sha_armce() { From c61990634cb26da933f3e882ab3fe46dae37fe74 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 12 Oct 2023 11:59:04 +0100 Subject: [PATCH 102/430] Clarify changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/armv8-aesce.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/armv8-aesce.txt b/ChangeLog.d/armv8-aesce.txt index 999d439ed..ec5889c1b 100644 --- a/ChangeLog.d/armv8-aesce.txt +++ b/ChangeLog.d/armv8-aesce.txt @@ -1,3 +1,3 @@ Features - * Support use of Armv8-A Crypto Extensions for hardware acclerated AES on - Thumb and Arm targets. + * Support use of Armv8-A Cryptographic Extensions for hardware acclerated + AES when compiling for Thumb (T32) or 32-bit Arm (A32). From 5e41937eba275522033cdc4235644d28570189a6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 23 Oct 2023 15:30:20 +0100 Subject: [PATCH 103/430] Remove dependency on asm/hwcap.h Signed-off-by: Dave Rodgman --- library/aesce.c | 13 ++++++++++++- tests/scripts/all.sh | 19 +++++++------------ 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 2f9ccb541..f547eaa93 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -118,8 +118,19 @@ #if defined(__linux__) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#include #include +#if !defined(HWCAP_NEON) +#define HWCAP_NEON (1 << 12) +#endif +#if !defined(HWCAP2_AES) +#define HWCAP2_AES (1 << 0) +#endif +#if !defined(HWCAP_AES) +#define HWCAP_AES (1 << 3) +#endif +#if !defined(HWCAP_ASIMD) +#define HWCAP_ASIMD (1 << 1) +#endif signed char mbedtls_aesce_has_support_result = -1; diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3c2c632b0..73bcc856d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4411,21 +4411,16 @@ component_build_aes_armce () { msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - # we need asm/hwcap.h available for runtime detection - if (echo '#include ' | clang -E - >/dev/null 2>&1); then - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY + scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" - make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64" + make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto" - msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" - make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm" - msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" - make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" - else - msg "can't include - skipping runtime detection tests" - fi + msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb" + make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb" # test for presence of AES instructions scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY From d609607f2141c13db0650d11d779992deddc0ba1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 26 Oct 2023 16:50:18 +0200 Subject: [PATCH 104/430] Fix test suite never executed due to an undefined symbol MBEDTLS_SSL_SOME_SUITES_USE_MAC and MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC are dependencies of defined in an SSL header, so this header needs to be included here. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_constant_time_hmac.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 435e4b9e0..9d9aa3c77 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -4,6 +4,7 @@ #include #include #include "md_psa.h" +#include #include /* END_HEADER */ From 985c967a146f41b65df79d46addf64f76e528a22 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 4 Dec 2022 14:06:30 +0800 Subject: [PATCH 105/430] tls13: add more checks for server early data - check if it is enabled - check if it is psk mode - check if it is resumption - check if it is tls13 version Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6445a00a1..259996190 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1752,6 +1752,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) { + mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_handshake_params *handshake = ssl->handshake; if ((handshake->received_extensions & @@ -1762,9 +1763,42 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) return; } - /* We do not accept early data for the time being */ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected. configured disabled.")); + return; + } + + MBEDTLS_SSL_DEBUG_MSG( + 3, ("EarlyData: conf->max_early_data_size = %u", + (unsigned int) ssl->conf->max_early_data_size)); + + if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) { + MBEDTLS_SSL_DEBUG_MSG( + 1, + ("EarlyData: rejected. psk or psk_ephemeral is not available.")); + return; + } + + if (handshake && handshake->resume != 1) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected. not resumption session.")); + return; + } + + if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { + MBEDTLS_SSL_DEBUG_MSG( + 1, + ("EarlyData: rejected. not a TLS 1.3 ticket.")); + return; + } + + /* TODO: Add more checks here. */ + + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + } #endif /* MBEDTLS_SSL_EARLY_DATA */ From 71c14f1db61611c480c7898566060dcd47a4f22c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 12 Dec 2022 11:10:35 +0800 Subject: [PATCH 106/430] write early data indication in EE msg Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 259996190..cc8a0a178 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2458,6 +2458,16 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, p += output_len; #endif /* MBEDTLS_SSL_ALPN */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &output_len); + if (ret != 0) { + return ret; + } + p += output_len; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + extensions_len = (p - p_extensions_len) - 2; MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0); From 0edafa94492f85fce79227382f627cd544ea414f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Feb 2023 15:09:32 +0800 Subject: [PATCH 107/430] Add test case for writing early data in EE Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-misc.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index d5efc9edc..c11dd7053 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -493,6 +493,9 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ -S "No suitable key exchange mode" \ -s "found matched identity" +EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 )) +EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 )) + requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ @@ -508,3 +511,19 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ -s "EncryptedExtensions: early_data(42) extension does not exist." \ -s "NewSessionTicket: early_data(42) extension does not exist." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" + +requires_gnutls_next +requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, fail." \ + "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN $(get_srv_psk_list)" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \ + -d 10 -r --earlydata $EARLY_DATA_INPUT \ + --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ + 1 \ + -s "ClientHello: early_data(42) extension exists." \ + -s "EncryptedExtensions: early_data(42) extension exists." \ + -s "NewSessionTicket: early_data(42) extension does not exist." From 2db16b7b16d0397c43fd6afbe48163317ac8092f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 15 Aug 2023 16:52:25 +0800 Subject: [PATCH 108/430] disable tests when ecp is not available Signed-off-by: Jerry Yu --- tests/opt-testcases/tls13-misc.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index c11dd7053..dbc2e4346 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -500,7 +500,7 @@ requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ @@ -515,7 +515,7 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, fail." \ From 24552ff84edddb1a341b828cd092ad46333f1aee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 17 Aug 2023 15:10:03 +0100 Subject: [PATCH 109/430] ssl-opt/run_test: Introduce -l option to list test case names MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add an option in ssl-opt test case to list all the run_test calls and their names. This allows to show the parameters used and can make us avoid having to parse ssl-opt to look for extra parameters in the future. Signed-off-by: Tomás González --- tests/ssl-opt.sh | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0dd7fe6d3..b9380bad9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -123,6 +123,7 @@ FILTER='.*' EXCLUDE='^$' SHOW_TEST_NUMBER=0 +LIST_TESTS=0 RUN_TEST_NUMBER='' PRESERVE_LOGS=0 @@ -140,6 +141,7 @@ print_usage() { printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" + printf " -l|--list-tests\tList test names and exit\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" printf " --outcome-file\tFile where test outcomes are written\n" @@ -167,6 +169,9 @@ get_options() { -s|--show-numbers) SHOW_TEST_NUMBER=1 ;; + -l|--list-tests) + LIST_TESTS=1 + ;; -p|--preserve-logs) PRESERVE_LOGS=1 ;; @@ -862,9 +867,13 @@ print_name() { LINE="$LINE$1" printf "%s " "$LINE" - LEN=$(( 72 - `echo "$LINE" | wc -c` )) - for i in `seq 1 $LEN`; do printf '.'; done - printf ' ' + if [ "$LIST_TESTS" -gt 0 ]; then + printf "\n" + else + LEN=$(( 72 - `echo "$LINE" | wc -c` )) + for i in `seq 1 $LEN`; do printf '.'; done + printf ' ' + fi } @@ -1580,6 +1589,10 @@ run_test() { print_name "$NAME" + if [ "$LIST_TESTS" -gt 0 ]; then + return + fi + # Do we only run numbered tests? if [ -n "$RUN_TEST_NUMBER" ]; then case ",$RUN_TEST_NUMBER," in @@ -13375,17 +13388,21 @@ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 16384 run_tests_memory_after_hanshake -# Final report +if [ "$LIST_TESTS" -eq 0 ]; then -echo "------------------------------------------------------------------------" + # Final report + + echo "------------------------------------------------------------------------" + + if [ $FAILS = 0 ]; then + printf "PASSED" + else + printf "FAILED" + fi + PASSES=$(( $TESTS - $FAILS )) + echo " ($PASSES / $TESTS tests ($SKIPS skipped))" -if [ $FAILS = 0 ]; then - printf "PASSED" -else - printf "FAILED" fi -PASSES=$(( $TESTS - $FAILS )) -echo " ($PASSES / $TESTS tests ($SKIPS skipped))" if [ $FAILS -gt 255 ]; then # Clamp at 255 as caller gets exit code & 0xFF From 754f8cd9594245ba8c3787d2a3870ca7178c4e52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 17 Aug 2023 15:11:10 +0100 Subject: [PATCH 110/430] tests/check_test_cases: Use ssl-opt.sh -l option instead of parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use the newly added ssl-opt.sh -l option to list all the tests cases and their used parameters instead of having to parse the file to discover them. This avoids having to add further parsing complexity in the future as discussed in https://github.com/Mbed-TLS/mbedtls/pull/8080#issuecomment-1681064743 Signed-off-by: Tomás González --- tests/scripts/check_test_cases.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 1395d4d90..be5b834b0 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -27,6 +27,8 @@ import os import re import subprocess import sys +import subprocess + class Results: """Store file and line information about errors or warnings in test suites.""" @@ -100,17 +102,11 @@ state may override this method. def walk_ssl_opt_sh(self, file_name): """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none - with open(file_name, 'rb') as file_contents: - for line_number, line in enumerate(file_contents, 1): - # Assume that all run_test calls have the same simple form - # with the test description entirely on the same line as the - # function name. - m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line) - if not m: - continue - description = m.group(1) - self.process_test_case(descriptions, - file_name, line_number, description) + listed = subprocess.run(['tests/ssl-opt.sh', '-l'], + capture_output=True) + listed = set(map(lambda x: x.rstrip(), listed.stdout.splitlines())) + for description in listed: + self.process_test_case(descriptions, file_name, None, description) def walk_compat_sh(self, file_name): """Iterate over the test cases compat.sh with a similar format.""" From 546fc9ce9e0dc1cd04b48fa31fd821a128377d2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 17 Aug 2023 16:56:42 +0100 Subject: [PATCH 111/430] Revert "Add opt-testcases into check list" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ssl-opt.sh now takes care of looking at the files in the opt-testcases subdirectory, so use ssl-opt.sh directly in walk_ssl_opt_sh(). * Revert commit f17a60f147ec3ba6a9f76da38d3802a7f9f05227. Signed-off-by: Tomás González --- tests/scripts/check_test_cases.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index be5b834b0..96e383977 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -143,9 +143,6 @@ state may override this method. ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') if os.path.exists(ssl_opt_sh): self.walk_ssl_opt_sh(ssl_opt_sh) - for ssl_opt_file_name in glob.glob(os.path.join(directory, 'opt-testcases', - '*.sh')): - self.walk_ssl_opt_sh(ssl_opt_file_name) compat_sh = os.path.join(directory, 'compat.sh') if os.path.exists(compat_sh): self.walk_compat_sh(compat_sh) From 079eaee8ca54918f0b851692c6c57e522c97f689 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 17 Aug 2023 17:02:04 +0100 Subject: [PATCH 112/430] Use file_name parameter in walk_ssl_opt_sh() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove hardcoded file_name and use the parameter provided in the function. Signed-off-by: Tomás González --- tests/scripts/check_test_cases.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 96e383977..0ca0defde 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -102,7 +102,7 @@ state may override this method. def walk_ssl_opt_sh(self, file_name): """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none - listed = subprocess.run(['tests/ssl-opt.sh', '-l'], + listed = subprocess.run([f'{file_name}', '-l'], capture_output=True) listed = set(map(lambda x: x.rstrip(), listed.stdout.splitlines())) for description in listed: From 970b39fb38d01dbed08bd6abd7d6224e821fb6a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 17 Aug 2023 17:07:53 +0100 Subject: [PATCH 113/430] tests/check_test_cases: Use subprocess.check_output instead of run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/scripts/check_test_cases.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 0ca0defde..8d7e8baf3 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -102,9 +102,8 @@ state may override this method. def walk_ssl_opt_sh(self, file_name): """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none - listed = subprocess.run([f'{file_name}', '-l'], - capture_output=True) - listed = set(map(lambda x: x.rstrip(), listed.stdout.splitlines())) + listed = subprocess.check_output([f'{file_name}', '-l']) + listed = set(map(lambda x: x.rstrip(), listed.splitlines())) for description in listed: self.process_test_case(descriptions, file_name, None, description) From 3a65d6368a492234352fcb707ab00b69641e99fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Fri, 18 Aug 2023 09:45:19 +0100 Subject: [PATCH 114/430] Remove formatted string to make pylint happy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/scripts/check_test_cases.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 8d7e8baf3..4301b3210 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -102,7 +102,7 @@ state may override this method. def walk_ssl_opt_sh(self, file_name): """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none - listed = subprocess.check_output([f'{file_name}', '-l']) + listed = subprocess.check_output([file_name, '-l']) listed = set(map(lambda x: x.rstrip(), listed.splitlines())) for description in listed: self.process_test_case(descriptions, file_name, None, description) From 787428a08c94662a0c6440f029a2d06f46ab3ed0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Wed, 23 Aug 2023 15:27:19 +0100 Subject: [PATCH 115/430] Avoid skipping test when printing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/ssl-opt.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b9380bad9..7c5db293a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1581,18 +1581,18 @@ run_test() { NAME="$1" shift 1 - if is_excluded "$NAME"; then - SKIP_NEXT="NO" - # There was no request to run the test, so don't record its outcome. - return - fi - print_name "$NAME" if [ "$LIST_TESTS" -gt 0 ]; then return fi + if is_excluded "$NAME"; then + SKIP_NEXT="NO" + # There was no request to run the test, so don't record its outcome. + return + fi + # Do we only run numbered tests? if [ -n "$RUN_TEST_NUMBER" ]; then case ",$RUN_TEST_NUMBER," in From 0e8a08a1f7fbe5c7591a9083e32908e863d674fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Wed, 23 Aug 2023 15:29:57 +0100 Subject: [PATCH 116/430] Get options at beginning of program MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7c5db293a..62dcbacb3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -201,6 +201,8 @@ get_options() { done } +get_options "$@" + # Read boolean configuration options from mbedtls_config.h for easy and quick # testing. Skip non-boolean options (with something other than spaces # and a comment after "#define SYMBOL"). The variable contains a @@ -1788,8 +1790,6 @@ cleanup() { # MAIN # -get_options "$@" - # Make the outcome file path relative to the original directory, not # to .../tests case "$MBEDTLS_TEST_OUTCOME_FILE" in From f162b4f497685fe0740152c8010c83ae48d17a6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Wed, 23 Aug 2023 15:31:12 +0100 Subject: [PATCH 117/430] Only use CONFIGS_ENABLED when not listing tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/ssl-opt.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 62dcbacb3..05eba3d40 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -207,7 +207,11 @@ get_options "$@" # testing. Skip non-boolean options (with something other than spaces # and a comment after "#define SYMBOL"). The variable contains a # space-separated list of symbols. -CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )" +if [ "$LIST_TESTS" -eq 0 ];then + CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )" +else + CONFIGS_ENABLED="" +fi # Skip next test; use this macro to skip tests which are legitimate # in theory and expected to be re-introduced at some point, but # aren't expected to succeed at the moment due to problems outside From 06956a12aa83c22690004496e082d9813f6bbd2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Wed, 23 Aug 2023 15:46:20 +0100 Subject: [PATCH 118/430] Skip unnecessary logic when -l option is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/ssl-opt.sh | 263 +++++++++++++++++++++++++++-------------------- 1 file changed, 154 insertions(+), 109 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 05eba3d40..31114c94a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -223,6 +223,9 @@ skip_next_test() { # Check if the required configuration ($1) is enabled is_config_enabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return 0; + fi case $CONFIGS_ENABLED in *" $1"[\ =]*) return 0;; *) return 1;; @@ -231,6 +234,9 @@ is_config_enabled() # skip next test if the flag is not enabled in mbedtls_config.h requires_config_enabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi case $CONFIGS_ENABLED in *" $1"[\ =]*) :;; *) SKIP_NEXT="YES";; @@ -239,12 +245,18 @@ requires_config_enabled() { # skip next test if the flag is enabled in mbedtls_config.h requires_config_disabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi case $CONFIGS_ENABLED in *" $1"[\ =]*) SKIP_NEXT="YES";; esac } requires_all_configs_enabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi if ! $P_QUERY -all $* then SKIP_NEXT="YES" @@ -252,6 +264,9 @@ requires_all_configs_enabled() { } requires_all_configs_disabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi if $P_QUERY -any $* then SKIP_NEXT="YES" @@ -259,6 +274,9 @@ requires_all_configs_disabled() { } requires_any_configs_enabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi if ! $P_QUERY -any $* then SKIP_NEXT="YES" @@ -266,6 +284,9 @@ requires_any_configs_enabled() { } requires_any_configs_disabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi if $P_QUERY -all $* then SKIP_NEXT="YES" @@ -290,6 +311,9 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 then requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -307,10 +331,18 @@ get_config_value_or_default() { # # Note that if the configuration is not defined or is defined to nothing, # the output of this function will be an empty string. - ${P_SRV} "query_config=${1}" + if [ "$LIST_TESTS" -eq 0 ];then + ${P_SRV} "query_config=${1}" + else + echo "1" + fi + } requires_config_value_at_least() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi VAL="$( get_config_value_or_default "$1" )" if [ -z "$VAL" ]; then # Should never happen @@ -322,6 +354,9 @@ requires_config_value_at_least() { } requires_config_value_at_most() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi VAL=$( get_config_value_or_default "$1" ) if [ -z "$VAL" ]; then # Should never happen @@ -333,6 +368,9 @@ requires_config_value_at_most() { } requires_config_value_equals() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi VAL=$( get_config_value_or_default "$1" ) if [ -z "$VAL" ]; then # Should never happen @@ -348,6 +386,9 @@ requires_config_value_equals() { # Inputs: # * $1: protocol version in mbedtls syntax (argument to force_version=) requires_protocol_version() { + if [ "$LIST_TESTS" -gt 0 ];then + return; + fi # Support for DTLS is detected separately in detect_dtls(). case "$1" in tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; @@ -818,19 +859,20 @@ requires_not_i686() { fi } -# Calculate the input & output maximum content lengths set in the config MAX_CONTENT_LEN=16384 MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) +if [ "$LIST_TESTS" -eq 0 ];then + # Calculate the input & output maximum content lengths set in the config -# Calculate the maximum content length that fits both -if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then - MAX_CONTENT_LEN="$MAX_IN_LEN" + # Calculate the maximum content length that fits both + if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then + MAX_CONTENT_LEN="$MAX_IN_LEN" + fi + if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then + MAX_CONTENT_LEN="$MAX_OUT_LEN" + fi fi -if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then - MAX_CONTENT_LEN="$MAX_OUT_LEN" -fi - # skip the next test if the SSL output buffer is less than 16KB requires_full_size_output_buffer() { if [ "$MAX_OUT_LEN" -ne 16384 ]; then @@ -1844,109 +1886,112 @@ else } fi -# sanity checks, avoid an avalanche of errors -P_SRV_BIN="${P_SRV%%[ ]*}" -P_CLI_BIN="${P_CLI%%[ ]*}" -P_PXY_BIN="${P_PXY%%[ ]*}" -if [ ! -x "$P_SRV_BIN" ]; then - echo "Command '$P_SRV_BIN' is not an executable file" - exit 1 -fi -if [ ! -x "$P_CLI_BIN" ]; then - echo "Command '$P_CLI_BIN' is not an executable file" - exit 1 -fi -if [ ! -x "$P_PXY_BIN" ]; then - echo "Command '$P_PXY_BIN' is not an executable file" - exit 1 -fi -if [ "$MEMCHECK" -gt 0 ]; then - if which valgrind >/dev/null 2>&1; then :; else - echo "Memcheck not possible. Valgrind not found" +if [ "$LIST_TESTS" -eq 0 ];then + + # sanity checks, avoid an avalanche of errors + P_SRV_BIN="${P_SRV%%[ ]*}" + P_CLI_BIN="${P_CLI%%[ ]*}" + P_PXY_BIN="${P_PXY%%[ ]*}" + if [ ! -x "$P_SRV_BIN" ]; then + echo "Command '$P_SRV_BIN' is not an executable file" exit 1 fi + if [ ! -x "$P_CLI_BIN" ]; then + echo "Command '$P_CLI_BIN' is not an executable file" + exit 1 + fi + if [ ! -x "$P_PXY_BIN" ]; then + echo "Command '$P_PXY_BIN' is not an executable file" + exit 1 + fi + if [ "$MEMCHECK" -gt 0 ]; then + if which valgrind >/dev/null 2>&1; then :; else + echo "Memcheck not possible. Valgrind not found" + exit 1 + fi + fi + if which $OPENSSL >/dev/null 2>&1; then :; else + echo "Command '$OPENSSL' not found" + exit 1 + fi + + # used by watchdog + MAIN_PID="$$" + + # We use somewhat arbitrary delays for tests: + # - how long do we wait for the server to start (when lsof not available)? + # - how long do we allow for the client to finish? + # (not to check performance, just to avoid waiting indefinitely) + # Things are slower with valgrind, so give extra time here. + # + # Note: without lsof, there is a trade-off between the running time of this + # script and the risk of spurious errors because we didn't wait long enough. + # The watchdog delay on the other hand doesn't affect normal running time of + # the script, only the case where a client or server gets stuck. + if [ "$MEMCHECK" -gt 0 ]; then + START_DELAY=6 + DOG_DELAY=60 + else + START_DELAY=2 + DOG_DELAY=20 + fi + + # some particular tests need more time: + # - for the client, we multiply the usual watchdog limit by a factor + # - for the server, we sleep for a number of seconds after the client exits + # see client_need_more_time() and server_needs_more_time() + CLI_DELAY_FACTOR=1 + SRV_DELAY_SECONDS=0 + + # fix commands to use this port, force IPv4 while at it + # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later + # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many + # machines that will resolve to ::1, and we don't want ipv6 here. + P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" + P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" + P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" + O_SRV="$O_SRV -accept $SRV_PORT" + O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" + G_SRV="$G_SRV -p $SRV_PORT" + G_CLI="$G_CLI -p +SRV_PORT" + + # Newer versions of OpenSSL have a syntax to enable all "ciphers", even + # low-security ones. This covers not just cipher suites but also protocol + # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on + # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in + # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find + # a way to discover it from -help, so check the openssl version. + case $($OPENSSL version) in + "OpenSSL 0"*|"OpenSSL 1.0"*) :;; + *) + O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" + O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" + ;; + esac + + if [ -n "${OPENSSL_NEXT:-}" ]; then + O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" + O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" + O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT" + O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" + O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" + fi + + if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then + G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" + G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT" + fi + + if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then + G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" + G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost" + fi + + # Allow SHA-1, because many of our test certificates use it + P_SRV="$P_SRV allow_sha1=1" + P_CLI="$P_CLI allow_sha1=1" + fi -if which $OPENSSL >/dev/null 2>&1; then :; else - echo "Command '$OPENSSL' not found" - exit 1 -fi - -# used by watchdog -MAIN_PID="$$" - -# We use somewhat arbitrary delays for tests: -# - how long do we wait for the server to start (when lsof not available)? -# - how long do we allow for the client to finish? -# (not to check performance, just to avoid waiting indefinitely) -# Things are slower with valgrind, so give extra time here. -# -# Note: without lsof, there is a trade-off between the running time of this -# script and the risk of spurious errors because we didn't wait long enough. -# The watchdog delay on the other hand doesn't affect normal running time of -# the script, only the case where a client or server gets stuck. -if [ "$MEMCHECK" -gt 0 ]; then - START_DELAY=6 - DOG_DELAY=60 -else - START_DELAY=2 - DOG_DELAY=20 -fi - -# some particular tests need more time: -# - for the client, we multiply the usual watchdog limit by a factor -# - for the server, we sleep for a number of seconds after the client exits -# see client_need_more_time() and server_needs_more_time() -CLI_DELAY_FACTOR=1 -SRV_DELAY_SECONDS=0 - -# fix commands to use this port, force IPv4 while at it -# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later -# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many -# machines that will resolve to ::1, and we don't want ipv6 here. -P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" -P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" -P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" -O_SRV="$O_SRV -accept $SRV_PORT" -O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" -G_SRV="$G_SRV -p $SRV_PORT" -G_CLI="$G_CLI -p +SRV_PORT" - -# Newer versions of OpenSSL have a syntax to enable all "ciphers", even -# low-security ones. This covers not just cipher suites but also protocol -# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on -# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in -# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find -# a way to discover it from -help, so check the openssl version. -case $($OPENSSL version) in - "OpenSSL 0"*|"OpenSSL 1.0"*) :;; - *) - O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" - O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" - ;; -esac - -if [ -n "${OPENSSL_NEXT:-}" ]; then - O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" - O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" - O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT" - O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" - O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" -fi - -if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then - G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" - G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT" -fi - -if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then - G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" - G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost" -fi - -# Allow SHA-1, because many of our test certificates use it -P_SRV="$P_SRV allow_sha1=1" -P_CLI="$P_CLI allow_sha1=1" - # Also pick a unique name for intermediate files SRV_OUT="srv_out.$$" CLI_OUT="cli_out.$$" From be2c66e548db0c95be7f74b38c203c48c9a84856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Fri, 1 Sep 2023 10:34:49 +0100 Subject: [PATCH 119/430] ssl-opt.sh: Simplify the implementation of the -l option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of verifying if the LIST_TESTS variable has been set in every function to avoid using the P_QUERY variable and avoid calling a program that has not necessarily been compiled yet: * Define P_QUERY=":" when LIST_TESTS has been set. Signed-off-by: Tomás González --- tests/ssl-opt.sh | 37 +------------------------------------ 1 file changed, 1 insertion(+), 36 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 31114c94a..b925a0133 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -210,6 +210,7 @@ get_options "$@" if [ "$LIST_TESTS" -eq 0 ];then CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )" else + P_QUERY=":" CONFIGS_ENABLED="" fi # Skip next test; use this macro to skip tests which are legitimate @@ -223,9 +224,6 @@ skip_next_test() { # Check if the required configuration ($1) is enabled is_config_enabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return 0; - fi case $CONFIGS_ENABLED in *" $1"[\ =]*) return 0;; *) return 1;; @@ -234,9 +232,6 @@ is_config_enabled() # skip next test if the flag is not enabled in mbedtls_config.h requires_config_enabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi case $CONFIGS_ENABLED in *" $1"[\ =]*) :;; *) SKIP_NEXT="YES";; @@ -245,18 +240,12 @@ requires_config_enabled() { # skip next test if the flag is enabled in mbedtls_config.h requires_config_disabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi case $CONFIGS_ENABLED in *" $1"[\ =]*) SKIP_NEXT="YES";; esac } requires_all_configs_enabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi if ! $P_QUERY -all $* then SKIP_NEXT="YES" @@ -264,9 +253,6 @@ requires_all_configs_enabled() { } requires_all_configs_disabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi if $P_QUERY -any $* then SKIP_NEXT="YES" @@ -274,9 +260,6 @@ requires_all_configs_disabled() { } requires_any_configs_enabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi if ! $P_QUERY -any $* then SKIP_NEXT="YES" @@ -284,9 +267,6 @@ requires_any_configs_enabled() { } requires_any_configs_disabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi if $P_QUERY -all $* then SKIP_NEXT="YES" @@ -311,9 +291,6 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 then requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT @@ -340,9 +317,6 @@ get_config_value_or_default() { } requires_config_value_at_least() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi VAL="$( get_config_value_or_default "$1" )" if [ -z "$VAL" ]; then # Should never happen @@ -354,9 +328,6 @@ requires_config_value_at_least() { } requires_config_value_at_most() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi VAL=$( get_config_value_or_default "$1" ) if [ -z "$VAL" ]; then # Should never happen @@ -368,9 +339,6 @@ requires_config_value_at_most() { } requires_config_value_equals() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi VAL=$( get_config_value_or_default "$1" ) if [ -z "$VAL" ]; then # Should never happen @@ -386,9 +354,6 @@ requires_config_value_equals() { # Inputs: # * $1: protocol version in mbedtls syntax (argument to force_version=) requires_protocol_version() { - if [ "$LIST_TESTS" -gt 0 ];then - return; - fi # Support for DTLS is detected separately in detect_dtls(). case "$1" in tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; From 37a8739e4d6c4d9a65691fdfd94f1deb9fa8991d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Fri, 1 Sep 2023 11:25:44 +0100 Subject: [PATCH 120/430] ssl-opt.sh: Don't affect the order at which functions are printed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When adding the LIST_TESTS option, print_name can be called before checking if the test case should be excluded or not. Change this back to its previous state while still taking into account the LIST_TESTS option. Signed-off-by: Tomás González --- tests/ssl-opt.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b925a0133..de4c83a11 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1594,18 +1594,18 @@ run_test() { NAME="$1" shift 1 - print_name "$NAME" - - if [ "$LIST_TESTS" -gt 0 ]; then - return - fi - if is_excluded "$NAME"; then SKIP_NEXT="NO" # There was no request to run the test, so don't record its outcome. return fi + print_name "$NAME" + + if [ "$LIST_TESTS" -gt 0 ]; then + return + fi + # Do we only run numbered tests? if [ -n "$RUN_TEST_NUMBER" ]; then case ",$RUN_TEST_NUMBER," in From 4a86da2460fba520bfd22547675af29faacd84a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Fri, 1 Sep 2023 17:41:16 +0100 Subject: [PATCH 121/430] check_test_cases: Unify walk_compat_sh and walk_opt_sh into one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit walk_compat_sh and walk_opt_sh are basically the same now, so: * Merge them into one function. * Use the --list-test-cases option for both of them. * Rename this merged function as collect_from_script which seems more appropriate as since it isn't iterating the script but calling it. Signed-off-by: Tomás González --- tests/compat.sh | 8 +++---- tests/scripts/check_test_cases.py | 36 +++++++++++-------------------- tests/ssl-opt.sh | 4 ++-- 3 files changed, 19 insertions(+), 29 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 6506e6c09..570c8e83d 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -127,7 +127,7 @@ print_usage() { printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -v|--verbose\tSet verbose output.\n" - printf " --list-test-case\tList all potential test cases (No Execution)\n" + printf " -l|--list-test-cases\tList all potential test cases (No Execution)\n" printf " --outcome-file\tFile where test outcomes are written\n" printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" printf " --preserve-logs\tPreserve logs of successful tests as well\n" @@ -191,8 +191,8 @@ get_options() { MEMCHECK=1 ;; # Please check scripts/check_test_cases.py correspondingly - # if you have to modify option, --list-test-case - --list-test-case) + # if you have to modify option, --list-test-cases + --list-test-cases) list_test_case exit $? ;; @@ -869,7 +869,7 @@ wait_client_done() { } # uniform_title -# $TITLE is considered as test case description for both --list-test-case and +# $TITLE is considered as test case description for both --list-test-cases and # MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of # each test case description. uniform_title() { diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 4301b3210..2dddf7a16 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -27,7 +27,6 @@ import os import re import subprocess import sys -import subprocess class Results: @@ -99,26 +98,18 @@ state may override this method. data_file_name, line_number, line) in_paragraph = True - def walk_ssl_opt_sh(self, file_name): - """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" + def collect_from_script(self, file_name): + """Collect the test cases in a script by calling its listing test cases +option""" descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none - listed = subprocess.check_output([file_name, '-l']) + listed = subprocess.check_output(['sh', file_name, '--list-test-cases']) + # Assume test file is responsible for printing identical format of + # test case description between --list-test-cases and its OUTCOME.CSV listed = set(map(lambda x: x.rstrip(), listed.splitlines())) - for description in listed: - self.process_test_case(descriptions, file_name, None, description) - - def walk_compat_sh(self, file_name): - """Iterate over the test cases compat.sh with a similar format.""" - descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none - compat_cmd = ['sh', file_name, '--list-test-case'] - compat_output = subprocess.check_output(compat_cmd) - # Assume compat.sh is responsible for printing identical format of - # test case description between --list-test-case and its OUTCOME.CSV - description = compat_output.strip().split(b'\n') # idx indicates the number of test case since there is no line number # in `compat.sh` for each test case. - for idx, descrip in enumerate(description): - self.process_test_case(descriptions, file_name, idx, descrip) + for idx, description in enumerate(listed): + self.process_test_case(descriptions, file_name, idx, description) @staticmethod def collect_test_directories(): @@ -139,12 +130,11 @@ state may override this method. for data_file_name in glob.glob(os.path.join(directory, 'suites', '*.data')): self.walk_test_suite(data_file_name) - ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') - if os.path.exists(ssl_opt_sh): - self.walk_ssl_opt_sh(ssl_opt_sh) - compat_sh = os.path.join(directory, 'compat.sh') - if os.path.exists(compat_sh): - self.walk_compat_sh(compat_sh) + + for sh_file in ['ssl-opt.sh', 'compat.sh']: + sh_file = os.path.join(directory, sh_file) + if os.path.exists(sh_file): + self.collect_from_script(sh_file) class TestDescriptions(TestDescriptionExplorer): """Collect the available test cases.""" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index de4c83a11..04be26f2e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -141,7 +141,7 @@ print_usage() { printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" - printf " -l|--list-tests\tList test names and exit\n" + printf " -l|--list-test-cases\tList all potential test cases (No Execution)\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" printf " --outcome-file\tFile where test outcomes are written\n" @@ -169,7 +169,7 @@ get_options() { -s|--show-numbers) SHOW_TEST_NUMBER=1 ;; - -l|--list-tests) + -l|--list-test-cases) LIST_TESTS=1 ;; -p|--preserve-logs) From 38ecf9fa1e6151656c542419d2a0cb8bca182673 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Mon, 4 Sep 2023 10:23:04 +0100 Subject: [PATCH 122/430] check_test_cases: Avoid removing duplicated test cases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit One of the jobs of check_test_cases is to check for duplicate test descriptions and to have them ordered: * Stop using a set to collect the different test cases from the test scripts. Signed-off-by: Tomás González --- tests/scripts/check_test_cases.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 2dddf7a16..4a3ecef30 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -105,11 +105,14 @@ option""" listed = subprocess.check_output(['sh', file_name, '--list-test-cases']) # Assume test file is responsible for printing identical format of # test case description between --list-test-cases and its OUTCOME.CSV - listed = set(map(lambda x: x.rstrip(), listed.splitlines())) + # # idx indicates the number of test case since there is no line number # in `compat.sh` for each test case. - for idx, description in enumerate(listed): - self.process_test_case(descriptions, file_name, idx, description) + for idx, description in enumerate(listed.splitlines()): + self.process_test_case(descriptions, + file_name, + idx, + description.rstrip()) @staticmethod def collect_test_directories(): From 12787c9ba5f573f0ccc051ead6d2347c6366119b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Mon, 4 Sep 2023 10:26:00 +0100 Subject: [PATCH 123/430] Remove invalid -l option from test scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The -l option mentioned in previous commits for both ssl-opt.sh and compat.sh scripts should only be a --list-test-cases option. Remove -l option from the help list. Signed-off-by: Tomás González --- tests/compat.sh | 2 +- tests/ssl-opt.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 570c8e83d..f55bb0e05 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -127,7 +127,7 @@ print_usage() { printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -v|--verbose\tSet verbose output.\n" - printf " -l|--list-test-cases\tList all potential test cases (No Execution)\n" + printf " --list-test-cases\tList all potential test cases (No Execution)\n" printf " --outcome-file\tFile where test outcomes are written\n" printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" printf " --preserve-logs\tPreserve logs of successful tests as well\n" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 04be26f2e..156e94406 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -141,9 +141,9 @@ print_usage() { printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" - printf " -l|--list-test-cases\tList all potential test cases (No Execution)\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" + printf " --list-test-cases\tList all potential test cases (No Execution)\n" printf " --outcome-file\tFile where test outcomes are written\n" printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" From 378e364c3c6bc1638fad25e8f0e78db90b7371bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Mon, 4 Sep 2023 10:41:37 +0100 Subject: [PATCH 124/430] ssl-opt.sh: Correct print format for test cases' names MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid printing an extra space when using the --list-test-cases option. Signed-off-by: Tomás González --- tests/ssl-opt.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 156e94406..6644b0de0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -879,15 +879,16 @@ print_name() { fi LINE="$LINE$1" - printf "%s " "$LINE" if [ "$LIST_TESTS" -gt 0 ]; then - printf "\n" - else - LEN=$(( 72 - `echo "$LINE" | wc -c` )) - for i in `seq 1 $LEN`; do printf '.'; done - printf ' ' + printf "%s\n" "$LINE" + return fi + printf "%s " "$LINE" + LEN=$(( 72 - `echo "$LINE" | wc -c` )) + for i in `seq 1 $LEN`; do printf '.'; done + printf ' ' + } # record_outcome [] From 51cb70434258b656a34742e9810a6b17511c5148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 7 Sep 2023 10:21:19 +0100 Subject: [PATCH 125/430] Avoid using print_name when --list-test-cases is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/ssl-opt.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6644b0de0..b93d439de 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -879,10 +879,6 @@ print_name() { fi LINE="$LINE$1" - if [ "$LIST_TESTS" -gt 0 ]; then - printf "%s\n" "$LINE" - return - fi printf "%s " "$LINE" LEN=$(( 72 - `echo "$LINE" | wc -c` )) @@ -1601,12 +1597,13 @@ run_test() { return fi - print_name "$NAME" - if [ "$LIST_TESTS" -gt 0 ]; then + printf "%s\n" "$NAME" return fi + print_name "$NAME" + # Do we only run numbered tests? if [ -n "$RUN_TEST_NUMBER" ]; then case ",$RUN_TEST_NUMBER," in From cfe68a0cb6f5ba882c6528034a161d7ff45d0ce9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Thu, 7 Sep 2023 10:37:50 +0100 Subject: [PATCH 126/430] ssl-opt.sh: Make record_outcome record the ssl-opt.sh file only MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ignore the test suite name as file from opt-testcases cannot actually be called separately. Signed-off-by: Tomás González --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b93d439de..36753af8a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -895,7 +895,7 @@ record_outcome() { if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then printf '%s;%s;%s;%s;%s;%s\n' \ "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ - "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \ + "ssl-opt" "$NAME" \ "$1" "${2-}" \ >>"$MBEDTLS_TEST_OUTCOME_FILE" fi From 4fc582461ba4c09f2fb19dded82aa45bba83b325 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Wed, 20 Sep 2023 22:14:06 +0100 Subject: [PATCH 127/430] compat.sh: Rename list_test_case to list_test_cases MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- tests/compat.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index f55bb0e05..a98ed0eec 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -141,8 +141,8 @@ print_test_case() { done } -# list_test_case lists all potential test cases in compat.sh without execution -list_test_case() { +# list_test_cases lists all potential test cases in compat.sh without execution +list_test_cases() { reset_ciphersuites for TYPE in $TYPES; do add_common_ciphersuites @@ -193,7 +193,7 @@ get_options() { # Please check scripts/check_test_cases.py correspondingly # if you have to modify option, --list-test-cases --list-test-cases) - list_test_case + list_test_cases exit $? ;; --outcome-file) From 7f2cddb1aeb939972a634820243c0a243dcaadca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Fri, 27 Oct 2023 11:45:26 +0100 Subject: [PATCH 128/430] check_test_cases: Minor documentation change MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Make an iteration comment generic to every file it may affect instead of making it specific a particular file. Signed-off-by: Tomás González --- tests/scripts/check_test_cases.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 4a3ecef30..30879d763 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -107,7 +107,7 @@ option""" # test case description between --list-test-cases and its OUTCOME.CSV # # idx indicates the number of test case since there is no line number - # in `compat.sh` for each test case. + # in the script for each test case. for idx, description in enumerate(listed.splitlines()): self.process_test_case(descriptions, file_name, From cfb23b8090611a1fa866ef489e021c5f659aedc7 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 30 Oct 2023 15:26:26 +0800 Subject: [PATCH 129/430] tls13: server: parse pre_shared_key only when some psk is selectable Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2561239a0..456621b5d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1728,9 +1728,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * - The content up to but excluding the PSK extension, if present. */ /* If we've settled on a PSK-based exchange, parse PSK identity ext */ - if (mbedtls_ssl_tls13_some_psk_enabled(ssl) && - mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && - (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) { + if (ssl_tls13_check_psk_key_exchange(ssl) || + ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { ret = handshake->update_checksum(ssl, buf, pre_shared_key_ext - buf); if (0 != ret) { From 9dd0cc06e56bf34fd8888d6c79ebf0503405fabd Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 18 Oct 2023 11:25:30 +0800 Subject: [PATCH 130/430] disable stdout in require_*_configs_* functions Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0dd7fe6d3..659719cf0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -234,28 +234,28 @@ requires_config_disabled() { } requires_all_configs_enabled() { - if ! $P_QUERY -all $* + if ! $P_QUERY -all $* 2>&1 > /dev/null then SKIP_NEXT="YES" fi } requires_all_configs_disabled() { - if $P_QUERY -any $* + if $P_QUERY -any $* 2>&1 > /dev/null then SKIP_NEXT="YES" fi } requires_any_configs_enabled() { - if ! $P_QUERY -any $* + if ! $P_QUERY -any $* 2>&1 > /dev/null then SKIP_NEXT="YES" fi } requires_any_configs_disabled() { - if $P_QUERY -all $* + if $P_QUERY -all $* 2>&1 > /dev/null then SKIP_NEXT="YES" fi From 06b364fdfd9a1816abaef3de336a4c701e760b3a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 18 Oct 2023 11:22:50 +0800 Subject: [PATCH 131/430] fix miss sent extensions mask Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c6fa3b390..90f54f94b 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1022,6 +1022,8 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key identities", buf, p - buf); + mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); + return 0; } From 05c25cbaf9864622a2565f3c3a51f4b108468d46 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Oct 2023 11:07:18 +0100 Subject: [PATCH 132/430] test_driver_extension: manage curves' acceleration the same as other PSA_WANT symbols Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 122 +++++++++++++++--- 1 file changed, 104 insertions(+), 18 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 0eedb8b10..d39e9c158 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -64,6 +64,110 @@ #endif #endif +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) +#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 +#else +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) +#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 +#else +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) +#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 +#else +#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_MONTGOMERY_255) +#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) +#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 +#else +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_MONTGOMERY_448) +#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) +#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 +#else +#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_K1_192) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_K1_224) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_K1_256) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_192) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_224) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_256) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_384) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 +#endif +#endif + +#if defined(PSA_WANT_ECC_SECP_R1_521) +#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) +#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 +#else +#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 +#endif +#endif + #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) #if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) #undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA @@ -427,24 +531,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 -#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) && \ - defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1 -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1 -#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1 -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1 -#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1 -#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1 -#endif - #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 From 3fe105b04221f0b0d3c3b06ecf345f9be19e73ad Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Oct 2023 11:08:12 +0100 Subject: [PATCH 133/430] all.sh: fix test components using accelerated curves Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 83 +++++++++++++++----------------------------- 1 file changed, 28 insertions(+), 55 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b0b32fed5..1836a105c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2294,12 +2294,8 @@ component_test_psa_crypto_config_accel_ecdsa () { # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - $(helper_get_psa_key_type_list "ECC")" - - # Note: Those are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - loc_curve_list="$(helper_get_psa_curve_list)" + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" # Configure # --------- @@ -2324,7 +2320,7 @@ component_test_psa_crypto_config_accel_ecdsa () { helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -2341,12 +2337,8 @@ component_test_psa_crypto_config_accel_ecdh () { # Algorithms and key types to accelerate loc_accel_list="ALG_ECDH \ - $(helper_get_psa_key_type_list "ECC")" - - # Note: Those are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - loc_curve_list="$(helper_get_psa_curve_list)" + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" # Configure # --------- @@ -2369,7 +2361,7 @@ component_test_psa_crypto_config_accel_ecdh () { helper_libtestdriver1_make_drivers "$loc_accel_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdh_ library/ecdh.o @@ -2443,12 +2435,8 @@ component_test_psa_crypto_config_accel_pake() { msg "build: full with accelerated PAKE" loc_accel_list="ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC")" - - # Note: Those are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - loc_curve_list="$(helper_get_psa_curve_list)" + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" # Configure # --------- @@ -2464,7 +2452,7 @@ component_test_psa_crypto_config_accel_pake() { helper_libtestdriver1_make_drivers "$loc_accel_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecjpake_init library/ecjpake.o @@ -2487,12 +2475,8 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { KEY_TYPE_ECC_PUBLIC_KEY \ KEY_TYPE_ECC_KEY_PAIR_BASIC \ KEY_TYPE_ECC_KEY_PAIR_IMPORT \ - KEY_TYPE_ECC_KEY_PAIR_EXPORT" - - # Note: Curves are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - loc_curve_list="$(helper_get_psa_curve_list)" + KEY_TYPE_ECC_KEY_PAIR_EXPORT \ + $(helper_get_psa_curve_list)" # Configure # --------- @@ -2525,7 +2509,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () { ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # ECP should be re-enabled but not the others not grep mbedtls_ecdh_ library/ecdh.o @@ -2554,12 +2538,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { msg "build: crypto_full minus PK with accelerated EC algs and $desc curves" - # Algorithms and key types to accelerate - loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ - ALG_ECDH \ - ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC")" - # Note: Curves are handled in a special way by the libtestdriver machinery, # so we only want to include them in the accel list when building the main # libraries, hence the use of a separate variable. @@ -2583,6 +2561,13 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { loc_curve_list=$loc_non_weierstrass_list fi + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ + ALG_ECDH \ + ALG_JPAKE \ + $(helper_get_psa_key_type_list "ECC") \ + $loc_curve_list" + # Configure # --------- @@ -2702,12 +2687,8 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC")" - - # Note: Those are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - loc_curve_list="$(helper_get_psa_curve_list)" + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" # Configure # --------- @@ -2727,7 +2708,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -2810,12 +2791,8 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC")" - - # Note: Those are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - loc_curve_list="$(helper_get_psa_curve_list)" + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" # Configure # --------- @@ -2835,7 +2812,7 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -2981,7 +2958,8 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ ALG_JPAKE \ - $(helper_get_psa_key_type_list "ECC")" + $(helper_get_psa_key_type_list "ECC") \ + $(helper_get_psa_curve_list)" # Optionally we can also add DH to the list of accelerated items if [ "$test_target" = "ECC_DH" ]; then loc_accel_list="$loc_accel_list \ @@ -2989,11 +2967,6 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { $(helper_get_psa_key_type_list "DH")" fi - # Note: Those are handled in a special way by the libtestdriver machinery, - # so we only want to include them in the accel list when building the main - # libraries, hence the use of a separate variable. - loc_curve_list="$(helper_get_psa_curve_list)" - # Configure # --------- @@ -3012,7 +2985,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o From 852d26c70d268574eb621ed75a1cb5754429b2b1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 11:47:03 +0200 Subject: [PATCH 134/430] all.sh: enable SSL_TLS and SSL_TICKET in full_no_cipher with PSA_CRYPTO Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1eea025cb..b3be84c21 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1571,8 +1571,6 @@ common_test_full_no_cipher_with_psa_crypto () { scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_SSL_TLS_C - scripts/config.py unset MBEDTLS_SSL_TICKET_C make From d531dab4f6bd33f46c19903c4f94d508c6c9f429 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 11:49:22 +0200 Subject: [PATCH 135/430] check_config: let SSL_TLS depend on either CIPHER_C or USE_PSA_CRYPTO TLS code already implements proper dispatching to either builtin or PSA implementations based on USE_PSA guards, so we can improve the check_config guards to reflect this. Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1251cdfa7..7c53a238b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -949,7 +949,8 @@ #error "MBEDTLS_SSL_ASYNC_PRIVATE defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_SSL_TLS_C) && !(defined(MBEDTLS_CIPHER_C) || \ + defined(MBEDTLS_USE_PSA_CRYPTO)) #error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif From 31ad3a14cccb8a1e416eea6d739f92136406de4c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 11:55:02 +0200 Subject: [PATCH 136/430] ssl_helpers: allow mbedtls_test_ssl_build_transforms to work without CIPHER_C A new internal function is added to get cipher's info (mode, key bits and iv len) without relying on CIPHER_C. This function is basically a lookup table used only for test purposes. Signed-off-by: Valerio Setti --- tests/src/test_helpers/ssl_helpers.c | 157 ++++++++++++++++++++++++--- 1 file changed, 140 insertions(+), 17 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 5c305cb0a..072a1779b 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1108,6 +1108,123 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && MBEDTLS_AES_C */ +static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, + mbedtls_cipher_mode_t *cipher_mode, + size_t *key_bits, size_t *iv_len) +{ + switch (cipher_type) { + case MBEDTLS_CIPHER_AES_128_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 128; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_AES_256_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 256; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_ARIA_128_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 128; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_ARIA_256_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 256; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 128; + *iv_len = 16; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_CBC: + *cipher_mode = MBEDTLS_MODE_CBC; + *key_bits = 256; + *iv_len = 16; + break; + + case MBEDTLS_CIPHER_AES_128_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_192_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_256_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 256; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_192_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_CCM: + *cipher_mode = MBEDTLS_MODE_CCM; + *key_bits = 256; + *iv_len = 12; + break; + + case MBEDTLS_CIPHER_AES_128_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_192_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_AES_256_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 256; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_128_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 128; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_192_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 192; + *iv_len = 12; + break; + case MBEDTLS_CIPHER_CAMELLIA_256_GCM: + *cipher_mode = MBEDTLS_MODE_GCM; + *key_bits = 256; + *iv_len = 12; + break; + + case MBEDTLS_CIPHER_CHACHA20_POLY1305: + *cipher_mode = MBEDTLS_MODE_CHACHAPOLY; + *key_bits = 256; + *iv_len = 12; + break; + + case MBEDTLS_CIPHER_NULL: + *cipher_mode = MBEDTLS_MODE_STREAM; + *key_bits = 0; + *iv_len = 0; + break; + + default: + *cipher_mode = MBEDTLS_MODE_NONE; + *key_bits = 0; + *iv_len = 0; + } +} + int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, int cipher_type, int hash_id, @@ -1116,18 +1233,22 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, size_t cid0_len, size_t cid1_len) { - mbedtls_cipher_info_t const *cipher_info; + mbedtls_cipher_mode_t cipher_mode = MBEDTLS_MODE_NONE; + size_t key_bits = 0; int ret = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; - size_t key_bits; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #endif - size_t keylen, maclen, ivlen; +#if defined(MBEDTLS_CIPHER_C) + mbedtls_cipher_info_t const *cipher_info; +#endif + + size_t keylen, maclen, ivlen = 0; unsigned char *key0 = NULL, *key1 = NULL; unsigned char *md0 = NULL, *md1 = NULL; unsigned char iv_enc[16], iv_dec[16]; @@ -1144,15 +1265,11 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ maclen = 0; - - /* Pick cipher */ - cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); - CHK(cipher_info != NULL); - CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); - CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); + mbedtls_test_ssl_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type, + &cipher_mode, &key_bits, &ivlen); /* Pick keys */ - keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; + keylen = key_bits / 8; /* Allocate `keylen + 1` bytes to ensure that we get * a non-NULL pointers from `mbedtls_calloc` even if * `keylen == 0` in the case of the NULL cipher. */ @@ -1161,6 +1278,12 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(key0, 0x1, keylen); memset(key1, 0x2, keylen); +#if defined(MBEDTLS_CIPHER_C) + /* Pick cipher */ + cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); + CHK(cipher_info != NULL); + CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); + CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); #if !defined(MBEDTLS_USE_PSA_CRYPTO) /* Setup cipher contexts */ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); @@ -1169,7 +1292,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0); #if defined(MBEDTLS_CIPHER_MODE_CBC) - if (cipher_info->mode == MBEDTLS_MODE_CBC) { + if (cipher_mode == MBEDTLS_MODE_CBC) { CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc, MBEDTLS_PADDING_NONE) == 0); CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec, @@ -1197,12 +1320,13 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3, MBEDTLS_DECRYPT) == 0); -#endif +#endif /* !MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_CIPHER_C */ /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - if (cipher_info->mode == MBEDTLS_MODE_CBC || - cipher_info->mode == MBEDTLS_MODE_STREAM) { + if (cipher_mode == MBEDTLS_MODE_CBC || + cipher_mode == MBEDTLS_MODE_STREAM) { #if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id); CHK(md_info != NULL); @@ -1240,7 +1364,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, md1, maclen, &t_out->psa_mac_enc) == PSA_SUCCESS); - if (cipher_info->mode == MBEDTLS_MODE_STREAM || + if (cipher_mode == MBEDTLS_MODE_STREAM || etm == MBEDTLS_SSL_ETM_DISABLED) { /* mbedtls_ct_hmac() requires the key to be exportable */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | @@ -1279,7 +1403,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, /* Pick IV's (regardless of whether they * are being used by the transform). */ - ivlen = mbedtls_cipher_info_get_iv_size(cipher_info); memset(iv_enc, 0x3, sizeof(iv_enc)); memset(iv_dec, 0x4, sizeof(iv_dec)); @@ -1300,7 +1423,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, t_out->ivlen = ivlen; t_in->ivlen = ivlen; - switch (cipher_info->mode) { + switch (cipher_mode) { case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_CCM: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) From bdf04e840aa35c6d2395b4e2618c6f151a807317 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 12:02:45 +0200 Subject: [PATCH 137/430] ssl_server2: support ticket_aead only when CIPHER_C is defined Cipher parsing requires mbedtls_cipher_info_from_string() which depends on CIPHER_C. Signed-off-by: Valerio Setti --- programs/ssl/ssl_server2.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c99703dd5..ccdabe47b 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -283,6 +283,7 @@ int main(void) #else #define USAGE_PSK "" #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ + #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #define USAGE_CA_CALLBACK \ " ca_callback=%%d default: 0 (disabled)\n" \ @@ -290,13 +291,21 @@ int main(void) #else #define USAGE_CA_CALLBACK "" #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ + #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) +#if defined(MBEDTLS_CIPHER_C) #define USAGE_TICKETS \ " tickets=%%d default: 1 (enabled)\n" \ " ticket_rotate=%%d default: 0 (disabled)\n" \ " ticket_timeout=%%d default: 86400 (one day)\n" \ " ticket_aead=%%s default: \"AES-256-GCM\"\n" -#else +#else /* MBEDTLS_CIPHER_C */ +#define USAGE_TICKETS \ + " tickets=%%d default: 1 (enabled)\n" \ + " ticket_rotate=%%d default: 0 (disabled)\n" \ + " ticket_timeout=%%d default: 86400 (one day)\n" +#endif /* MBEDTLS_CIPHER_C */ +#else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ @@ -2146,14 +2155,18 @@ usage: if (opt.ticket_timeout < 0) { goto usage; } - } else if (strcmp(p, "ticket_aead") == 0) { + } else +#if defined(MBEDTLS_CIPHER_C) + if (strcmp(p, "ticket_aead") == 0) { const mbedtls_cipher_info_t *ci = mbedtls_cipher_info_from_string(q); if (ci == NULL) { goto usage; } opt.ticket_aead = mbedtls_cipher_info_get_type(ci); - } else if (strcmp(p, "cache_max") == 0) { + } else +#endif + if (strcmp(p, "cache_max") == 0) { opt.cache_max = atoi(q); if (opt.cache_max < 0) { goto usage; From dc55470341925d9187cdea2a16d6139a7c8dfff0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 12:12:53 +0200 Subject: [PATCH 138/430] ssl_context_info: add guards for CIPHER_C mbedtls_cipher_info_from_type() is only available when CIPHER_C is defined. So when it is not we just print the cipher type decimal value on the output instead of the cipher's name. Signed-off-by: Valerio Setti --- programs/ssl/ssl_context_info.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 9744c58d5..fca6afdcb 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -559,7 +559,6 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, if (ciphersuite_info == NULL) { printf_err("Cannot find ciphersuite info\n"); } else { - const mbedtls_cipher_info_t *cipher_info; #if defined(MBEDTLS_MD_C) const mbedtls_md_info_t *md_info; #endif @@ -567,12 +566,18 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, printf("\tciphersuite : %s\n", ciphersuite_info->name); printf("\tcipher flags : 0x%02X\n", ciphersuite_info->flags); +#if defined(MBEDTLS_CIPHER_C) + const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); if (cipher_info == NULL) { printf_err("Cannot find cipher info\n"); } else { printf("\tcipher : %s\n", cipher_info->name); } +#else /* MBEDTLS_CIPHER_C */ + printf("\tcipher type : %d\n", ciphersuite_info->cipher); +#endif /* MBEDTLS_CIPHER_C */ + #if defined(MBEDTLS_MD_C) md_info = mbedtls_md_info_from_type(ciphersuite_info->mac); if (md_info == NULL) { From 1ebb6cd68d633ac354dcd81ab459faf0790c4213 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 16:44:27 +0200 Subject: [PATCH 139/430] ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols These are used in tests to determine whether there is support for one of those keys for CBC mode. Signed-off-by: Valerio Setti --- library/ssl_misc.h | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2d78fd47c..ac8a2970b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -261,6 +261,33 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). */ +/* Some internal helpers to determine which keys are availble for CBC mode. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) || defined(PSA_WANT_ALG_CBC_PKCS7) +#if defined(PSA_WANT_KEY_TYPE_AES) +#define MBEDTLS_SSL_HAVE_AES_CBC +#endif +#if defined(PSA_WANT_KEY_TYPE_ARIA) +#define MBEDTLS_SSL_HAVE_ARIA_CBC +#endif +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) +#define MBEDTLS_SSL_HAVE_CAMELLIA_CBC +#endif +#endif /* PSA_WANT_ALG_CBC_NO_PADDING || PSA_WANT_ALG_CBC_PKCS7 */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MEDTLS_AES_C) +#define MBEDTLS_SSL_HAVE_AES_CBC +#endif +#if defined(MEDTLS_ARIA_C) +#define MBEDTLS_SSL_HAVE_ARIA_CBC +#endif +#if defined(MEDTLS_CAMELLIA_C) +#define MBEDTLS_SSL_HAVE_CAMELLIA_CBC +#endif +#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_USE_PSA_CRYPTO*/ + #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This macro determines whether CBC is supported. */ From 74d5f23c3fca7283364b10abc82881915650f13f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 16:45:49 +0200 Subject: [PATCH 140/430] test_suite_ssl: use new internal symbols in tests using CBC Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 648 +++++++++--------- tests/suites/test_suite_ssl_decrypt.misc.data | 192 +++--- 2 files changed, 420 insertions(+), 420 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index faf44e4be..029dac821 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -373,7 +373,7 @@ depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1: handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM @@ -381,11 +381,11 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAV handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_2 @@ -401,7 +401,7 @@ depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1: handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM @@ -409,11 +409,11 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAV handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 DTLS Handshake with serialization, tls1_2 @@ -437,39 +437,39 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque @@ -541,39 +541,39 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDS handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation @@ -806,51 +806,51 @@ depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" SSL DTLS replay: initial state, seqnum 0 @@ -962,579 +962,579 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 Record crypt, AES-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-GCM, 1.2 @@ -1834,579 +1834,579 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ARIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-GCM, 1.2 diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data index f663b262d..d86fad2d6 100644 --- a/tests/suites/test_suite_ssl_decrypt.misc.data +++ b/tests/suites/test_suite_ssl_decrypt.misc.data @@ -15,385 +15,385 @@ depends_on:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_null:MBEDTLS_MD_SHA384 Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 From 847213120c596ba0e4460f419f7ba6d3f9dbd2e4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Oct 2023 14:43:51 +0200 Subject: [PATCH 141/430] test_suite_psa_crypto_metadata: remove unnecessary CIPHER_C dependencies Signed-off-by: Valerio Setti --- .../test_suite_psa_crypto_metadata.data | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index b1672ec10..4a250364a 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -71,19 +71,19 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512 hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128 MAC: CBC_MAC-AES-128 -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 MAC: CBC_MAC-AES-192 -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_CIPHER_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:192 MAC: CBC_MAC-AES-256 -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_CIPHER_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:256 MAC: CBC_MAC-3DES -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_DES:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_DES mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:8:PSA_KEY_TYPE_DES:192 MAC: CMAC-AES-128 @@ -107,31 +107,31 @@ depends_on:PSA_WANT_ALG_STREAM_CIPHER cipher_algorithm:PSA_ALG_STREAM_CIPHER:ALG_IS_STREAM_CIPHER Cipher: CTR -depends_on:PSA_WANT_ALG_CTR:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_CTR cipher_algorithm:PSA_ALG_CTR:ALG_IS_STREAM_CIPHER Cipher: CFB -depends_on:PSA_WANT_ALG_CFB:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_CFB cipher_algorithm:PSA_ALG_CFB:ALG_IS_STREAM_CIPHER Cipher: OFB -depends_on:PSA_WANT_ALG_OFB:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_OFB cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER Cipher: ECB-nopad -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_ECB_NO_PADDING cipher_algorithm:PSA_ALG_ECB_NO_PADDING:0 Cipher: CBC-nopad -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_CBC_NO_PADDING cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0 Cipher: CBC-PKCS#7 -depends_on:PSA_WANT_ALG_CBC_PKCS7:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_CBC_PKCS7 cipher_algorithm:PSA_ALG_CBC_PKCS7:0 Cipher: XTS -depends_on:PSA_WANT_ALG_XTS:MBEDTLS_CIPHER_C +depends_on:PSA_WANT_ALG_XTS cipher_algorithm:PSA_ALG_XTS:0 Cipher: CCM* From 467271dede1bef7f87c5d9e88581b2cf5c87a382 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Oct 2023 11:40:32 +0100 Subject: [PATCH 142/430] ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC Signed-off-by: Valerio Setti --- library/ssl_misc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ac8a2970b..82bdc14e5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -263,7 +263,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); /* Some internal helpers to determine which keys are availble for CBC mode. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) || defined(PSA_WANT_ALG_CBC_PKCS7) +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) #if defined(PSA_WANT_KEY_TYPE_AES) #define MBEDTLS_SSL_HAVE_AES_CBC #endif @@ -273,7 +273,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #define MBEDTLS_SSL_HAVE_CAMELLIA_CBC #endif -#endif /* PSA_WANT_ALG_CBC_NO_PADDING || PSA_WANT_ALG_CBC_PKCS7 */ +#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ #else /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MEDTLS_AES_C) From 3d59ebef2c2e2d7aac84ed1658bc0a741de3fdf7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Oct 2023 11:56:56 +0100 Subject: [PATCH 143/430] ssl_helpers: remove CIPHER_C guards in mbedtls_test_ssl_build_transforms() Use !USE_PSA_CRYPTO instead. Signed-off-by: Valerio Setti --- tests/src/test_helpers/ssl_helpers.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 072a1779b..d6267d18c 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1242,9 +1242,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t alg; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#endif - -#if defined(MBEDTLS_CIPHER_C) +#else mbedtls_cipher_info_t const *cipher_info; #endif @@ -1278,13 +1276,13 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(key0, 0x1, keylen); memset(key1, 0x2, keylen); -#if defined(MBEDTLS_CIPHER_C) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) /* Pick cipher */ cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type); CHK(cipher_info != NULL); CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16); CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0); -#if !defined(MBEDTLS_USE_PSA_CRYPTO) + /* Setup cipher contexts */ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0); CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0); @@ -1321,7 +1319,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, MBEDTLS_DECRYPT) == 0); #endif /* !MBEDTLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_CIPHER_C */ /* Setup MAC contexts */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) From 29daf4a36b95ea711c0cd3a53df4a8f9517b26f8 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 30 Oct 2023 17:13:30 +0800 Subject: [PATCH 144/430] tls13: server: fully check ticket_flags with available kex mode. We need to fully check if the provided session ticket could be used in the handshake, so that we wouldn't cause handshake failure in some cases. Here we bring f8e50a9 back. Example scenario: A client proposes to a server, that supports only the psk_ephemeral key exchange mode, two tickets, the first one is allowed only for pure PSK key exchange mode and the second one is psk_ephemeral only. We need to select the second tickets instead of the first one whose ticket_flags forbid psk_ephemeral and thus cause a handshake failure. Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 456621b5d..08ed55c3e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -106,6 +106,10 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_OFFERED_PSK_MATCH 0 #if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl); +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match_ticket( @@ -117,6 +121,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ticket_buffer; + unsigned int ticket_flags; + unsigned int key_exchanges; #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t now; uint64_t age_in_s; @@ -172,13 +178,21 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * We regard the ticket with incompatible key exchange modes as not match. */ ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, - session->ticket_flags); - if (mbedtls_ssl_tls13_check_kex_modes( - ssl, - mbedtls_ssl_session_get_ticket_flags( - session, - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) { + MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); + ticket_flags = mbedtls_ssl_session_get_ticket_flags( + session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); + + key_exchanges = 0; + if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) && + ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { + key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + } + if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) && + ssl_tls13_check_psk_key_exchange(ssl)) { + key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; + } + + if (key_exchanges == 0) { MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode")); goto exit; } From dbd1e0d986e3090b65bbf6030d9a6d0336bb031f Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 31 Oct 2023 10:08:10 +0800 Subject: [PATCH 145/430] tls13: add helpers to check if psk[_ephemeral] allowed by ticket Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 14 ++++++++++++++ library/ssl_tls13_server.c | 7 ++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9444c29c2..b468c6ca1 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2785,6 +2785,20 @@ static inline unsigned int mbedtls_ssl_session_check_ticket_flags( return mbedtls_ssl_session_get_ticket_flags(session, flags) == 0; } +static inline unsigned int mbedtls_ssl_session_ticket_allow_psk( + mbedtls_ssl_session *session) +{ + return !mbedtls_ssl_session_check_ticket_flags(session, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION); +} + +static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral( + mbedtls_ssl_session *session) +{ + return !mbedtls_ssl_session_check_ticket_flags(session, + MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION); +} + static inline void mbedtls_ssl_session_set_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 08ed55c3e..49324d83c 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -121,7 +121,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ticket_buffer; - unsigned int ticket_flags; unsigned int key_exchanges; #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t now; @@ -179,15 +178,13 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( */ ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); - ticket_flags = mbedtls_ssl_session_get_ticket_flags( - session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL); key_exchanges = 0; - if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION) && + if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) && ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; } - if ((ticket_flags & MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION) && + if (mbedtls_ssl_session_ticket_allow_psk(session) && ssl_tls13_check_psk_key_exchange(ssl)) { key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; } From f2814ff97bb79bbd7368d01b13a01e75b9f67b6d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 27 Oct 2023 10:38:34 +0800 Subject: [PATCH 146/430] Move common config to common function Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2d807205f..f84afd551 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3669,6 +3669,9 @@ component_test_psa_crypto_config_accel_aead () { # - component_test_psa_crypto_config_accel_cipher_aead # - component_test_psa_crypto_config_reference_cipher_aead common_psa_crypto_config_accel_cipher_aead() { + # Start from the crypto config (no X509 and TLS) + helper_libtestdriver1_adjust_config "crypto_full" + scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_NIST_KW_C } @@ -3689,9 +3692,6 @@ component_test_psa_crypto_config_accel_cipher_aead () { # Configure # --------- - # Start from the crypto config (no X509 and TLS) - helper_libtestdriver1_adjust_config "crypto_full" - common_psa_crypto_config_accel_cipher_aead # Disable the things that are being accelerated @@ -3736,8 +3736,6 @@ component_test_psa_crypto_config_accel_cipher_aead () { } component_test_psa_crypto_config_reference_cipher_aead () { - helper_libtestdriver1_adjust_config "crypto_full" - common_psa_crypto_config_accel_cipher_aead msg "test: crypto config with non-accelerated cipher and AEAD" From 78657d0c1d0afaeca859bcbc6f77062d8253cecb Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 27 Oct 2023 11:00:32 +0800 Subject: [PATCH 147/430] Change base config to full minus SSL Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f84afd551..5154663bc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3669,8 +3669,11 @@ component_test_psa_crypto_config_accel_aead () { # - component_test_psa_crypto_config_accel_cipher_aead # - component_test_psa_crypto_config_reference_cipher_aead common_psa_crypto_config_accel_cipher_aead() { - # Start from the crypto config (no X509 and TLS) - helper_libtestdriver1_adjust_config "crypto_full" + # Start from the full config + helper_libtestdriver1_adjust_config "full" + + # For time being, we don't support SSL module. + scripts/config.py unset MBEDTLS_SSL_TLS_C scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_NIST_KW_C From b67b47425ed1163a3c44bd6ca526b83b44901367 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 17:10:32 +0800 Subject: [PATCH 148/430] Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- ChangeLog.d/add-cipher-encrypt-only.txt | 2 +- include/mbedtls/aes.h | 8 +- include/mbedtls/aria.h | 4 +- include/mbedtls/camellia.h | 4 +- include/mbedtls/check_config.h | 4 +- include/mbedtls/config_adjust_legacy_crypto.h | 6 +- library/aes.c | 18 +-- library/aesce.c | 8 +- library/aesce.h | 4 +- library/aesni.c | 10 +- library/aesni.h | 4 +- library/aria.c | 8 +- library/camellia.c | 8 +- library/cipher.c | 2 +- library/cipher_wrap.c | 42 +++---- library/cipher_wrap.h | 2 +- programs/pkey/dh_client.c | 4 +- tests/suites/test_suite_aes.function | 6 +- tests/suites/test_suite_aria.function | 2 +- tests/suites/test_suite_camellia.function | 2 +- tests/suites/test_suite_cipher.aes.data | 116 +++++++++--------- 21 files changed, 132 insertions(+), 132 deletions(-) diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt index 434c294d2..d56c08da3 100644 --- a/ChangeLog.d/add-cipher-encrypt-only.txt +++ b/ChangeLog.d/add-cipher-encrypt-only.txt @@ -1,7 +1,7 @@ Features * Add support to remove xxx_setkey_dec and xxx_decrypt for cipher type of AES, ARIA, CAMELLIA and DES. This is achieved by implicitly enabling - MBEDTLS_CIPHER_ENCRYPT_ONLY when + MBEDTLS_BLOCK_CIPHER_NO_DECRYPT when - ECB and CBC cipher modes are not requested via the PSA API. - ECB, CBC, XTS and KW are not enabled in the legacy API. - DES is not requested in the PSA API and the legacy API. diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 0780ece3b..c53f817c1 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -167,7 +167,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief This function sets the decryption key. * @@ -186,7 +186,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -606,7 +606,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Internal AES block decryption function. This is only * exposed to allow overriding it using see @@ -622,7 +622,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ #if defined(MBEDTLS_SELF_TEST) /** diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index e725ea044..2750840d1 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -110,7 +110,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief This function sets the decryption key. * @@ -129,7 +129,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief This function performs an ARIA single-block encryption or diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 74a8e3434..f9e488dcc 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -93,7 +93,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Perform a CAMELLIA key schedule operation for decryption. * @@ -109,7 +109,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 5de8eb334..c580bf792 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -183,12 +183,12 @@ #error "MBEDTLS_NIST_KW_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) && \ +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ (!defined(MBEDTLS_PSA_CRYPTO_CONFIG) || \ (defined(MBEDTLS_CIPHER_MODE_CBC) || \ defined(MBEDTLS_CIPHER_MODE_XTS) || \ defined(MBEDTLS_NIST_KW_C))) -#error "MBEDTLS_CIPHER_ENCRYPT_ONLY defined, but not all prerequisites" +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined, but not all prerequisites" #endif #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 2ac522e47..677772126 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -36,11 +36,11 @@ /* * ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions. - * MBEDTLS_CIPHER_ENCRYPT_ONLY is only enabled when those modes + * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is only enabled when those modes * are not requested via the PSA API and are not enabled in the legacy API. * * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and - * insecure block cipher, MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled when DES + * insecure block cipher, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled when DES * is not requested via the PSA API and is not enabled in the legacy API. * * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. @@ -54,7 +54,7 @@ !defined(MBEDTLS_CIPHER_MODE_XTS) && \ !defined(MBEDTLS_DES_C) && \ !defined(MBEDTLS_NIST_KW_C) -#define MBEDTLS_CIPHER_ENCRYPT_ONLY 1 +#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT 1 #endif #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/library/aes.c b/library/aes.c index f0a3dc909..940ea0296 100644 --- a/library/aes.c +++ b/library/aes.c @@ -67,7 +67,7 @@ #include "mbedtls/platform.h" #if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ - !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) + !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif @@ -691,7 +691,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, /* * AES key schedule (decryption) */ -#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -760,7 +760,7 @@ exit: return ret; } -#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) static int mbedtls_aes_xts_decode_keys(const unsigned char *key, @@ -949,7 +949,7 @@ int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, /* * AES-ECB block decryption */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) && !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) @@ -1006,7 +1006,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, return 0; } -#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /* VIA Padlock and our intrinsics-based implementation of AESNI require * the round keys to be aligned on a 16-byte boundary. We take care of this @@ -1061,7 +1061,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { return mbedtls_internal_aes_encrypt(ctx, input, output); } else { @@ -1496,7 +1496,7 @@ exit: * * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static const unsigned char aes_test_ecb_dec[][16] = { { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, @@ -1901,7 +1901,7 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES-ECB-%3u (%s): ", keybits, (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); } -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_DECRYPT) { if (verbose != 0) { mbedtls_printf("skipped\n"); @@ -1912,7 +1912,7 @@ int mbedtls_aes_self_test(int verbose) memset(buf, 0, 16); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_DECRYPT) { ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_ecb_dec[u]; diff --git a/library/aesce.c b/library/aesce.c index 46449084a..79c02e367 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -199,7 +199,7 @@ rounds_10: /* Two rounds of AESCE decryption */ #define AESCE_DECRYPT_ROUND_X2 AESCE_DECRYPT_ROUND; AESCE_DECRYPT_ROUND -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static uint8x16_t aesce_decrypt_block(uint8x16_t block, unsigned char *keys, int rounds) @@ -244,7 +244,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { block = aesce_encrypt_block(block, keys, ctx->nr); } else { @@ -253,7 +253,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, #else (void) mode; block = aesce_encrypt_block(block, keys, ctx->nr); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ vst1q_u8(&output[0], block); return 0; @@ -262,7 +262,7 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, /* * Compute decryption round keys from encryption round keys */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) diff --git a/library/aesce.h b/library/aesce.h index 25d2b41a7..bda376d51 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -99,7 +99,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], const unsigned char b[16]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -111,7 +111,7 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], void mbedtls_aesce_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief Internal key expansion for encryption diff --git a/library/aesni.c b/library/aesni.c index f7c99df51..0c509acc0 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,7 +93,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { while (nr != 0) { state = _mm_aesenc_si128(state, *rk); @@ -118,7 +118,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, --nr; } state = _mm_aesenclast_si128(state, *rk); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ memcpy(output, &state, 16); return 0; @@ -228,7 +228,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { @@ -468,7 +468,7 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key AESENCLAST(xmm1_xmm0) // last round -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) "jmp 3f \n\t" "2: \n\t" // decryption loop @@ -606,7 +606,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr) { diff --git a/library/aesni.h b/library/aesni.h index d1bfaf6ef..7708c443a 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -129,7 +129,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], const unsigned char a[16], const unsigned char b[16]); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. @@ -144,7 +144,7 @@ void mbedtls_aesni_gcm_mult(unsigned char c[16], void mbedtls_aesni_inverse_key(unsigned char *invkey, const unsigned char *fwdkey, int nr); -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /** * \brief Internal key expansion for encryption diff --git a/library/aria.c b/library/aria.c index 0bd489e68..f09ffe7b2 100644 --- a/library/aria.c +++ b/library/aria.c @@ -425,7 +425,7 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, /* * Set decryption key */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { @@ -455,7 +455,7 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, return 0; } -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /* * Encrypt a block @@ -886,12 +886,12 @@ int mbedtls_aria_self_test(int verbose) /* test ECB decryption */ if (verbose) { mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i); -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) mbedtls_printf("skipped\n"); #endif } -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i); mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk); ARIA_SELF_TEST_ASSERT( diff --git a/library/camellia.c b/library/camellia.c index 634978294..122700be7 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -411,7 +411,7 @@ int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, /* * Camellia key schedule (decryption) */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits) @@ -457,7 +457,7 @@ exit: return ret; } -#endif /* !MBEDTLS_CIPHER_ENCRYPT_ONLY */ +#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /* * Camellia-ECB block encryption/decryption @@ -902,7 +902,7 @@ int mbedtls_camellia_self_test(int verbose) (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); } -#if defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (v == MBEDTLS_CAMELLIA_DECRYPT) { if (verbose != 0) { mbedtls_printf("skipped\n"); @@ -914,7 +914,7 @@ int mbedtls_camellia_self_test(int verbose) for (i = 0; i < CAMELLIA_TESTS_ECB; i++) { memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (v == MBEDTLS_CAMELLIA_DECRYPT) { mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); memcpy(src, camellia_test_ecb_cipher[u][i], 16); diff --git a/library/cipher.c b/library/cipher.c index 823987bf8..60c13a9f7 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -386,7 +386,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, ctx->key_bitlen = key_bitlen; ctx->operation = operation; -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /* * For OFB, CFB and CTR mode always use the encryption key schedule */ diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 3bdfa951f..b44ca9c3b 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -238,7 +238,7 @@ static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation, } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -293,7 +293,7 @@ static const mbedtls_cipher_base_t aes_info = { NULL, #endif aes_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) aes_setkey_dec_wrap, #endif aes_ctx_alloc, @@ -603,7 +603,7 @@ static const mbedtls_cipher_base_t gcm_aes_info = { NULL, #endif gcm_aes_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) gcm_aes_setkey_wrap, #endif gcm_ctx_alloc, @@ -676,7 +676,7 @@ static const mbedtls_cipher_base_t ccm_aes_info = { NULL, #endif ccm_aes_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) ccm_aes_setkey_wrap, #endif ccm_ctx_alloc, @@ -795,7 +795,7 @@ static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -851,7 +851,7 @@ static const mbedtls_cipher_base_t camellia_info = { NULL, #endif camellia_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) camellia_setkey_dec_wrap, #endif camellia_ctx_alloc, @@ -1026,7 +1026,7 @@ static const mbedtls_cipher_base_t gcm_camellia_info = { NULL, #endif gcm_camellia_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) gcm_camellia_setkey_wrap, #endif gcm_ctx_alloc, @@ -1097,7 +1097,7 @@ static const mbedtls_cipher_base_t ccm_camellia_info = { NULL, #endif ccm_camellia_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) ccm_camellia_setkey_wrap, #endif ccm_ctx_alloc, @@ -1213,7 +1213,7 @@ static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1269,7 +1269,7 @@ static const mbedtls_cipher_base_t aria_info = { NULL, #endif aria_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) aria_setkey_dec_wrap, #endif aria_ctx_alloc, @@ -1444,7 +1444,7 @@ static const mbedtls_cipher_base_t gcm_aria_info = { NULL, #endif gcm_aria_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) gcm_aria_setkey_wrap, #endif gcm_ctx_alloc, @@ -1515,7 +1515,7 @@ static const mbedtls_cipher_base_t ccm_aria_info = { NULL, #endif ccm_aria_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) ccm_aria_setkey_wrap, #endif ccm_ctx_alloc, @@ -1625,7 +1625,7 @@ static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t } #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1643,7 +1643,7 @@ static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1661,7 +1661,7 @@ static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1740,7 +1740,7 @@ static const mbedtls_cipher_base_t des_info = { NULL, #endif des_setkey_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des_setkey_dec_wrap, #endif des_ctx_alloc, @@ -1793,7 +1793,7 @@ static const mbedtls_cipher_base_t des_ede_info = { NULL, #endif des3_set2key_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set2key_dec_wrap, #endif des3_ctx_alloc, @@ -1846,7 +1846,7 @@ static const mbedtls_cipher_base_t des_ede3_info = { NULL, #endif des3_set3key_enc_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set3key_dec_wrap, #endif des3_ctx_alloc, @@ -1949,7 +1949,7 @@ static const mbedtls_cipher_base_t chacha20_base_info = { chacha20_stream_wrap, #endif chacha20_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) chacha20_setkey_wrap, #endif chacha20_ctx_alloc, @@ -2026,7 +2026,7 @@ static const mbedtls_cipher_base_t chachapoly_base_info = { NULL, #endif chachapoly_setkey_wrap, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) chachapoly_setkey_wrap, #endif chachapoly_ctx_alloc, @@ -2096,7 +2096,7 @@ static const mbedtls_cipher_base_t null_base_info = { null_crypt_stream, #endif null_setkey, -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) null_setkey, #endif null_ctx_alloc, diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index 2cbc21671..bf1291da4 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -93,7 +93,7 @@ struct mbedtls_cipher_base_t { int (*setkey_enc_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) /** Set key for decryption purposes */ int (*setkey_dec_func)(void *ctx, const unsigned char *key, unsigned int key_bitlen); diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 9dd38bc6e..0d4172bb1 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -57,10 +57,10 @@ int main(void) mbedtls_exit(0); } -#elif defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int main(void) { - mbedtls_printf("MBEDTLS_CIPHER_ENCRYPT_ONLY implicitly defined.\n"); + mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT implicitly defined.\n"); mbedtls_exit(0); } #else diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 2aa27d320..2ca3f7f20 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -6,7 +6,7 @@ * master, enc and dec must be AES context objects. They don't need to * be initialized, and are left freed. */ -#if !defined(MBEDTLS_CIPHER_ENCRYPT_ONLY) +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int test_copy(const data_t *key, mbedtls_aes_context *master, mbedtls_aes_context *enc, @@ -88,7 +88,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void aes_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { @@ -525,7 +525,7 @@ void aes_misc_params() } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void aes_ecb_copy_context(data_t *key) { /* We test context copying multiple times, with different alignments diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index ab1ce00ec..f1748d114 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -86,7 +86,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void aria_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *expected_output, int setkey_result) { diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 8454c5ffe..6930679f2 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -67,7 +67,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:!MBEDTLS_CIPHER_ENCRYPT_ONLY */ +/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ void camellia_decrypt_ecb(data_t *key_str, data_t *src_str, data_t *dst, int setkey_result) { diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 11a723b27..99a662b83 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1595,47 +1595,47 @@ depends_on:MBEDTLS_AES_C test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a":0 AES-128-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"a81738252621dd180a34f3455b4baa2f":"ff800000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"77e2b508db7fd89234caf7939ee5621a":"ffc00000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"dc43be40be0e53712f7e2bf5ca707209":"6a118a874519e64e9963798a503f1d35":0 AES-128-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"92beedab1895a94faa69b632e5cc47ce":"cb9fceec81286ca3e989bd979b0cb284":0 AES-128-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"459264f4798f6a78bacb89c15ed3d601":"b26aeb1874e47ca8358ff22378f09144":0 AES-128-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"71b5c08a1993e1362e4d0ce9b22b78d5":"c2dabd117f8a3ecabfbb11d12194d9d0":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"e234cdca2606b81f29408d5f6da21206":"fff60a4740086b3b9c56195b98d91a7b":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff0000000000000000":"84be19e053635f09f2665e7bae85b42d":"00000000000000000000000000000000":0 AES-128-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0 AES-192-ECB Encrypt NIST KAT #1 @@ -1687,51 +1687,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffffe00000000000000000000":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46":0 AES-192-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff800000000000000":"1b9f5fbd5e8a4264c0a85b80409afa5e":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffc00000000000000":"30dab809f85a917fe924733f424ac589":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"b0ab0a6a818baef2d11fa33eac947284fb7d748cfb75e570":"d2eafd86f63b109b91f5dbb3a3fb7e13":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ee053aa011c8b428cdcc3636313c54d6a03cac01c71579d6":"9b9fdd1c5975655f539998b306a324af":"00000000000000000000000000000000":0 AES-192-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0 AES-192-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"c9b8135ff1b5adc413dfd053b21bd96d":"9c2d8842e5f48f57648205d39a239af1":0 AES-192-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"4a3650c3371ce2eb35e389a171427440":"bff52510095f518ecca60af4205444bb":0 AES-192-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0 AES-192-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"a6cae46fb6fadfe7a2c302a34242817b":"ffffffffffffffffffffe00000000000":0 AES-192-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"026a7024d6a902e0b3ffccbaa910cc3f":"fffffffffffffffffffff00000000000":0 AES-256-ECB Encrypt NIST KAT #1 @@ -1783,51 +1783,51 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b":0 AES-256-ECB Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff80000000000000000":"6168b00ba7859e0970ecfd757efecf7c":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffffc0000000000000000":"d1415447866230d28bb1ea18a4cdfd02":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #5 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e":"a74289fe73a4c123ca189ea1e1b49ad5":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #6 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707":"b91d4ea4488644b56cf0812fa7fcf5fc":"00000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #7 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0 AES-256-ECB Decrypt NIST KAT #8 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"38f2c7ae10612415d27ca190d27da8b4":"8a560769d605868ad80d819bdba03771":0 AES-256-ECB Decrypt NIST KAT #9 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"1bc704f1bce135ceb810341b216d7abe":"91fbef2d15a97816060bee1feaa49afe":0 AES-256-ECB Decrypt NIST KAT #10 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #11 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"0a6bdc6d4c1e6280301fd8e97ddbe601":"c0000000000000000000000000000000":0 AES-256-ECB Decrypt NIST KAT #12 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_ecb:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0 AES-128-ECB crypt Encrypt NIST KAT #1 @@ -1843,15 +1843,15 @@ depends_on:MBEDTLS_AES_C test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a":0:0 AES-128-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"b69418a85332240dc82492353956ae0c":"":"a303d940ded8f0baff6f75414cac5243":"00000000000000000000000000000000":0:0 AES-128-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffffffffffffff8000000000000000":"":"32cd652842926aea4aa6137bb2be2b5e":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Encrypt NIST KAT #1 @@ -1871,19 +1871,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"fffffffffffffffffffffffffff800000000000000000000":"":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3":0:0 AES-192-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffff000000000000000":"":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"61257134a518a0d57d9d244d45f6498cbc32f2bafc522d79":"":"cfe4d74002696ccf7d87b14a2f9cafc9":"00000000000000000000000000000000":0:0 AES-192-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:0 AES-192-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"b2099795e88cc158fd75ea133d7e7fbe":"ffffffffffffffffffffc00000000000":0:0 AES-256-ECB crypt Encrypt NIST KAT #1 @@ -1903,19 +1903,19 @@ depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5":0:0 AES-256-ECB crypt Decrypt NIST KAT #1 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #2 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9":"":"a3944b95ca0b52043584ef02151926a8":"00000000000000000000000000000000":0:0 AES-256-ECB crypt Decrypt NIST KAT #3 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"623a52fcea5d443e48d9181ab32c7421":"761c1fe41a18acf20d241650611d90f1":0:0 AES-256-ECB crypt Decrypt NIST KAT #4 -depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:0 AES-128-CBC crypt Encrypt NIST KAT #1 @@ -2127,19 +2127,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:1 AES-128-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"3ad78e726c1ec02b7ebfe92b23d9ec34":"80000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"ffffc000000000000000000000000000":"":"df556a33438db87bc41b1752c55e5e49":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"10a58869d74be5a374cf867cfb473859":"":"6d251e6944b051e04eaa6fb4dbf78465":"00000000000000000000000000000000":0:1 AES-128-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_128_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"":"0336763e966d92595a567cc9ce537f5e":"f34481ec3cc627bacd5dc3fb08f273e6":0:1 AES-192-ECB crypt Encrypt NIST KAT #1 PSA @@ -2159,19 +2159,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_ENCRYPT:"000000000000000000000000000000000000000000000000":"":"1b077a6af4b7f98229de786d7516b639":"275cfc0413d8ccb70513c3859b1d0f72":0:1 AES-192-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"6cd02513e8d4dc986b4afe087a60bd0c":"80000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"ffe000000000000000000000000000000000000000000000":"":"7ababc4b3f516c9aafb35f4140b548f9":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"e9f065d7c13573587f7875357dfbb16c53489f6a4bd0f7cd":"":"0956259c9cd5cfd0181cca53380cde06":"00000000000000000000000000000000":0:1 AES-192-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_192_ECB:MBEDTLS_DECRYPT:"000000000000000000000000000000000000000000000000":"":"275cfc0413d8ccb70513c3859b1d0f72":"1b077a6af4b7f98229de786d7516b639":0:1 AES-256-ECB crypt Encrypt NIST KAT #1 PSA @@ -2191,19 +2191,19 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES: test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_ENCRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"014730f80ac625fe84f026c60bfd547d":"5c9d844ed46f9885085e5d6a4f94c7d7":0:1 AES-256-ECB crypt Decrypt NIST KAT #1 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"ddc6bf790c15760d8d9aeb6f9a75fd4e":"80000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #2 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"ffe0000000000000000000000000000000000000000000000000000000000000":"":"d1ccb9b1337002cbac42c520b5d67722":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #3 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558":"":"46f2fb342d6f0ab477476fc501242c5f":"00000000000000000000000000000000":0:1 AES-256-ECB crypt Decrypt NIST KAT #4 PSA -depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_CIPHER_ENCRYPT_ONLY +depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_DEPRECATED:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_ECB_NO_PADDING:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT test_vec_crypt:MBEDTLS_CIPHER_AES_256_ECB:MBEDTLS_DECRYPT:"0000000000000000000000000000000000000000000000000000000000000000":"":"5c9d844ed46f9885085e5d6a4f94c7d7":"014730f80ac625fe84f026c60bfd547d":0:1 AES-128-CCM*-NO-TAG crypt Encrypt NIST VPT AES-128 #15 From 2151ba55f620ad1801609abbde0f587d595b4d6c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 31 Oct 2023 18:12:04 +0800 Subject: [PATCH 149/430] test_suite_x509write: use plaintext key file Some test cases are using encrypted key file, thus have dependency on low-level block cipher modules (e.g. AES). This commit adds unencrypted key file so that we could get rid of those dependencies. Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 5 +- tests/data_files/test-ca_unenc.key | 27 +++++++ tests/suites/test_suite_x509write.data | 100 ++++++++++++------------- 3 files changed, 81 insertions(+), 51 deletions(-) create mode 100644 tests/data_files/test-ca_unenc.key diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 21ca489c1..51a5d7e20 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -38,12 +38,15 @@ all_final := # files used by tests test_ca_crt = test-ca.crt test_ca_key_file_rsa = test-ca.key +test_ca_key_file_rsa_unenc = test-ca_unenc.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf $(test_ca_key_file_rsa): $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048 -all_final += $(test_ca_key_file_rsa) +$(test_ca_key_file_rsa_unenc): $(test_ca_key_file_rsa) + $(OPENSSL) rsa -passin pass:$(test_ca_pwd_rsa) -in $< -out $@ +all_final += $(test_ca_key_file_rsa) $(test_ca_key_file_rsa_unenc) test-ca.req.sha256: $(test_ca_key_file_rsa) $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256 diff --git a/tests/data_files/test-ca_unenc.key b/tests/data_files/test-ca_unenc.key new file mode 100644 index 000000000..2941bbedd --- /dev/null +++ b/tests/data_files/test-ca_unenc.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwN83/Be74JadP4beljJ9RKUWoM0h8ZnU7OrLfBhYCJSl7JvF +i98aHpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6jMFKp8udAcBTLRKJyC8LlQPk+ +5aYOs/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8Ko/vJ2DDxp/LuuxgfbfmhDK+ +T/tYJiIDW9S01fv145YucMDkLr38Lu7iQVXANC59JHJpy0exFECDfWf0hvYxq/F5 +pLK1LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp/KzbLijRfgJLI6AV8jhlZAnq +DG6OGxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QIDAQABAoIBAD/3B9M0b9vJN7eE +3DdF4WOtuLZ1scc1tHcqW3f5fuDBo9G3y6lawYfaWvoX5NU4A95omIHstfIqjeks +86blMhd/M4HoOHLVnPpO+yb1FQuvhGarAuAY1ZF81o/JS3YIKx2BaDDh+nBsE04Q +AzU+xcpYIIohGDigD+3Eu0Vv9YRbsM9OnVgTazU1aaHSxPLBSAQgUblrpF2lS4SI +Q0iZLLukl9bWGPbsXNExScnyjwtN7wkC/n39u68rg5QixKc+ZvXgV9zy7Sw+gXR2 +HpZvdB4yDhQx0HTw9Ae9w9EiwqiVkgZ/QwKRvN0jAYmUIERk9R1n0o/oaaUpJeZQ +nOPpy3UCgYEA4ik+qmvVWR6c5kfVttfj8Y6e6YNfEJ9j7AREzD/42ToX4E/+2E3N +RlR0vwrEZ5yn2IllTP1YKkcP9De2VbAd7ac5/E+jxHU6o5inRfVmy3xl+4Aj5v/9 +mR+Oa/9ek2bfbG/D9jgu/2m1rK67xnEWa9D4Itn4onIg0uI6cEveqy8CgYEA2lGb +uLIqFHVYQI0ncPoxSLAgITT6TFeoEYjzp64h6bYr0c2n+NgMinYiNUTOPyUpg315 +pzHW7LK/2jS29rI783haBIMzPqLigYIT1DUXY5uexI2RTAN3x3Fb7oNt1XiI9ix5 +wkq0eZBwv980VpZx4w5okbzqyzPAvkXX/DD9ATsCgYEA0p8qtzgZxxeVc3iu9ct1 +g38ZS8uG+0oVmrYXBEkHjfZmSgb2BaffZoI8/7YdV4kzX5wFdX/zXdw0ZXKFIqQU +G0HD5NCeadXrOHRwQ9zZUOSXbXPW+8in+rTCxJ1dDNWfebNUwrdsPX3LLfjE83ha +Myq4DG0G+vJi00LQvchKpQ0CgYEA1KmQFd6/LMSNnfuhwuSD43llItO3SWxNlB8i +sWDnOgCxOKKrD7RsqueeNON8QHhTsvkj6qCa6mDIj6av3ykJSwYeMa0X2tjR6TOr +WxgIW4f4pR/9u9zY7ZdX5MNz1vCeAaabSI56tLvliJHFKt9LutCLPgOXdy9HflEM +rmWN3ocCgYAgJA/Sr8IoO5cgspJJ6wloQLK+0cODlDQ41snsNAn5QW1cQpT3BPwy +OWm8HPs+YZjAgNg2R8Ntwi7ngSoXNGQwTpa7Jha5QTb+itZTfKrsOUJQ7+OzASgy +ym31mh6fN77+OCAikYzNlQLyTW8atEPwGd9lwJLnnS8J5+xpqMKPDQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 0f190286b..28cef301c 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -59,100 +59,100 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 Certificate write check Server1 SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970, not after 2050 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 2050, not after 2059 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, one ext_key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, two ext_key_usages -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, key_usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, ns_cert_type -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, version 1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, CA -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Serial starting with 0x80 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, All 0xFF full length serial -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server5 ECDSA depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_ECP_HAVE_SECP256R1 @@ -163,8 +163,8 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMI x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_MD5 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0:0 From ac7a809ac337a2ab8112c7d4e804a3f107c558c3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 31 Oct 2023 12:23:44 +0100 Subject: [PATCH 150/430] all.sh: remove leftover loc_curve_list usage Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1836a105c..9793b0a0d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2609,7 +2609,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" - helper_libtestdriver1_make_main "$loc_accel_list $loc_curve_list" + helper_libtestdriver1_make_main "$loc_accel_list" # We expect ECDH to be re-enabled for the missing curves grep mbedtls_ecdh_ library/ecdh.o From fb24a8425a509a692099ab614b149870debacd65 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 12 Jul 2023 13:16:49 +0100 Subject: [PATCH 151/430] Introduce MBEDTLS_ASSUME Signed-off-by: Dave Rodgman --- library/common.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/library/common.h b/library/common.h index 87fae171c..4f4c222fa 100644 --- a/library/common.h +++ b/library/common.h @@ -318,6 +318,21 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_UNLIKELY(x) x #endif +#if defined(__has_builtin) +#if __has_builtin(__builtin_assume) +/* MBEDTLS_ASSUME may be used to provide additional information to the compiler + * which can result in smaller code-size. */ +#define MBEDTLS_ASSUME(x) __builtin_assume(x) +// clang provides __builtin_assume +#elif __has_builtin(__builtin_unreachable) +#define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0) +// For gcc, use __builtin_unreachable +#endif +#endif +#if !defined(MBEDTLS_ASSUME) +#define MBEDTLS_ASSUME(x) +#endif + #if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ && !defined(__llvm__) && !defined(__INTEL_COMPILER) /* Defined if the compiler really is gcc and not clang, etc */ From 6d2c1b37488d8da9b656315f25dc53676a1a7435 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 31 Oct 2023 17:54:42 +0000 Subject: [PATCH 152/430] Restructure mbedtls_cipher_validate_values Signed-off-by: Dave Rodgman --- library/psa_crypto_cipher.c | 69 +++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 37 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 38be84b0b..3f2ddbdb5 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -42,45 +42,40 @@ static psa_status_t mbedtls_cipher_validate_values( psa_algorithm_t alg, psa_key_type_t key_type) { - switch (alg) { - case PSA_ALG_STREAM_CIPHER: - case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0): - if (key_type != PSA_KEY_TYPE_CHACHA20) { - return PSA_ERROR_NOT_SUPPORTED; - } - break; - - case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0): - case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0): - case PSA_ALG_CCM_STAR_NO_TAG: - if ((key_type != PSA_KEY_TYPE_AES) && - (key_type != PSA_KEY_TYPE_ARIA) && - (key_type != PSA_KEY_TYPE_CAMELLIA)) { - return PSA_ERROR_NOT_SUPPORTED; - } - break; - - case PSA_ALG_CTR: - case PSA_ALG_CFB: - case PSA_ALG_OFB: - case PSA_ALG_XTS: - case PSA_ALG_ECB_NO_PADDING: - case PSA_ALG_CBC_NO_PADDING: - case PSA_ALG_CBC_PKCS7: - case PSA_ALG_CMAC: - if ((key_type != PSA_KEY_TYPE_AES) && - (key_type != PSA_KEY_TYPE_ARIA) && - (key_type != PSA_KEY_TYPE_DES) && - (key_type != PSA_KEY_TYPE_CAMELLIA)) { - return PSA_ERROR_NOT_SUPPORTED; - } - break; - - default: - return PSA_ERROR_NOT_SUPPORTED; + if (alg == PSA_ALG_STREAM_CIPHER || + alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0)) { + if (key_type == PSA_KEY_TYPE_CHACHA20) { + return PSA_SUCCESS; + } } - return PSA_SUCCESS; + if (alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0) || + alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0) || + alg == PSA_ALG_CCM_STAR_NO_TAG) { + if (key_type == PSA_KEY_TYPE_AES || + key_type == PSA_KEY_TYPE_ARIA || + key_type == PSA_KEY_TYPE_CAMELLIA) { + return PSA_SUCCESS; + } + } + + if (alg == PSA_ALG_CTR || + alg == PSA_ALG_CFB || + alg == PSA_ALG_OFB || + alg == PSA_ALG_XTS || + alg == PSA_ALG_ECB_NO_PADDING || + alg == PSA_ALG_CBC_NO_PADDING || + alg == PSA_ALG_CBC_PKCS7 || + alg == PSA_ALG_CMAC) { + if (key_type == PSA_KEY_TYPE_AES || + key_type == PSA_KEY_TYPE_ARIA || + key_type == PSA_KEY_TYPE_DES || + key_type == PSA_KEY_TYPE_CAMELLIA) { + return PSA_SUCCESS; + } + } + + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t mbedtls_cipher_values_from_psa( From 3e5cc175e0992d1b362f18b75d484fc86d7b8f05 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 31 Oct 2023 17:54:58 +0000 Subject: [PATCH 153/430] Reduce code size in mbedtls_cipher_validate_values Signed-off-by: Dave Rodgman --- library/psa_crypto_cipher.c | 57 +++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 3f2ddbdb5..f4fc499ba 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -42,6 +42,63 @@ static psa_status_t mbedtls_cipher_validate_values( psa_algorithm_t alg, psa_key_type_t key_type) { + /* Reduce code size - hinting to the compiler about what it can assume allows the compiler to + eliminate bits of the logic below. */ +#if !defined(PSA_WANT_KEY_TYPE_AES) + MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_AES); +#endif +#if !defined(PSA_WANT_KEY_TYPE_ARIA) + MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_ARIA); +#endif +#if !defined(PSA_WANT_KEY_TYPE_CAMELLIA) + MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_CAMELLIA); +#endif +#if !defined(PSA_WANT_KEY_TYPE_CHACHA20) + MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_CHACHA20); +#endif +#if !defined(PSA_WANT_KEY_TYPE_DES) + MBEDTLS_ASSUME(key_type != PSA_KEY_TYPE_DES); +#endif +#if !defined(PSA_WANT_ALG_CCM) + MBEDTLS_ASSUME(alg != PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0)); +#endif +#if !defined(PSA_WANT_ALG_GCM) + MBEDTLS_ASSUME(alg != PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)); +#endif +#if !defined(PSA_WANT_ALG_STREAM_CIPHER) + MBEDTLS_ASSUME(alg != PSA_ALG_STREAM_CIPHER); +#endif +#if !defined(PSA_WANT_ALG_CHACHA20_POLY1305) + MBEDTLS_ASSUME(alg != PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0)); +#endif +#if !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) + MBEDTLS_ASSUME(alg != PSA_ALG_CCM_STAR_NO_TAG); +#endif +#if !defined(PSA_WANT_ALG_CTR) + MBEDTLS_ASSUME(alg != PSA_ALG_CTR); +#endif +#if !defined(PSA_WANT_ALG_CFB) + MBEDTLS_ASSUME(alg != PSA_ALG_CFB); +#endif +#if !defined(PSA_WANT_ALG_OFB) + MBEDTLS_ASSUME(alg != PSA_ALG_OFB); +#endif +#if !defined(PSA_WANT_ALG_XTS) + MBEDTLS_ASSUME(alg != PSA_ALG_XTS); +#endif +#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) + MBEDTLS_ASSUME(alg != PSA_ALG_ECB_NO_PADDING); +#endif +#if !defined(PSA_WANT_ALG_CBC_NO_PADDING) + MBEDTLS_ASSUME(alg != PSA_ALG_CBC_NO_PADDING); +#endif +#if !defined(PSA_WANT_ALG_CBC_PKCS7) + MBEDTLS_ASSUME(alg != PSA_ALG_CBC_PKCS7); +#endif +#if !defined(PSA_WANT_ALG_CMAC) + MBEDTLS_ASSUME(alg != PSA_ALG_CMAC); +#endif + if (alg == PSA_ALG_STREAM_CIPHER || alg == PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0)) { if (key_type == PSA_KEY_TYPE_CHACHA20) { From 52e7052b6cc61fa831cbfff8a815ad9bf3efcd18 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 31 Oct 2023 23:26:44 +0000 Subject: [PATCH 154/430] tidy up comments Signed-off-by: Dave Rodgman --- library/common.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/common.h b/library/common.h index 4f4c222fa..3e81e81ea 100644 --- a/library/common.h +++ b/library/common.h @@ -318,15 +318,15 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_UNLIKELY(x) x #endif -#if defined(__has_builtin) -#if __has_builtin(__builtin_assume) /* MBEDTLS_ASSUME may be used to provide additional information to the compiler * which can result in smaller code-size. */ +#if defined(__has_builtin) +#if __has_builtin(__builtin_assume) +/* clang provides __builtin_assume */ #define MBEDTLS_ASSUME(x) __builtin_assume(x) -// clang provides __builtin_assume #elif __has_builtin(__builtin_unreachable) +/* gcc can use __builtin_unreachable */ #define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0) -// For gcc, use __builtin_unreachable #endif #endif #if !defined(MBEDTLS_ASSUME) From 64bdeb89b94f30416d90d3a06cf8a5b179a4d8fd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 31 Oct 2023 23:27:04 +0000 Subject: [PATCH 155/430] Use non-empty definition for fallback Signed-off-by: Dave Rodgman --- library/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index 3e81e81ea..7652e5685 100644 --- a/library/common.h +++ b/library/common.h @@ -330,7 +330,7 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif #endif #if !defined(MBEDTLS_ASSUME) -#define MBEDTLS_ASSUME(x) +#define MBEDTLS_ASSUME(x) do { } while (0) #endif #if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ From 90c8ac22054822e7ef481f6aca27860dd3c05252 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 31 Oct 2023 23:27:24 +0000 Subject: [PATCH 156/430] Add case for MSVC Signed-off-by: Dave Rodgman --- library/common.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/common.h b/library/common.h index 7652e5685..fe4d21399 100644 --- a/library/common.h +++ b/library/common.h @@ -330,8 +330,13 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif #endif #if !defined(MBEDTLS_ASSUME) +#if defined(_MSC_VER) +/* Supported by MSVC since VS 2005 */ +#define MBEDTLS_ASSUME(x) __assume(x) +#else #define MBEDTLS_ASSUME(x) do { } while (0) #endif +#endif #if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ && !defined(__llvm__) && !defined(__INTEL_COMPILER) From 9ba640d3187e39fe014de571f4058810eac44ae2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 31 Oct 2023 23:30:09 +0000 Subject: [PATCH 157/430] Simplify use of __has_builtin Signed-off-by: Dave Rodgman --- library/common.h | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/library/common.h b/library/common.h index fe4d21399..49f457c8b 100644 --- a/library/common.h +++ b/library/common.h @@ -306,37 +306,35 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_STATIC_ASSERT(expr, msg) #endif -/* Define compiler branch hints */ #if defined(__has_builtin) -#if __has_builtin(__builtin_expect) +#define MBEDTLS_HAS_BUILTIN(x) __has_builtin(x) +#else +#define MBEDTLS_HAS_BUILTIN(x) 0 +#endif + +/* Define compiler branch hints */ +#if MBEDTLS_HAS_BUILTIN(__builtin_expect) #define MBEDTLS_LIKELY(x) __builtin_expect(!!(x), 1) #define MBEDTLS_UNLIKELY(x) __builtin_expect(!!(x), 0) -#endif -#endif -#if !defined(MBEDTLS_LIKELY) +#else #define MBEDTLS_LIKELY(x) x #define MBEDTLS_UNLIKELY(x) x #endif /* MBEDTLS_ASSUME may be used to provide additional information to the compiler * which can result in smaller code-size. */ -#if defined(__has_builtin) -#if __has_builtin(__builtin_assume) +#if MBEDTLS_HAS_BUILTIN(__builtin_assume) /* clang provides __builtin_assume */ #define MBEDTLS_ASSUME(x) __builtin_assume(x) -#elif __has_builtin(__builtin_unreachable) +#elif MBEDTLS_HAS_BUILTIN(__builtin_unreachable) /* gcc can use __builtin_unreachable */ #define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0) -#endif -#endif -#if !defined(MBEDTLS_ASSUME) -#if defined(_MSC_VER) +#elif defined(_MSC_VER) /* Supported by MSVC since VS 2005 */ #define MBEDTLS_ASSUME(x) __assume(x) #else #define MBEDTLS_ASSUME(x) do { } while (0) #endif -#endif #if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ && !defined(__llvm__) && !defined(__INTEL_COMPILER) From 454dda3e250597b94069918ea2cbf54959f72618 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 15:13:54 +0800 Subject: [PATCH 158/430] fix various issues - improve output message - Remove unnecessary checks - Simplify test command Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 21 +++++++-------------- tests/opt-testcases/tls13-misc.sh | 18 ++++++++++-------- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index cc8a0a178..44abb4b62 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1766,32 +1766,25 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected. configured disabled.")); - return; - } - - MBEDTLS_SSL_DEBUG_MSG( - 3, ("EarlyData: conf->max_early_data_size = %u", - (unsigned int) ssl->conf->max_early_data_size)); - - if (!mbedtls_ssl_conf_tls13_some_psk_enabled(ssl)) { MBEDTLS_SSL_DEBUG_MSG( 1, - ("EarlyData: rejected. psk or psk_ephemeral is not available.")); + ("EarlyData: rejected, feature disabled in server configuration.")); return; } - if (handshake && handshake->resume != 1) { + if (!handshake->resume) { + /* We currently support early data only in the case of PSKs established + via a NewSessionTicket message thus in the case of a session + resumption. */ MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected. not resumption session.")); + 1, ("EarlyData: rejected, not resumption session.")); return; } if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { MBEDTLS_SSL_DEBUG_MSG( 1, - ("EarlyData: rejected. not a TLS 1.3 ticket.")); + ("EarlyData: rejected, not a TLS 1.3 ticket.")); return; } diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index dbc2e4346..ffa914e92 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -500,7 +500,7 @@ requires_gnutls_next requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ @@ -513,17 +513,19 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" requires_gnutls_next + requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_ECP_LIGHT + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -run_test "TLS 1.3 G->m: EarlyData: psk*: feature is enabled, fail." \ - "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN $(get_srv_psk_list)" \ - "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK \ - -d 10 -r --earlydata $EARLY_DATA_INPUT \ - --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \ +run_test "TLS 1.3 G->m: EarlyData: feature is enabled, fail." \ + "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \ + "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \ + -d 10 -r --earlydata $EARLY_DATA_INPUT " \ 1 \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "NewSessionTicket: early_data(42) extension does not exist." + -s "NewSessionTicket: early_data(42) extension does not exist." \ + -s "Last error was: -29056 - SSL - Verification of the message MAC failed" From ce3b95e2c9cd26cc39fd2b4c79d6c79fe2fb3336 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 16:02:04 +0800 Subject: [PATCH 159/430] move ticket version check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 44abb4b62..5a0c69fa7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -159,6 +159,13 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( /* We delete the temporary buffer */ mbedtls_free(ticket_buffer); +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid.")); + ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; + } +#endif + if (ret != 0) { goto exit; } @@ -1752,7 +1759,6 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) { - mbedtls_ssl_session *session = ssl->session_negotiate; mbedtls_ssl_handshake_params *handshake = ssl->handshake; if ((handshake->received_extensions & @@ -1781,12 +1787,6 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) return; } - if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("EarlyData: rejected, not a TLS 1.3 ticket.")); - return; - } /* TODO: Add more checks here. */ From 82fd6c11bda1f50babd303776c02ed025fabdbb5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 16:32:19 +0800 Subject: [PATCH 160/430] Add selected key and ciphersuite check Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5a0c69fa7..2288a1ae2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1787,6 +1787,35 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) return; } + /* RFC 8446 4.2.10 + * + * In order to accept early data, the server MUST have accepted a PSK cipher + * suite and selected the first key offered in the client's "pre_shared_key" + * extension. In addition, it MUST verify that the following values are the + * same as those associated with the selected PSK: + * - The TLS version number + * - The selected cipher suite + * - The selected ALPN [RFC7301] protocol, if any + * + * NOTE: + * - ALPN hasn't been checked. + * - TLS version is checked in + * ssl_tls13_offered_psks_check_identity_match_ticket() + */ + + if (handshake->selected_identity != 0) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected, first psk key is not offered.")); + return; + } + + if (handshake->ciphersuite_info->id != + ssl->session_negotiate->ciphersuite) { + MBEDTLS_SSL_DEBUG_MSG( + 1, ("EarlyData: rejected, selected ciphersuite mismatch.")); + return; + + } /* TODO: Add more checks here. */ From 960b7ebbcf16b5684b56afa4f9fb88c179ae2d66 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 16:40:01 +0800 Subject: [PATCH 161/430] move psk check to EE message on client side early_data extension is sent in EE. So it should not be checked in SH message. Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 66 ++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c6fa3b390..7e59af320 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1906,36 +1906,6 @@ static int ssl_tls13_postprocess_server_hello(mbedtls_ssl_context *ssl) ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; goto cleanup; } -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA) && - (handshake->selected_identity != 0 || - handshake->ciphersuite_info->id != - ssl->session_negotiate->ciphersuite)) { - /* RFC8446 4.2.11 - * If the server supplies an "early_data" extension, the - * client MUST verify that the server's selected_identity - * is 0. If any other value is returned, the client MUST - * abort the handshake with an "illegal_parameter" alert. - * - * RFC 8446 4.2.10 - * In order to accept early data, the server MUST have accepted a PSK - * cipher suite and selected the first key offered in the client's - * "pre_shared_key" extension. In addition, it MUST verify that the - * following values are the same as those associated with the - * selected PSK: - * - The TLS version number - * - The selected cipher suite - * - The selected ALPN [RFC7301] protocol, if any - * - * We check here that when early data is involved the server - * selected the cipher suite associated to the pre-shared key - * as it must have. - */ - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } -#endif if (!mbedtls_ssl_conf_tls13_check_kex_modes( ssl, handshake->key_exchange_mode)) { @@ -2211,6 +2181,9 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) int ret; unsigned char *buf; size_t buf_len; +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_handshake_params *handshake = ssl->handshake; +#endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions")); @@ -2223,8 +2196,37 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) ssl_tls13_parse_encrypted_extensions(ssl, buf, buf + buf_len)); #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->handshake->received_extensions & - MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { + if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { + /* RFC8446 4.2.11 + * If the server supplies an "early_data" extension, the + * client MUST verify that the server's selected_identity + * is 0. If any other value is returned, the client MUST + * abort the handshake with an "illegal_parameter" alert. + * + * RFC 8446 4.2.10 + * In order to accept early data, the server MUST have accepted a PSK + * cipher suite and selected the first key offered in the client's + * "pre_shared_key" extension. In addition, it MUST verify that the + * following values are the same as those associated with the + * selected PSK: + * - The TLS version number + * - The selected cipher suite + * - The selected ALPN [RFC7301] protocol, if any + * + * We check here that when early data is involved the server + * selected the cipher suite associated to the pre-shared key + * as it must have. + */ + if (handshake->selected_identity != 0 || + handshake->ciphersuite_info->id != + ssl->session_negotiate->ciphersuite) { + + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; } #endif From 59afe498d456da14b581563d9a92707816bee6fb Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 1 Nov 2023 14:50:44 +0800 Subject: [PATCH 162/430] test: tls13: change server output check tls13 server now does not parse pre-shared key extension unless there are some psk key exchange modes really available. For `ephemeral_all/psk_or_ephemeral` configuration pairs, there wouldn't be any psk key exchange mode available, so the check of "Pre shared key found" should be inverse. Signed-off-by: Pengyu Lv --- tests/opt-testcases/tls13-kex-modes.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 758da1da5..ce10307ce 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -562,7 +562,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ -s "found pre_shared_key extension" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "Pre shared key found" \ + -S "Pre shared key found" \ -S "No matched PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ @@ -745,7 +745,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ + -S "Pre shared key found" \ -S "No matched PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ @@ -1425,7 +1425,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "Pre shared key found" \ + -S "Pre shared key found" \ -S "No matched PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ From e367e47be00bc36e6e8122758fa2ffe2ac0d5f76 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 17:23:04 +0800 Subject: [PATCH 163/430] mbedtls_config: add new config option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT With the introduction of negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we don't need to implicitly enable it through PSA. Signed-off-by: Yanray Wang --- include/mbedtls/config_adjust_legacy_crypto.h | 24 ------------------- include/mbedtls/mbedtls_config.h | 19 +++++++++++++++ 2 files changed, 19 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 677772126..495cd5ab3 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -34,30 +34,6 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H -/* - * ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions. - * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is only enabled when those modes - * are not requested via the PSA API and are not enabled in the legacy API. - * - * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and - * insecure block cipher, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled when DES - * is not requested via the PSA API and is not enabled in the legacy API. - * - * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ - !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - !defined(PSA_WANT_ALG_CBC_PKCS7) && \ - !defined(PSA_WANT_KEY_TYPE_DES) && \ - !defined(MBEDTLS_CIPHER_MODE_CBC) && \ - !defined(MBEDTLS_CIPHER_MODE_XTS) && \ - !defined(MBEDTLS_DES_C) && \ - !defined(MBEDTLS_NIST_KW_C) -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT 1 -#endif -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. */ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index af0761395..3caea9cc5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2383,6 +2383,25 @@ */ #define MBEDTLS_BASE64_C +/** + * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + * + * Remove decryption operation for AES, ARIA and Camellia block cipher. + * + * \note This feature is incompatible with insecure block cipher, + * MBEDTLS_DES_C, and cipher modes which always require decryption + * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and + * MBEDTLS_NIST_KW_C. + * + * Module: library/aes.c + * library/aesce.c + * library/aesni.c + * library/aria.c + * library/camellia.c + * library/cipher.c + */ +//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + /** * \def MBEDTLS_BIGNUM_C * From b799eea123254ce205cd9f81be6039481e6a23ff Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 17:41:47 +0800 Subject: [PATCH 164/430] check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c580bf792..436ca0592 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -184,11 +184,12 @@ #endif #if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ - (!defined(MBEDTLS_PSA_CRYPTO_CONFIG) || \ (defined(MBEDTLS_CIPHER_MODE_CBC) || \ defined(MBEDTLS_CIPHER_MODE_XTS) || \ - defined(MBEDTLS_NIST_KW_C))) -#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined, but not all prerequisites" + defined(MBEDTLS_DES_C) || \ + defined(MBEDTLS_NIST_KW_C)) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC/MBEDTLS_CIPHER_MODE_XTS/MBEDTLS_DES_C/MBEDTLS_NIST_KW_C \ +cannot be defined simultaneously" #endif #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) From 66111393e4a8b8f4801c42e0e7c337df839ae913 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 18:54:54 +0800 Subject: [PATCH 165/430] all.sh: modify components to test BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 97 ++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 58 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2540b5e49..4daae6c41 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4488,25 +4488,19 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } -component_test_cipher_encrypt_only_aesni () { - # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG +component_test_block_cipher_no_decrypt_aesni () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h - # test AESNI intrinsics scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" make clean - make CC=gcc CFLAGS="-Werror -Wall -Wextra -mpclmul -msse2 -maes \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4515,18 +4509,17 @@ component_test_cipher_encrypt_only_aesni () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI intrinsics" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" programs/test/selftest # test AESNI assembly scripts/config.py set MBEDTLS_AESNI_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" make clean - make CC=gcc CFLAGS="-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4535,18 +4528,17 @@ component_test_cipher_encrypt_only_aesni () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AESNI assembly" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" programs/test/selftest # test AES C implementation - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" scripts/config.py unset MBEDTLS_AESNI_C make clean - make CC=gcc CFLAGS="-Werror -Wall -Wextra \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc CFLAGS='-Werror -Wall -Wextra' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4555,35 +4547,27 @@ component_test_cipher_encrypt_only_aesni () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY with AES C Implementation" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" programs/test/selftest - - rm -f psa_cipher_encrypt_only.h } -component_test_cipher_encrypt_only_aesni_m32 () { - # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG +component_test_block_cipher_no_decrypt_aesni_m32 () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h - # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" make clean - make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4592,19 +4576,18 @@ component_test_cipher_encrypt_only_aesni_m32 () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 with VIA PADLOCK" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" programs/test/selftest # test AESNI intrinsics for i386 without VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" make clean - make CC=gcc LDFLAGS='-m32' CFLAGS="-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes\ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4613,21 +4596,19 @@ component_test_cipher_encrypt_only_aesni_m32 () { # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - msg "test: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" make test - msg "selftest: implicitly enable CIPHER_ENCRYPT_ONLY for i386 without VIA PADLOCK" + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" programs/test/selftest - - rm -f psa_cipher_encrypt_only.h } -support_test_cipher_encrypt_only_aesce_armcc () { +support_test_block_cipher_no_decrypt_aesce_armcc () { armc6_cc="$ARMC6_BIN_DIR/armclang" (check_tools "$armc6_cc" > /dev/null 2>&1) } -component_test_cipher_encrypt_only_aesce_armcc () { +component_test_block_cipher_no_decrypt_aesce_armcc () { scripts/config.py baremetal # armc[56] don't support SHA-512 intrinsics @@ -4642,23 +4623,25 @@ component_test_cipher_encrypt_only_aesce_armcc () { scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT scripts/config.py set MBEDTLS_HAVE_ASM - # pre-setup to implicitly enable CIPHER_ENCRYPT_ONLY - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - echo '#undef PSA_WANT_ALG_CBC_NO_PADDING' > psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_CBC_PKCS7' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_ALG_ECB_NO_PADDING' >> psa_cipher_encrypt_only.h - echo '#undef PSA_WANT_KEY_TYPE_DES' >> psa_cipher_encrypt_only.h + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C - msg "build: implicitly enable CIPHER_ENCRYPT_ONLY with AESCE" - armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto \ - -I '$PWD' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_cipher_encrypt_only.h\"'" + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE" + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o @@ -4666,8 +4649,6 @@ component_test_cipher_encrypt_only_aesce_armcc () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - - rm -f psa_cipher_encrypt_only.h } component_test_ctr_drbg_aes_256_sha_256 () { From eefd2695d2d4dce2b8a4f71ad811cc1e6c18e5df Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 31 Oct 2023 19:09:01 +0800 Subject: [PATCH 166/430] test_suite_psa_crypto: add dependency for decrypt test cases If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we can't test decrypt for AES-ECB, so adding this dependency for some test cases Signed-off-by: Yanray Wang --- tests/suites/test_suite_psa_crypto.data | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7b1974865..5220b273e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2271,11 +2271,11 @@ depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"" PSA symmetric encrypt: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97" PSA symmetric encrypt: AES-ECB, 32 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1" PSA symmetric encrypt: 2-key 3DES-ECB, 8 bytes, good @@ -2427,11 +2427,11 @@ depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"" PSA symmetric decrypt: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f" PSA symmetric decrypt: AES-ECB, 32 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97" PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good @@ -2491,11 +2491,11 @@ depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, 32 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":32:32:0:"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS PSA symmetric decrypt multipart: AES-CBC-nopad, 16 bytes, good @@ -2551,7 +2551,7 @@ depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"197afb02ffbd8f699dacae87094d5243":"5a8aa485c316e9403aff859fbb":"4a550134f94455979ec4bf89ad2bd80d25a77ae94e456134":10:10:14:"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697":PSA_SUCCESS PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good @@ -2663,15 +2663,15 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS PSA symmetric decryption multipart: AES-ECB, 16+16 bytes -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS PSA symmetric decryption multipart: AES-ECB, 11+21 bytes -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS PSA symmetric decryption multipart: AES-ECB, 28+4 bytes -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes @@ -2735,7 +2735,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS PSA symmetric encrypt/decrypt multipart: AES-ECB, 16 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_verify_output_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16 PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 16 bytes, good From e91d7c5d68f0b4334241a61e563e1d3a77a2570e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 10:36:38 +0000 Subject: [PATCH 167/430] Update comment to mention IAR Signed-off-by: Dave Rodgman --- library/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index 49f457c8b..0c5e1e181 100644 --- a/library/common.h +++ b/library/common.h @@ -327,7 +327,7 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, /* clang provides __builtin_assume */ #define MBEDTLS_ASSUME(x) __builtin_assume(x) #elif MBEDTLS_HAS_BUILTIN(__builtin_unreachable) -/* gcc can use __builtin_unreachable */ +/* gcc and IAR can use __builtin_unreachable */ #define MBEDTLS_ASSUME(x) do { if (!(x)) __builtin_unreachable(); } while (0) #elif defined(_MSC_VER) /* Supported by MSVC since VS 2005 */ From 74d48c89fa54b5b4caccc4aee3abf770a802dba4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 Nov 2023 16:43:55 +0100 Subject: [PATCH 168/430] ssl_server2: small improvement of code readability Signed-off-by: Valerio Setti --- programs/ssl/ssl_server2.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ccdabe47b..c5e1cf44e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2155,18 +2155,18 @@ usage: if (opt.ticket_timeout < 0) { goto usage; } - } else + } #if defined(MBEDTLS_CIPHER_C) - if (strcmp(p, "ticket_aead") == 0) { + else if (strcmp(p, "ticket_aead") == 0) { const mbedtls_cipher_info_t *ci = mbedtls_cipher_info_from_string(q); if (ci == NULL) { goto usage; } opt.ticket_aead = mbedtls_cipher_info_get_type(ci); - } else + } #endif - if (strcmp(p, "cache_max") == 0) { + else if (strcmp(p, "cache_max") == 0) { opt.cache_max = atoi(q); if (opt.cache_max < 0) { goto usage; From 16799db69a2947b1c30e4fb17116901a93a7918b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 19:47:20 +0000 Subject: [PATCH 169/430] update headers Signed-off-by: Dave Rodgman --- .uncrustify.cfg | 14 +--------- configs/config-ccm-psk-dtls1_2.h | 14 +--------- configs/config-ccm-psk-tls1_2.h | 14 +--------- configs/config-no-entropy.h | 14 +--------- configs/config-suite-b.h | 14 +--------- configs/config-symmetric-only.h | 14 +--------- configs/config-thread.h | 14 +--------- configs/crypto-config-ccm-aes-sha256.h | 14 +--------- .../tfm_mbedcrypto_config_profile_medium.h | 14 +--------- docs/architecture/psa-migration/syms.sh | 14 +--------- doxygen/input/doc_encdec.h | 14 +--------- doxygen/input/doc_hashing.h | 14 +--------- doxygen/input/doc_mainpage.h | 14 +--------- doxygen/input/doc_rng.h | 14 +--------- doxygen/input/doc_ssltls.h | 14 +--------- doxygen/input/doc_tcpip.h | 14 +--------- doxygen/input/doc_x509.h | 14 +--------- include/mbedtls/aes.h | 14 +--------- include/mbedtls/aria.h | 14 +--------- include/mbedtls/asn1.h | 14 +--------- include/mbedtls/asn1write.h | 14 +--------- include/mbedtls/base64.h | 14 +--------- include/mbedtls/bignum.h | 14 +--------- include/mbedtls/build_info.h | 14 +--------- include/mbedtls/camellia.h | 14 +--------- include/mbedtls/ccm.h | 14 +--------- include/mbedtls/chacha20.h | 14 +--------- include/mbedtls/chachapoly.h | 14 +--------- include/mbedtls/check_config.h | 14 +--------- include/mbedtls/cipher.h | 14 +--------- include/mbedtls/cmac.h | 14 +--------- include/mbedtls/compat-2.x.h | 14 +--------- include/mbedtls/config_adjust_legacy_crypto.h | 14 +--------- .../mbedtls/config_adjust_legacy_from_psa.h | 14 +--------- .../mbedtls/config_adjust_psa_from_legacy.h | 14 +--------- .../config_adjust_psa_superset_legacy.h | 14 +--------- include/mbedtls/config_adjust_ssl.h | 14 +--------- include/mbedtls/config_adjust_x509.h | 14 +--------- include/mbedtls/config_psa.h | 14 +--------- include/mbedtls/constant_time.h | 14 +--------- include/mbedtls/ctr_drbg.h | 14 +--------- include/mbedtls/debug.h | 14 +--------- include/mbedtls/des.h | 14 +--------- include/mbedtls/dhm.h | 14 +--------- include/mbedtls/ecdh.h | 14 +--------- include/mbedtls/ecdsa.h | 14 +--------- include/mbedtls/ecjpake.h | 14 +--------- include/mbedtls/ecp.h | 14 +--------- include/mbedtls/entropy.h | 14 +--------- include/mbedtls/error.h | 14 +--------- include/mbedtls/gcm.h | 14 +--------- include/mbedtls/hkdf.h | 14 +--------- include/mbedtls/hmac_drbg.h | 14 +--------- include/mbedtls/lms.h | 14 +--------- include/mbedtls/mbedtls_config.h | 14 +--------- include/mbedtls/md.h | 14 +--------- include/mbedtls/md5.h | 14 +--------- include/mbedtls/memory_buffer_alloc.h | 14 +--------- include/mbedtls/net_sockets.h | 14 +--------- include/mbedtls/nist_kw.h | 14 +--------- include/mbedtls/oid.h | 14 +--------- include/mbedtls/pem.h | 14 +--------- include/mbedtls/pk.h | 14 +--------- include/mbedtls/pkcs12.h | 14 +--------- include/mbedtls/pkcs5.h | 14 +--------- include/mbedtls/pkcs7.h | 14 +--------- include/mbedtls/platform.h | 14 +--------- include/mbedtls/platform_time.h | 14 +--------- include/mbedtls/platform_util.h | 14 +--------- include/mbedtls/poly1305.h | 14 +--------- include/mbedtls/private_access.h | 14 +--------- include/mbedtls/psa_util.h | 14 +--------- include/mbedtls/ripemd160.h | 14 +--------- include/mbedtls/rsa.h | 14 +--------- include/mbedtls/sha1.h | 14 +--------- include/mbedtls/sha256.h | 14 +--------- include/mbedtls/sha3.h | 14 +--------- include/mbedtls/sha512.h | 14 +--------- include/mbedtls/ssl.h | 14 +--------- include/mbedtls/ssl_cache.h | 14 +--------- include/mbedtls/ssl_ciphersuites.h | 14 +--------- include/mbedtls/ssl_cookie.h | 14 +--------- include/mbedtls/ssl_ticket.h | 14 +--------- include/mbedtls/threading.h | 14 +--------- include/mbedtls/timing.h | 14 +--------- include/mbedtls/version.h | 14 +--------- include/mbedtls/x509.h | 14 +--------- include/mbedtls/x509_crl.h | 14 +--------- include/mbedtls/x509_crt.h | 14 +--------- include/mbedtls/x509_csr.h | 14 +--------- include/psa/build_info.h | 14 +--------- include/psa/crypto.h | 14 +--------- include/psa/crypto_adjust_auto_enabled.h | 14 +--------- .../psa/crypto_adjust_config_key_pair_types.h | 14 +--------- include/psa/crypto_adjust_config_synonyms.h | 14 +--------- include/psa/crypto_builtin_composites.h | 14 +--------- include/psa/crypto_builtin_key_derivation.h | 14 +--------- include/psa/crypto_builtin_primitives.h | 14 +--------- include/psa/crypto_compat.h | 14 +--------- include/psa/crypto_config.h | 14 +--------- include/psa/crypto_driver_common.h | 14 +--------- .../psa/crypto_driver_contexts_composites.h | 14 +--------- .../crypto_driver_contexts_key_derivation.h | 14 +--------- .../psa/crypto_driver_contexts_primitives.h | 14 +--------- include/psa/crypto_extra.h | 14 +--------- include/psa/crypto_legacy.h | 14 +--------- include/psa/crypto_platform.h | 14 +--------- include/psa/crypto_se_driver.h | 14 +--------- include/psa/crypto_sizes.h | 14 +--------- include/psa/crypto_struct.h | 14 +--------- include/psa/crypto_types.h | 14 +--------- include/psa/crypto_values.h | 14 +--------- library/aes.c | 14 +--------- library/aesce.c | 14 +--------- library/aesce.h | 14 +--------- library/aesni.c | 14 +--------- library/aesni.h | 14 +--------- library/alignment.h | 14 +--------- library/aria.c | 14 +--------- library/asn1parse.c | 14 +--------- library/asn1write.c | 14 +--------- library/base64.c | 14 +--------- library/base64_internal.h | 14 +--------- library/bignum.c | 14 +--------- library/bignum_core.c | 14 +--------- library/bignum_core.h | 14 +--------- library/bignum_mod.c | 14 +--------- library/bignum_mod.h | 14 +--------- library/bignum_mod_raw.c | 14 +--------- library/bignum_mod_raw.h | 14 +--------- library/bignum_mod_raw_invasive.h | 14 +--------- library/bn_mul.h | 14 +--------- library/camellia.c | 14 +--------- library/ccm.c | 14 +--------- library/chacha20.c | 14 +--------- library/chachapoly.c | 14 +--------- library/check_crypto_config.h | 14 +--------- library/cipher.c | 14 +--------- library/cipher_wrap.c | 14 +--------- library/cipher_wrap.h | 14 +--------- library/cmac.c | 14 +--------- library/common.h | 14 +--------- library/constant_time.c | 14 +--------- library/constant_time_impl.h | 14 +--------- library/constant_time_internal.h | 14 +--------- library/ctr_drbg.c | 14 +--------- library/debug.c | 14 +--------- library/des.c | 14 +--------- library/dhm.c | 14 +--------- library/ecdh.c | 14 +--------- library/ecdsa.c | 14 +--------- library/ecjpake.c | 14 +--------- library/ecp.c | 14 +--------- library/ecp_curves.c | 14 +--------- library/ecp_curves_new.c | 14 +--------- library/ecp_internal_alt.h | 14 +--------- library/ecp_invasive.h | 14 +--------- library/entropy.c | 14 +--------- library/entropy_poll.c | 14 +--------- library/entropy_poll.h | 14 +--------- library/gcm.c | 14 +--------- library/hkdf.c | 14 +--------- library/hmac_drbg.c | 14 +--------- library/lmots.c | 14 +--------- library/lmots.h | 14 +--------- library/lms.c | 14 +--------- library/md.c | 14 +--------- library/md5.c | 14 +--------- library/md_psa.h | 14 +--------- library/md_wrap.h | 14 +--------- library/memory_buffer_alloc.c | 14 +--------- library/mps_common.h | 14 +--------- library/mps_error.h | 14 +--------- library/mps_reader.c | 14 +--------- library/mps_reader.h | 14 +--------- library/mps_trace.c | 14 +--------- library/mps_trace.h | 14 +--------- library/net_sockets.c | 14 +--------- library/nist_kw.c | 14 +--------- library/oid.c | 14 +--------- library/padlock.c | 14 +--------- library/padlock.h | 14 +--------- library/pem.c | 14 +--------- library/pk.c | 14 +--------- library/pk_internal.h | 14 +--------- library/pk_wrap.c | 14 +--------- library/pk_wrap.h | 14 +--------- library/pkcs12.c | 14 +--------- library/pkcs5.c | 14 +--------- library/pkcs7.c | 14 +--------- library/pkparse.c | 14 +--------- library/pkwrite.c | 14 +--------- library/pkwrite.h | 14 +--------- library/platform.c | 14 +--------- library/platform_util.c | 14 +--------- library/poly1305.c | 14 +--------- library/psa_crypto.c | 14 +--------- library/psa_crypto_aead.c | 14 +--------- library/psa_crypto_aead.h | 14 +--------- library/psa_crypto_cipher.c | 14 +--------- library/psa_crypto_cipher.h | 14 +--------- library/psa_crypto_client.c | 14 +--------- library/psa_crypto_core.h | 14 +--------- library/psa_crypto_core_common.h | 14 +--------- .../psa_crypto_driver_wrappers_no_static.h | 14 +--------- library/psa_crypto_ecp.c | 14 +--------- library/psa_crypto_ecp.h | 14 +--------- library/psa_crypto_ffdh.c | 14 +--------- library/psa_crypto_ffdh.h | 14 +--------- library/psa_crypto_hash.c | 14 +--------- library/psa_crypto_hash.h | 14 +--------- library/psa_crypto_invasive.h | 14 +--------- library/psa_crypto_its.h | 14 +--------- library/psa_crypto_mac.c | 14 +--------- library/psa_crypto_mac.h | 14 +--------- library/psa_crypto_pake.c | 14 +--------- library/psa_crypto_pake.h | 14 +--------- library/psa_crypto_random_impl.h | 14 +--------- library/psa_crypto_rsa.c | 14 +--------- library/psa_crypto_rsa.h | 14 +--------- library/psa_crypto_se.c | 14 +--------- library/psa_crypto_se.h | 14 +--------- library/psa_crypto_slot_management.c | 14 +--------- library/psa_crypto_slot_management.h | 14 +--------- library/psa_crypto_storage.c | 14 +--------- library/psa_crypto_storage.h | 14 +--------- library/psa_its_file.c | 14 +--------- library/psa_util.c | 14 +--------- library/psa_util_internal.h | 14 +--------- library/ripemd160.c | 14 +--------- library/rsa.c | 14 +--------- library/rsa_alt_helpers.c | 14 +--------- library/rsa_alt_helpers.h | 14 +--------- library/sha1.c | 14 +--------- library/sha256.c | 14 +--------- library/sha3.c | 14 +--------- library/sha512.c | 14 +--------- library/ssl_cache.c | 14 +--------- library/ssl_ciphersuites.c | 14 +--------- library/ssl_client.c | 14 +--------- library/ssl_client.h | 14 +--------- library/ssl_cookie.c | 14 +--------- library/ssl_debug_helpers.h | 14 +--------- library/ssl_misc.h | 14 +--------- library/ssl_msg.c | 14 +--------- library/ssl_ticket.c | 14 +--------- library/ssl_tls.c | 14 +--------- library/ssl_tls12_client.c | 14 +--------- library/ssl_tls12_server.c | 14 +--------- library/ssl_tls13_client.c | 14 +--------- library/ssl_tls13_generic.c | 14 +--------- library/ssl_tls13_invasive.h | 14 +--------- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 2 +- library/ssl_tls13_server.c | 14 +--------- library/threading.c | 14 +--------- library/timing.c | 14 +--------- library/version.c | 14 +--------- library/x509.c | 14 +--------- library/x509_create.c | 14 +--------- library/x509_crl.c | 14 +--------- library/x509_crt.c | 14 +--------- library/x509_csr.c | 14 +--------- library/x509write.c | 14 +--------- library/x509write_crt.c | 14 +--------- library/x509write_csr.c | 14 +--------- programs/aes/crypt_and_hash.c | 14 +--------- programs/cipher/cipher_aead_demo.c | 14 +--------- programs/hash/generic_sum.c | 14 +--------- programs/hash/hello.c | 14 +--------- programs/hash/md_hmac_demo.c | 14 +--------- programs/pkey/dh_client.c | 14 +--------- programs/pkey/dh_genprime.c | 14 +--------- programs/pkey/dh_server.c | 14 +--------- programs/pkey/ecdh_curve25519.c | 14 +--------- programs/pkey/ecdsa.c | 14 +--------- programs/pkey/gen_key.c | 14 +--------- programs/pkey/key_app.c | 14 +--------- programs/pkey/key_app_writer.c | 14 +--------- programs/pkey/mpi_demo.c | 14 +--------- programs/pkey/pk_decrypt.c | 14 +--------- programs/pkey/pk_encrypt.c | 14 +--------- programs/pkey/pk_sign.c | 14 +--------- programs/pkey/pk_verify.c | 14 +--------- programs/pkey/rsa_decrypt.c | 14 +--------- programs/pkey/rsa_encrypt.c | 14 +--------- programs/pkey/rsa_genkey.c | 14 +--------- programs/pkey/rsa_sign.c | 14 +--------- programs/pkey/rsa_sign_pss.c | 14 +--------- programs/pkey/rsa_verify.c | 14 +--------- programs/pkey/rsa_verify_pss.c | 14 +--------- programs/psa/aead_demo.c | 14 +--------- programs/psa/crypto_examples.c | 14 +--------- programs/psa/hmac_demo.c | 14 +--------- programs/psa/key_ladder_demo.c | 14 +--------- programs/psa/key_ladder_demo.sh | 14 +--------- programs/psa/psa_constant_names.c | 14 +--------- programs/psa/psa_hash.c | 14 +--------- programs/random/gen_entropy.c | 14 +--------- programs/random/gen_random_ctr_drbg.c | 14 +--------- programs/ssl/dtls_client.c | 14 +--------- programs/ssl/dtls_server.c | 14 +--------- programs/ssl/mini_client.c | 14 +--------- programs/ssl/ssl_client1.c | 14 +--------- programs/ssl/ssl_client2.c | 14 +--------- programs/ssl/ssl_context_info.c | 14 +--------- programs/ssl/ssl_fork_server.c | 14 +--------- programs/ssl/ssl_mail_client.c | 14 +--------- programs/ssl/ssl_pthread_server.c | 14 +--------- programs/ssl/ssl_server.c | 14 +--------- programs/ssl/ssl_server2.c | 14 +--------- programs/ssl/ssl_test_common_source.c | 14 +--------- programs/ssl/ssl_test_lib.c | 14 +--------- programs/ssl/ssl_test_lib.h | 14 +--------- programs/test/benchmark.c | 14 +--------- programs/test/cmake_package/cmake_package.c | 14 +--------- .../cmake_package_install.c | 14 +--------- .../test/cmake_subproject/cmake_subproject.c | 14 +--------- programs/test/dlopen.c | 14 +--------- programs/test/dlopen_demo.sh | 14 +--------- programs/test/generate_cpp_dummy_build.sh | 27 ++---------------- programs/test/query_compile_time_config.c | 14 +--------- programs/test/query_config.h | 14 +--------- programs/test/query_included_headers.c | 14 +--------- programs/test/selftest.c | 14 +--------- programs/test/udp_proxy.c | 14 +--------- programs/test/udp_proxy_wrapper.sh | 14 +--------- programs/test/zeroize.c | 14 +--------- programs/util/pem2der.c | 14 +--------- programs/util/strerror.c | 14 +--------- programs/wince_main.c | 14 +--------- programs/x509/cert_app.c | 14 +--------- programs/x509/cert_req.c | 14 +--------- programs/x509/cert_write.c | 14 +--------- programs/x509/crl_app.c | 14 +--------- programs/x509/load_roots.c | 14 +--------- programs/x509/req_app.c | 14 +--------- scripts/abi_check.py | 14 +--------- scripts/apidoc_full.sh | 14 +--------- scripts/assemble_changelog.py | 14 +--------- scripts/bump_version.sh | 14 +--------- scripts/code_size_compare.py | 14 +--------- scripts/code_style.py | 14 +--------- scripts/config.pl | 13 +-------- scripts/config.py | 13 +-------- .../psa_crypto_driver_wrappers.h.jinja | 14 +--------- ...a_crypto_driver_wrappers_no_static.c.jinja | 14 +--------- scripts/data_files/error.fmt | 14 +--------- scripts/data_files/query_config.fmt | 14 +--------- scripts/data_files/version_features.fmt | 14 +--------- scripts/ecc-heap.sh | 14 +--------- scripts/ecp_comb_table.py | 14 +--------- scripts/footprint.sh | 14 +--------- scripts/generate_driver_wrappers.py | 14 +--------- scripts/generate_errors.pl | 14 +--------- scripts/generate_features.pl | 14 +--------- scripts/generate_psa_constants.py | 14 +--------- scripts/generate_query_config.pl | 14 +--------- scripts/generate_ssl_debug_helpers.py | 27 ++---------------- scripts/generate_visualc_files.pl | 14 +--------- scripts/lcov.sh | 14 +--------- scripts/massif_max.pl | 14 +--------- scripts/mbedtls_dev/asymmetric_key_data.py | 13 +-------- scripts/mbedtls_dev/bignum_common.py | 13 +-------- scripts/mbedtls_dev/bignum_core.py | 13 +-------- scripts/mbedtls_dev/bignum_data.py | 13 +-------- scripts/mbedtls_dev/bignum_mod.py | 13 +-------- scripts/mbedtls_dev/bignum_mod_raw.py | 13 +-------- scripts/mbedtls_dev/build_tree.py | 13 +-------- scripts/mbedtls_dev/c_build_helper.py | 13 +-------- scripts/mbedtls_dev/crypto_data_tests.py | 13 +-------- scripts/mbedtls_dev/crypto_knowledge.py | 13 +-------- scripts/mbedtls_dev/ecp.py | 13 +-------- scripts/mbedtls_dev/logging_util.py | 13 +-------- scripts/mbedtls_dev/macro_collector.py | 13 +-------- scripts/mbedtls_dev/psa_information.py | 13 +-------- scripts/mbedtls_dev/psa_storage.py | 13 +-------- scripts/mbedtls_dev/test_case.py | 13 +-------- scripts/mbedtls_dev/test_data_generation.py | 13 +-------- scripts/mbedtls_dev/typing_util.py | 13 +-------- scripts/memory.sh | 14 +--------- scripts/min_requirements.py | 14 +--------- scripts/output_env.sh | 14 +--------- scripts/prepare_release.sh | 14 +--------- scripts/tmp_ignore_makefiles.sh | 14 +--------- tests/compat-in-docker.sh | 14 +--------- tests/compat.sh | 14 +--------- tests/configs/tls13-only.h | 14 +--------- tests/configs/user-config-for-test.h | 14 +--------- tests/configs/user-config-malloc-0-null.h | 14 +--------- tests/configs/user-config-zeroize-memset.h | 14 +--------- tests/context-info.sh | 14 +--------- tests/data_files/dir-maxpath/long.sh | 14 +--------- tests/data_files/print_c.pl | 14 +--------- tests/data_files/test_certs.h.jinja2 | 14 +--------- tests/docker/bionic/Dockerfile | 14 +--------- tests/git-scripts/pre-push.sh | 14 +--------- tests/include/alt-dummy/aes_alt.h | 14 +--------- tests/include/alt-dummy/aria_alt.h | 14 +--------- tests/include/alt-dummy/camellia_alt.h | 14 +--------- tests/include/alt-dummy/ccm_alt.h | 14 +--------- tests/include/alt-dummy/chacha20_alt.h | 14 +--------- tests/include/alt-dummy/chachapoly_alt.h | 14 +--------- tests/include/alt-dummy/cmac_alt.h | 14 +--------- tests/include/alt-dummy/des_alt.h | 14 +--------- tests/include/alt-dummy/dhm_alt.h | 14 +--------- tests/include/alt-dummy/ecjpake_alt.h | 14 +--------- tests/include/alt-dummy/ecp_alt.h | 14 +--------- tests/include/alt-dummy/gcm_alt.h | 14 +--------- tests/include/alt-dummy/md5_alt.h | 14 +--------- tests/include/alt-dummy/nist_kw_alt.h | 14 +--------- tests/include/alt-dummy/platform_alt.h | 14 +--------- tests/include/alt-dummy/poly1305_alt.h | 14 +--------- tests/include/alt-dummy/ripemd160_alt.h | 14 +--------- tests/include/alt-dummy/rsa_alt.h | 14 +--------- tests/include/alt-dummy/sha1_alt.h | 14 +--------- tests/include/alt-dummy/sha256_alt.h | 14 +--------- tests/include/alt-dummy/sha512_alt.h | 14 +--------- tests/include/alt-dummy/threading_alt.h | 14 +--------- tests/include/alt-dummy/timing_alt.h | 14 +--------- tests/include/baremetal-override/time.h | 14 +--------- tests/include/spe/crypto_spe.h | 14 +--------- tests/include/test/arguments.h | 14 +--------- tests/include/test/asn1_helpers.h | 14 +--------- tests/include/test/bignum_helpers.h | 14 +--------- tests/include/test/certs.h | 14 +--------- tests/include/test/constant_flow.h | 14 +--------- tests/include/test/drivers/aead.h | 14 +--------- .../test/drivers/asymmetric_encryption.h | 14 +--------- tests/include/test/drivers/cipher.h | 14 +--------- .../include/test/drivers/config_test_driver.h | 14 +--------- tests/include/test/drivers/hash.h | 14 +--------- tests/include/test/drivers/key_agreement.h | 14 +--------- tests/include/test/drivers/key_management.h | 14 +--------- tests/include/test/drivers/mac.h | 14 +--------- tests/include/test/drivers/pake.h | 14 +--------- tests/include/test/drivers/signature.h | 14 +--------- tests/include/test/drivers/test_driver.h | 14 +--------- .../include/test/fake_external_rng_for_test.h | 14 +--------- tests/include/test/helpers.h | 14 +--------- tests/include/test/macros.h | 14 +--------- tests/include/test/psa_crypto_helpers.h | 14 +--------- tests/include/test/psa_exercise_key.h | 14 +--------- tests/include/test/psa_helpers.h | 14 +--------- tests/include/test/random.h | 14 +--------- tests/include/test/ssl_helpers.h | 14 +--------- tests/make-in-docker.sh | 14 +--------- tests/opt-testcases/tls13-compat.sh | 14 +--------- tests/opt-testcases/tls13-kex-modes.sh | 14 +--------- tests/opt-testcases/tls13-misc.sh | 14 +--------- tests/scripts/all-in-docker.sh | 14 +--------- tests/scripts/all.sh | 14 +--------- tests/scripts/audit-validity-dates.py | 14 +--------- tests/scripts/basic-build-test.sh | 14 +--------- tests/scripts/basic-in-docker.sh | 14 +--------- tests/scripts/check-doxy-blocks.pl | 14 +--------- tests/scripts/check-generated-files.sh | 14 +--------- tests/scripts/check-python-files.sh | 14 +--------- tests/scripts/check_files.py | 14 +--------- tests/scripts/check_names.py | 14 +--------- tests/scripts/check_test_cases.py | 14 +--------- tests/scripts/depends.py | 14 +--------- tests/scripts/docker_env.sh | 14 +--------- tests/scripts/doxygen.sh | 14 +--------- tests/scripts/gen_ctr_drbg.pl | 14 +--------- tests/scripts/gen_gcm_decrypt.pl | 14 +--------- tests/scripts/gen_gcm_encrypt.pl | 14 +--------- tests/scripts/gen_pkcs1_v21_sign_verify.pl | 14 +--------- tests/scripts/generate-afl-tests.sh | 14 +--------- tests/scripts/generate_bignum_tests.py | 14 +--------- tests/scripts/generate_ecp_tests.py | 14 +--------- tests/scripts/generate_pkcs7_tests.py | 14 +--------- tests/scripts/generate_psa_tests.py | 14 +--------- tests/scripts/generate_test_cert_macros.py | 14 +--------- tests/scripts/generate_test_code.py | 14 +--------- tests/scripts/generate_tls13_compat_tests.py | 28 ++----------------- tests/scripts/list-identifiers.sh | 14 +--------- tests/scripts/list_internal_identifiers.py | 14 +--------- tests/scripts/psa_collect_statuses.py | 14 +--------- tests/scripts/recursion.pl | 14 +--------- tests/scripts/run-test-suites.pl | 14 +--------- tests/scripts/scripts_path.py | 13 +-------- tests/scripts/set_psa_test_dependencies.py | 14 +--------- tests/scripts/tcp_client.pl | 14 +--------- tests/scripts/test-ref-configs.pl | 14 +--------- tests/scripts/test_config_script.py | 13 +-------- tests/scripts/test_generate_test_code.py | 14 +--------- tests/scripts/test_psa_compliance.py | 14 +--------- tests/scripts/test_psa_constant_names.py | 14 +--------- tests/scripts/test_zeroize.gdb | 14 +--------- tests/scripts/translate_ciphers.py | 14 +--------- tests/scripts/travis-log-failure.sh | 14 +--------- tests/src/asn1_helpers.c | 14 +--------- tests/src/bignum_helpers.c | 14 +--------- tests/src/certs.c | 14 +--------- tests/src/drivers/hash.c | 14 +--------- tests/src/drivers/platform_builtin_keys.c | 14 +--------- tests/src/drivers/test_driver_aead.c | 14 +--------- .../test_driver_asymmetric_encryption.c | 14 +--------- tests/src/drivers/test_driver_cipher.c | 14 +--------- tests/src/drivers/test_driver_key_agreement.c | 14 +--------- .../src/drivers/test_driver_key_management.c | 14 +--------- tests/src/drivers/test_driver_mac.c | 14 +--------- tests/src/drivers/test_driver_pake.c | 14 +--------- tests/src/drivers/test_driver_signature.c | 14 +--------- tests/src/fake_external_rng_for_test.c | 14 +--------- tests/src/helpers.c | 14 +--------- tests/src/psa_crypto_helpers.c | 14 +--------- tests/src/psa_exercise_key.c | 14 +--------- tests/src/random.c | 14 +--------- tests/src/test_certs.h | 14 +--------- tests/src/test_helpers/ssl_helpers.c | 14 +--------- tests/src/threading_helpers.c | 14 +--------- tests/ssl-opt-in-docker.sh | 14 +--------- tests/ssl-opt.sh | 14 +--------- 515 files changed, 518 insertions(+), 6686 deletions(-) diff --git a/.uncrustify.cfg b/.uncrustify.cfg index 92b8ce9cd..8dc9db049 100644 --- a/.uncrustify.cfg +++ b/.uncrustify.cfg @@ -4,19 +4,7 @@ # to Mbed TLS. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Wrap lines at 100 characters diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index af2415fe1..19e09d957 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index 62c1d8013..d49adfd72 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 1964e8e55..ddb00b41e 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration of features that do not require an entropy source diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 56a700f74..9bba6e6cb 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index a014b5273..512dd7616 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* System support */ diff --git a/configs/config-thread.h b/configs/config-thread.h index e05b557ed..2f81f9007 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h index 6c12bd7b6..7f8d58768 100644 --- a/configs/crypto-config-ccm-aes-sha256.h +++ b/configs/crypto-config-ccm-aes-sha256.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CONFIG_H diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 88736b54b..3234cd672 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -9,19 +9,7 @@ */ /* * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of mbed TLS (https://tls.mbed.org) */ diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh index 1e1ec8c29..6c9686eb2 100755 --- a/docs/architecture/psa-migration/syms.sh +++ b/docs/architecture/psa-migration/syms.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index ec149aef7..cf77690b3 100644 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index 931e6e928..83613bfa9 100644 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index b67237fbc..f465a454b 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h index 7da13cd73..22608a879 100644 --- a/doxygen/input/doc_rng.h +++ b/doxygen/input/doc_rng.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h index 6961124e4..5757574f3 100644 --- a/doxygen/input/doc_ssltls.h +++ b/doxygen/input/doc_ssltls.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h index a705de146..f8d8c6905 100644 --- a/doxygen/input/doc_tcpip.h +++ b/doxygen/input/doc_tcpip.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h index 904967501..945830f11 100644 --- a/doxygen/input/doc_x509.h +++ b/doxygen/input/doc_x509.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 7c92162d1..77ecffd86 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -22,19 +22,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_AES_H diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 7e55df7ec..abb8a3d76 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -11,19 +11,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ARIA_H diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index a044543af..3c3bfad9d 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ASN1_H #define MBEDTLS_ASN1_H diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 6fe57c8f0..7af4aba41 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ASN1_WRITE_H #define MBEDTLS_ASN1_WRITE_H diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 635be713d..8f459b74c 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BASE64_H #define MBEDTLS_BASE64_H diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index eb8446ea8..931e06d2c 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_H #define MBEDTLS_BIGNUM_H diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 4f72669b5..2c3d43876 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BUILD_INFO_H diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 8033c13ff..6c674fe04 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CAMELLIA_H #define MBEDTLS_CAMELLIA_H diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index e00e747de..a98111b4e 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -29,19 +29,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CCM_H diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index e24e56b98..680fe3604 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -14,19 +14,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CHACHA20_H diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 19baadefd..3dc21e380 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -14,19 +14,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CHACHAPOLY_H diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1251cdfa7..a568d6fb5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CHECK_CONFIG_H diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 9c8701d38..2596baa92 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CIPHER_H diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index b2aca5d04..97b86fc42 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CMAC_H diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h index cdf81dcbb..096341ba7 100644 --- a/include/mbedtls/compat-2.x.h +++ b/include/mbedtls/compat-2.x.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 90b522a1e..aafd42e7a 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -16,19 +16,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 66d9887e1..6356bddc1 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index 296d62461..60b00c1e4 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h index 3d9029b57..3a55c3f6e 100644 --- a/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -11,19 +11,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 2275f3add..8415f3e5f 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -16,19 +16,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h index 99a0ace2f..346c8ae6d 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/config_adjust_x509.h @@ -16,19 +16,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_X509_H diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 2d2397197..17da61b3e 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_PSA_H diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h index ebecf35b0..d31bff677 100644 --- a/include/mbedtls/constant_time.h +++ b/include/mbedtls/constant_time.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONSTANT_TIME_H diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 0348281e4..d1f19e607 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -23,19 +23,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CTR_DRBG_H diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index d6dd15224..0aef2ed65 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_DEBUG_H #define MBEDTLS_DEBUG_H diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index f445102d9..2b097a13d 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ #ifndef MBEDTLS_DES_H diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 0232a71fd..fcba3d2af 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -45,19 +45,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_DHM_H diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 67c94f0fa..792db79fd 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -14,19 +14,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECDH_H diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 3b2b418f1..2ecf34911 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECDSA_H diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 0008d7312..c2148a2bd 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECJPAKE_H #define MBEDTLS_ECJPAKE_H diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index bf95b907a..7f5e88080 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -16,19 +16,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECP_H diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index c2bba41d2..20fd6872b 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ENTROPY_H #define MBEDTLS_ENTROPY_H diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index a7454f234..186589ac5 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ERROR_H #define MBEDTLS_ERROR_H diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index c3343e6aa..837cecc09 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -13,19 +13,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_GCM_H diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index 699c6d9e9..930e93f32 100644 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_HKDF_H #define MBEDTLS_HKDF_H diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 2e5aa6d06..18b1b75a6 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h index 5c8df42f8..95fce2133 100644 --- a/include/mbedtls/lms.h +++ b/include/mbedtls/lms.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LMS_H #define MBEDTLS_LMS_H diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 73229ea91..6a940d44a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index e5b30d045..478e9f766 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD_H diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 808188694..6bf0754a4 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD5_H #define MBEDTLS_MD5_H diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index 9694d2458..b527d9b66 100644 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H #define MBEDTLS_MEMORY_BUFFER_ALLOC_H diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 1096d66d9..026f627ce 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -21,19 +21,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_NET_SOCKETS_H #define MBEDTLS_NET_SOCKETS_H diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h index 0c95c902e..d353f3d1a 100644 --- a/include/mbedtls/nist_kw.h +++ b/include/mbedtls/nist_kw.h @@ -17,19 +17,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_NIST_KW_H diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 954507229..e48817d68 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_OID_H #define MBEDTLS_OID_H diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index a33fc65e5..cc617a9bc 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PEM_H #define MBEDTLS_PEM_H diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index aea602be7..24b11886b 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_H diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index ba1a2edf0..42e84538a 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PKCS12_H #define MBEDTLS_PKCS12_H diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index 8b086aa2e..e004f4555 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PKCS5_H #define MBEDTLS_PKCS5_H diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 1231e3402..70b25a9c6 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 3fc1fd0c1..de3d71d9d 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -21,19 +21,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h index 21b369745..97f1963ab 100644 --- a/include/mbedtls/platform_time.h +++ b/include/mbedtls/platform_time.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PLATFORM_TIME_H #define MBEDTLS_PLATFORM_TIME_H diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 3f23fef55..cba02ab3d 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PLATFORM_UTIL_H #define MBEDTLS_PLATFORM_UTIL_H diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 3025ef1f2..61bcaa6b6 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -14,19 +14,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_POLY1305_H diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h index 61fa8777b..580f3eb44 100644 --- a/include/mbedtls/private_access.h +++ b/include/mbedtls/private_access.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PRIVATE_ACCESS_H diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 8ce15927b..643e8aac4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PSA_UTIL_H diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index acec3c52d..279f92b51 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_RIPEMD160_H #define MBEDTLS_RIPEMD160_H diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 69f3981ed..df665240d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -11,19 +11,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_RSA_H #define MBEDTLS_RSA_H diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 18bde93d3..592ffd13f 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 45a5f902a..ca568e291 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 77748be1f..3eeee65e6 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA3_H diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index ea5467829..1c20e4c22 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 03a8b1f14..c9110dead 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index 7a90191c3..a1307b450 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 07f2facef..8cecbb625 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 5cd1847d0..71c258ea4 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 0cefe43a1..6d59c12da 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 6a336c3ed..ed16a23b1 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 830dcee63..62ae1022d 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_TIMING_H #define MBEDTLS_TIMING_H diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 073211a19..637f9d38b 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * This set of run-time variables can be used to determine the version number of diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index a9267c791..e2e06679b 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_H #define MBEDTLS_X509_H diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 62694ae7f..6625a44f4 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 3f9b25075..3f1a1e761 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_CRT_H #define MBEDTLS_X509_CRT_H diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 513a83edd..e54010b10 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_CSR_H #define MBEDTLS_X509_CSR_H diff --git a/include/psa/build_info.h b/include/psa/build_info.h index 34a138d72..3ee6cd7b1 100644 --- a/include/psa/build_info.h +++ b/include/psa/build_info.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILD_INFO_H diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6b06187bf..fe10ee0e4 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_H diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h index 5e18298c6..63fb29e85 100644 --- a/include/psa/crypto_adjust_auto_enabled.h +++ b/include/psa/crypto_adjust_auto_enabled.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/include/psa/crypto_adjust_config_key_pair_types.h index 7736e752d..63afc0e40 100644 --- a/include/psa/crypto_adjust_config_key_pair_types.h +++ b/include/psa/crypto_adjust_config_key_pair_types.h @@ -13,19 +13,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h index 5142ef0ae..cf33465b5 100644 --- a/include/psa/crypto_adjust_config_synonyms.h +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index d9473ac00..35c2e29b9 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 8a2143a7e..6b91ae73f 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index d3e069223..98ab4d333 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 70fa14e87..f896fae1c 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_COMPAT_H diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index d34cbf339..5bf00f402 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -32,19 +32,7 @@ #endif /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CONFIG_H diff --git a/include/psa/crypto_driver_common.h b/include/psa/crypto_driver_common.h index 26363c6b2..cc11d3b9a 100644 --- a/include/psa/crypto_driver_common.h +++ b/include/psa/crypto_driver_common.h @@ -17,19 +17,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_COMMON_H #define PSA_CRYPTO_DRIVER_COMMON_H diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index d0188647f..d717c5190 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -16,19 +16,7 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 3fb29ff7f..21190515c 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -15,19 +15,7 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index b27a768e8..c90a5fbe7 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -15,19 +15,7 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 4b0cc7041..ef29b77db 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_EXTRA_H diff --git a/include/psa/crypto_legacy.h b/include/psa/crypto_legacy.h index 7a038d945..7df3614d6 100644 --- a/include/psa/crypto_legacy.h +++ b/include/psa/crypto_legacy.h @@ -13,19 +13,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PSA_CRYPTO_LEGACY_H diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 8c81ded34..4d0343547 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_PLATFORM_H diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index f39e2294c..9ce14bba6 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -17,19 +17,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SE_DRIVER_H #define PSA_CRYPTO_SE_DRIVER_H diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 31e45fe6a..836c28cc2 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -22,19 +22,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SIZES_H diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 6c461914d..5639ad05d 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -43,19 +43,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_STRUCT_H diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 8d894b470..e2ebd8af3 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TYPES_H diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 241b7c80d..5e33f6bd5 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -21,19 +21,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_VALUES_H diff --git a/library/aes.c b/library/aes.c index b61d089fa..05f4c3c23 100644 --- a/library/aes.c +++ b/library/aes.c @@ -2,19 +2,7 @@ * FIPS-197 compliant AES implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. diff --git a/library/aesce.c b/library/aesce.c index 8b42b034f..f2bdce2db 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -2,19 +2,7 @@ * Armv8-A Cryptographic Extension support functions for Aarch64 * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \ diff --git a/library/aesce.h b/library/aesce.h index d24c423b8..9206a6b3b 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_AESCE_H #define MBEDTLS_AESCE_H diff --git a/library/aesni.c b/library/aesni.c index 864d0d613..b92c73c29 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -2,19 +2,7 @@ * AES-NI support functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/aesni.h b/library/aesni.h index f007735a6..e22ae167c 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_AESNI_H #define MBEDTLS_AESNI_H diff --git a/library/alignment.h b/library/alignment.h index ab15986e5..4bca10e8f 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LIBRARY_ALIGNMENT_H diff --git a/library/aria.c b/library/aria.c index 098036225..07a434f8f 100644 --- a/library/aria.c +++ b/library/aria.c @@ -2,19 +2,7 @@ * ARIA implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/asn1parse.c b/library/asn1parse.c index abdd0b1bd..c02b233ec 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -2,19 +2,7 @@ * Generic ASN.1 parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/asn1write.c b/library/asn1write.c index 2e9b98ad5..114091d63 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -2,19 +2,7 @@ * ASN.1 buffer writing functionality * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/base64.c b/library/base64.c index fa22e5375..a58717d6b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -2,19 +2,7 @@ * RFC 1521 base64 encoding/decoding * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/library/base64_internal.h b/library/base64_internal.h index f9f56d78d..a09bd2377 100644 --- a/library/base64_internal.h +++ b/library/base64_internal.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BASE64_INTERNAL diff --git a/library/bignum.c b/library/bignum.c index 7c265e04d..09ce0301f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2,19 +2,7 @@ * Multi-precision integer library * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/bignum_core.c b/library/bignum_core.c index dbf6d1df4..dfed60d55 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -2,19 +2,7 @@ * Core bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/bignum_core.h b/library/bignum_core.h index e5500f117..b56be0a71 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -62,19 +62,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_CORE_H diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 2f0e9ed09..dfd332a70 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -2,19 +2,7 @@ * Modular bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 39e8fd218..963d8881a 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -63,19 +63,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_MOD_H diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 5ee1b19b2..5343bc650 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -2,19 +2,7 @@ * Low-level modular bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index c5ff9378e..7bb4ca3cf 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -60,19 +60,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_MOD_RAW_H diff --git a/library/bignum_mod_raw_invasive.h b/library/bignum_mod_raw_invasive.h index ead83942c..94a0d06cf 100644 --- a/library/bignum_mod_raw_invasive.h +++ b/library/bignum_mod_raw_invasive.h @@ -6,19 +6,7 @@ */ /** * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_MOD_RAW_INVASIVE_H diff --git a/library/bn_mul.h b/library/bn_mul.h index ab1a66ae5..0738469db 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Multiply source vector [s] with b, add result diff --git a/library/camellia.c b/library/camellia.c index 409727d04..86c8bbfcd 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -2,19 +2,7 @@ * Camellia implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The Camellia block cipher was designed by NTT and Mitsubishi Electric diff --git a/library/ccm.c b/library/ccm.c index 237ef9f31..2cccd2809 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -2,19 +2,7 @@ * NIST SP800-38C compliant CCM implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/chacha20.c b/library/chacha20.c index cbb01f4ad..acaae5b2e 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -6,19 +6,7 @@ * \author Daniel King * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/chachapoly.c b/library/chachapoly.c index aebc646aa..a1314eab6 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -4,19 +4,7 @@ * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h index b7d87fe07..6469e9f43 100644 --- a/library/check_crypto_config.h +++ b/library/check_crypto_config.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/cipher.c b/library/cipher.c index 67ed0e320..c8217b9de 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -6,19 +6,7 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index d977e4757..ef3aa8df0 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -6,19 +6,7 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index 85a011caf..a9254fddc 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CIPHER_WRAP_H #define MBEDTLS_CIPHER_WRAP_H diff --git a/library/cmac.c b/library/cmac.c index c07968685..f40cae20c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -4,19 +4,7 @@ * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/common.h b/library/common.h index 87fae171c..f392b7f05 100644 --- a/library/common.h +++ b/library/common.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LIBRARY_COMMON_H diff --git a/library/constant_time.c b/library/constant_time.c index 8b41aed19..c7077c352 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -2,19 +2,7 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 7759ac384..f0b2fc02f 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -2,19 +2,7 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONSTANT_TIME_IMPL_H diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index cc26edcd1..61a5c6d4e 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -2,19 +2,7 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONSTANT_TIME_INTERNAL_H diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index fdd753d1c..cf3816e9f 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -2,19 +2,7 @@ * CTR_DRBG implementation based on AES-256 (NIST SP 800-90) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The NIST SP 800-90 DRBGs are described in the following publication. diff --git a/library/debug.c b/library/debug.c index 0983cb0fb..c7bbd41bd 100644 --- a/library/debug.c +++ b/library/debug.c @@ -2,19 +2,7 @@ * Debugging routines * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/des.c b/library/des.c index eaddf282a..f0032b3b5 100644 --- a/library/des.c +++ b/library/des.c @@ -2,19 +2,7 @@ * FIPS-46-3 compliant Triple-DES implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * DES, on which TDES is based, was originally designed by Horst Feistel diff --git a/library/dhm.c b/library/dhm.c index 174137d54..3daf0c2d4 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The following sources were referenced in the design of this implementation diff --git a/library/ecdh.c b/library/ecdh.c index 58ef881f0..e060b1883 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -2,19 +2,7 @@ * Elliptic curve Diffie-Hellman * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecdsa.c b/library/ecdsa.c index 6e55f2205..2f7a996a7 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -2,19 +2,7 @@ * Elliptic curve DSA * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecjpake.c b/library/ecjpake.c index 6355b5ea5..fb13a395b 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -2,19 +2,7 @@ * Elliptic curve J-PAKE * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecp.c b/library/ecp.c index dfa095782..b6ea070a6 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2,19 +2,7 @@ * Elliptic curves over GF(p): generic functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 7b850e5e8..577e23b7a 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -2,19 +2,7 @@ * Elliptic curves over GF(p): curve-specific data and functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c index d431dcf24..4ee0f5800 100644 --- a/library/ecp_curves_new.c +++ b/library/ecp_curves_new.c @@ -2,19 +2,7 @@ * Elliptic curves over GF(p): curve-specific data and functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ecp_internal_alt.h b/library/ecp_internal_alt.h index f663d6737..668edc74c 100644 --- a/library/ecp_internal_alt.h +++ b/library/ecp_internal_alt.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index bb3b127ff..ff9f9ecf1 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECP_INVASIVE_H #define MBEDTLS_ECP_INVASIVE_H diff --git a/library/entropy.c b/library/entropy.c index 00079176a..e3bc8516e 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -2,19 +2,7 @@ * Entropy accumulator implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 9d5b1e652..e8c669f9c 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -2,19 +2,7 @@ * Platform-specific and custom entropy polling functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(__linux__) && !defined(_GNU_SOURCE) diff --git a/library/entropy_poll.h b/library/entropy_poll.h index be4943cce..6b4aec03e 100644 --- a/library/entropy_poll.h +++ b/library/entropy_poll.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ENTROPY_POLL_H #define MBEDTLS_ENTROPY_POLL_H diff --git a/library/gcm.c b/library/gcm.c index c8618be7c..42fd02078 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -2,19 +2,7 @@ * NIST SP800-38D compliant GCM implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/hkdf.c b/library/hkdf.c index a3f071ece..631ac24e5 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -2,19 +2,7 @@ * HKDF implementation -- RFC 5869 * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index af205aacb..90174d5d1 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -2,19 +2,7 @@ * HMAC_DRBG implementation (NIST SP 800-90) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/lmots.c b/library/lmots.c index 9d796943c..e09e3e529 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -2,19 +2,7 @@ * The LM-OTS one-time public-key signature scheme * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/lmots.h b/library/lmots.h index 98d1941d5..8e495c9dd 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LMOTS_H diff --git a/library/lms.c b/library/lms.c index c06f9c260..0c470a0c3 100644 --- a/library/lms.c +++ b/library/lms.c @@ -2,19 +2,7 @@ * The LMS stateful-hash public-key signature scheme * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/md.c b/library/md.c index 6dfbba78d..12a3ea237 100644 --- a/library/md.c +++ b/library/md.c @@ -6,19 +6,7 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/md5.c b/library/md5.c index 7e7e3ad9e..e4a87a2e0 100644 --- a/library/md5.c +++ b/library/md5.c @@ -2,19 +2,7 @@ * RFC 1321 compliant MD5 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The MD5 algorithm was designed by Ron Rivest in 1991. diff --git a/library/md_psa.h b/library/md_psa.h index 8e00bb149..b201263b1 100644 --- a/library/md_psa.h +++ b/library/md_psa.h @@ -5,19 +5,7 @@ * PSA Crypto; it is a helper for the transition period. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD_PSA_H #define MBEDTLS_MD_PSA_H diff --git a/library/md_wrap.h b/library/md_wrap.h index 166b43b99..dad123540 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD_WRAP_H #define MBEDTLS_MD_WRAP_H diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index e5052ce5a..79b0a8b8f 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -2,19 +2,7 @@ * Buffer-based memory allocator * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/mps_common.h b/library/mps_common.h index 301d52532..49e17535a 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_error.h b/library/mps_error.h index 5113959be..8a714a3a5 100644 --- a/library/mps_error.h +++ b/library/mps_error.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_reader.c b/library/mps_reader.c index dc2a91cbc..48b393685 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -2,19 +2,7 @@ * Message Processing Stack, Reader implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_reader.h b/library/mps_reader.h index bb912ec17..d877ee54a 100644 --- a/library/mps_reader.h +++ b/library/mps_reader.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_trace.c b/library/mps_trace.c index 9ba1f85e5..cb69c6be6 100644 --- a/library/mps_trace.c +++ b/library/mps_trace.c @@ -2,19 +2,7 @@ * Message Processing Stack, Trace module * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_trace.h b/library/mps_trace.h index f8e0a5d80..a13edd87f 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/net_sockets.c b/library/net_sockets.c index db80447a3..2b120c551 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -2,19 +2,7 @@ * TCP/IP or UDP/IP networking functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable definition of getaddrinfo() even when compiling with -std=c99. Must diff --git a/library/nist_kw.c b/library/nist_kw.c index 7bdc807bc..f15425b8b 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -3,19 +3,7 @@ * only * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Definition of Key Wrapping: diff --git a/library/oid.c b/library/oid.c index d139a6d0d..6184abe40 100644 --- a/library/oid.c +++ b/library/oid.c @@ -4,19 +4,7 @@ * \brief Object Identifier (OID) database * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/padlock.c b/library/padlock.c index 563d40e7c..1b03069ca 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -2,19 +2,7 @@ * VIA PadLock support functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * This implementation is based on the VIA PadLock Programming Guide: diff --git a/library/padlock.h b/library/padlock.h index a00afe04f..92d72af51 100644 --- a/library/padlock.h +++ b/library/padlock.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PADLOCK_H #define MBEDTLS_PADLOCK_H diff --git a/library/pem.c b/library/pem.c index bd269dda7..9500ffcf7 100644 --- a/library/pem.c +++ b/library/pem.c @@ -2,19 +2,7 @@ * Privacy Enhanced Mail (PEM) decoding * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pk.c b/library/pk.c index 96b8ef922..5a1698f12 100644 --- a/library/pk.c +++ b/library/pk.c @@ -2,19 +2,7 @@ * Public Key abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pk_internal.h b/library/pk_internal.h index 04bdbbcce..571b57e8b 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_INTERNAL_H #define MBEDTLS_PK_INTERNAL_H diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2c6783674..182d07f72 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -2,19 +2,7 @@ * Public Key abstraction layer: wrapper functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pk_wrap.h b/library/pk_wrap.h index b1e02180a..28c815a77 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_WRAP_H diff --git a/library/pkcs12.c b/library/pkcs12.c index 42e4fb438..160dc4768 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -2,19 +2,7 @@ * PKCS#12 Personal Information Exchange Syntax * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The PKCS #12 Personal Information Exchange Syntax Standard v1.1 diff --git a/library/pkcs5.c b/library/pkcs5.c index d10a1937c..d6209bd11 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -6,19 +6,7 @@ * \author Mathias Olsson * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * PKCS#5 includes PBKDF2 and more diff --git a/library/pkcs7.c b/library/pkcs7.c index cf05afd2c..36b49f53b 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pkparse.c b/library/pkparse.c index ef57cee80..3bb5f7be2 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -2,19 +2,7 @@ * Public Key layer for parsing key files and structures * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pkwrite.c b/library/pkwrite.c index e38bc27de..11c020473 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -2,19 +2,7 @@ * Public Key layer for writing key files and structures * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pkwrite.h b/library/pkwrite.h index 8cfa64b8e..544ab2f32 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_WRITE_H diff --git a/library/platform.c b/library/platform.c index b15b7b29a..890c4cbab 100644 --- a/library/platform.c +++ b/library/platform.c @@ -2,19 +2,7 @@ * Platform abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/platform_util.c b/library/platform_util.c index fdafa1fc6..6d2dd144d 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -3,19 +3,7 @@ * library. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/poly1305.c b/library/poly1305.c index f4e1d3f88..c9ebe9e1d 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -4,19 +4,7 @@ * \brief Poly1305 authentication algorithm. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 739b07708..bbd6b24ed 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 6f026a0d7..49aa96193 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 4b24b0f68..a3392199f 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_AEAD_H diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 38be84b0b..f0bb3aa55 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 5ed8a7779..cc565851c 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CIPHER_H diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c index c3234275a..564463fed 100644 --- a/library/psa_crypto_client.c +++ b/library/psa_crypto_client.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 29b3b94bf..d406ce459 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CORE_H diff --git a/library/psa_crypto_core_common.h b/library/psa_crypto_core_common.h index dd72ab162..98fce2cca 100644 --- a/library/psa_crypto_core_common.h +++ b/library/psa_crypto_core_common.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CORE_COMMON_H diff --git a/library/psa_crypto_driver_wrappers_no_static.h b/library/psa_crypto_driver_wrappers_no_static.h index 4985403cd..cd617f60e 100644 --- a/library/psa_crypto_driver_wrappers_no_static.h +++ b/library/psa_crypto_driver_wrappers_no_static.h @@ -3,19 +3,7 @@ * cryptographic accelerators. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 5c7786504..e4a372d24 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index f4ad3d277..a9f5d59de 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ECP_H diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 20dfd2dcf..a57f02e5e 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index 67e5444fc..baeb9286c 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_FFDH_H diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index dad182616..eeb7666c1 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index 2dfb0115e..0a7be8055 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_HASH_H diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h index 408c39bfe..8b445a106 100644 --- a/library/psa_crypto_invasive.h +++ b/library/psa_crypto_invasive.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_INVASIVE_H diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 3ceee49be..877063b87 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ITS_H diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 2f2c51dce..8fe621811 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 4f8024a9e..2f614bcc6 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_MAC_H diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index db00cbd28..9ac2e8c48 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index f21b0e672..3d3ee0cc9 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_PAKE_H diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h index 8719d9c70..64b894914 100644 --- a/library/psa_crypto_random_impl.h +++ b/library/psa_crypto_random_impl.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_RANDOM_IMPL_H diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 065e55af1..0679f41ea 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index bc24ef5d5..e4c5caf6f 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_RSA_H diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 9db3dedce..7a36a4f3a 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index 850ea8f6f..e0bd5acfb 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SE_H diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 92646c07c..3b8a319cb 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index c8366abeb..6041a3528 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 574d4b05e..13a3c8a90 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 37ca46e28..b6b5e154a 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_STORAGE_H diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 97486165e..3f32d7d4e 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_util.c b/library/psa_util.c index dd5e13455..0225bbf02 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h index 4a36dbf88..fcc79aef4 100644 --- a/library/psa_util_internal.h +++ b/library/psa_util_internal.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PSA_UTIL_INTERNAL_H diff --git a/library/ripemd160.c b/library/ripemd160.c index 49fee8579..b4fc3cdba 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -2,19 +2,7 @@ * RIPE MD-160 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/rsa.c b/library/rsa.c index 802bf5d24..38c3dd6be 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2,19 +2,7 @@ * The RSA public-key cryptosystem * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c index 5cc4636e4..5c265a992 100644 --- a/library/rsa_alt_helpers.c +++ b/library/rsa_alt_helpers.c @@ -2,19 +2,7 @@ * Helper functions for the RSA module * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/library/rsa_alt_helpers.h b/library/rsa_alt_helpers.h index 3b22ba853..ca0840b2a 100644 --- a/library/rsa_alt_helpers.h +++ b/library/rsa_alt_helpers.h @@ -36,19 +36,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/library/sha1.c b/library/sha1.c index 28a57b644..dfbe481f3 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -2,19 +2,7 @@ * FIPS-180-1 compliant SHA-1 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-1 standard was published by NIST in 1993. diff --git a/library/sha256.c b/library/sha256.c index 596b2c533..45ad6d86d 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -2,19 +2,7 @@ * FIPS-180-2 compliant SHA-256 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. diff --git a/library/sha3.c b/library/sha3.c index 4c1a1a9d4..d90fefaea 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -2,19 +2,7 @@ * FIPS-202 compliant SHA3 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-3 Secure Hash Standard was published by NIST in 2015. diff --git a/library/sha512.c b/library/sha512.c index e739af254..e7af12175 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -2,19 +2,7 @@ * FIPS-180-2 compliant SHA-384/512 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 929c28bec..772cb8fdf 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -2,19 +2,7 @@ * SSL session cache implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * These session callbacks use a simple chained list diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 95aa5816c..dc027e555 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -4,19 +4,7 @@ * \brief SSL ciphersuites for Mbed TLS * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_client.c b/library/ssl_client.c index 1a56f1ebe..eabdc75ac 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -2,19 +2,7 @@ * TLS 1.2 and 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS ( https://tls.mbed.org ) */ diff --git a/library/ssl_client.h b/library/ssl_client.h index f57bea33f..05ee7e4cc 100644 --- a/library/ssl_client.h +++ b/library/ssl_client.h @@ -2,19 +2,7 @@ * TLS 1.2 and 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_CLIENT_H diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 098acedd3..ee81eb420 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -2,19 +2,7 @@ * DTLS cookie callbacks implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * These session callbacks use a simple chained list diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 5c22ed221..2b0e73772 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_DEBUG_HELPERS_H diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2d78fd47c..76a2e9fe4 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 12b8f9bf0..cffd1c90f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3,19 +3,7 @@ * (record layer + retransmission state machine) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * http://www.ietf.org/rfc/rfc2246.txt diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 1adaa07fe..875abcbb3 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -2,19 +2,7 @@ * TLS server tickets callbacks implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 827b7fbcf..a2c382286 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2,19 +2,7 @@ * TLS shared functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * http://www.ietf.org/rfc/rfc2246.txt diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 27bbafa06..9aa46bd15 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2,19 +2,7 @@ * TLS client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6367e4683..b007e5c66 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2,19 +2,7 @@ * TLS server-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index c6fa3b390..e06e4c91e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2,19 +2,7 @@ * TLS 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS ( https://tls.mbed.org ) */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3c8d448c6..cc77a9438 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -2,19 +2,7 @@ * TLS 1.3 functionality shared between client and server * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h index 3fb79a95d..b4506f71c 100644 --- a/library/ssl_tls13_invasive.h +++ b/library/ssl_tls13_invasive.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_TLS13_INVASIVE_H diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 5ae621005..45c495dfe 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -2,7 +2,7 @@ * TLS 1.3 key schedule * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * Licensed under the Apache License, Version 2.0 ( the "License" ); you may * not use this file except in compliance with the License. diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 21e9b4d73..151b7c7c1 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -2,7 +2,7 @@ * TLS 1.3 key schedule * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * Licensed under the Apache License, Version 2.0 ( the "License" ); you may * not use this file except in compliance with the License. diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6445a00a1..815c0a9f0 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2,19 +2,7 @@ * TLS 1.3 server-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/threading.c b/library/threading.c index 130c6963d..52fe8fca9 100644 --- a/library/threading.c +++ b/library/threading.c @@ -2,19 +2,7 @@ * Threading abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/timing.c b/library/timing.c index 6852033ea..58f1c1ec2 100644 --- a/library/timing.c +++ b/library/timing.c @@ -2,19 +2,7 @@ * Portable interface to the CPU cycle counter * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/version.c b/library/version.c index 4f78c9cb1..04397332b 100644 --- a/library/version.c +++ b/library/version.c @@ -2,19 +2,7 @@ * Version information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/x509.c b/library/x509.c index 990393c31..b7b71f33c 100644 --- a/library/x509.c +++ b/library/x509.c @@ -2,19 +2,7 @@ * X.509 common functions for parsing and verification * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_create.c b/library/x509_create.c index 62fb119ba..424cce1d9 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -2,19 +2,7 @@ * X.509 base functions for creating certificates / CSRs * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/x509_crl.c b/library/x509_crl.c index 79ace8fa0..cad784eeb 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -2,19 +2,7 @@ * X.509 Certificate Revocation List (CRL) parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_crt.c b/library/x509_crt.c index e9153e710..f41eb47d7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2,19 +2,7 @@ * X.509 certificate parsing and verification * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_csr.c b/library/x509_csr.c index 0b2bb6f3b..b48b3a4ac 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -2,19 +2,7 @@ * X.509 Certificate Signing Request (CSR) parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509write.c b/library/x509write.c index 5628c29ef..d434df507 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -2,19 +2,7 @@ * X.509 internal, common functions for writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" #if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index a8a3022cb..4c019eee4 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -2,19 +2,7 @@ * X.509 certificate writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * References: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index d996052ba..4e397553a 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -2,19 +2,7 @@ * X.509 Certificate Signing Request writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * References: diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 1d9b522a3..226718bc6 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -3,19 +3,7 @@ * security. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable definition of fileno() even when compiling with -std=c99. Must be diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index ce3925628..853ec202c 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -25,19 +25,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 995694af0..3fd2b0089 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -2,19 +2,7 @@ * generic message digest layer demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 7bb27ad4a..8caae8851 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -2,19 +2,7 @@ * Classic "Hello, world" demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index 4c812fbd8..581816a1d 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -20,19 +20,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 5a2c30fc2..946e049d7 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange (client side) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 1f4cd59ee..6872e61e3 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange (prime generation) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c940be0c0..adddbf2fb 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange (server side) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 980441707..fedfcc9fe 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -2,19 +2,7 @@ * Example ECDHE with Curve25519 program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 953c14450..afd6fb31a 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -2,19 +2,7 @@ * Example ECDSA program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 99e88505c..f6bb23787 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -2,19 +2,7 @@ * Key generation application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index cd16e3320..194c4102d 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -2,19 +2,7 @@ * Key reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 179094cb5..c07c56464 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -2,19 +2,7 @@ * Key writing application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 88d745e92..e83aa3259 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -2,19 +2,7 @@ * Simple MPI demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index f60c946ed..b8f7943d6 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -2,19 +2,7 @@ * Public key-based simple decryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 04e5cc702..a916bc6e2 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -2,19 +2,7 @@ * RSA simple data encryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 57bd796c8..59347addb 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -2,19 +2,7 @@ * Public key-based signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index bca985b14..3127df540 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -2,19 +2,7 @@ * Public key-based signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 0462ba697..76bfddf5c 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -2,19 +2,7 @@ * RSA simple decryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 2126a9b9b..4bbb54e7d 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -2,19 +2,7 @@ * RSA simple data encryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 17f6d6591..dc58215f7 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -2,19 +2,7 @@ * Example RSA key generation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 64375e9e7..9d8ebe39a 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -2,19 +2,7 @@ * RSA/SHA-256 signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 999669e66..3a1f7473b 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -2,19 +2,7 @@ * RSASSA-PSS/SHA-256 signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index d525010df..e7d72fd52 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -2,19 +2,7 @@ * RSA/SHA-256 signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 8a1fb5908..afbbfa9d4 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -2,19 +2,7 @@ * RSASSA-PSS/SHA-256 signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c index 0c2413e61..619166dba 100644 --- a/programs/psa/aead_demo.c +++ b/programs/psa/aead_demo.c @@ -26,19 +26,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 3f109d839..b755f09ef 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "psa/crypto.h" diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index f25cdeb83..205505407 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -20,19 +20,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index a79fac640..2734ceb7f 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -32,19 +32,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index bb4a24f75..e55da7ead 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later . "${0%/*}/../demo_common.sh" diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index 88426854d..0baf4a065 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index d3a6bf857..c5244d6d4 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -9,19 +9,7 @@ * * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "psa/crypto.h" diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index cc3217169..887b2c988 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -2,19 +2,7 @@ * \brief Use and generate multiple entropies calls into a file * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index e1db16eeb..0eecf0ad4 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -2,19 +2,7 @@ * \brief Use and generate random data into a file via the CTR_DBRG based on AES * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index f0abcabc7..ddb3c34b9 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -2,19 +2,7 @@ * Simple DTLS client demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index b11a4f5b4..732625e7f 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -2,19 +2,7 @@ * Simple DTLS server demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index e8f4797b8..6bef2085c 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -3,19 +3,7 @@ * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 259b8f930..ee734b1ed 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -2,19 +2,7 @@ * SSL client demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6e6482000..aa3bc40ec 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2,19 +2,7 @@ * SSL client with certificate authentication * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 9744c58d5..3867f83ce 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -2,19 +2,7 @@ * Mbed TLS SSL context deserializer from base64 code * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 6734a14d9..f4822b7e6 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -2,19 +2,7 @@ * SSL server demonstration program using fork() for handling multiple clients * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 1e648e8af..febb881c8 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -2,19 +2,7 @@ * SSL client for SMTP servers * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable definition of gethostname() even when compiling with -std=c99. Must diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 12d3057b4..fcb8f2f4d 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -3,19 +3,7 @@ * clients. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index ad82567f4..6becf8d91 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -2,19 +2,7 @@ * SSL server demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index c99703dd5..7d1ea57fc 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2,19 +2,7 @@ * SSL client with options * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 67fc06115..1ff2077d4 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -9,19 +9,7 @@ * This file is meant to be #include'd and cannot be compiled separately. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ void eap_tls_key_derivation(void *p_expkey, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index aea056b68..6e0c6153f 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -5,19 +5,7 @@ * that cannot be compiled separately in "ssl_test_common_source.c". * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index ef0dba718..d06e0997d 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -2,19 +2,7 @@ * Common code for SSL test programs * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index d8237f544..3d751d026 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -2,19 +2,7 @@ * Benchmark demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index 86e10776c..729800ad8 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -2,19 +2,7 @@ * Simple program to test that Mbed TLS builds correctly as a CMake package. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index 9aa4c3b1d..44a2adadf 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -3,19 +3,7 @@ * package. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index d56b9a9cb..8b4f18e28 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -3,19 +3,7 @@ * work correctly. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 2dcda3bb2..f24125423 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -2,19 +2,7 @@ * Test dynamic loading of libmbed* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh index b162d7b5f..7280f1d70 100755 --- a/programs/test/dlopen_demo.sh +++ b/programs/test/dlopen_demo.sh @@ -4,19 +4,7 @@ # This is only expected to work when Mbed TLS is built as a shared library. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later . "${0%/*}/../demo_common.sh" diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index a55051652..0b4bd0b7b 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -14,19 +14,7 @@ EOF fi # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -e @@ -41,19 +29,8 @@ print_cpp () { * can be included and built with a C++ compiler. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c index df0fe4a70..a70e6daef 100644 --- a/programs/test/query_compile_time_config.c +++ b/programs/test/query_compile_time_config.c @@ -2,19 +2,7 @@ * Query the Mbed TLS compile time configuration * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_config.h b/programs/test/query_config.h index ade73d080..43f120bf0 100644 --- a/programs/test/query_config.h +++ b/programs/test/query_config.h @@ -2,19 +2,7 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c index 383a2ffc8..cdafa1620 100644 --- a/programs/test/query_included_headers.c +++ b/programs/test/query_included_headers.c @@ -1,19 +1,7 @@ /* Ad hoc report on included headers. */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/programs/test/selftest.c b/programs/test/selftest.c index cc5e00ed3..61dde5ed1 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -2,19 +2,7 @@ * Self-test demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 685e336e6..c6b56ec09 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -2,19 +2,7 @@ * UDP proxy: emulate an unreliable UDP connection for DTLS testing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 27de01390..aa6a6d10f 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -3,19 +3,7 @@ # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -u diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index b7842c4ef..1e9b98d71 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -10,19 +10,7 @@ * call to mbedtls_platform_zeroize() was not eliminated. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 5dd367a0c..d682c2b06 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -2,19 +2,7 @@ * Convert PEM to DER * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index 4bfd8a1c2..316f28614 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -2,19 +2,7 @@ * Translate error code to error string * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/wince_main.c b/programs/wince_main.c index be98eae5e..e817b9f5f 100644 --- a/programs/wince_main.c +++ b/programs/wince_main.c @@ -2,19 +2,7 @@ * Windows CE console application entry point * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(_WIN32_WCE) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 51a79ecb5..cb1e5bc4e 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -2,19 +2,7 @@ * Certificate reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 7e2a6bd8e..072441bef 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -2,19 +2,7 @@ * Certificate request generation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index d8660dc95..8395f746f 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -2,19 +2,7 @@ * Certificate generation and signing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 6c671ff3f..5e3fd5a94 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -2,19 +2,7 @@ * CRL reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index d024e9822..a975405ea 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -2,7 +2,7 @@ * Root CA reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the * GNU General Public License v2.0 or later. @@ -10,18 +10,6 @@ * ********** * Apache License 2.0: * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * * ********** * * ********** diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 64b9f0bb2..fff0983f0 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -2,19 +2,7 @@ * Certificate request reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/scripts/abi_check.py b/scripts/abi_check.py index ac1d60ffd..8a604c4e2 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -84,19 +84,7 @@ function name and parameter list. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import glob import os diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index cf01e1f8e..34daf37b5 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -8,19 +8,7 @@ # when multiple targets are invoked in the same parallel build. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index e8081012a..d5f705c1c 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -19,19 +19,7 @@ You must run this program from within a git working directory. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse from collections import OrderedDict, namedtuple diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 19d90bce7..86ed74ead 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -1,19 +1,7 @@ #!/bin/bash # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index e764e9d22..ad9b325bd 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -9,19 +9,7 @@ Note: must be run from Mbed TLS root. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import logging diff --git a/scripts/code_style.py b/scripts/code_style.py index ddd0a9800..08ec4af42 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -4,19 +4,7 @@ This script must be run from the root of a Git work tree containing Mbed TLS. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os import re diff --git a/scripts/config.pl b/scripts/config.pl index 5dd89d225..ca02b9046 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -2,19 +2,8 @@ # Backward compatibility redirection ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ## -## Licensed under the Apache License, Version 2.0 (the "License"); you may -## not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. my $py = $0; $py =~ s/\.pl$/.py/ or die "Unable to determine the name of the Python script"; diff --git a/scripts/config.py b/scripts/config.py index 5f49f2d8c..30e55f6a9 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -13,19 +13,8 @@ Basic usage, to read the Mbed TLS configuration: # in parts that are not backported to 2.28. ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ## -## Licensed under the Apache License, Version 2.0 (the "License"); you may -## not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. import os import re diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja index 8670bbde5..924b08cd5 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja @@ -4,19 +4,7 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja index dbe424c03..2aae62850 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja @@ -4,19 +4,7 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 077500302..781e72a91 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -2,19 +2,7 @@ * Error message information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index e7e6fc602..b60aba010 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -2,19 +2,7 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index 0e4059760..d820d4d1a 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -2,19 +2,7 @@ * Version feature information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 43fc7dfa1..3eb2ff449 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -8,19 +8,7 @@ # scripts/ecc-heap.sh | tee ecc-heap.log # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py index 6719be1c3..6146e881c 100755 --- a/scripts/ecp_comb_table.py +++ b/scripts/ecp_comb_table.py @@ -7,19 +7,7 @@ can use this script to generate codes to define `_T` in ecp_curves.c """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os import subprocess diff --git a/scripts/footprint.sh b/scripts/footprint.sh index ae95db4a1..614a49309 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index e0f282792..2fdc4cd0b 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -7,19 +7,7 @@ based on template files in script/data_files/driver_templates/. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys import os diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 664a349e9..0134c94f0 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -6,19 +6,7 @@ # or generate_errors.pl include_dir data_dir error_file # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; use warnings; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 49cca2ec3..cea8c115a 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,19 +1,7 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 960a07986..f13b507d0 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -12,19 +12,7 @@ file is written: """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os import sys diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 69eca8344..39743da6d 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -19,19 +19,7 @@ # generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 19be41521..a0544f153 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -8,19 +8,7 @@ implemented by fixed codes. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys import re import os @@ -356,19 +344,8 @@ OUTPUT_C_TEMPLATE = '''\ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ #include "common.h" diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 4fad322a6..7f5609820 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -7,19 +7,7 @@ # Takes no argument. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 6bba02fd2..7d23636b7 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -26,19 +26,7 @@ EOF } # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index eaf56aee7..52ca606b5 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -3,19 +3,7 @@ # Parse a massif.out.xxx file and output peak total memory usage # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py index 6fd6223f3..ef3e3a05e 100644 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ b/scripts/mbedtls_dev/asymmetric_key_data.py @@ -4,19 +4,8 @@ Meant for use in crypto_knowledge.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import binascii import re diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 3bef16db6..eebc858b2 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -1,18 +1,7 @@ """Common features for bignum in test generation framework.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from abc import abstractmethod import enum diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 563492b29..909f6a306 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -1,18 +1,7 @@ """Framework classes for generation of bignum core test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import random diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py index 897e31989..5c6c2c81e 100644 --- a/scripts/mbedtls_dev/bignum_data.py +++ b/scripts/mbedtls_dev/bignum_data.py @@ -1,19 +1,8 @@ """Base values and datasets for bignum generated tests and helper functions that produced them.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import random diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py index 77c7b1bbd..f554001ec 100644 --- a/scripts/mbedtls_dev/bignum_mod.py +++ b/scripts/mbedtls_dev/bignum_mod.py @@ -1,18 +1,7 @@ """Framework classes for generation of bignum mod test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import Dict, List diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 7121f2f49..37ad27a11 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -1,18 +1,7 @@ """Framework classes for generation of bignum mod_raw test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import Iterator, List diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 2e10c88e2..a657a5138 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import os import inspect diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 9bd17d608..f2cbbe4af 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import os import platform diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py index 7593952da..a36de692e 100644 --- a/scripts/mbedtls_dev/crypto_data_tests.py +++ b/scripts/mbedtls_dev/crypto_data_tests.py @@ -4,19 +4,8 @@ This module is a work in progress, only implementing a few cases for now. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import hashlib from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 45d253b9b..285d6c638 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -4,19 +4,8 @@ This module is entirely based on the PSA API. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import enum import re diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 410c77e11..b40f3b126 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -1,18 +1,7 @@ """Framework classes for generation of ecp test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import List diff --git a/scripts/mbedtls_dev/logging_util.py b/scripts/mbedtls_dev/logging_util.py index db1ebfe5c..ddd7c7fd6 100644 --- a/scripts/mbedtls_dev/logging_util.py +++ b/scripts/mbedtls_dev/logging_util.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import logging import sys diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py index 3cad2a3f6..d68be00bd 100644 --- a/scripts/mbedtls_dev/macro_collector.py +++ b/scripts/mbedtls_dev/macro_collector.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import itertools import re diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index a82df41df..32e500977 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import re from typing import Dict, FrozenSet, List, Optional diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py index 737760fd4..b1fc37710 100644 --- a/scripts/mbedtls_dev/psa_storage.py +++ b/scripts/mbedtls_dev/psa_storage.py @@ -7,19 +7,8 @@ before changing how test data is constructed or validated. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import re import struct diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py index 8f0870367..6ed5e849d 100644 --- a/scripts/mbedtls_dev/test_case.py +++ b/scripts/mbedtls_dev/test_case.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import binascii import os diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py index 02aa51051..a84f7dd2f 100644 --- a/scripts/mbedtls_dev/test_data_generation.py +++ b/scripts/mbedtls_dev/test_data_generation.py @@ -7,19 +7,8 @@ These are used both by generate_psa_tests.py and generate_bignum_tests.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import os diff --git a/scripts/mbedtls_dev/typing_util.py b/scripts/mbedtls_dev/typing_util.py index 4c344492c..2ec448d00 100644 --- a/scripts/mbedtls_dev/typing_util.py +++ b/scripts/mbedtls_dev/typing_util.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import Any diff --git a/scripts/memory.sh b/scripts/memory.sh index e3ce9d6d1..d119374d5 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -7,19 +7,7 @@ # since for memory we want debug information. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py index c00d58e05..9888abe08 100755 --- a/scripts/min_requirements.py +++ b/scripts/min_requirements.py @@ -3,19 +3,7 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 302f3fdaa..b056ffde6 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -3,19 +3,7 @@ # output_env.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 800383d2c..7f972e070 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -12,19 +12,7 @@ EOF } # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index 558970f54..455f892a2 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -4,19 +4,7 @@ # git development # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later IGNORE="" diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh index 29c87877d..e703c5723 100755 --- a/tests/compat-in-docker.sh +++ b/tests/compat-in-docker.sh @@ -22,19 +22,7 @@ # - compat.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/compat.sh b/tests/compat.sh index 6506e6c09..8d615d563 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -3,19 +3,7 @@ # compat.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 38286d1fd..d825ee92c 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable TLS 1.3 and core 1.3 features */ diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index a9386a236..639496be6 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(PSA_CRYPTO_DRIVER_TEST_ALL) diff --git a/tests/configs/user-config-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h index 226f4d187..fada9ee93 100644 --- a/tests/configs/user-config-malloc-0-null.h +++ b/tests/configs/user-config-malloc-0-null.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h index fcdd1f099..52d4b0833 100644 --- a/tests/configs/user-config-zeroize-memset.h +++ b/tests/configs/user-config-zeroize-memset.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/context-info.sh b/tests/context-info.sh index 88dfcaa5e..55e321943 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -3,19 +3,7 @@ # context-info.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # This program is intended for testing the ssl_context_info program # diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index d7d879765..4e1fd48dc 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index ce8ed6f8e..5f4b3d0c6 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,19 +1,7 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; use warnings; diff --git a/tests/data_files/test_certs.h.jinja2 b/tests/data_files/test_certs.h.jinja2 index 92131ddc1..4a64b3a79 100644 --- a/tests/data_files/test_certs.h.jinja2 +++ b/tests/data_files/test_certs.h.jinja2 @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index d44cdff25..e4c49fac2 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -10,19 +10,7 @@ # for the set of Docker images we use on the CI. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ARG MAKEFLAGS_PARALLEL="" ARG MY_REGISTRY= diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index ce43467b4..9192678a5 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -2,19 +2,7 @@ # pre-push.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h index 21d85f1ff..dc47dd16c 100644 --- a/tests/include/alt-dummy/aes_alt.h +++ b/tests/include/alt-dummy/aes_alt.h @@ -1,19 +1,7 @@ /* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef AES_ALT_H diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h index aabec9c9f..94db8c7fb 100644 --- a/tests/include/alt-dummy/aria_alt.h +++ b/tests/include/alt-dummy/aria_alt.h @@ -1,19 +1,7 @@ /* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ARIA_ALT_H diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h index b42613bc2..97bc16b78 100644 --- a/tests/include/alt-dummy/camellia_alt.h +++ b/tests/include/alt-dummy/camellia_alt.h @@ -1,19 +1,7 @@ /* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CAMELLIA_ALT_H diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h index 5ec7d4e48..c25f42b4a 100644 --- a/tests/include/alt-dummy/ccm_alt.h +++ b/tests/include/alt-dummy/ccm_alt.h @@ -1,19 +1,7 @@ /* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CCM_ALT_H diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h index a53a33002..6fd84d031 100644 --- a/tests/include/alt-dummy/chacha20_alt.h +++ b/tests/include/alt-dummy/chacha20_alt.h @@ -1,19 +1,7 @@ /* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHA20_ALT_H diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h index 584a42174..de28ced67 100644 --- a/tests/include/alt-dummy/chachapoly_alt.h +++ b/tests/include/alt-dummy/chachapoly_alt.h @@ -1,19 +1,7 @@ /* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHAPOLY_ALT_H diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h index 13c998d68..68b53d707 100644 --- a/tests/include/alt-dummy/cmac_alt.h +++ b/tests/include/alt-dummy/cmac_alt.h @@ -1,19 +1,7 @@ /* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CMAC_ALT_H diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h index 3b8abe493..d07986128 100644 --- a/tests/include/alt-dummy/des_alt.h +++ b/tests/include/alt-dummy/des_alt.h @@ -1,19 +1,7 @@ /* des_alt.h with dummy types for MBEDTLS_DES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h index ccb3bd3c3..3cb51d2ed 100644 --- a/tests/include/alt-dummy/dhm_alt.h +++ b/tests/include/alt-dummy/dhm_alt.h @@ -1,19 +1,7 @@ /* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef DHM_ALT_H diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h index 90c21da8b..4d7524860 100644 --- a/tests/include/alt-dummy/ecjpake_alt.h +++ b/tests/include/alt-dummy/ecjpake_alt.h @@ -1,19 +1,7 @@ /* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECJPAKE_ALT_H diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h index 56c981095..d204b18d0 100644 --- a/tests/include/alt-dummy/ecp_alt.h +++ b/tests/include/alt-dummy/ecp_alt.h @@ -1,19 +1,7 @@ /* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECP_ALT_H diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h index 7be5b62f6..cfa73d2a4 100644 --- a/tests/include/alt-dummy/gcm_alt.h +++ b/tests/include/alt-dummy/gcm_alt.h @@ -1,19 +1,7 @@ /* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef GCM_ALT_H diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h index 1f3e5ed9b..e3a15d70f 100644 --- a/tests/include/alt-dummy/md5_alt.h +++ b/tests/include/alt-dummy/md5_alt.h @@ -1,19 +1,7 @@ /* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MD5_ALT_H diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h index 8fec116be..1274d4081 100644 --- a/tests/include/alt-dummy/nist_kw_alt.h +++ b/tests/include/alt-dummy/nist_kw_alt.h @@ -1,19 +1,7 @@ /* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef NIST_KW_ALT_H diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h index 836f299c8..67573926e 100644 --- a/tests/include/alt-dummy/platform_alt.h +++ b/tests/include/alt-dummy/platform_alt.h @@ -1,19 +1,7 @@ /* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PLATFORM_ALT_H diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h index 5a8295f16..c8ed1bc06 100644 --- a/tests/include/alt-dummy/poly1305_alt.h +++ b/tests/include/alt-dummy/poly1305_alt.h @@ -1,19 +1,7 @@ /* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef POLY1305_ALT_H diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h index ca3b33827..72ae47efb 100644 --- a/tests/include/alt-dummy/ripemd160_alt.h +++ b/tests/include/alt-dummy/ripemd160_alt.h @@ -1,19 +1,7 @@ /* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RIPEMD160_ALT_H diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h index 24f672bb3..eabc26da1 100644 --- a/tests/include/alt-dummy/rsa_alt.h +++ b/tests/include/alt-dummy/rsa_alt.h @@ -1,19 +1,7 @@ /* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RSA_ALT_H diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h index 36bf71d84..d8ac97191 100644 --- a/tests/include/alt-dummy/sha1_alt.h +++ b/tests/include/alt-dummy/sha1_alt.h @@ -1,19 +1,7 @@ /* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA1_ALT_H diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h index 304734bfc..b1900adee 100644 --- a/tests/include/alt-dummy/sha256_alt.h +++ b/tests/include/alt-dummy/sha256_alt.h @@ -1,19 +1,7 @@ /* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA256_ALT_H diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h index 13e58109e..857bc916a 100644 --- a/tests/include/alt-dummy/sha512_alt.h +++ b/tests/include/alt-dummy/sha512_alt.h @@ -1,19 +1,7 @@ /* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA512_ALT_H diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h index 400350686..07d5da427 100644 --- a/tests/include/alt-dummy/threading_alt.h +++ b/tests/include/alt-dummy/threading_alt.h @@ -1,19 +1,7 @@ /* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef THREADING_ALT_H diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h index 9d4e100ea..69bee60f6 100644 --- a/tests/include/alt-dummy/timing_alt.h +++ b/tests/include/alt-dummy/timing_alt.h @@ -1,19 +1,7 @@ /* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TIMING_ALT_H diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h index 40eed2d33..0a44275e7 100644 --- a/tests/include/baremetal-override/time.h +++ b/tests/include/baremetal-override/time.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h index de842642d..fdf3a2db5 100644 --- a/tests/include/spe/crypto_spe.h +++ b/tests/include/spe/crypto_spe.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h index 74bbbd569..6d267b660 100644 --- a/tests/include/test/arguments.h +++ b/tests/include/test/arguments.h @@ -8,19 +8,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_ARGUMENTS_H diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h index dee3cbda9..2eb917128 100644 --- a/tests/include/test/asn1_helpers.h +++ b/tests/include/test/asn1_helpers.h @@ -2,19 +2,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ASN1_HELPERS_H diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index fc97d23ba..2f6bf8931 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_BIGNUM_HELPERS_H diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h index 65c55829d..db69536a6 100644 --- a/tests/include/test/certs.h +++ b/tests/include/test/certs.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h index f3d676e28..c5658eb40 100644 --- a/tests/include/test/constant_flow.h +++ b/tests/include/test/constant_flow.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_CONSTANT_FLOW_H diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index 037a255ca..a033e399d 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -2,19 +2,7 @@ * Test driver for AEAD driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h index c602d2f22..0ac77087d 100644 --- a/tests/include/test/drivers/asymmetric_encryption.h +++ b/tests/include/test/drivers/asymmetric_encryption.h @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 54c37f748..950a17440 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -2,19 +2,7 @@ * Test driver for cipher functions */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 81f988339..4eb27f024 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_H diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h index f1da8d3e4..ad48c45d5 100644 --- a/tests/include/test/drivers/hash.h +++ b/tests/include/test/drivers/hash.h @@ -2,19 +2,7 @@ * Test driver for hash driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h index aaf74a8c5..ca82b3ad9 100644 --- a/tests/include/test/drivers/key_agreement.h +++ b/tests/include/test/drivers/key_agreement.h @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 43df0d610..9e2c89885 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -2,19 +2,7 @@ * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h index bdc2b705c..d92eff903 100644 --- a/tests/include/test/drivers/mac.h +++ b/tests/include/test/drivers/mac.h @@ -2,19 +2,7 @@ * Test driver for MAC driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 331ee49da..d292ca0da 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -2,19 +2,7 @@ * Test driver for PAKE driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 4c56a121c..8c5703edf 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -2,19 +2,7 @@ * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 541ee03d0..74605d6b8 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -2,19 +2,7 @@ * Umbrella include for all of the test driver functionality */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h index 01bfb91a4..e3e331d55 100644 --- a/tests/include/test/fake_external_rng_for_test.h +++ b/tests/include/test/fake_external_rng_for_test.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index dd4a6a2b4..ba117fbdf 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_HELPERS_H diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 3bfbe3333..8de9c4d95 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_MACROS_H diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 959308af9..04b90b923 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_HELPERS_H diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 46f4d0810..0f3ee3db6 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_EXERCISE_KEY_H diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h index 2665fac39..b61718939 100644 --- a/tests/include/test/psa_helpers.h +++ b/tests/include/test/psa_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_HELPERS_H diff --git a/tests/include/test/random.h b/tests/include/test/random.h index c5572088a..6304e05d7 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_RANDOM_H diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ddbd6a39e..abdef9032 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SSL_HELPERS_H diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh index 0ee08dc48..e57d09d34 100755 --- a/tests/make-in-docker.sh +++ b/tests/make-in-docker.sh @@ -14,19 +14,7 @@ # for the set of Docker images we use on the CI. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 56d2e2959..1190a87ee 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -3,19 +3,7 @@ # tls13-compat.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 758da1da5..6556cd4b4 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -3,19 +3,7 @@ # tls13-kex-modes.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index d5efc9edc..3182b48b2 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -3,19 +3,7 @@ # tls13-misc.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # requires_gnutls_tls1_3 diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh index 7c03d9135..b2a31c265 100755 --- a/tests/scripts/all-in-docker.sh +++ b/tests/scripts/all-in-docker.sh @@ -17,19 +17,7 @@ # See also all.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2d807205f..a4f7965b4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3,19 +3,7 @@ # all.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 5128dc788..96b705a28 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """Audit validity date of X509 crt/crl/csr. diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 72923f62c..52617541d 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -3,19 +3,7 @@ # basic-build-test.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh index 02cafb0cc..3aca3a134 100755 --- a/tests/scripts/basic-in-docker.sh +++ b/tests/scripts/basic-in-docker.sh @@ -18,19 +18,7 @@ # See docker_env.sh for prerequisites and other information. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index dd955301f..3199c2ab4 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -9,19 +9,7 @@ # items that are documented, but not marked as such by mistake. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index d03e5cf6d..67dedeb26 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -1,19 +1,7 @@ #! /usr/bin/env sh # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 35319d3e1..51e80792b 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -1,19 +1,7 @@ #! /usr/bin/env sh # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Purpose: check Python files for potential programming errors or maintenance # hurdles. Run pylint to detect some potential mistakes and enforce PEP8 diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 238a83fab..68871efe4 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script checks the current state of the source code for minor issues, diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 86a7c0903..9e8ed219a 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script confirms that the naming of all symbols and identifiers in Mbed TLS diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 1395d4d90..3b954af22 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -7,19 +7,7 @@ independently of the checks. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import glob diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 96529de7d..29ecfdbea 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # Copyright (c) 2022, Arm Limited, All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh index 3dbc41d92..cfc98dfca 100755 --- a/tests/scripts/docker_env.sh +++ b/tests/scripts/docker_env.sh @@ -27,19 +27,7 @@ # the Docker image. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # default values, can be overridden by the environment diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index cb87829e2..b6a1d4594 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -3,19 +3,7 @@ # Make sure the doxygen documentation builds without warnings # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Abort on errors (and uninitialised variables) set -eu diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 2345b9e36..ec5e5d891 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -5,19 +5,7 @@ # and concats nonce and personalization for initialization. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 354e351a4..30d45c307 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -4,19 +4,7 @@ # Only first 3 of every set used for compile time saving # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index 101456fed..b4f08494c 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -4,19 +4,7 @@ # Only first 3 of every set used for compile time saving # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index 609e5586a..fe2d3f5d3 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,19 +1,7 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index a51fbc965..d4ef0f3af 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -9,19 +9,7 @@ # such as 'test_suite_rsa.data' # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Abort on errors set -e diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index 6ee6ab39a..8dbb6ed78 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -40,19 +40,7 @@ of BaseTarget in test_data_generation.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys diff --git a/tests/scripts/generate_ecp_tests.py b/tests/scripts/generate_ecp_tests.py index abbfda55f..df1e4696a 100755 --- a/tests/scripts/generate_ecp_tests.py +++ b/tests/scripts/generate_ecp_tests.py @@ -6,19 +6,7 @@ as in generate_bignum_tests.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys diff --git a/tests/scripts/generate_pkcs7_tests.py b/tests/scripts/generate_pkcs7_tests.py index 0e7385043..0e484b023 100755 --- a/tests/scripts/generate_pkcs7_tests.py +++ b/tests/scripts/generate_pkcs7_tests.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # """ diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index b6f83c111..801f8da8b 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -6,19 +6,7 @@ generate only the specified files. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import enum import re diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index 4494917ef..a3bca7e6f 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -6,19 +6,7 @@ Generate `tests/src/test_certs.h` which includes certficaties/keys/certificate l # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index 76806de95..5f711bfb1 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -2,19 +2,7 @@ # Test suites code generator. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script is a key part of Mbed TLS test suites framework. For diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index 05d80a532..fdb264d7b 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -3,19 +3,7 @@ # generate_tls13_compat_tests.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ Generate TLSv1.3 Compat test cases @@ -536,19 +524,7 @@ SSL_OUTPUT_HEADER = '''#!/bin/sh # {filename} # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 9b930802f..4ccac236e 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -10,19 +10,7 @@ # Usage: list-identifiers.sh [ -i | --internal ] # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py index 6b41607e3..b648ce24f 100755 --- a/tests/scripts/list_internal_identifiers.py +++ b/tests/scripts/list_internal_identifiers.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script generates a file called identifiers that contains all Mbed TLS diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index f685bab8e..11bbebcc1 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -13,19 +13,7 @@ only supported with make (as opposed to CMake or other build methods). """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index 2a7dba541..3cdeff7f4 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -9,19 +9,7 @@ # Typical usage: scripts/recursion.pl library/*.c # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index cedc0bfa5..e0ee3f515 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -3,19 +3,7 @@ # run-test-suites.pl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later =head1 SYNOPSIS diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py index 10bf6f852..5d83f29f9 100644 --- a/tests/scripts/scripts_path.py +++ b/tests/scripts/scripts_path.py @@ -6,19 +6,8 @@ Usage: """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import os import sys diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 7f4ebeb7f..f68dfcb72 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -4,19 +4,7 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os import re diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index 17f824e00..9aff22db0 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -6,19 +6,7 @@ # RESPONSE: regexp that must match the server's response # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 15209b4a0..0702074ab 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -3,19 +3,7 @@ # test-ref-configs.pl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py index e230e3c87..e500b3362 100755 --- a/tests/scripts/test_config_script.py +++ b/tests/scripts/test_config_script.py @@ -14,19 +14,8 @@ Sample usage: """ ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ## -## Licensed under the Apache License, Version 2.0 (the "License"); you may -## not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. import argparse import glob diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index b32d18423..abc46a729 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -2,19 +2,7 @@ # Unit test for generate_test_code.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ Unit tests for generate_test_code.py diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 9cd220f85..bed6d849e 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -8,19 +8,7 @@ keep the list of known defects as up to date as possible. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index e43a0baef..6883e279f 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -8,19 +8,7 @@ or 1 (with a Python backtrace) if there was an operational error. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse from collections import namedtuple diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 66c630408..57f771f56 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,19 +1,7 @@ # test_zeroize.gdb # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index a8db4bb35..90514fca1 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -3,19 +3,7 @@ # translate_ciphers.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards. diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh index 249b3f807..3daecf30d 100755 --- a/tests/scripts/travis-log-failure.sh +++ b/tests/scripts/travis-log-failure.sh @@ -3,19 +3,7 @@ # travis-log-failure.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c index aaf7587aa..c8df1995e 100644 --- a/tests/src/asn1_helpers.c +++ b/tests/src/asn1_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index 214530df5..c85e2caaf 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/tests/src/certs.c b/tests/src/certs.c index b834e4aa1..879f08882 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index 8fb198277..76ec12a22 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -2,19 +2,7 @@ * Test driver for hash entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c index 6334a438e..01fc050bb 100644 --- a/tests/src/drivers/platform_builtin_keys.c +++ b/tests/src/drivers/platform_builtin_keys.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 6dadf5282..314ce83a2 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -2,19 +2,7 @@ * Test driver for AEAD entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index cf0e90cae..c906a664a 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 42e79c490..678d8d5d6 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -3,19 +3,7 @@ * Currently only supports multi-part operations using AES-CTR. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index 9cf82a37a..8471959e2 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 19da47ad6..6442f2231 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -3,19 +3,7 @@ * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 96c1685f5..9f8120bd4 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 69bd4ffe2..a0b6c1cb0 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 7d1f91fdf..00dd3e267 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -4,19 +4,7 @@ * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c index 89af7d34f..c0bfde51a 100644 --- a/tests/src/fake_external_rng_for_test.c +++ b/tests/src/fake_external_rng_for_test.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 7cac6e0a0..eb28919b8 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 52ff03186..d59a8f872 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index c4488b56f..f8b36e1fa 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -4,19 +4,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/random.c b/tests/src/random.c index d20103c35..d041f36a1 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/tests/src/test_certs.h b/tests/src/test_certs.h index 866d1e003..b313ea88d 100644 --- a/tests/src/test_certs.h +++ b/tests/src/test_certs.h @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 5c305cb0a..52839eb96 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index ae6e59072..6f405b00c 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -2,19 +2,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh index 159be4c50..c0c85fc2e 100755 --- a/tests/ssl-opt-in-docker.sh +++ b/tests/ssl-opt-in-docker.sh @@ -22,19 +22,7 @@ # - ssl-opt.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0dd7fe6d3..cd17a7800 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3,19 +3,7 @@ # ssl-opt.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # From 8ce51708da7e5066e884be77c108a362f67bb91c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 17:36:49 +0000 Subject: [PATCH 170/430] Update documentation Signed-off-by: Dave Rodgman --- CONTRIBUTING.md | 4 +- LICENSE | 351 ++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 2 +- 3 files changed, 354 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8454fb8ea..261f745ba 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -84,11 +84,11 @@ Mbed TLS is well documented, but if you think documentation is needed, speak out License and Copyright --------------------- -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license. +Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 or GPL-2.0-or-later licenses. -All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. +All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later". The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors". diff --git a/LICENSE b/LICENSE index d64569567..776ac77ea 100644 --- a/LICENSE +++ b/LICENSE @@ -1,3 +1,10 @@ +Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) +OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. +This means that users may choose which of these licenses they take the code +under. + +The full text of each of these licenses is given below. + Apache License Version 2.0, January 2004 @@ -200,3 +207,347 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + + +=============================================================================== + + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/README.md b/README.md index a3fcd2e15..956d8ba0b 100644 --- a/README.md +++ b/README.md @@ -307,7 +307,7 @@ When using drivers, you will generally want to enable two compilation options (s License ------- -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. +Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. ### Third-party code included in Mbed TLS From 658bcff97ca6ebb61178016353f9eb7d64319045 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 19:01:43 +0000 Subject: [PATCH 171/430] Add Changelog for license Signed-off-by: Dave Rodgman --- ChangeLog.d/license.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/license.txt diff --git a/ChangeLog.d/license.txt b/ChangeLog.d/license.txt new file mode 100644 index 000000000..0b6bb1f02 --- /dev/null +++ b/ChangeLog.d/license.txt @@ -0,0 +1,3 @@ +Changes + * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later + license. Users may choose which license they take the code under. From f8be5f6adeb66b190ed063ecaddb7f73c339240a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 20:43:00 +0000 Subject: [PATCH 172/430] Fix overlooked files Signed-off-by: Dave Rodgman --- library/ssl_tls13_keys.h | 12 ------------ programs/x509/load_roots.c | 29 +---------------------------- 2 files changed, 1 insertion(+), 40 deletions(-) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 151b7c7c1..d3a4c6c99 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -3,18 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * Licensed under the Apache License, Version 2.0 ( the "License" ); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) #define MBEDTLS_SSL_TLS1_3_KEYS_H diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index a975405ea..f0e6acf25 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -2,34 +2,7 @@ * Root CA reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later OR GPL-2.0-or-later - * - * This file is provided under the Apache License 2.0, or the - * GNU General Public License v2.0 or later. - * - * ********** - * Apache License 2.0: - * - * ********** - * - * ********** - * GNU General Public License v2.0 or later: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - * ********** + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" From fffeae8387bde57093f943ef049c38e06c81f3f2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 09:28:10 +0000 Subject: [PATCH 173/430] Update license for p256-m Signed-off-by: Dave Rodgman --- 3rdparty/p256-m/README.md | 4 +- 3rdparty/p256-m/p256-m/LICENSE | 202 -------------------- 3rdparty/p256-m/p256-m/p256-m.c | 2 +- 3rdparty/p256-m/p256-m/p256-m.h | 2 +- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 14 +- 3rdparty/p256-m/p256-m_driver_entrypoints.h | 14 +- README.md | 2 +- 7 files changed, 7 insertions(+), 233 deletions(-) delete mode 100644 3rdparty/p256-m/p256-m/LICENSE diff --git a/3rdparty/p256-m/README.md b/3rdparty/p256-m/README.md index 89648d413..ec90f3446 100644 --- a/3rdparty/p256-m/README.md +++ b/3rdparty/p256-m/README.md @@ -1,4 +1,4 @@ -The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project. +The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m). They are distributed here under a dual Apache-2.0 OR GPL-2.0-or-later license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project. -The files `p256-m.c` and `.h`, along with the license, have been taken from the `p256-m` repository. +The files `p256-m.c`, `p256-m.h` and `README.md` have been taken from the `p256-m` repository. It should be noted that p256-m deliberately does not supply its own cryptographically secure RNG function. As a result, the PSA RNG is used, with `p256_generate_random()` wrapping `psa_generate_random()`. diff --git a/3rdparty/p256-m/p256-m/LICENSE b/3rdparty/p256-m/p256-m/LICENSE deleted file mode 100644 index d64569567..000000000 --- a/3rdparty/p256-m/p256-m/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 3f878f758..42c35b5bf 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -3,7 +3,7 @@ * * Copyright The Mbed TLS Contributors * Author: Manuel Pégourié-Gonnard. - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "p256-m.h" diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h index 28d319f39..c26780024 100644 --- a/3rdparty/p256-m/p256-m/p256-m.h +++ b/3rdparty/p256-m/p256-m/p256-m.h @@ -3,7 +3,7 @@ * * Copyright The Mbed TLS Contributors * Author: Manuel Pégourié-Gonnard. - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef P256_M_H #define P256_M_H diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index 61310a87b..d272dcbb1 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/platform.h" diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index d92a8f00b..c740c4522 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef P256M_DRIVER_ENTRYPOINTS_H diff --git a/README.md b/README.md index 956d8ba0b..c0fb9d926 100644 --- a/README.md +++ b/README.md @@ -314,7 +314,7 @@ Unless specifically indicated otherwise in a file, Mbed TLS files are provided u This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below: * `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by Mbed TLS under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project. +* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project. Contributing ------------ From 6b190d4f276b6b28028789f4506962ea32a981f9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 13:44:14 +0800 Subject: [PATCH 174/430] psa_information.py: generate dep for AES/ARIA/CAMELLIA ECB test case Signed-off-by: Yanray Wang --- scripts/mbedtls_dev/psa_information.py | 34 +++++++++++++++++--------- tests/scripts/generate_psa_tests.py | 3 ++- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index a82df41df..3c51ee150 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -17,7 +17,8 @@ # limitations under the License. import re -from typing import Dict, FrozenSet, List, Optional +from collections import OrderedDict +from typing import FrozenSet, List, Optional from . import macro_collector @@ -97,22 +98,31 @@ def automatic_dependencies(*expressions: str) -> List[str]: return sorted(psa_want_symbol(name) for name in used) # Define set of regular expressions and dependencies to optionally append -# extra dependencies for test case. +# extra dependencies for test case based on key description. + +# Skip AES test cases which require 192- or 256-bit key +# if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)' -AES_128BIT_ONLY_DEP = ["!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"] +AES_128BIT_ONLY_DEP = ['!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH'] +# Skip AES/ARIA/CAMELLIA test cases which require decrypt operation in ECB mode +# if MBEDTLS_BLOCK_CIPHER_NO_DECRYPT enabled. +ECB_NO_PADDING_DEP_REGEX = r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING' +ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT'] -DEPENDENCY_FROM_KEY = { - AES_128BIT_ONLY_DEP_REGEX: AES_128BIT_ONLY_DEP -}#type: Dict[str, List[str]] -def generate_key_dependencies(description: str) -> List[str]: - """Return additional dependencies based on pairs of REGEX and dependencies. +DEPENDENCY_FROM_DESCRIPTION = OrderedDict() +DEPENDENCY_FROM_DESCRIPTION[AES_128BIT_ONLY_DEP_REGEX] = AES_128BIT_ONLY_DEP +DEPENDENCY_FROM_DESCRIPTION[ECB_NO_PADDING_DEP_REGEX] = ECB_NO_PADDING_DEP +def generate_description_dependencies( + dep_list: List[str], + description: str + ) -> List[str]: + """Return additional dependencies based on test case description and REGEX. """ - deps = [] - for regex, dep in DEPENDENCY_FROM_KEY.items(): + for regex, deps in DEPENDENCY_FROM_DESCRIPTION.items(): if re.search(regex, description): - deps += dep + dep_list += deps - return deps + return dep_list # A temporary hack: at the time of writing, not all dependency symbols # are implemented yet. Skip test cases for which the dependency symbols are diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index b6f83c111..04c36f7f9 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -508,7 +508,8 @@ class StorageFormat: key.alg.string, key.alg2.string, ) dependencies = psa_information.finish_family_dependencies(dependencies, key.bits) - dependencies += psa_information.generate_key_dependencies(key.description) + dependencies = psa_information.generate_description_dependencies(dependencies, + key.description) dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC') tc.set_dependencies(dependencies) tc.set_function('key_storage_' + verb) From ce38adb7319e341d39f45ae2eb2e0654e3767f20 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 10:29:25 +0000 Subject: [PATCH 175/430] Fix header in ssl_tls13_keys.c Signed-off-by: Dave Rodgman --- library/ssl_tls13_keys.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 45c495dfe..a6a2915d8 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -3,18 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * Licensed under the Apache License, Version 2.0 ( the "License" ); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ #include "common.h" From 3f07074efbf5d5ad2e31163f3908566f2e1ef970 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 11:08:05 +0000 Subject: [PATCH 176/430] Fix typos in changelog Signed-off-by: Dave Rodgman --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85f3665c2..4ba3164f6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,8 +5,8 @@ Mbed TLS ChangeLog (Sorted per branch, date) API changes * Mbed TLS 3.4 introduced support for omitting the built-in implementation of ECDSA and/or EC J-PAKE when those are provided by a driver. However, - their was a flaw in the logic checking if the built-in implementation, in - that if failed to check if all the relevant curves were supported by the + there was a flaw in the logic checking if the built-in implementation, in + that it failed to check if all the relevant curves were supported by the accelerator. As a result, it was possible to declare no curves as accelerated and still have the built-in implementation compiled out. Starting with this release, it is necessary to declare which curves are From af54378af45100df8f3c9e44ccf6c830eb935c92 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 11:34:40 +0000 Subject: [PATCH 177/430] README improvements to 3rdparty section Signed-off-by: Dave Rodgman --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c0fb9d926..2505d8fd9 100644 --- a/README.md +++ b/README.md @@ -311,10 +311,10 @@ Unless specifically indicated otherwise in a file, Mbed TLS files are provided u ### Third-party code included in Mbed TLS -This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below: +This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below: * `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project. +* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author. Contributing ------------ From aeaf1d79bafd72c520cfe2d181fff8a7741bda2b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 11:40:56 +0000 Subject: [PATCH 178/430] Update license and copyright in config files Signed-off-by: Dave Rodgman --- configs/crypto_config_profile_medium.h | 11 +++++------ configs/tfm_mbedcrypto_config_profile_medium.h | 4 +--- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/configs/crypto_config_profile_medium.h b/configs/crypto_config_profile_medium.h index 3fa8552c9..682835a06 100644 --- a/configs/crypto_config_profile_medium.h +++ b/configs/crypto_config_profile_medium.h @@ -1,14 +1,13 @@ -/* - * Copyright (c) 2018-2022, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * - */ /** * \file psa/crypto_config.h * \brief PSA crypto configuration options (set of defines) * */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /** * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 3234cd672..34a3bd4ff 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -8,10 +8,8 @@ * memory footprint. */ /* - * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H From 4eb44e47803b79622550ae2f1aac685ddb64f0ad Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 12:15:12 +0000 Subject: [PATCH 179/430] Standardise some more headers Signed-off-by: Dave Rodgman --- library/mps_common.h | 2 -- library/mps_error.h | 2 -- library/mps_reader.c | 2 -- library/mps_reader.h | 2 -- library/mps_trace.c | 2 -- library/mps_trace.h | 2 -- library/ssl_client.c | 2 -- library/ssl_tls13_client.c | 2 -- tests/scripts/depends.py | 4 +--- 9 files changed, 1 insertion(+), 19 deletions(-) diff --git a/library/mps_common.h b/library/mps_common.h index 49e17535a..f9fe09988 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_error.h b/library/mps_error.h index 8a714a3a5..016a84ce4 100644 --- a/library/mps_error.h +++ b/library/mps_error.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_reader.c b/library/mps_reader.c index 48b393685..27d0c04c1 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #include "common.h" diff --git a/library/mps_reader.h b/library/mps_reader.h index d877ee54a..3193a5e33 100644 --- a/library/mps_reader.h +++ b/library/mps_reader.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_trace.c b/library/mps_trace.c index cb69c6be6..69f6e5a0f 100644 --- a/library/mps_trace.c +++ b/library/mps_trace.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #include "common.h" diff --git a/library/mps_trace.h b/library/mps_trace.h index a13edd87f..b456b2ffd 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/ssl_client.c b/library/ssl_client.c index eabdc75ac..7a7840662 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e06e4c91e..97ae51cb7 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 29ecfdbea..38c184a6a 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -1,9 +1,7 @@ #!/usr/bin/env python3 -# Copyright (c) 2022, Arm Limited, All Rights Reserved. +# Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# This file is part of Mbed TLS (https://tls.mbed.org) """ Test Mbed TLS with a subset of algorithms. From e3c05853d6a9a6895d5ce690fbf8a485bc91ab97 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 12:21:36 +0000 Subject: [PATCH 180/430] Header updates Signed-off-by: Dave Rodgman --- .uncrustify.cfg | 14 +--------- 3rdparty/p256-m/p256-m/p256-m.c | 2 +- 3rdparty/p256-m/p256-m/p256-m.h | 2 +- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 14 +--------- 3rdparty/p256-m/p256-m_driver_entrypoints.h | 14 +--------- configs/config-ccm-psk-dtls1_2.h | 14 +--------- configs/config-ccm-psk-tls1_2.h | 14 +--------- configs/config-no-entropy.h | 14 +--------- configs/config-suite-b.h | 14 +--------- configs/config-symmetric-only.h | 14 +--------- configs/config-thread.h | 14 +--------- configs/crypto-config-ccm-aes-sha256.h | 14 +--------- .../tfm_mbedcrypto_config_profile_medium.h | 14 +--------- docs/architecture/psa-migration/syms.sh | 14 +--------- doxygen/input/doc_encdec.h | 14 +--------- doxygen/input/doc_hashing.h | 14 +--------- doxygen/input/doc_mainpage.h | 14 +--------- doxygen/input/doc_rng.h | 14 +--------- doxygen/input/doc_ssltls.h | 14 +--------- doxygen/input/doc_tcpip.h | 14 +--------- doxygen/input/doc_x509.h | 14 +--------- include/mbedtls/aes.h | 14 +--------- include/mbedtls/aria.h | 14 +--------- include/mbedtls/asn1.h | 14 +--------- include/mbedtls/asn1write.h | 14 +--------- include/mbedtls/base64.h | 14 +--------- include/mbedtls/bignum.h | 14 +--------- include/mbedtls/build_info.h | 14 +--------- include/mbedtls/camellia.h | 14 +--------- include/mbedtls/ccm.h | 14 +--------- include/mbedtls/chacha20.h | 14 +--------- include/mbedtls/chachapoly.h | 14 +--------- include/mbedtls/check_config.h | 14 +--------- include/mbedtls/cipher.h | 14 +--------- include/mbedtls/cmac.h | 14 +--------- include/mbedtls/compat-2.x.h | 14 +--------- include/mbedtls/config_adjust_legacy_crypto.h | 14 +--------- .../mbedtls/config_adjust_legacy_from_psa.h | 14 +--------- .../mbedtls/config_adjust_psa_from_legacy.h | 14 +--------- .../config_adjust_psa_superset_legacy.h | 14 +--------- include/mbedtls/config_adjust_ssl.h | 14 +--------- include/mbedtls/config_adjust_x509.h | 14 +--------- include/mbedtls/config_psa.h | 14 +--------- include/mbedtls/constant_time.h | 14 +--------- include/mbedtls/ctr_drbg.h | 14 +--------- include/mbedtls/debug.h | 14 +--------- include/mbedtls/des.h | 14 +--------- include/mbedtls/dhm.h | 14 +--------- include/mbedtls/ecdh.h | 14 +--------- include/mbedtls/ecdsa.h | 14 +--------- include/mbedtls/ecjpake.h | 14 +--------- include/mbedtls/ecp.h | 14 +--------- include/mbedtls/entropy.h | 14 +--------- include/mbedtls/error.h | 14 +--------- include/mbedtls/gcm.h | 14 +--------- include/mbedtls/hkdf.h | 14 +--------- include/mbedtls/hmac_drbg.h | 14 +--------- include/mbedtls/lms.h | 14 +--------- include/mbedtls/mbedtls_config.h | 14 +--------- include/mbedtls/md.h | 14 +--------- include/mbedtls/md5.h | 14 +--------- include/mbedtls/memory_buffer_alloc.h | 14 +--------- include/mbedtls/net_sockets.h | 14 +--------- include/mbedtls/nist_kw.h | 14 +--------- include/mbedtls/oid.h | 14 +--------- include/mbedtls/pem.h | 14 +--------- include/mbedtls/pk.h | 14 +--------- include/mbedtls/pkcs12.h | 14 +--------- include/mbedtls/pkcs5.h | 14 +--------- include/mbedtls/pkcs7.h | 14 +--------- include/mbedtls/platform.h | 14 +--------- include/mbedtls/platform_time.h | 14 +--------- include/mbedtls/platform_util.h | 14 +--------- include/mbedtls/poly1305.h | 14 +--------- include/mbedtls/private_access.h | 14 +--------- include/mbedtls/psa_util.h | 14 +--------- include/mbedtls/ripemd160.h | 14 +--------- include/mbedtls/rsa.h | 14 +--------- include/mbedtls/sha1.h | 14 +--------- include/mbedtls/sha256.h | 14 +--------- include/mbedtls/sha3.h | 14 +--------- include/mbedtls/sha512.h | 14 +--------- include/mbedtls/ssl.h | 14 +--------- include/mbedtls/ssl_cache.h | 14 +--------- include/mbedtls/ssl_ciphersuites.h | 14 +--------- include/mbedtls/ssl_cookie.h | 14 +--------- include/mbedtls/ssl_ticket.h | 14 +--------- include/mbedtls/threading.h | 14 +--------- include/mbedtls/timing.h | 14 +--------- include/mbedtls/version.h | 14 +--------- include/mbedtls/x509.h | 14 +--------- include/mbedtls/x509_crl.h | 14 +--------- include/mbedtls/x509_crt.h | 14 +--------- include/mbedtls/x509_csr.h | 14 +--------- include/psa/build_info.h | 14 +--------- include/psa/crypto.h | 14 +--------- include/psa/crypto_adjust_auto_enabled.h | 14 +--------- .../psa/crypto_adjust_config_key_pair_types.h | 14 +--------- include/psa/crypto_adjust_config_synonyms.h | 14 +--------- include/psa/crypto_builtin_composites.h | 14 +--------- include/psa/crypto_builtin_key_derivation.h | 14 +--------- include/psa/crypto_builtin_primitives.h | 14 +--------- include/psa/crypto_compat.h | 14 +--------- include/psa/crypto_config.h | 14 +--------- include/psa/crypto_driver_common.h | 14 +--------- .../psa/crypto_driver_contexts_composites.h | 14 +--------- .../crypto_driver_contexts_key_derivation.h | 14 +--------- .../psa/crypto_driver_contexts_primitives.h | 14 +--------- include/psa/crypto_extra.h | 14 +--------- include/psa/crypto_legacy.h | 14 +--------- include/psa/crypto_platform.h | 14 +--------- include/psa/crypto_se_driver.h | 14 +--------- include/psa/crypto_sizes.h | 14 +--------- include/psa/crypto_struct.h | 14 +--------- include/psa/crypto_types.h | 14 +--------- include/psa/crypto_values.h | 14 +--------- library/aes.c | 14 +--------- library/aesce.c | 14 +--------- library/aesce.h | 14 +--------- library/aesni.c | 14 +--------- library/aesni.h | 14 +--------- library/alignment.h | 14 +--------- library/aria.c | 14 +--------- library/asn1parse.c | 14 +--------- library/asn1write.c | 14 +--------- library/base64.c | 14 +--------- library/base64_internal.h | 14 +--------- library/bignum.c | 14 +--------- library/bignum_core.c | 14 +--------- library/bignum_core.h | 14 +--------- library/bignum_mod.c | 14 +--------- library/bignum_mod.h | 14 +--------- library/bignum_mod_raw.c | 14 +--------- library/bignum_mod_raw.h | 14 +--------- library/bignum_mod_raw_invasive.h | 14 +--------- library/bn_mul.h | 14 +--------- library/camellia.c | 14 +--------- library/ccm.c | 14 +--------- library/chacha20.c | 14 +--------- library/chachapoly.c | 14 +--------- library/check_crypto_config.h | 14 +--------- library/cipher.c | 14 +--------- library/cipher_wrap.c | 14 +--------- library/cipher_wrap.h | 14 +--------- library/cmac.c | 14 +--------- library/common.h | 14 +--------- library/constant_time.c | 14 +--------- library/constant_time_impl.h | 14 +--------- library/constant_time_internal.h | 14 +--------- library/ctr_drbg.c | 14 +--------- library/debug.c | 14 +--------- library/des.c | 14 +--------- library/dhm.c | 14 +--------- library/ecdh.c | 14 +--------- library/ecdsa.c | 14 +--------- library/ecjpake.c | 14 +--------- library/ecp.c | 14 +--------- library/ecp_curves.c | 14 +--------- library/ecp_curves_new.c | 14 +--------- library/ecp_internal_alt.h | 14 +--------- library/ecp_invasive.h | 14 +--------- library/entropy.c | 14 +--------- library/entropy_poll.c | 14 +--------- library/entropy_poll.h | 14 +--------- library/error.c | 14 +--------- library/gcm.c | 14 +--------- library/hkdf.c | 14 +--------- library/hmac_drbg.c | 14 +--------- library/lmots.c | 14 +--------- library/lmots.h | 14 +--------- library/lms.c | 14 +--------- library/md.c | 14 +--------- library/md5.c | 14 +--------- library/md_psa.h | 14 +--------- library/md_wrap.h | 14 +--------- library/memory_buffer_alloc.c | 14 +--------- library/mps_common.h | 14 +--------- library/mps_error.h | 14 +--------- library/mps_reader.c | 14 +--------- library/mps_reader.h | 14 +--------- library/mps_trace.c | 14 +--------- library/mps_trace.h | 14 +--------- library/net_sockets.c | 14 +--------- library/nist_kw.c | 14 +--------- library/oid.c | 14 +--------- library/padlock.c | 14 +--------- library/padlock.h | 14 +--------- library/pem.c | 14 +--------- library/pk.c | 14 +--------- library/pk_internal.h | 14 +--------- library/pk_wrap.c | 14 +--------- library/pk_wrap.h | 14 +--------- library/pkcs12.c | 14 +--------- library/pkcs5.c | 14 +--------- library/pkcs7.c | 14 +--------- library/pkparse.c | 14 +--------- library/pkwrite.c | 14 +--------- library/pkwrite.h | 14 +--------- library/platform.c | 14 +--------- library/platform_util.c | 14 +--------- library/poly1305.c | 14 +--------- library/psa_crypto.c | 14 +--------- library/psa_crypto_aead.c | 14 +--------- library/psa_crypto_aead.h | 14 +--------- library/psa_crypto_cipher.c | 14 +--------- library/psa_crypto_cipher.h | 14 +--------- library/psa_crypto_client.c | 14 +--------- library/psa_crypto_core.h | 14 +--------- library/psa_crypto_core_common.h | 14 +--------- library/psa_crypto_driver_wrappers.h | 14 +--------- .../psa_crypto_driver_wrappers_no_static.c | 14 +--------- .../psa_crypto_driver_wrappers_no_static.h | 14 +--------- library/psa_crypto_ecp.c | 14 +--------- library/psa_crypto_ecp.h | 14 +--------- library/psa_crypto_ffdh.c | 14 +--------- library/psa_crypto_ffdh.h | 14 +--------- library/psa_crypto_hash.c | 14 +--------- library/psa_crypto_hash.h | 14 +--------- library/psa_crypto_invasive.h | 14 +--------- library/psa_crypto_its.h | 14 +--------- library/psa_crypto_mac.c | 14 +--------- library/psa_crypto_mac.h | 14 +--------- library/psa_crypto_pake.c | 14 +--------- library/psa_crypto_pake.h | 14 +--------- library/psa_crypto_random_impl.h | 14 +--------- library/psa_crypto_rsa.c | 14 +--------- library/psa_crypto_rsa.h | 14 +--------- library/psa_crypto_se.c | 14 +--------- library/psa_crypto_se.h | 14 +--------- library/psa_crypto_slot_management.c | 14 +--------- library/psa_crypto_slot_management.h | 14 +--------- library/psa_crypto_storage.c | 14 +--------- library/psa_crypto_storage.h | 14 +--------- library/psa_its_file.c | 14 +--------- library/psa_util.c | 14 +--------- library/psa_util_internal.h | 14 +--------- library/ripemd160.c | 14 +--------- library/rsa.c | 14 +--------- library/rsa_alt_helpers.c | 14 +--------- library/rsa_alt_helpers.h | 14 +--------- library/sha1.c | 14 +--------- library/sha256.c | 14 +--------- library/sha3.c | 14 +--------- library/sha512.c | 14 +--------- library/ssl_cache.c | 14 +--------- library/ssl_ciphersuites.c | 14 +--------- library/ssl_client.c | 14 +--------- library/ssl_client.h | 14 +--------- library/ssl_cookie.c | 14 +--------- library/ssl_debug_helpers.h | 14 +--------- library/ssl_debug_helpers_generated.c | 14 +--------- library/ssl_misc.h | 14 +--------- library/ssl_msg.c | 14 +--------- library/ssl_ticket.c | 14 +--------- library/ssl_tls.c | 14 +--------- library/ssl_tls12_client.c | 14 +--------- library/ssl_tls12_server.c | 14 +--------- library/ssl_tls13_client.c | 14 +--------- library/ssl_tls13_generic.c | 14 +--------- library/ssl_tls13_invasive.h | 14 +--------- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 2 +- library/ssl_tls13_server.c | 14 +--------- library/threading.c | 14 +--------- library/timing.c | 14 +--------- library/version.c | 14 +--------- library/version_features.c | 14 +--------- library/x509.c | 14 +--------- library/x509_create.c | 14 +--------- library/x509_crl.c | 14 +--------- library/x509_crt.c | 14 +--------- library/x509_csr.c | 14 +--------- library/x509write.c | 14 +--------- library/x509write_crt.c | 14 +--------- library/x509write_csr.c | 14 +--------- programs/aes/crypt_and_hash.c | 14 +--------- programs/cipher/cipher_aead_demo.c | 14 +--------- programs/hash/generic_sum.c | 14 +--------- programs/hash/hello.c | 14 +--------- programs/hash/md_hmac_demo.c | 14 +--------- programs/pkey/dh_client.c | 14 +--------- programs/pkey/dh_genprime.c | 14 +--------- programs/pkey/dh_server.c | 14 +--------- programs/pkey/ecdh_curve25519.c | 14 +--------- programs/pkey/ecdsa.c | 14 +--------- programs/pkey/gen_key.c | 14 +--------- programs/pkey/key_app.c | 14 +--------- programs/pkey/key_app_writer.c | 14 +--------- programs/pkey/mpi_demo.c | 14 +--------- programs/pkey/pk_decrypt.c | 14 +--------- programs/pkey/pk_encrypt.c | 14 +--------- programs/pkey/pk_sign.c | 14 +--------- programs/pkey/pk_verify.c | 14 +--------- programs/pkey/rsa_decrypt.c | 14 +--------- programs/pkey/rsa_encrypt.c | 14 +--------- programs/pkey/rsa_genkey.c | 14 +--------- programs/pkey/rsa_sign.c | 14 +--------- programs/pkey/rsa_sign_pss.c | 14 +--------- programs/pkey/rsa_verify.c | 14 +--------- programs/pkey/rsa_verify_pss.c | 14 +--------- programs/psa/aead_demo.c | 14 +--------- programs/psa/crypto_examples.c | 14 +--------- programs/psa/hmac_demo.c | 14 +--------- programs/psa/key_ladder_demo.c | 14 +--------- programs/psa/key_ladder_demo.sh | 14 +--------- programs/psa/psa_constant_names.c | 14 +--------- programs/random/gen_entropy.c | 14 +--------- programs/random/gen_random_ctr_drbg.c | 14 +--------- programs/ssl/dtls_client.c | 14 +--------- programs/ssl/dtls_server.c | 14 +--------- programs/ssl/mini_client.c | 14 +--------- programs/ssl/ssl_client1.c | 14 +--------- programs/ssl/ssl_client2.c | 14 +--------- programs/ssl/ssl_context_info.c | 14 +--------- programs/ssl/ssl_fork_server.c | 14 +--------- programs/ssl/ssl_mail_client.c | 14 +--------- programs/ssl/ssl_pthread_server.c | 14 +--------- programs/ssl/ssl_server.c | 14 +--------- programs/ssl/ssl_server2.c | 14 +--------- programs/ssl/ssl_test_common_source.c | 14 +--------- programs/ssl/ssl_test_lib.c | 14 +--------- programs/ssl/ssl_test_lib.h | 14 +--------- programs/test/benchmark.c | 14 +--------- programs/test/cmake_package/cmake_package.c | 14 +--------- .../cmake_package_install.c | 14 +--------- .../test/cmake_subproject/cmake_subproject.c | 14 +--------- programs/test/dlopen.c | 14 +--------- programs/test/dlopen_demo.sh | 14 +--------- programs/test/generate_cpp_dummy_build.sh | 27 ++---------------- programs/test/query_compile_time_config.c | 14 +--------- programs/test/query_config.c | 14 +--------- programs/test/query_config.h | 14 +--------- programs/test/query_included_headers.c | 14 +--------- programs/test/selftest.c | 14 +--------- programs/test/udp_proxy.c | 14 +--------- programs/test/udp_proxy_wrapper.sh | 14 +--------- programs/test/zeroize.c | 14 +--------- programs/util/pem2der.c | 14 +--------- programs/util/strerror.c | 14 +--------- programs/wince_main.c | 14 +--------- programs/x509/cert_app.c | 14 +--------- programs/x509/cert_req.c | 14 +--------- programs/x509/cert_write.c | 14 +--------- programs/x509/crl_app.c | 14 +--------- programs/x509/load_roots.c | 14 +--------- programs/x509/req_app.c | 14 +--------- scripts/abi_check.py | 14 +--------- scripts/apidoc_full.sh | 14 +--------- scripts/assemble_changelog.py | 14 +--------- scripts/bump_version.sh | 14 +--------- scripts/code_size_compare.py | 14 +--------- scripts/code_style.py | 14 +--------- scripts/config.pl | 13 +-------- scripts/config.py | 13 +-------- .../psa_crypto_driver_wrappers.h.jinja | 14 +--------- ...a_crypto_driver_wrappers_no_static.c.jinja | 14 +--------- scripts/data_files/error.fmt | 14 +--------- scripts/data_files/query_config.fmt | 14 +--------- scripts/data_files/version_features.fmt | 14 +--------- scripts/ecc-heap.sh | 14 +--------- scripts/ecp_comb_table.py | 14 +--------- scripts/footprint.sh | 14 +--------- scripts/generate_driver_wrappers.py | 14 +--------- scripts/generate_errors.pl | 14 +--------- scripts/generate_features.pl | 14 +--------- scripts/generate_psa_constants.py | 14 +--------- scripts/generate_query_config.pl | 14 +--------- scripts/generate_ssl_debug_helpers.py | 27 ++---------------- scripts/generate_visualc_files.pl | 14 +--------- scripts/lcov.sh | 14 +--------- scripts/massif_max.pl | 14 +--------- scripts/mbedtls_dev/asymmetric_key_data.py | 13 +-------- scripts/mbedtls_dev/bignum_common.py | 13 +-------- scripts/mbedtls_dev/bignum_core.py | 13 +-------- scripts/mbedtls_dev/bignum_data.py | 13 +-------- scripts/mbedtls_dev/bignum_mod.py | 13 +-------- scripts/mbedtls_dev/bignum_mod_raw.py | 13 +-------- scripts/mbedtls_dev/build_tree.py | 13 +-------- scripts/mbedtls_dev/c_build_helper.py | 13 +-------- scripts/mbedtls_dev/crypto_data_tests.py | 13 +-------- scripts/mbedtls_dev/crypto_knowledge.py | 13 +-------- scripts/mbedtls_dev/ecp.py | 13 +-------- scripts/mbedtls_dev/logging_util.py | 13 +-------- scripts/mbedtls_dev/macro_collector.py | 13 +-------- scripts/mbedtls_dev/psa_information.py | 13 +-------- scripts/mbedtls_dev/psa_storage.py | 13 +-------- scripts/mbedtls_dev/test_case.py | 13 +-------- scripts/mbedtls_dev/test_data_generation.py | 13 +-------- scripts/mbedtls_dev/typing_util.py | 13 +-------- scripts/memory.sh | 14 +--------- scripts/min_requirements.py | 14 +--------- scripts/output_env.sh | 14 +--------- scripts/prepare_release.sh | 14 +--------- scripts/tmp_ignore_makefiles.sh | 14 +--------- tests/compat-in-docker.sh | 14 +--------- tests/compat.sh | 14 +--------- tests/configs/tls13-only.h | 14 +--------- tests/configs/user-config-for-test.h | 14 +--------- tests/configs/user-config-malloc-0-null.h | 14 +--------- tests/configs/user-config-zeroize-memset.h | 14 +--------- tests/context-info.sh | 14 +--------- tests/data_files/dir-maxpath/long.sh | 14 +--------- tests/data_files/print_c.pl | 14 +--------- tests/data_files/test_certs.h.jinja2 | 14 +--------- tests/docker/bionic/Dockerfile | 14 +--------- tests/git-scripts/pre-push.sh | 14 +--------- tests/include/alt-dummy/aes_alt.h | 14 +--------- tests/include/alt-dummy/aria_alt.h | 14 +--------- tests/include/alt-dummy/camellia_alt.h | 14 +--------- tests/include/alt-dummy/ccm_alt.h | 14 +--------- tests/include/alt-dummy/chacha20_alt.h | 14 +--------- tests/include/alt-dummy/chachapoly_alt.h | 14 +--------- tests/include/alt-dummy/cmac_alt.h | 14 +--------- tests/include/alt-dummy/des_alt.h | 14 +--------- tests/include/alt-dummy/dhm_alt.h | 14 +--------- tests/include/alt-dummy/ecjpake_alt.h | 14 +--------- tests/include/alt-dummy/ecp_alt.h | 14 +--------- tests/include/alt-dummy/gcm_alt.h | 14 +--------- tests/include/alt-dummy/md5_alt.h | 14 +--------- tests/include/alt-dummy/nist_kw_alt.h | 14 +--------- tests/include/alt-dummy/platform_alt.h | 14 +--------- tests/include/alt-dummy/poly1305_alt.h | 14 +--------- tests/include/alt-dummy/ripemd160_alt.h | 14 +--------- tests/include/alt-dummy/rsa_alt.h | 14 +--------- tests/include/alt-dummy/sha1_alt.h | 14 +--------- tests/include/alt-dummy/sha256_alt.h | 14 +--------- tests/include/alt-dummy/sha512_alt.h | 14 +--------- tests/include/alt-dummy/threading_alt.h | 14 +--------- tests/include/alt-dummy/timing_alt.h | 14 +--------- tests/include/baremetal-override/time.h | 14 +--------- tests/include/spe/crypto_spe.h | 14 +--------- tests/include/test/arguments.h | 14 +--------- tests/include/test/asn1_helpers.h | 14 +--------- tests/include/test/bignum_helpers.h | 14 +--------- tests/include/test/certs.h | 14 +--------- tests/include/test/constant_flow.h | 14 +--------- tests/include/test/drivers/aead.h | 14 +--------- .../test/drivers/asymmetric_encryption.h | 14 +--------- tests/include/test/drivers/cipher.h | 14 +--------- .../include/test/drivers/config_test_driver.h | 14 +--------- tests/include/test/drivers/hash.h | 14 +--------- tests/include/test/drivers/key_agreement.h | 14 +--------- tests/include/test/drivers/key_management.h | 14 +--------- tests/include/test/drivers/mac.h | 14 +--------- tests/include/test/drivers/pake.h | 14 +--------- tests/include/test/drivers/signature.h | 14 +--------- tests/include/test/drivers/test_driver.h | 14 +--------- .../include/test/fake_external_rng_for_test.h | 14 +--------- tests/include/test/helpers.h | 14 +--------- tests/include/test/macros.h | 14 +--------- tests/include/test/psa_crypto_helpers.h | 14 +--------- tests/include/test/psa_exercise_key.h | 14 +--------- tests/include/test/psa_helpers.h | 14 +--------- tests/include/test/random.h | 14 +--------- tests/include/test/ssl_helpers.h | 14 +--------- tests/make-in-docker.sh | 14 +--------- tests/opt-testcases/tls13-compat.sh | 14 +--------- tests/opt-testcases/tls13-kex-modes.sh | 14 +--------- tests/opt-testcases/tls13-misc.sh | 14 +--------- tests/scripts/all-in-docker.sh | 14 +--------- tests/scripts/all.sh | 14 +--------- tests/scripts/audit-validity-dates.py | 14 +--------- tests/scripts/basic-build-test.sh | 14 +--------- tests/scripts/basic-in-docker.sh | 14 +--------- tests/scripts/check-doxy-blocks.pl | 14 +--------- tests/scripts/check-generated-files.sh | 14 +--------- tests/scripts/check-python-files.sh | 14 +--------- tests/scripts/check_files.py | 14 +--------- tests/scripts/check_names.py | 14 +--------- tests/scripts/check_test_cases.py | 14 +--------- tests/scripts/depends.py | 14 +--------- tests/scripts/docker_env.sh | 14 +--------- tests/scripts/doxygen.sh | 14 +--------- tests/scripts/gen_ctr_drbg.pl | 14 +--------- tests/scripts/gen_gcm_decrypt.pl | 14 +--------- tests/scripts/gen_gcm_encrypt.pl | 14 +--------- tests/scripts/gen_pkcs1_v21_sign_verify.pl | 14 +--------- tests/scripts/generate-afl-tests.sh | 14 +--------- tests/scripts/generate_bignum_tests.py | 14 +--------- tests/scripts/generate_ecp_tests.py | 14 +--------- tests/scripts/generate_pkcs7_tests.py | 14 +--------- tests/scripts/generate_psa_tests.py | 14 +--------- tests/scripts/generate_test_cert_macros.py | 14 +--------- tests/scripts/generate_test_code.py | 14 +--------- tests/scripts/generate_tls13_compat_tests.py | 28 ++----------------- tests/scripts/list-identifiers.sh | 14 +--------- tests/scripts/list_internal_identifiers.py | 14 +--------- tests/scripts/psa_collect_statuses.py | 14 +--------- tests/scripts/recursion.pl | 14 +--------- tests/scripts/run-test-suites.pl | 14 +--------- tests/scripts/scripts_path.py | 13 +-------- tests/scripts/set_psa_test_dependencies.py | 14 +--------- tests/scripts/tcp_client.pl | 14 +--------- tests/scripts/test-ref-configs.pl | 14 +--------- tests/scripts/test_config_script.py | 13 +-------- tests/scripts/test_generate_test_code.py | 14 +--------- tests/scripts/test_psa_compliance.py | 14 +--------- tests/scripts/test_psa_constant_names.py | 14 +--------- tests/scripts/test_zeroize.gdb | 14 +--------- tests/scripts/translate_ciphers.py | 14 +--------- tests/scripts/travis-log-failure.sh | 14 +--------- tests/src/asn1_helpers.c | 14 +--------- tests/src/bignum_helpers.c | 14 +--------- tests/src/certs.c | 14 +--------- tests/src/drivers/hash.c | 14 +--------- tests/src/drivers/platform_builtin_keys.c | 14 +--------- tests/src/drivers/test_driver_aead.c | 14 +--------- .../test_driver_asymmetric_encryption.c | 14 +--------- tests/src/drivers/test_driver_cipher.c | 14 +--------- tests/src/drivers/test_driver_key_agreement.c | 14 +--------- .../src/drivers/test_driver_key_management.c | 14 +--------- tests/src/drivers/test_driver_mac.c | 14 +--------- tests/src/drivers/test_driver_pake.c | 14 +--------- tests/src/drivers/test_driver_signature.c | 14 +--------- tests/src/fake_external_rng_for_test.c | 14 +--------- tests/src/helpers.c | 14 +--------- tests/src/psa_crypto_helpers.c | 14 +--------- tests/src/psa_exercise_key.c | 14 +--------- tests/src/random.c | 14 +--------- tests/src/test_certs.h | 14 +--------- tests/src/test_helpers/ssl_helpers.c | 14 +--------- tests/src/threading_helpers.c | 14 +--------- tests/ssl-opt-in-docker.sh | 14 +--------- tests/ssl-opt.sh | 14 +--------- 524 files changed, 527 insertions(+), 6779 deletions(-) diff --git a/.uncrustify.cfg b/.uncrustify.cfg index 92b8ce9cd..8dc9db049 100644 --- a/.uncrustify.cfg +++ b/.uncrustify.cfg @@ -4,19 +4,7 @@ # to Mbed TLS. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Wrap lines at 100 characters diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 3f878f758..42c35b5bf 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -3,7 +3,7 @@ * * Copyright The Mbed TLS Contributors * Author: Manuel Pégourié-Gonnard. - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "p256-m.h" diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h index 28d319f39..c26780024 100644 --- a/3rdparty/p256-m/p256-m/p256-m.h +++ b/3rdparty/p256-m/p256-m/p256-m.h @@ -3,7 +3,7 @@ * * Copyright The Mbed TLS Contributors * Author: Manuel Pégourié-Gonnard. - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef P256_M_H #define P256_M_H diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index 61310a87b..d272dcbb1 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/platform.h" diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index d92a8f00b..c740c4522 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef P256M_DRIVER_ENTRYPOINTS_H diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index af2415fe1..19e09d957 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index 62c1d8013..d49adfd72 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 1964e8e55..ddb00b41e 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration of features that do not require an entropy source diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 56a700f74..9bba6e6cb 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index a014b5273..512dd7616 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* System support */ diff --git a/configs/config-thread.h b/configs/config-thread.h index e05b557ed..2f81f9007 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h index 6c12bd7b6..7f8d58768 100644 --- a/configs/crypto-config-ccm-aes-sha256.h +++ b/configs/crypto-config-ccm-aes-sha256.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CONFIG_H diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 88736b54b..3234cd672 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -9,19 +9,7 @@ */ /* * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of mbed TLS (https://tls.mbed.org) */ diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh index 1e1ec8c29..6c9686eb2 100755 --- a/docs/architecture/psa-migration/syms.sh +++ b/docs/architecture/psa-migration/syms.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index ec149aef7..cf77690b3 100644 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index 931e6e928..83613bfa9 100644 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index b67237fbc..f465a454b 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h index 7da13cd73..22608a879 100644 --- a/doxygen/input/doc_rng.h +++ b/doxygen/input/doc_rng.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h index 6961124e4..5757574f3 100644 --- a/doxygen/input/doc_ssltls.h +++ b/doxygen/input/doc_ssltls.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h index a705de146..f8d8c6905 100644 --- a/doxygen/input/doc_tcpip.h +++ b/doxygen/input/doc_tcpip.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h index 904967501..945830f11 100644 --- a/doxygen/input/doc_x509.h +++ b/doxygen/input/doc_x509.h @@ -6,19 +6,7 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 7c92162d1..77ecffd86 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -22,19 +22,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_AES_H diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 7e55df7ec..abb8a3d76 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -11,19 +11,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ARIA_H diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index c7aae0ff8..830458b55 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ASN1_H #define MBEDTLS_ASN1_H diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 6fe57c8f0..7af4aba41 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ASN1_WRITE_H #define MBEDTLS_ASN1_WRITE_H diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 635be713d..8f459b74c 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BASE64_H #define MBEDTLS_BASE64_H diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index eb8446ea8..931e06d2c 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_H #define MBEDTLS_BIGNUM_H diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 842f15c58..9b2b27255 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BUILD_INFO_H diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 8033c13ff..6c674fe04 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CAMELLIA_H #define MBEDTLS_CAMELLIA_H diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index e00e747de..a98111b4e 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -29,19 +29,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CCM_H diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index e24e56b98..680fe3604 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -14,19 +14,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CHACHA20_H diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 19baadefd..3dc21e380 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -14,19 +14,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CHACHAPOLY_H diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e18e9a5fc..e479ef3a0 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CHECK_CONFIG_H diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 9c8701d38..2596baa92 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CIPHER_H diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index b2aca5d04..97b86fc42 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CMAC_H diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h index cdf81dcbb..096341ba7 100644 --- a/include/mbedtls/compat-2.x.h +++ b/include/mbedtls/compat-2.x.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 6ec59f193..f76976591 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -16,19 +16,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index e3c2ed117..ab18d985d 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index 088711d37..c31a46243 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h index 3d9029b57..3a55c3f6e 100644 --- a/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -11,19 +11,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 2275f3add..8415f3e5f 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -16,19 +16,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h index 99a0ace2f..346c8ae6d 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/config_adjust_x509.h @@ -16,19 +16,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_ADJUST_X509_H diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 2d2397197..17da61b3e 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_PSA_H diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h index ebecf35b0..d31bff677 100644 --- a/include/mbedtls/constant_time.h +++ b/include/mbedtls/constant_time.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONSTANT_TIME_H diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 0348281e4..d1f19e607 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -23,19 +23,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CTR_DRBG_H diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index d6dd15224..0aef2ed65 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_DEBUG_H #define MBEDTLS_DEBUG_H diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index f445102d9..2b097a13d 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ #ifndef MBEDTLS_DES_H diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 0232a71fd..fcba3d2af 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -45,19 +45,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_DHM_H diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 67c94f0fa..792db79fd 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -14,19 +14,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECDH_H diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 3b2b418f1..2ecf34911 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECDSA_H diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 0008d7312..c2148a2bd 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECJPAKE_H #define MBEDTLS_ECJPAKE_H diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index bf95b907a..7f5e88080 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -16,19 +16,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECP_H diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index c2bba41d2..20fd6872b 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ENTROPY_H #define MBEDTLS_ENTROPY_H diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index a7454f234..186589ac5 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ERROR_H #define MBEDTLS_ERROR_H diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index c3343e6aa..837cecc09 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -13,19 +13,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_GCM_H diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index 699c6d9e9..930e93f32 100644 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_HKDF_H #define MBEDTLS_HKDF_H diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 2e5aa6d06..18b1b75a6 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h index 5c8df42f8..95fce2133 100644 --- a/include/mbedtls/lms.h +++ b/include/mbedtls/lms.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LMS_H #define MBEDTLS_LMS_H diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index af0761395..1d8433e2d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index c9a7858f3..ff7b13365 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD_H diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 808188694..6bf0754a4 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD5_H #define MBEDTLS_MD5_H diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index 9694d2458..b527d9b66 100644 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H #define MBEDTLS_MEMORY_BUFFER_ALLOC_H diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 1096d66d9..026f627ce 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -21,19 +21,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_NET_SOCKETS_H #define MBEDTLS_NET_SOCKETS_H diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h index 0c95c902e..d353f3d1a 100644 --- a/include/mbedtls/nist_kw.h +++ b/include/mbedtls/nist_kw.h @@ -17,19 +17,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_NIST_KW_H diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 954507229..e48817d68 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_OID_H #define MBEDTLS_OID_H diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index a33fc65e5..cc617a9bc 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PEM_H #define MBEDTLS_PEM_H diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index aea602be7..24b11886b 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_H diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index ba1a2edf0..42e84538a 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PKCS12_H #define MBEDTLS_PKCS12_H diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index 8b086aa2e..e004f4555 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PKCS5_H #define MBEDTLS_PKCS5_H diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 1231e3402..70b25a9c6 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 3fc1fd0c1..de3d71d9d 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -21,19 +21,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h index 21b369745..97f1963ab 100644 --- a/include/mbedtls/platform_time.h +++ b/include/mbedtls/platform_time.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PLATFORM_TIME_H #define MBEDTLS_PLATFORM_TIME_H diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 3f23fef55..cba02ab3d 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PLATFORM_UTIL_H #define MBEDTLS_PLATFORM_UTIL_H diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 3025ef1f2..61bcaa6b6 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -14,19 +14,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_POLY1305_H diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h index 61fa8777b..580f3eb44 100644 --- a/include/mbedtls/private_access.h +++ b/include/mbedtls/private_access.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PRIVATE_ACCESS_H diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 8ce15927b..643e8aac4 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PSA_UTIL_H diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index acec3c52d..279f92b51 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_RIPEMD160_H #define MBEDTLS_RIPEMD160_H diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 69f3981ed..df665240d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -11,19 +11,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_RSA_H #define MBEDTLS_RSA_H diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 18bde93d3..592ffd13f 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 87e259f5b..4ee780f7d 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 77748be1f..3eeee65e6 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA3_H diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index ea5467829..1c20e4c22 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index debb1cc2c..89f7b8164 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index 7a90191c3..a1307b450 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 07f2facef..8cecbb625 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 5cd1847d0..71c258ea4 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 0cefe43a1..6d59c12da 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 6a336c3ed..ed16a23b1 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 830dcee63..62ae1022d 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_TIMING_H #define MBEDTLS_TIMING_H diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 073211a19..637f9d38b 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * This set of run-time variables can be used to determine the version number of diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index a9267c791..e2e06679b 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_H #define MBEDTLS_X509_H diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 62694ae7f..6625a44f4 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 3f9b25075..3f1a1e761 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_CRT_H #define MBEDTLS_X509_CRT_H diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 513a83edd..e54010b10 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_X509_CSR_H #define MBEDTLS_X509_CSR_H diff --git a/include/psa/build_info.h b/include/psa/build_info.h index 34a138d72..3ee6cd7b1 100644 --- a/include/psa/build_info.h +++ b/include/psa/build_info.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILD_INFO_H diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6b06187bf..fe10ee0e4 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_H diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h index 5e18298c6..63fb29e85 100644 --- a/include/psa/crypto_adjust_auto_enabled.h +++ b/include/psa/crypto_adjust_auto_enabled.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/include/psa/crypto_adjust_config_key_pair_types.h index 7736e752d..63afc0e40 100644 --- a/include/psa/crypto_adjust_config_key_pair_types.h +++ b/include/psa/crypto_adjust_config_key_pair_types.h @@ -13,19 +13,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h index 5142ef0ae..cf33465b5 100644 --- a/include/psa/crypto_adjust_config_synonyms.h +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index d9473ac00..35c2e29b9 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 8a2143a7e..6b91ae73f 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index d3e069223..98ab4d333 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 70fa14e87..f896fae1c 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_COMPAT_H diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index d34cbf339..5bf00f402 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -32,19 +32,7 @@ #endif /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CONFIG_H diff --git a/include/psa/crypto_driver_common.h b/include/psa/crypto_driver_common.h index 26363c6b2..cc11d3b9a 100644 --- a/include/psa/crypto_driver_common.h +++ b/include/psa/crypto_driver_common.h @@ -17,19 +17,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_COMMON_H #define PSA_CRYPTO_DRIVER_COMMON_H diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index d0188647f..d717c5190 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -16,19 +16,7 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 3fb29ff7f..21190515c 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -15,19 +15,7 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index b27a768e8..c90a5fbe7 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -15,19 +15,7 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 4b0cc7041..ef29b77db 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_EXTRA_H diff --git a/include/psa/crypto_legacy.h b/include/psa/crypto_legacy.h index 7a038d945..7df3614d6 100644 --- a/include/psa/crypto_legacy.h +++ b/include/psa/crypto_legacy.h @@ -13,19 +13,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PSA_CRYPTO_LEGACY_H diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index ee41c897f..f32a10146 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_PLATFORM_H diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index f39e2294c..9ce14bba6 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -17,19 +17,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SE_DRIVER_H #define PSA_CRYPTO_SE_DRIVER_H diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 1d5ed6c26..d22bf1017 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -22,19 +22,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SIZES_H diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index b309bc854..d5ea8d51b 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -43,19 +43,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_STRUCT_H diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 445657eb9..5a1318de0 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -15,19 +15,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TYPES_H diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 241b7c80d..5e33f6bd5 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -21,19 +21,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_VALUES_H diff --git a/library/aes.c b/library/aes.c index 0a7b26ce9..feb455b6f 100644 --- a/library/aes.c +++ b/library/aes.c @@ -2,19 +2,7 @@ * FIPS-197 compliant AES implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. diff --git a/library/aesce.c b/library/aesce.c index 8b42b034f..f2bdce2db 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -2,19 +2,7 @@ * Armv8-A Cryptographic Extension support functions for Aarch64 * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \ diff --git a/library/aesce.h b/library/aesce.h index d24c423b8..9206a6b3b 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_AESCE_H #define MBEDTLS_AESCE_H diff --git a/library/aesni.c b/library/aesni.c index 5f25a8249..59bcd3d92 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -2,19 +2,7 @@ * AES-NI support functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/aesni.h b/library/aesni.h index ba1429029..165859ac3 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_AESNI_H #define MBEDTLS_AESNI_H diff --git a/library/alignment.h b/library/alignment.h index ab15986e5..4bca10e8f 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LIBRARY_ALIGNMENT_H diff --git a/library/aria.c b/library/aria.c index 098036225..07a434f8f 100644 --- a/library/aria.c +++ b/library/aria.c @@ -2,19 +2,7 @@ * ARIA implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/asn1parse.c b/library/asn1parse.c index abdd0b1bd..c02b233ec 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -2,19 +2,7 @@ * Generic ASN.1 parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/asn1write.c b/library/asn1write.c index 2e9b98ad5..114091d63 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -2,19 +2,7 @@ * ASN.1 buffer writing functionality * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/base64.c b/library/base64.c index fa22e5375..a58717d6b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -2,19 +2,7 @@ * RFC 1521 base64 encoding/decoding * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/library/base64_internal.h b/library/base64_internal.h index f9f56d78d..a09bd2377 100644 --- a/library/base64_internal.h +++ b/library/base64_internal.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BASE64_INTERNAL diff --git a/library/bignum.c b/library/bignum.c index 7c265e04d..09ce0301f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2,19 +2,7 @@ * Multi-precision integer library * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/bignum_core.c b/library/bignum_core.c index dbf6d1df4..dfed60d55 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -2,19 +2,7 @@ * Core bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/bignum_core.h b/library/bignum_core.h index e5500f117..b56be0a71 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -62,19 +62,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_CORE_H diff --git a/library/bignum_mod.c b/library/bignum_mod.c index 2f0e9ed09..dfd332a70 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -2,19 +2,7 @@ * Modular bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 39e8fd218..963d8881a 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -63,19 +63,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_MOD_H diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 5ee1b19b2..5343bc650 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -2,19 +2,7 @@ * Low-level modular bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index c5ff9378e..7bb4ca3cf 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -60,19 +60,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_MOD_RAW_H diff --git a/library/bignum_mod_raw_invasive.h b/library/bignum_mod_raw_invasive.h index ead83942c..94a0d06cf 100644 --- a/library/bignum_mod_raw_invasive.h +++ b/library/bignum_mod_raw_invasive.h @@ -6,19 +6,7 @@ */ /** * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_BIGNUM_MOD_RAW_INVASIVE_H diff --git a/library/bn_mul.h b/library/bn_mul.h index ab1a66ae5..0738469db 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Multiply source vector [s] with b, add result diff --git a/library/camellia.c b/library/camellia.c index 409727d04..86c8bbfcd 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -2,19 +2,7 @@ * Camellia implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The Camellia block cipher was designed by NTT and Mitsubishi Electric diff --git a/library/ccm.c b/library/ccm.c index 237ef9f31..2cccd2809 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -2,19 +2,7 @@ * NIST SP800-38C compliant CCM implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/chacha20.c b/library/chacha20.c index cbb01f4ad..acaae5b2e 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -6,19 +6,7 @@ * \author Daniel King * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/chachapoly.c b/library/chachapoly.c index aebc646aa..a1314eab6 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -4,19 +4,7 @@ * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h index b7d87fe07..6469e9f43 100644 --- a/library/check_crypto_config.h +++ b/library/check_crypto_config.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/cipher.c b/library/cipher.c index 9f9f1075c..e9ad2ba96 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -6,19 +6,7 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index bbf57ceee..7e12de630 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -6,19 +6,7 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index c85a4efa8..ab10aa295 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CIPHER_WRAP_H #define MBEDTLS_CIPHER_WRAP_H diff --git a/library/cmac.c b/library/cmac.c index c07968685..f40cae20c 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -4,19 +4,7 @@ * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/common.h b/library/common.h index 3c472c685..c6ed14b68 100644 --- a/library/common.h +++ b/library/common.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LIBRARY_COMMON_H diff --git a/library/constant_time.c b/library/constant_time.c index 8b41aed19..c7077c352 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -2,19 +2,7 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 7759ac384..f0b2fc02f 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -2,19 +2,7 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONSTANT_TIME_IMPL_H diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index cc26edcd1..61a5c6d4e 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -2,19 +2,7 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONSTANT_TIME_INTERNAL_H diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index fdd753d1c..cf3816e9f 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -2,19 +2,7 @@ * CTR_DRBG implementation based on AES-256 (NIST SP 800-90) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The NIST SP 800-90 DRBGs are described in the following publication. diff --git a/library/debug.c b/library/debug.c index 0983cb0fb..c7bbd41bd 100644 --- a/library/debug.c +++ b/library/debug.c @@ -2,19 +2,7 @@ * Debugging routines * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/des.c b/library/des.c index eaddf282a..f0032b3b5 100644 --- a/library/des.c +++ b/library/des.c @@ -2,19 +2,7 @@ * FIPS-46-3 compliant Triple-DES implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * DES, on which TDES is based, was originally designed by Horst Feistel diff --git a/library/dhm.c b/library/dhm.c index 174137d54..3daf0c2d4 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The following sources were referenced in the design of this implementation diff --git a/library/ecdh.c b/library/ecdh.c index 58ef881f0..e060b1883 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -2,19 +2,7 @@ * Elliptic curve Diffie-Hellman * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecdsa.c b/library/ecdsa.c index 6e55f2205..2f7a996a7 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -2,19 +2,7 @@ * Elliptic curve DSA * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecjpake.c b/library/ecjpake.c index 6355b5ea5..fb13a395b 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -2,19 +2,7 @@ * Elliptic curve J-PAKE * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecp.c b/library/ecp.c index 5f2a7b0c0..dad744ce3 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2,19 +2,7 @@ * Elliptic curves over GF(p): generic functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 7b850e5e8..577e23b7a 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -2,19 +2,7 @@ * Elliptic curves over GF(p): curve-specific data and functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c index d431dcf24..4ee0f5800 100644 --- a/library/ecp_curves_new.c +++ b/library/ecp_curves_new.c @@ -2,19 +2,7 @@ * Elliptic curves over GF(p): curve-specific data and functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ecp_internal_alt.h b/library/ecp_internal_alt.h index f663d6737..668edc74c 100644 --- a/library/ecp_internal_alt.h +++ b/library/ecp_internal_alt.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index bb3b127ff..ff9f9ecf1 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ECP_INVASIVE_H #define MBEDTLS_ECP_INVASIVE_H diff --git a/library/entropy.c b/library/entropy.c index 00079176a..e3bc8516e 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -2,19 +2,7 @@ * Entropy accumulator implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 9d5b1e652..e8c669f9c 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -2,19 +2,7 @@ * Platform-specific and custom entropy polling functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(__linux__) && !defined(_GNU_SOURCE) diff --git a/library/entropy_poll.h b/library/entropy_poll.h index be4943cce..6b4aec03e 100644 --- a/library/entropy_poll.h +++ b/library/entropy_poll.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_ENTROPY_POLL_H #define MBEDTLS_ENTROPY_POLL_H diff --git a/library/error.c b/library/error.c index 2656e13b9..1687e1fa0 100644 --- a/library/error.c +++ b/library/error.c @@ -2,19 +2,7 @@ * Error message information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/gcm.c b/library/gcm.c index c8618be7c..42fd02078 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -2,19 +2,7 @@ * NIST SP800-38D compliant GCM implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/hkdf.c b/library/hkdf.c index a3f071ece..631ac24e5 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -2,19 +2,7 @@ * HKDF implementation -- RFC 5869 * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index af205aacb..90174d5d1 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -2,19 +2,7 @@ * HMAC_DRBG implementation (NIST SP 800-90) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/lmots.c b/library/lmots.c index 9d796943c..e09e3e529 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -2,19 +2,7 @@ * The LM-OTS one-time public-key signature scheme * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/lmots.h b/library/lmots.h index 98d1941d5..8e495c9dd 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -8,19 +8,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_LMOTS_H diff --git a/library/lms.c b/library/lms.c index c06f9c260..0c470a0c3 100644 --- a/library/lms.c +++ b/library/lms.c @@ -2,19 +2,7 @@ * The LMS stateful-hash public-key signature scheme * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/md.c b/library/md.c index 6dfbba78d..12a3ea237 100644 --- a/library/md.c +++ b/library/md.c @@ -6,19 +6,7 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/md5.c b/library/md5.c index 7e7e3ad9e..e4a87a2e0 100644 --- a/library/md5.c +++ b/library/md5.c @@ -2,19 +2,7 @@ * RFC 1321 compliant MD5 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The MD5 algorithm was designed by Ron Rivest in 1991. diff --git a/library/md_psa.h b/library/md_psa.h index 8e00bb149..b201263b1 100644 --- a/library/md_psa.h +++ b/library/md_psa.h @@ -5,19 +5,7 @@ * PSA Crypto; it is a helper for the transition period. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD_PSA_H #define MBEDTLS_MD_PSA_H diff --git a/library/md_wrap.h b/library/md_wrap.h index 166b43b99..dad123540 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_MD_WRAP_H #define MBEDTLS_MD_WRAP_H diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index e5052ce5a..79b0a8b8f 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -2,19 +2,7 @@ * Buffer-based memory allocator * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/mps_common.h b/library/mps_common.h index 301d52532..49e17535a 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_error.h b/library/mps_error.h index 5113959be..8a714a3a5 100644 --- a/library/mps_error.h +++ b/library/mps_error.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_reader.c b/library/mps_reader.c index dc2a91cbc..48b393685 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -2,19 +2,7 @@ * Message Processing Stack, Reader implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_reader.h b/library/mps_reader.h index bb912ec17..d877ee54a 100644 --- a/library/mps_reader.h +++ b/library/mps_reader.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_trace.c b/library/mps_trace.c index 9ba1f85e5..cb69c6be6 100644 --- a/library/mps_trace.c +++ b/library/mps_trace.c @@ -2,19 +2,7 @@ * Message Processing Stack, Trace module * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/mps_trace.h b/library/mps_trace.h index f8e0a5d80..a13edd87f 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS (https://tls.mbed.org) */ diff --git a/library/net_sockets.c b/library/net_sockets.c index db80447a3..2b120c551 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -2,19 +2,7 @@ * TCP/IP or UDP/IP networking functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable definition of getaddrinfo() even when compiling with -std=c99. Must diff --git a/library/nist_kw.c b/library/nist_kw.c index 7bdc807bc..f15425b8b 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -3,19 +3,7 @@ * only * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * Definition of Key Wrapping: diff --git a/library/oid.c b/library/oid.c index d139a6d0d..6184abe40 100644 --- a/library/oid.c +++ b/library/oid.c @@ -4,19 +4,7 @@ * \brief Object Identifier (OID) database * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/padlock.c b/library/padlock.c index 563d40e7c..1b03069ca 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -2,19 +2,7 @@ * VIA PadLock support functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * This implementation is based on the VIA PadLock Programming Guide: diff --git a/library/padlock.h b/library/padlock.h index a00afe04f..92d72af51 100644 --- a/library/padlock.h +++ b/library/padlock.h @@ -9,19 +9,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PADLOCK_H #define MBEDTLS_PADLOCK_H diff --git a/library/pem.c b/library/pem.c index bd269dda7..9500ffcf7 100644 --- a/library/pem.c +++ b/library/pem.c @@ -2,19 +2,7 @@ * Privacy Enhanced Mail (PEM) decoding * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pk.c b/library/pk.c index 96b8ef922..5a1698f12 100644 --- a/library/pk.c +++ b/library/pk.c @@ -2,19 +2,7 @@ * Public Key abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pk_internal.h b/library/pk_internal.h index 004660e09..26373a3d1 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -6,19 +6,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_INTERNAL_H #define MBEDTLS_PK_INTERNAL_H diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 4a3fef7ce..b5b460399 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -2,19 +2,7 @@ * Public Key abstraction layer: wrapper functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pk_wrap.h b/library/pk_wrap.h index b1e02180a..28c815a77 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_WRAP_H diff --git a/library/pkcs12.c b/library/pkcs12.c index dd3a24037..374e8e81c 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -2,19 +2,7 @@ * PKCS#12 Personal Information Exchange Syntax * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The PKCS #12 Personal Information Exchange Syntax Standard v1.1 diff --git a/library/pkcs5.c b/library/pkcs5.c index 2756d058e..c4572331f 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -6,19 +6,7 @@ * \author Mathias Olsson * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * PKCS#5 includes PBKDF2 and more diff --git a/library/pkcs7.c b/library/pkcs7.c index cf05afd2c..36b49f53b 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pkparse.c b/library/pkparse.c index e1422df77..b8e3c741e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -2,19 +2,7 @@ * Public Key layer for parsing key files and structures * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pkwrite.c b/library/pkwrite.c index 03db1454a..260bbd4c4 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -2,19 +2,7 @@ * Public Key layer for writing key files and structures * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/pkwrite.h b/library/pkwrite.h index 8cfa64b8e..544ab2f32 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PK_WRITE_H diff --git a/library/platform.c b/library/platform.c index b15b7b29a..890c4cbab 100644 --- a/library/platform.c +++ b/library/platform.c @@ -2,19 +2,7 @@ * Platform abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/platform_util.c b/library/platform_util.c index 09216edfb..1f15260c2 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -3,19 +3,7 @@ * library. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/poly1305.c b/library/poly1305.c index f4e1d3f88..c9ebe9e1d 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -4,19 +4,7 @@ * \brief Poly1305 authentication algorithm. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1faf1dd6c..54b578ab7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 85d1f39be..b7ddbf5ba 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 4b24b0f68..a3392199f 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_AEAD_H diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index b997a07cf..977ca1c07 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index bf43ff08a..2478d5860 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CIPHER_H diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c index c3234275a..564463fed 100644 --- a/library/psa_crypto_client.c +++ b/library/psa_crypto_client.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 575f302d4..304075ade 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CORE_H diff --git a/library/psa_crypto_core_common.h b/library/psa_crypto_core_common.h index dd72ab162..98fce2cca 100644 --- a/library/psa_crypto_core_common.h +++ b/library/psa_crypto_core_common.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_CORE_COMMON_H diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 6ab959769..c05e43c30 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -4,19 +4,7 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ diff --git a/library/psa_crypto_driver_wrappers_no_static.c b/library/psa_crypto_driver_wrappers_no_static.c index de1511bad..66a6059bb 100644 --- a/library/psa_crypto_driver_wrappers_no_static.c +++ b/library/psa_crypto_driver_wrappers_no_static.c @@ -4,19 +4,7 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ diff --git a/library/psa_crypto_driver_wrappers_no_static.h b/library/psa_crypto_driver_wrappers_no_static.h index 4985403cd..cd617f60e 100644 --- a/library/psa_crypto_driver_wrappers_no_static.h +++ b/library/psa_crypto_driver_wrappers_no_static.h @@ -3,19 +3,7 @@ * cryptographic accelerators. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 5c7786504..e4a372d24 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index f4ad3d277..a9f5d59de 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ECP_H diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 20dfd2dcf..a57f02e5e 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index 67e5444fc..baeb9286c 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_FFDH_H diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index dad182616..eeb7666c1 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index 2dfb0115e..0a7be8055 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_HASH_H diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h index a900dd8ff..6897bdd66 100644 --- a/library/psa_crypto_invasive.h +++ b/library/psa_crypto_invasive.h @@ -10,19 +10,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_INVASIVE_H diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 3ceee49be..877063b87 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_ITS_H diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 2f2c51dce..8fe621811 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 4f8024a9e..2f614bcc6 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_MAC_H diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 7a904d9de..fc9623379 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index f21b0e672..3d3ee0cc9 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_PAKE_H diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h index 8719d9c70..64b894914 100644 --- a/library/psa_crypto_random_impl.h +++ b/library/psa_crypto_random_impl.h @@ -12,19 +12,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_RANDOM_IMPL_H diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 065e55af1..0679f41ea 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index bc24ef5d5..e4c5caf6f 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_RSA_H diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 9db3dedce..7a36a4f3a 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index a1e5e0922..ebe378989 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SE_H diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 92646c07c..3b8a319cb 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index c8366abeb..6041a3528 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 574d4b05e..13a3c8a90 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 37ca46e28..b6b5e154a 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_STORAGE_H diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 97486165e..3f32d7d4e 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_util.c b/library/psa_util.c index dd5e13455..0225bbf02 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h index 4a36dbf88..fcc79aef4 100644 --- a/library/psa_util_internal.h +++ b/library/psa_util_internal.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PSA_UTIL_INTERNAL_H diff --git a/library/ripemd160.c b/library/ripemd160.c index 49fee8579..b4fc3cdba 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -2,19 +2,7 @@ * RIPE MD-160 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/rsa.c b/library/rsa.c index 3c538bf43..db0b0f74f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2,19 +2,7 @@ * The RSA public-key cryptosystem * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c index 5cc4636e4..5c265a992 100644 --- a/library/rsa_alt_helpers.c +++ b/library/rsa_alt_helpers.c @@ -2,19 +2,7 @@ * Helper functions for the RSA module * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/library/rsa_alt_helpers.h b/library/rsa_alt_helpers.h index 3b22ba853..ca0840b2a 100644 --- a/library/rsa_alt_helpers.h +++ b/library/rsa_alt_helpers.h @@ -36,19 +36,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/library/sha1.c b/library/sha1.c index 28a57b644..dfbe481f3 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -2,19 +2,7 @@ * FIPS-180-1 compliant SHA-1 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-1 standard was published by NIST in 1993. diff --git a/library/sha256.c b/library/sha256.c index 223badf00..31afec258 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -2,19 +2,7 @@ * FIPS-180-2 compliant SHA-256 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. diff --git a/library/sha3.c b/library/sha3.c index 4c1a1a9d4..d90fefaea 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -2,19 +2,7 @@ * FIPS-202 compliant SHA3 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-3 Secure Hash Standard was published by NIST in 2015. diff --git a/library/sha512.c b/library/sha512.c index e739af254..e7af12175 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -2,19 +2,7 @@ * FIPS-180-2 compliant SHA-384/512 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 929c28bec..772cb8fdf 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -2,19 +2,7 @@ * SSL session cache implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * These session callbacks use a simple chained list diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 736b1423b..555d5db5e 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -4,19 +4,7 @@ * \brief SSL ciphersuites for Mbed TLS * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_client.c b/library/ssl_client.c index 1a56f1ebe..eabdc75ac 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -2,19 +2,7 @@ * TLS 1.2 and 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS ( https://tls.mbed.org ) */ diff --git a/library/ssl_client.h b/library/ssl_client.h index f57bea33f..05ee7e4cc 100644 --- a/library/ssl_client.h +++ b/library/ssl_client.h @@ -2,19 +2,7 @@ * TLS 1.2 and 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_CLIENT_H diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 098acedd3..ee81eb420 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -2,19 +2,7 @@ * DTLS cookie callbacks implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * These session callbacks use a simple chained list diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 5c22ed221..2b0e73772 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_DEBUG_HELPERS_H diff --git a/library/ssl_debug_helpers_generated.c b/library/ssl_debug_helpers_generated.c index a8cca54c8..d2cb2bed4 100644 --- a/library/ssl_debug_helpers_generated.c +++ b/library/ssl_debug_helpers_generated.c @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a99bb3343..e4d20d6d6 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c312d816e..933e25d94 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3,19 +3,7 @@ * (record layer + retransmission state machine) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * http://www.ietf.org/rfc/rfc2246.txt diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 1adaa07fe..875abcbb3 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -2,19 +2,7 @@ * TLS server tickets callbacks implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fc3fb85d7..cfb279818 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2,19 +2,7 @@ * TLS shared functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * http://www.ietf.org/rfc/rfc2246.txt diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 27bbafa06..9aa46bd15 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2,19 +2,7 @@ * TLS client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6ebd5064f..0a592d8c0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2,19 +2,7 @@ * TLS server-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index d018bee74..ad448109f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2,19 +2,7 @@ * TLS 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is part of Mbed TLS ( https://tls.mbed.org ) */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7072677f1..5db4ff0a8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -2,19 +2,7 @@ * TLS 1.3 functionality shared between client and server * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h index 3fb79a95d..b4506f71c 100644 --- a/library/ssl_tls13_invasive.h +++ b/library/ssl_tls13_invasive.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_SSL_TLS13_INVASIVE_H diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index afd84a974..b64f9b026 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -2,7 +2,7 @@ * TLS 1.3 key schedule * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * Licensed under the Apache License, Version 2.0 ( the "License" ); you may * not use this file except in compliance with the License. diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 21e9b4d73..151b7c7c1 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -2,7 +2,7 @@ * TLS 1.3 key schedule * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * Licensed under the Apache License, Version 2.0 ( the "License" ); you may * not use this file except in compliance with the License. diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 89bba04b3..04c7d0c36 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2,19 +2,7 @@ * TLS 1.3 server-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/threading.c b/library/threading.c index 130c6963d..52fe8fca9 100644 --- a/library/threading.c +++ b/library/threading.c @@ -2,19 +2,7 @@ * Threading abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/library/timing.c b/library/timing.c index 6852033ea..58f1c1ec2 100644 --- a/library/timing.c +++ b/library/timing.c @@ -2,19 +2,7 @@ * Portable interface to the CPU cycle counter * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/version.c b/library/version.c index 4f78c9cb1..04397332b 100644 --- a/library/version.c +++ b/library/version.c @@ -2,19 +2,7 @@ * Version information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/version_features.c b/library/version_features.c index a89cef997..b48f4f6da 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -2,19 +2,7 @@ * Version feature information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/x509.c b/library/x509.c index 990393c31..b7b71f33c 100644 --- a/library/x509.c +++ b/library/x509.c @@ -2,19 +2,7 @@ * X.509 common functions for parsing and verification * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_create.c b/library/x509_create.c index 2583cdd0f..5e732d67f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -2,19 +2,7 @@ * X.509 base functions for creating certificates / CSRs * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/library/x509_crl.c b/library/x509_crl.c index 79ace8fa0..cad784eeb 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -2,19 +2,7 @@ * X.509 Certificate Revocation List (CRL) parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_crt.c b/library/x509_crt.c index e9153e710..f41eb47d7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2,19 +2,7 @@ * X.509 certificate parsing and verification * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_csr.c b/library/x509_csr.c index 0b2bb6f3b..b48b3a4ac 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -2,19 +2,7 @@ * X.509 Certificate Signing Request (CSR) parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509write.c b/library/x509write.c index cd3c7394d..e0331b128 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -2,19 +2,7 @@ * X.509 internal, common functions for writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" #if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index a8a3022cb..4c019eee4 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -2,19 +2,7 @@ * X.509 certificate writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * References: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index d996052ba..4e397553a 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -2,19 +2,7 @@ * X.509 Certificate Signing Request writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* * References: diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 1d9b522a3..226718bc6 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -3,19 +3,7 @@ * security. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable definition of fileno() even when compiling with -std=c99. Must be diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index ce3925628..853ec202c 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -25,19 +25,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 995694af0..3fd2b0089 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -2,19 +2,7 @@ * generic message digest layer demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 7bb27ad4a..8caae8851 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -2,19 +2,7 @@ * Classic "Hello, world" demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index 4c812fbd8..581816a1d 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -20,19 +20,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 5a2c30fc2..946e049d7 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange (client side) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 1f4cd59ee..6872e61e3 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange (prime generation) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index c940be0c0..adddbf2fb 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -2,19 +2,7 @@ * Diffie-Hellman-Merkle key exchange (server side) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 980441707..fedfcc9fe 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -2,19 +2,7 @@ * Example ECDHE with Curve25519 program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 953c14450..afd6fb31a 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -2,19 +2,7 @@ * Example ECDSA program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 99e88505c..f6bb23787 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -2,19 +2,7 @@ * Key generation application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index cd16e3320..194c4102d 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -2,19 +2,7 @@ * Key reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 179094cb5..c07c56464 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -2,19 +2,7 @@ * Key writing application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index 88d745e92..e83aa3259 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -2,19 +2,7 @@ * Simple MPI demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index f60c946ed..b8f7943d6 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -2,19 +2,7 @@ * Public key-based simple decryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index 04e5cc702..a916bc6e2 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -2,19 +2,7 @@ * RSA simple data encryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 57bd796c8..59347addb 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -2,19 +2,7 @@ * Public key-based signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index bca985b14..3127df540 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -2,19 +2,7 @@ * Public key-based signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 0462ba697..76bfddf5c 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -2,19 +2,7 @@ * RSA simple decryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 2126a9b9b..4bbb54e7d 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -2,19 +2,7 @@ * RSA simple data encryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 17f6d6591..dc58215f7 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -2,19 +2,7 @@ * Example RSA key generation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 64375e9e7..9d8ebe39a 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -2,19 +2,7 @@ * RSA/SHA-256 signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 999669e66..3a1f7473b 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -2,19 +2,7 @@ * RSASSA-PSS/SHA-256 signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index d525010df..e7d72fd52 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -2,19 +2,7 @@ * RSA/SHA-256 signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 8a1fb5908..afbbfa9d4 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -2,19 +2,7 @@ * RSASSA-PSS/SHA-256 signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c index 0c2413e61..619166dba 100644 --- a/programs/psa/aead_demo.c +++ b/programs/psa/aead_demo.c @@ -26,19 +26,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 3f109d839..b755f09ef 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "psa/crypto.h" diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index f25cdeb83..205505407 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -20,19 +20,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index a79fac640..2734ceb7f 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -32,19 +32,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index e21d1abf0..9d62228b4 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -e -u diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index 88426854d..0baf4a065 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index cc3217169..887b2c988 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -2,19 +2,7 @@ * \brief Use and generate multiple entropies calls into a file * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index e1db16eeb..0eecf0ad4 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -2,19 +2,7 @@ * \brief Use and generate random data into a file via the CTR_DBRG based on AES * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index f0abcabc7..ddb3c34b9 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -2,19 +2,7 @@ * Simple DTLS client demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index b11a4f5b4..732625e7f 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -2,19 +2,7 @@ * Simple DTLS server demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index e8f4797b8..6bef2085c 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -3,19 +3,7 @@ * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 259b8f930..ee734b1ed 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -2,19 +2,7 @@ * SSL client demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 7c2c818d8..b41c45e7c 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2,19 +2,7 @@ * SSL client with certificate authentication * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 855b0911f..d809aa958 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -2,19 +2,7 @@ * MbedTLS SSL context deserializer from base64 code * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 6734a14d9..f4822b7e6 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -2,19 +2,7 @@ * SSL server demonstration program using fork() for handling multiple clients * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 1e648e8af..febb881c8 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -2,19 +2,7 @@ * SSL client for SMTP servers * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable definition of gethostname() even when compiling with -std=c99. Must diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 12d3057b4..fcb8f2f4d 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -3,19 +3,7 @@ * clients. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index ad82567f4..6becf8d91 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -2,19 +2,7 @@ * SSL server demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0efcb7f9a..72c3dd49d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2,19 +2,7 @@ * SSL client with options * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 67fc06115..1ff2077d4 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -9,19 +9,7 @@ * This file is meant to be #include'd and cannot be compiled separately. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ void eap_tls_key_derivation(void *p_expkey, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index aea056b68..6e0c6153f 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -5,19 +5,7 @@ * that cannot be compiled separately in "ssl_test_common_source.c". * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index ef0dba718..d06e0997d 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -2,19 +2,7 @@ * Common code for SSL test programs * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index ecc4e94a6..a6de92cf5 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -2,19 +2,7 @@ * Benchmark demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index 86e10776c..729800ad8 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -2,19 +2,7 @@ * Simple program to test that Mbed TLS builds correctly as a CMake package. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index 9aa4c3b1d..44a2adadf 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -3,19 +3,7 @@ * package. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index d56b9a9cb..8b4f18e28 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -3,19 +3,7 @@ * work correctly. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index 2dcda3bb2..f24125423 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -2,19 +2,7 @@ * Test dynamic loading of libmbed* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh index a6a9022fc..7b8868801 100755 --- a/programs/test/dlopen_demo.sh +++ b/programs/test/dlopen_demo.sh @@ -4,19 +4,7 @@ # This is only expected to work when Mbed TLS is built as a shared library. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -e -u diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index a55051652..0b4bd0b7b 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -14,19 +14,7 @@ EOF fi # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -e @@ -41,19 +29,8 @@ print_cpp () { * can be included and built with a C++ compiler. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c index df0fe4a70..a70e6daef 100644 --- a/programs/test/query_compile_time_config.c +++ b/programs/test/query_compile_time_config.c @@ -2,19 +2,7 @@ * Query the Mbed TLS compile time configuration * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_config.c b/programs/test/query_config.c index cb92f256b..4b851210f 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2,19 +2,7 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_config.h b/programs/test/query_config.h index ade73d080..43f120bf0 100644 --- a/programs/test/query_config.h +++ b/programs/test/query_config.h @@ -2,19 +2,7 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c index 383a2ffc8..cdafa1620 100644 --- a/programs/test/query_included_headers.c +++ b/programs/test/query_included_headers.c @@ -1,19 +1,7 @@ /* Ad hoc report on included headers. */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/programs/test/selftest.c b/programs/test/selftest.c index cc5e00ed3..61dde5ed1 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -2,19 +2,7 @@ * Self-test demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 685e336e6..c6b56ec09 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -2,19 +2,7 @@ * UDP proxy: emulate an unreliable UDP connection for DTLS testing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 27de01390..aa6a6d10f 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -3,19 +3,7 @@ # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -u diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index b7842c4ef..1e9b98d71 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -10,19 +10,7 @@ * call to mbedtls_platform_zeroize() was not eliminated. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index 5dd367a0c..d682c2b06 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -2,19 +2,7 @@ * Convert PEM to DER * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index 4bfd8a1c2..316f28614 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -2,19 +2,7 @@ * Translate error code to error string * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/wince_main.c b/programs/wince_main.c index be98eae5e..e817b9f5f 100644 --- a/programs/wince_main.c +++ b/programs/wince_main.c @@ -2,19 +2,7 @@ * Windows CE console application entry point * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(_WIN32_WCE) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 51a79ecb5..cb1e5bc4e 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -2,19 +2,7 @@ * Certificate reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 558d8cc73..cb908923c 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -2,19 +2,7 @@ * Certificate request generation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 40b1871f3..e2f5dacbd 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -2,19 +2,7 @@ * Certificate generation and signing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 6c671ff3f..5e3fd5a94 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -2,19 +2,7 @@ * CRL reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index d024e9822..a975405ea 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -2,7 +2,7 @@ * Root CA reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the * GNU General Public License v2.0 or later. @@ -10,18 +10,6 @@ * ********** * Apache License 2.0: * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * * ********** * * ********** diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 64b9f0bb2..fff0983f0 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -2,19 +2,7 @@ * Certificate request reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/scripts/abi_check.py b/scripts/abi_check.py index ac1d60ffd..8a604c4e2 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -84,19 +84,7 @@ function name and parameter list. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import glob import os diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index cf01e1f8e..34daf37b5 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -8,19 +8,7 @@ # when multiple targets are invoked in the same parallel build. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index f3aca7070..dcdf9fc2f 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -19,19 +19,7 @@ You must run this program from within a git working directory. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse from collections import OrderedDict, namedtuple diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 19d90bce7..86ed74ead 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -1,19 +1,7 @@ #!/bin/bash # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 53d859edf..3f8a4ed8d 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -9,19 +9,7 @@ Note: must be run from Mbed TLS root. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import logging diff --git a/scripts/code_style.py b/scripts/code_style.py index ddd0a9800..08ec4af42 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -4,19 +4,7 @@ This script must be run from the root of a Git work tree containing Mbed TLS. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os import re diff --git a/scripts/config.pl b/scripts/config.pl index 5dd89d225..ca02b9046 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -2,19 +2,8 @@ # Backward compatibility redirection ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ## -## Licensed under the Apache License, Version 2.0 (the "License"); you may -## not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. my $py = $0; $py =~ s/\.pl$/.py/ or die "Unable to determine the name of the Python script"; diff --git a/scripts/config.py b/scripts/config.py index 17fbe653a..d48c73a10 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -13,19 +13,8 @@ Basic usage, to read the Mbed TLS configuration: # in parts that are not backported to 2.28. ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ## -## Licensed under the Apache License, Version 2.0 (the "License"); you may -## not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. import os import re diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja index de16284bd..e31a292d8 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja @@ -4,19 +4,7 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja index dbe424c03..2aae62850 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja @@ -4,19 +4,7 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 077500302..781e72a91 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -2,19 +2,7 @@ * Error message information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index e7e6fc602..b60aba010 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -2,19 +2,7 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index 0e4059760..d820d4d1a 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -2,19 +2,7 @@ * Version feature information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 43fc7dfa1..3eb2ff449 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -8,19 +8,7 @@ # scripts/ecc-heap.sh | tee ecc-heap.log # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py index 6719be1c3..6146e881c 100755 --- a/scripts/ecp_comb_table.py +++ b/scripts/ecp_comb_table.py @@ -7,19 +7,7 @@ can use this script to generate codes to define `_T` in ecp_curves.c """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os import subprocess diff --git a/scripts/footprint.sh b/scripts/footprint.sh index ae95db4a1..614a49309 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index e0f282792..2fdc4cd0b 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -7,19 +7,7 @@ based on template files in script/data_files/driver_templates/. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys import os diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 664a349e9..0134c94f0 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -6,19 +6,7 @@ # or generate_errors.pl include_dir data_dir error_file # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; use warnings; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 49cca2ec3..cea8c115a 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,19 +1,7 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 960a07986..f13b507d0 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -12,19 +12,7 @@ file is written: """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os import sys diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 69eca8344..39743da6d 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -19,19 +19,7 @@ # generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 19be41521..a0544f153 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -8,19 +8,7 @@ implemented by fixed codes. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys import re import os @@ -356,19 +344,8 @@ OUTPUT_C_TEMPLATE = '''\ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ #include "common.h" diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 4fad322a6..7f5609820 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -7,19 +7,7 @@ # Takes no argument. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 6bba02fd2..7d23636b7 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -26,19 +26,7 @@ EOF } # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index eaf56aee7..52ca606b5 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -3,19 +3,7 @@ # Parse a massif.out.xxx file and output peak total memory usage # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py index 6fd6223f3..ef3e3a05e 100644 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ b/scripts/mbedtls_dev/asymmetric_key_data.py @@ -4,19 +4,8 @@ Meant for use in crypto_knowledge.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import binascii import re diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 3bef16db6..eebc858b2 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -1,18 +1,7 @@ """Common features for bignum in test generation framework.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from abc import abstractmethod import enum diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 563492b29..909f6a306 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -1,18 +1,7 @@ """Framework classes for generation of bignum core test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import random diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py index 897e31989..5c6c2c81e 100644 --- a/scripts/mbedtls_dev/bignum_data.py +++ b/scripts/mbedtls_dev/bignum_data.py @@ -1,19 +1,8 @@ """Base values and datasets for bignum generated tests and helper functions that produced them.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import random diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py index 77c7b1bbd..f554001ec 100644 --- a/scripts/mbedtls_dev/bignum_mod.py +++ b/scripts/mbedtls_dev/bignum_mod.py @@ -1,18 +1,7 @@ """Framework classes for generation of bignum mod test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import Dict, List diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 7121f2f49..37ad27a11 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -1,18 +1,7 @@ """Framework classes for generation of bignum mod_raw test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import Iterator, List diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index b48a27711..f63c3c828 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import os import inspect diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 9bd17d608..f2cbbe4af 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import os import platform diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py index 7593952da..a36de692e 100644 --- a/scripts/mbedtls_dev/crypto_data_tests.py +++ b/scripts/mbedtls_dev/crypto_data_tests.py @@ -4,19 +4,8 @@ This module is a work in progress, only implementing a few cases for now. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import hashlib from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 45d253b9b..285d6c638 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -4,19 +4,8 @@ This module is entirely based on the PSA API. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import enum import re diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 410c77e11..b40f3b126 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -1,18 +1,7 @@ """Framework classes for generation of ecp test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import List diff --git a/scripts/mbedtls_dev/logging_util.py b/scripts/mbedtls_dev/logging_util.py index db1ebfe5c..ddd7c7fd6 100644 --- a/scripts/mbedtls_dev/logging_util.py +++ b/scripts/mbedtls_dev/logging_util.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import logging import sys diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py index 3cad2a3f6..d68be00bd 100644 --- a/scripts/mbedtls_dev/macro_collector.py +++ b/scripts/mbedtls_dev/macro_collector.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import itertools import re diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index a82df41df..32e500977 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import re from typing import Dict, FrozenSet, List, Optional diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py index a2e4c74a4..00a8beaab 100644 --- a/scripts/mbedtls_dev/psa_storage.py +++ b/scripts/mbedtls_dev/psa_storage.py @@ -7,19 +7,8 @@ before changing how test data is constructed or validated. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import re import struct diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py index 8f0870367..6ed5e849d 100644 --- a/scripts/mbedtls_dev/test_case.py +++ b/scripts/mbedtls_dev/test_case.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import binascii import os diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py index 02aa51051..a84f7dd2f 100644 --- a/scripts/mbedtls_dev/test_data_generation.py +++ b/scripts/mbedtls_dev/test_data_generation.py @@ -7,19 +7,8 @@ These are used both by generate_psa_tests.py and generate_bignum_tests.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import os diff --git a/scripts/mbedtls_dev/typing_util.py b/scripts/mbedtls_dev/typing_util.py index 4c344492c..2ec448d00 100644 --- a/scripts/mbedtls_dev/typing_util.py +++ b/scripts/mbedtls_dev/typing_util.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. from typing import Any diff --git a/scripts/memory.sh b/scripts/memory.sh index e3ce9d6d1..d119374d5 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -7,19 +7,7 @@ # since for memory we want debug information. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py index c00d58e05..9888abe08 100755 --- a/scripts/min_requirements.py +++ b/scripts/min_requirements.py @@ -3,19 +3,7 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 535613298..d3eac22bb 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -3,19 +3,7 @@ # output_env.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 800383d2c..7f972e070 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -12,19 +12,7 @@ EOF } # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index 558970f54..455f892a2 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -4,19 +4,7 @@ # git development # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later IGNORE="" diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh index 29c87877d..e703c5723 100755 --- a/tests/compat-in-docker.sh +++ b/tests/compat-in-docker.sh @@ -22,19 +22,7 @@ # - compat.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/compat.sh b/tests/compat.sh index 252736bb2..6abbe69e7 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -3,19 +3,7 @@ # compat.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 38286d1fd..d825ee92c 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* Enable TLS 1.3 and core 1.3 features */ diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index a9386a236..639496be6 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #if defined(PSA_CRYPTO_DRIVER_TEST_ALL) diff --git a/tests/configs/user-config-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h index 226f4d187..fada9ee93 100644 --- a/tests/configs/user-config-malloc-0-null.h +++ b/tests/configs/user-config-malloc-0-null.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h index fcdd1f099..52d4b0833 100644 --- a/tests/configs/user-config-zeroize-memset.h +++ b/tests/configs/user-config-zeroize-memset.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/context-info.sh b/tests/context-info.sh index 88dfcaa5e..55e321943 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -3,19 +3,7 @@ # context-info.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # This program is intended for testing the ssl_context_info program # diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index d7d879765..4e1fd48dc 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,19 +1,7 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index ce8ed6f8e..5f4b3d0c6 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,19 +1,7 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; use warnings; diff --git a/tests/data_files/test_certs.h.jinja2 b/tests/data_files/test_certs.h.jinja2 index 92131ddc1..4a64b3a79 100644 --- a/tests/data_files/test_certs.h.jinja2 +++ b/tests/data_files/test_certs.h.jinja2 @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index d44cdff25..e4c49fac2 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -10,19 +10,7 @@ # for the set of Docker images we use on the CI. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ARG MAKEFLAGS_PARALLEL="" ARG MY_REGISTRY= diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index ce43467b4..9192678a5 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -2,19 +2,7 @@ # pre-push.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h index 21d85f1ff..dc47dd16c 100644 --- a/tests/include/alt-dummy/aes_alt.h +++ b/tests/include/alt-dummy/aes_alt.h @@ -1,19 +1,7 @@ /* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef AES_ALT_H diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h index aabec9c9f..94db8c7fb 100644 --- a/tests/include/alt-dummy/aria_alt.h +++ b/tests/include/alt-dummy/aria_alt.h @@ -1,19 +1,7 @@ /* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ARIA_ALT_H diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h index b42613bc2..97bc16b78 100644 --- a/tests/include/alt-dummy/camellia_alt.h +++ b/tests/include/alt-dummy/camellia_alt.h @@ -1,19 +1,7 @@ /* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CAMELLIA_ALT_H diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h index 5ec7d4e48..c25f42b4a 100644 --- a/tests/include/alt-dummy/ccm_alt.h +++ b/tests/include/alt-dummy/ccm_alt.h @@ -1,19 +1,7 @@ /* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CCM_ALT_H diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h index a53a33002..6fd84d031 100644 --- a/tests/include/alt-dummy/chacha20_alt.h +++ b/tests/include/alt-dummy/chacha20_alt.h @@ -1,19 +1,7 @@ /* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHA20_ALT_H diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h index 584a42174..de28ced67 100644 --- a/tests/include/alt-dummy/chachapoly_alt.h +++ b/tests/include/alt-dummy/chachapoly_alt.h @@ -1,19 +1,7 @@ /* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CHACHAPOLY_ALT_H diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h index 13c998d68..68b53d707 100644 --- a/tests/include/alt-dummy/cmac_alt.h +++ b/tests/include/alt-dummy/cmac_alt.h @@ -1,19 +1,7 @@ /* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef CMAC_ALT_H diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h index 3b8abe493..d07986128 100644 --- a/tests/include/alt-dummy/des_alt.h +++ b/tests/include/alt-dummy/des_alt.h @@ -1,19 +1,7 @@ /* des_alt.h with dummy types for MBEDTLS_DES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h index ccb3bd3c3..3cb51d2ed 100644 --- a/tests/include/alt-dummy/dhm_alt.h +++ b/tests/include/alt-dummy/dhm_alt.h @@ -1,19 +1,7 @@ /* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef DHM_ALT_H diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h index 90c21da8b..4d7524860 100644 --- a/tests/include/alt-dummy/ecjpake_alt.h +++ b/tests/include/alt-dummy/ecjpake_alt.h @@ -1,19 +1,7 @@ /* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECJPAKE_ALT_H diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h index 56c981095..d204b18d0 100644 --- a/tests/include/alt-dummy/ecp_alt.h +++ b/tests/include/alt-dummy/ecp_alt.h @@ -1,19 +1,7 @@ /* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ECP_ALT_H diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h index 7be5b62f6..cfa73d2a4 100644 --- a/tests/include/alt-dummy/gcm_alt.h +++ b/tests/include/alt-dummy/gcm_alt.h @@ -1,19 +1,7 @@ /* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef GCM_ALT_H diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h index 1f3e5ed9b..e3a15d70f 100644 --- a/tests/include/alt-dummy/md5_alt.h +++ b/tests/include/alt-dummy/md5_alt.h @@ -1,19 +1,7 @@ /* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MD5_ALT_H diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h index 8fec116be..1274d4081 100644 --- a/tests/include/alt-dummy/nist_kw_alt.h +++ b/tests/include/alt-dummy/nist_kw_alt.h @@ -1,19 +1,7 @@ /* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef NIST_KW_ALT_H diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h index 836f299c8..67573926e 100644 --- a/tests/include/alt-dummy/platform_alt.h +++ b/tests/include/alt-dummy/platform_alt.h @@ -1,19 +1,7 @@ /* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PLATFORM_ALT_H diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h index 5a8295f16..c8ed1bc06 100644 --- a/tests/include/alt-dummy/poly1305_alt.h +++ b/tests/include/alt-dummy/poly1305_alt.h @@ -1,19 +1,7 @@ /* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef POLY1305_ALT_H diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h index ca3b33827..72ae47efb 100644 --- a/tests/include/alt-dummy/ripemd160_alt.h +++ b/tests/include/alt-dummy/ripemd160_alt.h @@ -1,19 +1,7 @@ /* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RIPEMD160_ALT_H diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h index 24f672bb3..eabc26da1 100644 --- a/tests/include/alt-dummy/rsa_alt.h +++ b/tests/include/alt-dummy/rsa_alt.h @@ -1,19 +1,7 @@ /* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef RSA_ALT_H diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h index 36bf71d84..d8ac97191 100644 --- a/tests/include/alt-dummy/sha1_alt.h +++ b/tests/include/alt-dummy/sha1_alt.h @@ -1,19 +1,7 @@ /* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA1_ALT_H diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h index 304734bfc..b1900adee 100644 --- a/tests/include/alt-dummy/sha256_alt.h +++ b/tests/include/alt-dummy/sha256_alt.h @@ -1,19 +1,7 @@ /* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA256_ALT_H diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h index 13e58109e..857bc916a 100644 --- a/tests/include/alt-dummy/sha512_alt.h +++ b/tests/include/alt-dummy/sha512_alt.h @@ -1,19 +1,7 @@ /* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SHA512_ALT_H diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h index 400350686..07d5da427 100644 --- a/tests/include/alt-dummy/threading_alt.h +++ b/tests/include/alt-dummy/threading_alt.h @@ -1,19 +1,7 @@ /* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef THREADING_ALT_H diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h index 9d4e100ea..69bee60f6 100644 --- a/tests/include/alt-dummy/timing_alt.h +++ b/tests/include/alt-dummy/timing_alt.h @@ -1,19 +1,7 @@ /* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TIMING_ALT_H diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h index 40eed2d33..0a44275e7 100644 --- a/tests/include/baremetal-override/time.h +++ b/tests/include/baremetal-override/time.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h index de842642d..fdf3a2db5 100644 --- a/tests/include/spe/crypto_spe.h +++ b/tests/include/spe/crypto_spe.h @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * */ diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h index 74bbbd569..6d267b660 100644 --- a/tests/include/test/arguments.h +++ b/tests/include/test/arguments.h @@ -8,19 +8,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_ARGUMENTS_H diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h index dee3cbda9..2eb917128 100644 --- a/tests/include/test/asn1_helpers.h +++ b/tests/include/test/asn1_helpers.h @@ -2,19 +2,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef ASN1_HELPERS_H diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index fc97d23ba..2f6bf8931 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_BIGNUM_HELPERS_H diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h index 65c55829d..db69536a6 100644 --- a/tests/include/test/certs.h +++ b/tests/include/test/certs.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h index f3d676e28..c5658eb40 100644 --- a/tests/include/test/constant_flow.h +++ b/tests/include/test/constant_flow.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_CONSTANT_FLOW_H diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index 037a255ca..a033e399d 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -2,19 +2,7 @@ * Test driver for AEAD driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h index c602d2f22..0ac77087d 100644 --- a/tests/include/test/drivers/asymmetric_encryption.h +++ b/tests/include/test/drivers/asymmetric_encryption.h @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 54c37f748..950a17440 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -2,19 +2,7 @@ * Test driver for cipher functions */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 81f988339..4eb27f024 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -7,19 +7,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef MBEDTLS_CONFIG_H diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h index f1da8d3e4..ad48c45d5 100644 --- a/tests/include/test/drivers/hash.h +++ b/tests/include/test/drivers/hash.h @@ -2,19 +2,7 @@ * Test driver for hash driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h index aaf74a8c5..ca82b3ad9 100644 --- a/tests/include/test/drivers/key_agreement.h +++ b/tests/include/test/drivers/key_agreement.h @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 43df0d610..9e2c89885 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -2,19 +2,7 @@ * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h index bdc2b705c..d92eff903 100644 --- a/tests/include/test/drivers/mac.h +++ b/tests/include/test/drivers/mac.h @@ -2,19 +2,7 @@ * Test driver for MAC driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 331ee49da..d292ca0da 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -2,19 +2,7 @@ * Test driver for PAKE driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 4c56a121c..8c5703edf 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -2,19 +2,7 @@ * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 541ee03d0..74605d6b8 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -2,19 +2,7 @@ * Umbrella include for all of the test driver functionality */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h index 01bfb91a4..e3e331d55 100644 --- a/tests/include/test/fake_external_rng_for_test.h +++ b/tests/include/test/fake_external_rng_for_test.h @@ -4,19 +4,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index dd4a6a2b4..ba117fbdf 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_HELPERS_H diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 3bfbe3333..8de9c4d95 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -6,19 +6,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_MACROS_H diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 9ba7dbcd9..58457320b 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_CRYPTO_HELPERS_H diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 46f4d0810..0f3ee3db6 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_EXERCISE_KEY_H diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h index 2665fac39..b61718939 100644 --- a/tests/include/test/psa_helpers.h +++ b/tests/include/test/psa_helpers.h @@ -3,19 +3,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PSA_HELPERS_H diff --git a/tests/include/test/random.h b/tests/include/test/random.h index c5572088a..6304e05d7 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef TEST_RANDOM_H diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index ddbd6a39e..abdef9032 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef SSL_HELPERS_H diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh index 0ee08dc48..e57d09d34 100755 --- a/tests/make-in-docker.sh +++ b/tests/make-in-docker.sh @@ -14,19 +14,7 @@ # for the set of Docker images we use on the CI. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 56d2e2959..1190a87ee 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -3,19 +3,7 @@ # tls13-compat.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 758da1da5..6556cd4b4 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -3,19 +3,7 @@ # tls13-kex-modes.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index f30384d39..a56696a22 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -3,19 +3,7 @@ # tls13-misc.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # requires_gnutls_tls1_3 diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh index 7c03d9135..b2a31c265 100755 --- a/tests/scripts/all-in-docker.sh +++ b/tests/scripts/all-in-docker.sh @@ -17,19 +17,7 @@ # See also all.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9e1d84f5d..fe2d73f0c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3,19 +3,7 @@ # all.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 623fd2352..b2230dd47 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """Audit validity date of X509 crt/crl/csr. diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 43a91eed2..1f8ade663 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -3,19 +3,7 @@ # basic-build-test.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh index 02cafb0cc..3aca3a134 100755 --- a/tests/scripts/basic-in-docker.sh +++ b/tests/scripts/basic-in-docker.sh @@ -18,19 +18,7 @@ # See docker_env.sh for prerequisites and other information. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index dd955301f..3199c2ab4 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -9,19 +9,7 @@ # items that are documented, but not marked as such by mistake. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index d03e5cf6d..67dedeb26 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -1,19 +1,7 @@ #! /usr/bin/env sh # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 35319d3e1..51e80792b 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -1,19 +1,7 @@ #! /usr/bin/env sh # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Purpose: check Python files for potential programming errors or maintenance # hurdles. Run pylint to detect some potential mistakes and enforce PEP8 diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 352b55eaa..e3593662b 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script checks the current state of the source code for minor issues, diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index f812929c7..635552e76 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script confirms that the naming of all symbols and identifiers in Mbed TLS diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 1395d4d90..3b954af22 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -7,19 +7,7 @@ independently of the checks. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import glob diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index e92564151..33a62d71e 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # Copyright (c) 2022, Arm Limited, All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh index 3dbc41d92..cfc98dfca 100755 --- a/tests/scripts/docker_env.sh +++ b/tests/scripts/docker_env.sh @@ -27,19 +27,7 @@ # the Docker image. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # default values, can be overridden by the environment diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index cb87829e2..b6a1d4594 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -3,19 +3,7 @@ # Make sure the doxygen documentation builds without warnings # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Abort on errors (and uninitialised variables) set -eu diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 2345b9e36..ec5e5d891 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -5,19 +5,7 @@ # and concats nonce and personalization for initialization. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 354e351a4..30d45c307 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -4,19 +4,7 @@ # Only first 3 of every set used for compile time saving # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index 101456fed..b4f08494c 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -4,19 +4,7 @@ # Only first 3 of every set used for compile time saving # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index 609e5586a..fe2d3f5d3 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,19 +1,7 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use strict; diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index a51fbc965..d4ef0f3af 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -9,19 +9,7 @@ # such as 'test_suite_rsa.data' # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # Abort on errors set -e diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index 6ee6ab39a..8dbb6ed78 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -40,19 +40,7 @@ of BaseTarget in test_data_generation.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys diff --git a/tests/scripts/generate_ecp_tests.py b/tests/scripts/generate_ecp_tests.py index abbfda55f..df1e4696a 100755 --- a/tests/scripts/generate_ecp_tests.py +++ b/tests/scripts/generate_ecp_tests.py @@ -6,19 +6,7 @@ as in generate_bignum_tests.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import sys diff --git a/tests/scripts/generate_pkcs7_tests.py b/tests/scripts/generate_pkcs7_tests.py index 0e7385043..0e484b023 100755 --- a/tests/scripts/generate_pkcs7_tests.py +++ b/tests/scripts/generate_pkcs7_tests.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # """ diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index b6f83c111..801f8da8b 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -6,19 +6,7 @@ generate only the specified files. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import enum import re diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index 4494917ef..a3bca7e6f 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -6,19 +6,7 @@ Generate `tests/src/test_certs.h` which includes certficaties/keys/certificate l # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index 76806de95..5f711bfb1 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -2,19 +2,7 @@ # Test suites code generator. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script is a key part of Mbed TLS test suites framework. For diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index 05d80a532..fdb264d7b 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -3,19 +3,7 @@ # generate_tls13_compat_tests.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ Generate TLSv1.3 Compat test cases @@ -536,19 +524,7 @@ SSL_OUTPUT_HEADER = '''#!/bin/sh # {filename} # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 9b930802f..4ccac236e 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -10,19 +10,7 @@ # Usage: list-identifiers.sh [ -i | --internal ] # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -eu diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py index 6b41607e3..b648ce24f 100755 --- a/tests/scripts/list_internal_identifiers.py +++ b/tests/scripts/list_internal_identifiers.py @@ -1,19 +1,7 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ This script generates a file called identifiers that contains all Mbed TLS diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index f685bab8e..11bbebcc1 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -13,19 +13,7 @@ only supported with make (as opposed to CMake or other build methods). """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index 2a7dba541..3cdeff7f4 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -9,19 +9,7 @@ # Typical usage: scripts/recursion.pl library/*.c # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index cedc0bfa5..e0ee3f515 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -3,19 +3,7 @@ # run-test-suites.pl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later =head1 SYNOPSIS diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py index 10bf6f852..5d83f29f9 100644 --- a/tests/scripts/scripts_path.py +++ b/tests/scripts/scripts_path.py @@ -6,19 +6,8 @@ Usage: """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import os import sys diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 7f4ebeb7f..f68dfcb72 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -4,19 +4,7 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import os import re diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index 17f824e00..9aff22db0 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -6,19 +6,7 @@ # RESPONSE: regexp that must match the server's response # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later use warnings; use strict; diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 15209b4a0..0702074ab 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -3,19 +3,7 @@ # test-ref-configs.pl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py index e230e3c87..e500b3362 100755 --- a/tests/scripts/test_config_script.py +++ b/tests/scripts/test_config_script.py @@ -14,19 +14,8 @@ Sample usage: """ ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 +## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later ## -## Licensed under the Apache License, Version 2.0 (the "License"); you may -## not use this file except in compliance with the License. -## You may obtain a copy of the License at -## -## http://www.apache.org/licenses/LICENSE-2.0 -## -## Unless required by applicable law or agreed to in writing, software -## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -## See the License for the specific language governing permissions and -## limitations under the License. import argparse import glob diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index b32d18423..abc46a729 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -2,19 +2,7 @@ # Unit test for generate_test_code.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ Unit tests for generate_test_code.py diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 359043620..52169e285 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -8,19 +8,7 @@ keep the list of known defects as up to date as possible. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse import os diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index e43a0baef..6883e279f 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -8,19 +8,7 @@ or 1 (with a Python backtrace) if there was an operational error. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import argparse from collections import namedtuple diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 66c630408..57f771f56 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,19 +1,7 @@ # test_zeroize.gdb # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index a8db4bb35..90514fca1 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -3,19 +3,7 @@ # translate_ciphers.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later """ Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards. diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh index 249b3f807..3daecf30d 100755 --- a/tests/scripts/travis-log-failure.sh +++ b/tests/scripts/travis-log-failure.sh @@ -3,19 +3,7 @@ # travis-log-failure.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c index aaf7587aa..c8df1995e 100644 --- a/tests/src/asn1_helpers.c +++ b/tests/src/asn1_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index 214530df5..c85e2caaf 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/tests/src/certs.c b/tests/src/certs.c index b834e4aa1..879f08882 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index 8fb198277..76ec12a22 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -2,19 +2,7 @@ * Test driver for hash entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c index 6334a438e..01fc050bb 100644 --- a/tests/src/drivers/platform_builtin_keys.c +++ b/tests/src/drivers/platform_builtin_keys.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 6dadf5282..314ce83a2 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -2,19 +2,7 @@ * Test driver for AEAD entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index cf0e90cae..c906a664a 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -2,19 +2,7 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 42e79c490..678d8d5d6 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -3,19 +3,7 @@ * Currently only supports multi-part operations using AES-CTR. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index 9cf82a37a..8471959e2 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -2,19 +2,7 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 19da47ad6..6442f2231 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -3,19 +3,7 @@ * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 96c1685f5..9f8120bd4 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 69bd4ffe2..a0b6c1cb0 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -2,19 +2,7 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index c312477c8..bd723b8bd 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -4,19 +4,7 @@ * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c index 89af7d34f..c0bfde51a 100644 --- a/tests/src/fake_external_rng_for_test.c +++ b/tests/src/fake_external_rng_for_test.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 7cac6e0a0..eb28919b8 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -1,18 +1,6 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 52ff03186..d59a8f872 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index c4488b56f..f8b36e1fa 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -4,19 +4,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/random.c b/tests/src/random.c index d20103c35..d041f36a1 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -7,19 +7,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* diff --git a/tests/src/test_certs.h b/tests/src/test_certs.h index 866d1e003..b313ea88d 100644 --- a/tests/src/test_certs.h +++ b/tests/src/test_certs.h @@ -2,19 +2,7 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 5c305cb0a..52839eb96 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -5,19 +5,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index ae6e59072..6f405b00c 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -2,19 +2,7 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh index 159be4c50..c0c85fc2e 100755 --- a/tests/ssl-opt-in-docker.sh +++ b/tests/ssl-opt-in-docker.sh @@ -22,19 +22,7 @@ # - ssl-opt.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later source tests/scripts/docker_env.sh diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index efcbd2686..48b3c0cb2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3,19 +3,7 @@ # ssl-opt.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # # Purpose # From a9b6c64a690ac29aad2b5a2acc15203ee2c138c2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 12:24:58 +0000 Subject: [PATCH 181/430] Fix some non-standard headers Signed-off-by: Dave Rodgman --- configs/crypto_config_profile_medium.h | 6 ++-- .../tfm_mbedcrypto_config_profile_medium.h | 4 +-- library/mps_common.h | 2 -- library/mps_error.h | 2 -- library/mps_reader.c | 2 -- library/mps_reader.h | 2 -- library/mps_trace.c | 2 -- library/mps_trace.h | 2 -- library/ssl_client.c | 2 -- library/ssl_tls13_client.c | 2 -- library/ssl_tls13_keys.h | 12 -------- programs/x509/load_roots.c | 29 +------------------ tests/scripts/depends.py | 4 +-- 13 files changed, 5 insertions(+), 66 deletions(-) diff --git a/configs/crypto_config_profile_medium.h b/configs/crypto_config_profile_medium.h index 3fa8552c9..f9b2c2fdd 100644 --- a/configs/crypto_config_profile_medium.h +++ b/configs/crypto_config_profile_medium.h @@ -1,8 +1,6 @@ /* - * Copyright (c) 2018-2022, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /** * \file psa/crypto_config.h diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 3234cd672..34a3bd4ff 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -8,10 +8,8 @@ * memory footprint. */ /* - * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H diff --git a/library/mps_common.h b/library/mps_common.h index 49e17535a..f9fe09988 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_error.h b/library/mps_error.h index 8a714a3a5..016a84ce4 100644 --- a/library/mps_error.h +++ b/library/mps_error.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_reader.c b/library/mps_reader.c index 48b393685..27d0c04c1 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #include "common.h" diff --git a/library/mps_reader.h b/library/mps_reader.h index d877ee54a..3193a5e33 100644 --- a/library/mps_reader.h +++ b/library/mps_reader.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_trace.c b/library/mps_trace.c index cb69c6be6..69f6e5a0f 100644 --- a/library/mps_trace.c +++ b/library/mps_trace.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ #include "common.h" diff --git a/library/mps_trace.h b/library/mps_trace.h index a13edd87f..b456b2ffd 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -1,8 +1,6 @@ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/ssl_client.c b/library/ssl_client.c index eabdc75ac..7a7840662 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ad448109f..58226ebd2 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -3,8 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 151b7c7c1..d3a4c6c99 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -3,18 +3,6 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - * Licensed under the Apache License, Version 2.0 ( the "License" ); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. */ #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) #define MBEDTLS_SSL_TLS1_3_KEYS_H diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index a975405ea..f0e6acf25 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -2,34 +2,7 @@ * Root CA reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later OR GPL-2.0-or-later - * - * This file is provided under the Apache License 2.0, or the - * GNU General Public License v2.0 or later. - * - * ********** - * Apache License 2.0: - * - * ********** - * - * ********** - * GNU General Public License v2.0 or later: - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - * ********** + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "mbedtls/build_info.h" diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 33a62d71e..e355dfd94 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -1,9 +1,7 @@ #!/usr/bin/env python3 -# Copyright (c) 2022, Arm Limited, All Rights Reserved. +# Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# -# This file is part of Mbed TLS (https://tls.mbed.org) """ Test Mbed TLS with a subset of algorithms. From 2c9049c4062611a587c44bab354faefc2dc083b4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 17:36:49 +0000 Subject: [PATCH 182/430] Update documentation Signed-off-by: Dave Rodgman --- CONTRIBUTING.md | 4 +- LICENSE | 351 ++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 2 +- 3 files changed, 354 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8454fb8ea..261f745ba 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -84,11 +84,11 @@ Mbed TLS is well documented, but if you think documentation is needed, speak out License and Copyright --------------------- -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license. +Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 or GPL-2.0-or-later licenses. -All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. +All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later". The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors". diff --git a/LICENSE b/LICENSE index d64569567..776ac77ea 100644 --- a/LICENSE +++ b/LICENSE @@ -1,3 +1,10 @@ +Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) +OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. +This means that users may choose which of these licenses they take the code +under. + +The full text of each of these licenses is given below. + Apache License Version 2.0, January 2004 @@ -200,3 +207,347 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + + +=============================================================================== + + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/README.md b/README.md index a3fcd2e15..956d8ba0b 100644 --- a/README.md +++ b/README.md @@ -307,7 +307,7 @@ When using drivers, you will generally want to enable two compilation options (s License ------- -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. +Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. ### Third-party code included in Mbed TLS From b1c40519d65b236fc04f5d544c97465eaec00bcc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Nov 2023 19:01:43 +0000 Subject: [PATCH 183/430] Add Changelog for license Signed-off-by: Dave Rodgman --- ChangeLog.d/license.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/license.txt diff --git a/ChangeLog.d/license.txt b/ChangeLog.d/license.txt new file mode 100644 index 000000000..0b6bb1f02 --- /dev/null +++ b/ChangeLog.d/license.txt @@ -0,0 +1,3 @@ +Changes + * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later + license. Users may choose which license they take the code under. From a334690973b36c43de5345f5c3e3efb283bc835e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 09:28:10 +0000 Subject: [PATCH 184/430] Update license for p256-m Signed-off-by: Dave Rodgman --- 3rdparty/p256-m/README.md | 4 +- 3rdparty/p256-m/p256-m/LICENSE | 202 --------------------------------- README.md | 2 +- 3 files changed, 3 insertions(+), 205 deletions(-) delete mode 100644 3rdparty/p256-m/p256-m/LICENSE diff --git a/3rdparty/p256-m/README.md b/3rdparty/p256-m/README.md index 89648d413..ec90f3446 100644 --- a/3rdparty/p256-m/README.md +++ b/3rdparty/p256-m/README.md @@ -1,4 +1,4 @@ -The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project. +The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m). They are distributed here under a dual Apache-2.0 OR GPL-2.0-or-later license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project. -The files `p256-m.c` and `.h`, along with the license, have been taken from the `p256-m` repository. +The files `p256-m.c`, `p256-m.h` and `README.md` have been taken from the `p256-m` repository. It should be noted that p256-m deliberately does not supply its own cryptographically secure RNG function. As a result, the PSA RNG is used, with `p256_generate_random()` wrapping `psa_generate_random()`. diff --git a/3rdparty/p256-m/p256-m/LICENSE b/3rdparty/p256-m/p256-m/LICENSE deleted file mode 100644 index d64569567..000000000 --- a/3rdparty/p256-m/p256-m/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/README.md b/README.md index 956d8ba0b..c0fb9d926 100644 --- a/README.md +++ b/README.md @@ -314,7 +314,7 @@ Unless specifically indicated otherwise in a file, Mbed TLS files are provided u This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below: * `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by Mbed TLS under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project. +* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project. Contributing ------------ From 2bc3bdf37a0ab1f6250609d9ea707f98bc40243d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 11:34:40 +0000 Subject: [PATCH 185/430] README improvements to 3rdparty section Signed-off-by: Dave Rodgman --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c0fb9d926..2505d8fd9 100644 --- a/README.md +++ b/README.md @@ -311,10 +311,10 @@ Unless specifically indicated otherwise in a file, Mbed TLS files are provided u ### Third-party code included in Mbed TLS -This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below: +This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below: * `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project. +* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author. Contributing ------------ From 0a403d4fd6ec98df1361e3de45fbb87a3fbc66af Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 12:28:08 +0000 Subject: [PATCH 186/430] assemble Changelog Signed-off-by: Dave Rodgman --- ChangeLog | 6 ++++++ ChangeLog.d/license.txt | 3 --- 2 files changed, 6 insertions(+), 3 deletions(-) delete mode 100644 ChangeLog.d/license.txt diff --git a/ChangeLog b/ChangeLog index 85f3665c2..f0dc08c8d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 3.5.1 branch released 2023-11-06 + +Changes + * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later + license. Users may choose which license they take the code under. + = Mbed TLS 3.5.0 branch released 2023-10-05 API changes diff --git a/ChangeLog.d/license.txt b/ChangeLog.d/license.txt deleted file mode 100644 index 0b6bb1f02..000000000 --- a/ChangeLog.d/license.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later - license. Users may choose which license they take the code under. From b63134a9103a77c1a7f835a6a6871bcc21fc2d76 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 6 Oct 2023 11:48:44 +0100 Subject: [PATCH 187/430] Fix 3rdparty target names for custom config Use the correct names qualified by MBEDTLS_TARGET_PREFIX. Signed-off-by: David Horstmann --- 3rdparty/everest/CMakeLists.txt | 4 ++-- 3rdparty/p256-m/CMakeLists.txt | 4 ++-- ChangeLog.d/fix-3rdparty-target-prefix.txt | 3 +++ 3 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/fix-3rdparty-target-prefix.txt diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index eefc15151..e0e5adecd 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -18,11 +18,11 @@ target_include_directories(${everest_target} # everest is not directly linked against any mbedtls targets # so does not inherit the compile definitions. if(MBEDTLS_CONFIG_FILE) - target_compile_definitions(everest + target_compile_definitions(${everest_target} PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") endif() if(MBEDTLS_USER_CONFIG_FILE) - target_compile_definitions(everest + target_compile_definitions(${everest_target} PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") endif() diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt index 41be3c4a3..2ef0d48b7 100644 --- a/3rdparty/p256-m/CMakeLists.txt +++ b/3rdparty/p256-m/CMakeLists.txt @@ -16,11 +16,11 @@ target_include_directories(${p256m_target} # p256m is not directly linked against any mbedtls targets # so does not inherit the compile definitions. if(MBEDTLS_CONFIG_FILE) - target_compile_definitions(p256m + target_compile_definitions(${p256m_target} PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") endif() if(MBEDTLS_USER_CONFIG_FILE) - target_compile_definitions(p256m + target_compile_definitions(${p256m_target} PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") endif() diff --git a/ChangeLog.d/fix-3rdparty-target-prefix.txt b/ChangeLog.d/fix-3rdparty-target-prefix.txt new file mode 100644 index 000000000..db8ed07ee --- /dev/null +++ b/ChangeLog.d/fix-3rdparty-target-prefix.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules + in CMake. From c0e1f3e88ecbde086c8fa5a07517d0aa02879dfd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 11:08:05 +0000 Subject: [PATCH 188/430] Fix typos in changelog Signed-off-by: Dave Rodgman --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index f0dc08c8d..3e3dc1086 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,8 +11,8 @@ Changes API changes * Mbed TLS 3.4 introduced support for omitting the built-in implementation of ECDSA and/or EC J-PAKE when those are provided by a driver. However, - their was a flaw in the logic checking if the built-in implementation, in - that if failed to check if all the relevant curves were supported by the + there was a flaw in the logic checking if the built-in implementation, in + that it failed to check if all the relevant curves were supported by the accelerator. As a result, it was possible to declare no curves as accelerated and still have the built-in implementation compiled out. Starting with this release, it is necessary to declare which curves are From bb5a18344a5e4d4ff2293ff476c1f7b50c4556c1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 12:31:29 +0000 Subject: [PATCH 189/430] Bump version ./scripts/bump_version.sh --version 3.5.1 --so-crypto 15 --so-x509 6 --so-tls 20 Signed-off-by: Dave Rodgman --- CMakeLists.txt | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/build_info.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3c93b15c6..87a41d75c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -377,7 +377,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 3.5.0) + VERSION 3.5.1) install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index f465a454b..c391c59ce 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v3.5.0 API Documentation + * @mainpage Mbed TLS v3.5.1 API Documentation * * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 98b2d7973..89048f221 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v3.5.0" +PROJECT_NAME = "Mbed TLS v3.5.1" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 9b2b27255..c4fab1205 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -26,16 +26,16 @@ */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 5 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03050000 -#define MBEDTLS_VERSION_STRING "3.5.0" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.0" +#define MBEDTLS_VERSION_NUMBER 0x03050100 +#define MBEDTLS_VERSION_STRING "3.5.1" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.1" /* Macros for build-time platform detection */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6a4ce51b4..eeda06aee 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -296,7 +296,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) - set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.0 SOVERSION 15) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.1 SOVERSION 15) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) if(TARGET ${everest_target}) @@ -308,11 +308,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif() add_library(${mbedx509_target} SHARED ${src_x509}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.0 SOVERSION 6) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.1 SOVERSION 6) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.0 SOVERSION 20) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.1 SOVERSION 20) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 11c41b0d0..faa31662a 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compile time library version -check_compiletime_version:"3.5.0" +check_compiletime_version:"3.5.1" Check runtime library version -check_runtime_version:"3.5.0" +check_runtime_version:"3.5.1" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From be8b02b65cc0c72a51dbefb80a2d1f49b4debf87 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 14:08:38 +0000 Subject: [PATCH 190/430] Remove not-needed sentence Signed-off-by: Dave Rodgman --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 261f745ba..d793434ce 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -86,7 +86,7 @@ License and Copyright Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under. -Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 or GPL-2.0-or-later licenses. +Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later". From 990030bce0b2e91088c0dd74aed59b82533b3b0f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 13:55:00 +0100 Subject: [PATCH 191/430] Sort imports Signed-off-by: Gilles Peskine --- tests/scripts/check_files.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 68871efe4..31edf8b61 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -10,10 +10,10 @@ trailing whitespace, and presence of UTF-8 BOM. Note: requires python 3, must be run from Mbed TLS root. """ -import os import argparse -import logging import codecs +import logging +import os import re import subprocess import sys From f2fb9f667c42244415911609d623df1270b38813 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 14:13:55 +0100 Subject: [PATCH 192/430] Check copyright statements and SPDX license identifier Enforce a specific copyright statement and a specific SPDX license identifier where they are present. Binary files, third-party modules and a few other exceptions are not checked. There is currently no check that copyright statements and license identifiers are present. Signed-off-by: Gilles Peskine --- tests/scripts/check_files.py | 80 ++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 31edf8b61..554ed4797 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -12,6 +12,7 @@ Note: requires python 3, must be run from Mbed TLS root. import argparse import codecs +import inspect import logging import os import re @@ -345,6 +346,84 @@ class MergeArtifactIssueTracker(LineIssueTracker): return False +THIS_FILE_BASE_NAME = \ + os.path.basename(inspect.getframeinfo(inspect.currentframe()).filename) +LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER = \ + inspect.getframeinfo(inspect.currentframe()).lineno +class LicenseIssueTracker(LineIssueTracker): + """Check copyright statements and license indications. + + This class only checks that statements are correct if present. It does + not enforce the presence of statements in each file. + """ + + heading = "License issue:" + + LICENSE_EXEMPTION_RE_LIST = [ + # Third-party code, other than whitelisted third-party modules, + # may be under a different license. + r'3rdparty/(?!(p256-m)/.*)', + # Documentation explaining the license may have accidental + # false positives. + r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z', + # Files imported from TF-M, and not used except in test builds, + # may be under a different license. + r'configs/crypto_config_profile_medium\.h\Z', + r'configs/tfm_mbedcrypto_config_profile_medium\.h\Z', + # Third-party file. + r'dco\.txt\Z', + ] + path_exemptions = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST + + LICENSE_EXEMPTION_RE_LIST)) + + COPYRIGHT_HOLDER = rb'The Mbed TLS Contributors' + # Catch "Copyright foo", "Copyright (C) foo", "Copyright © foo", etc. + COPYRIGHT_RE = re.compile(rb'.*\bcopyright\s+((?:\w|\s|[()]|[^ -~])*\w)', re.I) + + SPDX_HEADER_KEY = b'SPDX-License-Identifier' + LICENSE_IDENTIFIER = b'Apache-2.0 OR GPL-2.0-or-later' + SPDX_RE = re.compile(br'.*?(' + + re.escape(SPDX_HEADER_KEY) + + br')(:\s*(.*?)\W*\Z|.*)', re.I) + + def __init__(self): + super().__init__() + # Record what problem was caused. We can't easily report it due to + # the structure of the script. To be fixed after + # https://github.com/Mbed-TLS/mbedtls/pull/2506 + self.problem = None + + def issue_with_line(self, line, filepath, line_number): + # Use endswith() rather than the more correct os.path.basename() + # because experimentally, it makes a significant difference to + # the running time. + if filepath.endswith(THIS_FILE_BASE_NAME) and \ + line_number > LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER: + # Avoid false positives from the code in this class. + # Also skip the rest of this file, which is highly unlikely to + # contain any problematic statements since we put those near the + # top of files. + return False + + m = self.COPYRIGHT_RE.match(line) + if m and m.group(1) != self.COPYRIGHT_HOLDER: + self.problem = 'Invalid copyright line' + return True + + m = self.SPDX_RE.match(line) + if m: + if m.group(1) != self.SPDX_HEADER_KEY: + self.problem = 'Misspelled ' + self.SPDX_HEADER_KEY.decode() + return True + if not m.group(3): + self.problem = 'Improperly formatted SPDX license identifier' + return True + if m.group(3) != self.LICENSE_IDENTIFIER: + self.problem = 'Wrong SPDX license identifier' + return True + return False + + class IntegrityChecker: """Sanity-check files under the current directory.""" @@ -365,6 +444,7 @@ class IntegrityChecker: TrailingWhitespaceIssueTracker(), TabIssueTracker(), MergeArtifactIssueTracker(), + LicenseIssueTracker(), ] def setup_logger(self, log_file, level=logging.INFO): From 3b9facd8ac44f1c03b698a2e5ebdcc5d71ff6aa4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 14:35:28 +0100 Subject: [PATCH 193/430] Also complain if licenses are mentioned Signed-off-by: Gilles Peskine --- tests/scripts/check_files.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 554ed4797..3eb60d724 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -386,6 +386,11 @@ class LicenseIssueTracker(LineIssueTracker): re.escape(SPDX_HEADER_KEY) + br')(:\s*(.*?)\W*\Z|.*)', re.I) + LICENSE_MENTION_RE = re.compile(rb'.*(?:' + rb'|'.join([ + rb'Apache License', + rb'General Public License', + ]) + rb')', re.I) + def __init__(self): super().__init__() # Record what problem was caused. We can't easily report it due to @@ -394,6 +399,8 @@ class LicenseIssueTracker(LineIssueTracker): self.problem = None def issue_with_line(self, line, filepath, line_number): + #pylint: disable=too-many-return-statements + # Use endswith() rather than the more correct os.path.basename() # because experimentally, it makes a significant difference to # the running time. @@ -421,6 +428,12 @@ class LicenseIssueTracker(LineIssueTracker): if m.group(3) != self.LICENSE_IDENTIFIER: self.problem = 'Wrong SPDX license identifier' return True + + m = self.LICENSE_MENTION_RE.match(line) + if m: + self.problem = 'Suspicious license mention' + return True + return False From ce78200fb5d1698ae09e540783007a1397b6fcbd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 14:49:12 +0100 Subject: [PATCH 194/430] Pacify mypy Signed-off-by: Gilles Peskine --- tests/scripts/check_files.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 3eb60d724..a2a9dfa8d 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -346,10 +346,13 @@ class MergeArtifactIssueTracker(LineIssueTracker): return False -THIS_FILE_BASE_NAME = \ - os.path.basename(inspect.getframeinfo(inspect.currentframe()).filename) -LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER = \ - inspect.getframeinfo(inspect.currentframe()).lineno +def this_location(): + frame = inspect.currentframe() + assert frame is not None + info = inspect.getframeinfo(frame) + return os.path.basename(info.filename), info.lineno +THIS_FILE_BASE_NAME, LINE_NUMBER_BEFORE_LICENSE_ISSUE_TRACKER = this_location() + class LicenseIssueTracker(LineIssueTracker): """Check copyright statements and license indications. From be0890856472517b58bd6a3ea6dbb2ef9fe9113b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 14:06:30 +0800 Subject: [PATCH 195/430] config.py: exclude MBEDTLS_BLOCK_CIPHER_NO_DECRYPT from full Signed-off-by: Yanray Wang --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index 17fbe653a..b1ace279b 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -191,6 +191,7 @@ EXCLUDE_FROM_FULL = frozenset([ #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with DES/CBC/XTS/NIST_KW 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options From f24bbd987a62ce445e48f3178f1ba27e9ce1df55 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 14:47:14 +0800 Subject: [PATCH 196/430] dh_client.c: modify prompt message Signed-off-by: Yanray Wang --- programs/pkey/dh_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 0d4172bb1..08eb549b3 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -60,7 +60,7 @@ int main(void) #elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) int main(void) { - mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT implicitly defined.\n"); + mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n"); mbedtls_exit(0); } #else From de0e2599ad8a2ba5c8c4c64a5ef4b12de591347b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 15:44:27 +0800 Subject: [PATCH 197/430] cipher_wrap.c: remove unnecessary NO_DECRYPT guard for DES Signed-off-by: Yanray Wang --- library/cipher_wrap.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index b44ca9c3b..a21e37023 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -1625,7 +1625,6 @@ static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t } #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1633,7 +1632,6 @@ static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key); } -#endif static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1643,7 +1641,6 @@ static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1651,7 +1648,6 @@ static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key); } -#endif static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1661,7 +1657,6 @@ static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) { @@ -1669,7 +1664,6 @@ static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key); } -#endif static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key, unsigned int key_bitlen) @@ -1740,9 +1734,7 @@ static const mbedtls_cipher_base_t des_info = { NULL, #endif des_setkey_enc_wrap, -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des_setkey_dec_wrap, -#endif des_ctx_alloc, des_ctx_free }; @@ -1793,9 +1785,7 @@ static const mbedtls_cipher_base_t des_ede_info = { NULL, #endif des3_set2key_enc_wrap, -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set2key_dec_wrap, -#endif des3_ctx_alloc, des3_ctx_free }; @@ -1846,9 +1836,7 @@ static const mbedtls_cipher_base_t des_ede3_info = { NULL, #endif des3_set3key_enc_wrap, -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) des3_set3key_dec_wrap, -#endif des3_ctx_alloc, des3_ctx_free }; From f1496400210f56944ab07b368f484009a28674ee Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 18:55:13 +0800 Subject: [PATCH 198/430] all.sh: add components to test BLOCK_CIPHER_NO_DECRYPT with PSA Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 135 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 133 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4daae6c41..fe3332c9d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4488,7 +4488,7 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } -component_test_block_cipher_no_decrypt_aesni () { +component_test_block_cipher_no_decrypt_aesni_legacy () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC @@ -4554,7 +4554,7 @@ component_test_block_cipher_no_decrypt_aesni () { programs/test/selftest } -component_test_block_cipher_no_decrypt_aesni_m32 () { +component_test_block_cipher_no_decrypt_aesni_use_psa () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC @@ -4562,6 +4562,137 @@ component_test_block_cipher_no_decrypt_aesni_m32 () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + + # test AESNI intrinsics + scripts/config.py set MBEDTLS_AESNI_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" + make clean + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" + programs/test/selftest + + # test AESNI assembly + scripts/config.py set MBEDTLS_AESNI_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" + make clean + make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" + programs/test/selftest + + # test AES C implementation + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" + scripts/config.py unset MBEDTLS_AESNI_C + make clean + make CC=gcc CFLAGS='-Werror -Wall -Wextra' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" + programs/test/selftest +} + +component_test_block_cipher_no_decrypt_aesni_m32_legacy () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C + scripts/config.py unset MBEDTLS_NIST_KW_C + + # test AESNI intrinsics for i386 with VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py set MBEDTLS_PADLOCK_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" + programs/test/selftest + + # test AESNI intrinsics for i386 without VIA PADLOCK + scripts/config.py set MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_PADLOCK_C + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" + make clean + make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" + programs/test/selftest +} + +component_test_block_cipher_no_decrypt_aesni_m32_use_psa () { + # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C + scripts/config.py unset MBEDTLS_NIST_KW_C + + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + # test AESNI intrinsics for i386 with VIA PADLOCK scripts/config.py set MBEDTLS_AESNI_C scripts/config.py set MBEDTLS_PADLOCK_C From 956aa00202d95540733898db96e44bc0dfa38a73 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 1 Nov 2023 19:15:16 +0800 Subject: [PATCH 199/430] check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with PSA Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 436ca0592..0abe8ae66 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -192,6 +192,16 @@ cannot be defined simultaneously" #endif +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ + defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ + (defined(PSA_WANT_ALG_CBC_NO_PADDING) || \ + defined(PSA_WANT_ALG_CBC_PKCS7) || \ + defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ + defined(PSA_WANT_KEY_TYPE_DES)) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, MBEDTLS_PSA_CRYPTO_CONFIG and \ +PSA_WANT_ALG_CBC_NO_PADDING/PSA_WANT_ALG_CBC_PKCS7/PSA_WANT_ALG_ECB_NO_PADDING/PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif From 0d76b6ef761b4bf7bc2286d262d46f5aa8c5885f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 2 Nov 2023 11:54:39 +0800 Subject: [PATCH 200/430] Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is still requested in some incompatible modes, we return an error of FEATURE_UNAVAILABLE as additional indication. Signed-off-by: Yanray Wang --- include/mbedtls/aes.h | 2 ++ library/aes.c | 7 ++++--- library/aesce.c | 9 ++++----- library/aesni.c | 19 +++++++++---------- library/cipher.c | 21 +++++++++++++++++---- library/psa_crypto.c | 1 + 6 files changed, 37 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c53f817c1..c43134d45 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -60,6 +60,8 @@ /* Error codes in range 0x0021-0x0025 */ /** Invalid input data. */ #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 +/** The requested feature is not available. */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 #ifdef __cplusplus extern "C" { diff --git a/library/aes.c b/library/aes.c index 940ea0296..29a193e70 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1061,15 +1061,16 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { return mbedtls_internal_aes_encrypt(ctx, input, output); } else { +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) return mbedtls_internal_aes_decrypt(ctx, input, output); - } #else - return mbedtls_internal_aes_encrypt(ctx, input, output); + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; #endif + } + return mbedtls_internal_aes_encrypt(ctx, input, output); #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } diff --git a/library/aesce.c b/library/aesce.c index 79c02e367..5883e6a83 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -244,16 +244,15 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { block = aesce_encrypt_block(block, keys, ctx->nr); } else { +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) block = aesce_decrypt_block(block, keys, ctx->nr); - } #else - (void) mode; - block = aesce_encrypt_block(block, keys, ctx->nr); -#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; +#endif + } vst1q_u8(&output[0], block); return 0; diff --git a/library/aesni.c b/library/aesni.c index 0c509acc0..6c917daec 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,7 +93,6 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; -#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_ENCRYPT) { while (nr != 0) { state = _mm_aesenc_si128(state, *rk); @@ -102,23 +101,17 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, } state = _mm_aesenclast_si128(state, *rk); } else { +#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) while (nr != 0) { state = _mm_aesdec_si128(state, *rk); ++rk; --nr; } state = _mm_aesdeclast_si128(state, *rk); - } #else - (void) mode; - while (nr != 0) { - - state = _mm_aesenc_si128(state, *rk); - ++rk; - --nr; + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; +#endif } - state = _mm_aesenclast_si128(state, *rk); -#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ memcpy(output, &state, 16); return 0; @@ -452,6 +445,12 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) { +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { + return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + } +#endif + asm ("movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 diff --git a/library/cipher.c b/library/cipher.c index 60c13a9f7..de55efa78 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -319,6 +319,17 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, if (ctx->cipher_info == NULL) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + /* CBC, XTS, KW and KWP mode always need decryption, return an error to + * indicate those modes are not available under + * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT. */ + if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || + MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || + MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || + MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } +#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) if (ctx->psa_enabled == 1) { @@ -402,12 +413,14 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key, ctx->key_bitlen); } +#else + if (operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT) { + return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, + ctx->key_bitlen); + } +#endif return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; -#else - return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, - ctx->key_bitlen); -#endif } int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1faf1dd6c..2ada2eb72 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -157,6 +157,7 @@ psa_status_t mbedtls_to_psa_error(int ret) #if defined(MBEDTLS_AES_C) case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: + case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; case MBEDTLS_ERR_AES_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; From 53479573a053323f4217b58d8594e4e680d077e2 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 2 Nov 2023 13:41:11 +0800 Subject: [PATCH 201/430] ChangeLog: rewrite ChangeLog for block-cipher-no-decrypt Signed-off-by: Yanray Wang --- ChangeLog.d/add-block-cipher-no-decrypt.txt | 6 ++++++ ChangeLog.d/add-cipher-encrypt-only.txt | 7 ------- 2 files changed, 6 insertions(+), 7 deletions(-) create mode 100644 ChangeLog.d/add-block-cipher-no-decrypt.txt delete mode 100644 ChangeLog.d/add-cipher-encrypt-only.txt diff --git a/ChangeLog.d/add-block-cipher-no-decrypt.txt b/ChangeLog.d/add-block-cipher-no-decrypt.txt new file mode 100644 index 000000000..755eda35a --- /dev/null +++ b/ChangeLog.d/add-block-cipher-no-decrypt.txt @@ -0,0 +1,6 @@ +Features + * Add support to remove decryption operation for cipher type of AES, ARIA + and CAMELLIA. A new configuration option, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + can be used to enable this feature. + Note that this configuration option is incompatible with MBEDTLS_DES_C, + MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and MBEDTLS_NIST_KW_C. diff --git a/ChangeLog.d/add-cipher-encrypt-only.txt b/ChangeLog.d/add-cipher-encrypt-only.txt deleted file mode 100644 index d56c08da3..000000000 --- a/ChangeLog.d/add-cipher-encrypt-only.txt +++ /dev/null @@ -1,7 +0,0 @@ -Features - * Add support to remove xxx_setkey_dec and xxx_decrypt for cipher type of - AES, ARIA, CAMELLIA and DES. This is achieved by implicitly enabling - MBEDTLS_BLOCK_CIPHER_NO_DECRYPT when - - ECB and CBC cipher modes are not requested via the PSA API. - - ECB, CBC, XTS and KW are not enabled in the legacy API. - - DES is not requested in the PSA API and the legacy API. From 50d07bdeece8450ab7204a03196dcc4bbf6e4d26 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 6 Nov 2023 10:49:01 +0800 Subject: [PATCH 202/430] Add test-suite parameter to filter tests Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e8e2a165..098d17261 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -113,6 +113,7 @@ EXCLUDE='^$' SHOW_TEST_NUMBER=0 LIST_TESTS=0 RUN_TEST_NUMBER='' +RUN_TEST_SUITE='' PRESERVE_LOGS=0 @@ -137,6 +138,8 @@ print_usage() { printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" printf " --seed \tInteger seed value to use for this test run\n" + printf " --test-suite\tOnly matching test suites are executed\n" + printf " \t(comma-separated, e.g. 'ssl-opt,tls13-compat')\n\n" } get_options() { @@ -175,6 +178,9 @@ get_options() { --seed) shift; SEED="$1" ;; + --test-suite) + shift; RUN_TEST_SUITE="$1" + ;; -h|--help) print_usage exit 0 @@ -1590,6 +1596,13 @@ run_test() { return fi + # Use ssl-opt as default test suite name. Also see record_outcome function + if is_excluded_test_suite "${TEST_SUITE_NAME:-ssl-opt}"; then + # Do not skip next test and skip current test. + SKIP_NEXT="NO" + return + fi + print_name "$NAME" # Do we only run numbered tests? @@ -1837,6 +1850,21 @@ else } fi +# Filter tests according to TEST_SUITE_NAME +is_excluded_test_suite () { + if [ -n "$RUN_TEST_SUITE" ] + then + case ",$RUN_TEST_SUITE," in + *",$1,"*) false;; + *) true;; + esac + else + false + fi + +} + + if [ "$LIST_TESTS" -eq 0 ];then # sanity checks, avoid an avalanche of errors From 9e47b268c47b9822108760b66076c30916f3322a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 6 Nov 2023 10:52:01 +0800 Subject: [PATCH 203/430] Revert "ssl-opt.sh: Make record_outcome record the ssl-opt.sh file only" This reverts commit cfe68a0cb6f5ba882c6528034a161d7ff45d0ce9. As commit 5eb2b02862, this line is used to report test suite name. Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 098d17261..9c317d1fc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -889,7 +889,7 @@ record_outcome() { if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then printf '%s;%s;%s;%s;%s;%s\n' \ "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ - "ssl-opt" "$NAME" \ + "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \ "$1" "${2-}" \ >>"$MBEDTLS_TEST_OUTCOME_FILE" fi From bc29aefdea79712c94a13133a734955fbbfda192 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 6 Nov 2023 11:08:17 +0800 Subject: [PATCH 204/430] all.sh: test BLOCK_CIPHER_NO_DECRYPT in build_aes_variations Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fe3332c9d..d24ad9d10 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4011,6 +4011,7 @@ component_build_aes_variations() { # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. + MBEDTLS_ROOT_DIR="$PWD" msg "build: aes.o for all combinations of relevant config options" build_test_config_combos library/aes.o validate_aes_config_variations \ @@ -4018,6 +4019,24 @@ component_build_aes_variations() { "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" + + cd "$MBEDTLS_ROOT_DIR" + msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" + + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with CBC/XTS/DES/NIST_KW, + # manually set or unset those configurations to check + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. + + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS + scripts/config.py unset MBEDTLS_DES_C + scripts/config.py unset MBEDTLS_NIST_KW_C + build_test_config_combos library/aes.o validate_aes_config_variations \ + "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ + "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" } component_test_no_platform () { From 2ef7c3077551d3db0c0121d59c4005fc5f5239b8 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 6 Nov 2023 11:47:15 +0000 Subject: [PATCH 205/430] Update BRANCHES Signed-off-by: Dave Rodgman --- BRANCHES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BRANCHES.md b/BRANCHES.md index d3bd75eff..c085b1616 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) maintained until at least the end of 2024, see - . + . Users are urged to always use the latest version of a maintained branch. From 33406b645dea9a10a8ebf08e98b1c5d8face1b98 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 18:48:39 +0100 Subject: [PATCH 206/430] Add a metatest program This program can be used to validate that things that should be detected as test failures are indeed caught, either by setting the test result to MBEDTLS_TEST_RESULT_FAILED or by aborting the program. Signed-off-by: Gilles Peskine --- programs/.gitignore | 1 + programs/Makefile | 5 +++ programs/test/CMakeLists.txt | 1 + programs/test/metatest.c | 81 ++++++++++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 programs/test/metatest.c diff --git a/programs/.gitignore b/programs/.gitignore index a641c31c4..2826a18a4 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -56,6 +56,7 @@ test/cpp_dummy_build test/cpp_dummy_build.cpp test/dlopen test/ecp-bench +test/metatest test/query_compile_time_config test/query_included_headers test/selftest diff --git a/programs/Makefile b/programs/Makefile index 116883b83..7b538da4b 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -123,6 +123,7 @@ APPS = \ ssl/ssl_server \ ssl/ssl_server2 \ test/benchmark \ + test/metatest \ test/query_compile_time_config \ test/query_included_headers \ test/selftest \ @@ -413,6 +414,10 @@ test/dlopen$(EXEXT): test/dlopen.c $(DEP) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@ endif +test/metatest$(EXEXT): test/metatest.c $(DEP) + echo " CC test/metatest.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test/query_config.o: test/query_config.c test/query_config.h $(DEP) echo " CC test/query_config.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index a75f8d923..8469d064d 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -3,6 +3,7 @@ set(libs ) set(executables_libs + metatest query_included_headers selftest udp_proxy diff --git a/programs/test/metatest.c b/programs/test/metatest.c new file mode 100644 index 000000000..f03e5e703 --- /dev/null +++ b/programs/test/metatest.c @@ -0,0 +1,81 @@ +/** \file metatest.c + * + * \brief Test features of the test framework. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#include +#include "test/helpers.h" + +#include +#include + + +/****************************************************************/ +/* Command line entry point */ +/****************************************************************/ + +typedef struct { + const char *name; + const char *platform; + void (*entry_point)(const char *name); +} metatest_t; + +metatest_t metatests[] = { + { NULL, NULL, NULL } +}; + +static void help(FILE *out, const char *argv0) +{ + mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0); + mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n"); + mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n"); +} + +int main(int argc, char *argv[]) +{ + const char *argv0 = argc > 0 ? argv[0] : "metatest"; + if (argc != 2) { + help(stderr, argv0); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); + } + + /* Support "-help", "--help", "--list", etc. */ + const char *command = argv[1]; + while (*command == '-') { + ++command; + } + + if (strcmp(argv[1], "help") == 0) { + help(stdout, argv0); + mbedtls_exit(MBEDTLS_EXIT_SUCCESS); + } + if (strcmp(argv[1], "list") == 0) { + for (const metatest_t *p = metatests; p->name != NULL; p++) { + mbedtls_printf("%s %s\n", p->name, p->platform); + } + mbedtls_exit(MBEDTLS_EXIT_SUCCESS); + } + + for (const metatest_t *p = metatests; p->name != NULL; p++) { + if (strcmp(argv[1], p->name) == 0) { + mbedtls_printf("Running metatest %s...\n", argv[1]); + p->entry_point(argv[1]); + mbedtls_printf("Running metatest %s... done, result=%d\n", + argv[1], (int) mbedtls_test_info.result); + mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ? + MBEDTLS_EXIT_SUCCESS : + MBEDTLS_EXIT_FAILURE); + } + } + + mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n", + argv0, command); + mbedtls_exit(MBEDTLS_EXIT_FAILURE); +} From f309fbf0d5c6da465ecda4b1ce563d0c59dc5534 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 18:49:52 +0100 Subject: [PATCH 207/430] Validate that test_fail causes a test failure Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index f03e5e703..fab3b1f53 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -17,6 +17,17 @@ #include +/****************************************************************/ +/* Test framework features */ +/****************************************************************/ + +void meta_test_fail(const char *name) +{ + (void) name; + mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); +} + + /****************************************************************/ /* Command line entry point */ /****************************************************************/ @@ -28,6 +39,7 @@ typedef struct { } metatest_t; metatest_t metatests[] = { + { "test_fail", "any", meta_test_fail }, { NULL, NULL, NULL } }; From 80ba832be6a1c909aecf031f42a8b0a53cef9089 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 19:23:26 +0100 Subject: [PATCH 208/430] Metatests for null pointer dereference Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index fab3b1f53..ba3ec9443 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -28,6 +28,29 @@ void meta_test_fail(const char *name) } +/****************************************************************/ +/* Platform features */ +/****************************************************************/ + +void null_pointer_dereference(const char *name) +{ + (void) name; + char *p; + memset(&p, 0, sizeof(p)); + volatile char c; + c = *p; + (void) c; +} + +void null_pointer_call(const char *name) +{ + (void) name; + void (*p)(void); + memset(&p, 0, sizeof(p)); + p(); +} + + /****************************************************************/ /* Command line entry point */ /****************************************************************/ @@ -40,6 +63,8 @@ typedef struct { metatest_t metatests[] = { { "test_fail", "any", meta_test_fail }, + { "null_dereference", "any", null_pointer_dereference }, + { "null_call", "any", null_pointer_call }, { NULL, NULL, NULL } }; From f109664448dc71c134521f2b3aa317c05908bc78 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 19:23:41 +0100 Subject: [PATCH 209/430] Script to run all the metatests (with platform filtering) Signed-off-by: Gilles Peskine --- tests/scripts/run-metatests.sh | 81 ++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100755 tests/scripts/run-metatests.sh diff --git a/tests/scripts/run-metatests.sh b/tests/scripts/run-metatests.sh new file mode 100755 index 000000000..182bf0410 --- /dev/null +++ b/tests/scripts/run-metatests.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +help () { + cat <&2 "$0: FATAL: programs/test/metatest not found" + exit 120 +fi + +LIST_ONLY= +while getopts hl OPTLET; do + case $OPTLET in + h) help; exit;; + l) LIST_ONLY=1;; + \?) help >&2; exit 120;; + esac +done +shift $((OPTIND - 1)) + +list_matches () { + while read name platform junk; do + for pattern; do + case $platform in + $pattern) echo "$name"; break;; + esac + done + done +} + +count=0 +errors=0 +run_metatest () { + ret=0 + "$METATEST_PROGRAM" "$1" || ret=$? + if [ $ret -eq 0 ]; then + echo >&2 "$0: Unexpected success: $1" + errors=$((errors + 1)) + fi + count=$((count + 1)) +} + +# Don't pipe the output of metatest so that if it fails, this script exits +# immediately with a failure status. +full_list=$("$METATEST_PROGRAM" list) +matching_list=$(printf '%s\n' "$full_list" | list_matches "$@") + +if [ -n "$LIST_ONLY" ]; then + printf '%s\n' $matching_list + exit +fi + +for name in $matching_list; do + run_metatest "$name" +done + +if [ $errors -eq 0 ]; then + echo "Ran $count metatests, all good." + exit 0 +else + echo "Ran $count metatests, $errors unexpected successes." + exit 1 +fi From b0f0a64de058950127396e52ff3a58581feca0e8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 19:42:13 +0100 Subject: [PATCH 210/430] Metatests for basic Asan and Msan features Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 48 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index ba3ec9443..91a1e2a7d 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -51,6 +51,50 @@ void null_pointer_call(const char *name) } +/****************************************************************/ +/* Sanitizers */ +/****************************************************************/ + +void read_after_free(const char *name) +{ + (void) name; + volatile char *p = mbedtls_calloc(1, 1); + *p = 'a'; + mbedtls_free((void *) p); + mbedtls_printf("%u\n", (unsigned) *p); +} + +void double_free(const char *name) +{ + (void) name; + volatile char *p = mbedtls_calloc(1, 1); + *p = 'a'; + mbedtls_free((void *) p); + mbedtls_free((void *) p); +} + +void read_uninitialized_stack(const char *name) +{ + (void) name; + volatile char buf[1]; + static int false_but_the_compiler_does_not_know = 0; + if (false_but_the_compiler_does_not_know) { + buf[0] = '!'; + } + if (*buf != 0) { + mbedtls_printf("%u\n", (unsigned) *buf); + } +} + +void memory_leak(const char *name) +{ + (void) name; + volatile char *p = mbedtls_calloc(1, 1); + /* Hint to the compiler that calloc must not be optimized away. */ + (void) *p; +} + + /****************************************************************/ /* Command line entry point */ /****************************************************************/ @@ -65,6 +109,10 @@ metatest_t metatests[] = { { "test_fail", "any", meta_test_fail }, { "null_dereference", "any", null_pointer_dereference }, { "null_call", "any", null_pointer_call }, + { "read_after_free", "asan", read_after_free }, + { "double_free", "asan", double_free }, + { "read_uninitialized_stack", "msan", read_uninitialized_stack }, + { "memory_leak", "asan", memory_leak }, { NULL, NULL, NULL } }; From 69e8db036639ab2293501676c7f4f5d1ac7df536 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 19:52:32 +0100 Subject: [PATCH 211/430] Strengthen against Clang optimizations Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 91a1e2a7d..eb3bb76af 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -11,12 +11,21 @@ #define MBEDTLS_ALLOW_PRIVATE_ACCESS #include +#include #include "test/helpers.h" #include #include +/* This is an external variable, so the compiler doesn't know that we're never + * changing its value. + * + * TODO: LTO (link-time-optimization) would defeat this. + */ +int false_but_the_compiler_does_not_know = 0; + + /****************************************************************/ /* Test framework features */ /****************************************************************/ @@ -35,19 +44,17 @@ void meta_test_fail(const char *name) void null_pointer_dereference(const char *name) { (void) name; - char *p; - memset(&p, 0, sizeof(p)); - volatile char c; - c = *p; - (void) c; + volatile char *p; + mbedtls_platform_zeroize(&p, sizeof(p)); + mbedtls_printf("%p -> %u\n", p, (unsigned) *p); } void null_pointer_call(const char *name) { (void) name; - void (*p)(void); - memset(&p, 0, sizeof(p)); - p(); + unsigned (*p)(void); + mbedtls_platform_zeroize(&p, sizeof(p)); + mbedtls_printf("%p() -> %u\n", p, p()); } @@ -77,7 +84,6 @@ void read_uninitialized_stack(const char *name) { (void) name; volatile char buf[1]; - static int false_but_the_compiler_does_not_know = 0; if (false_but_the_compiler_does_not_know) { buf[0] = '!'; } From 6848d1709baf6f63c1901dbab3e8af2dde1c2167 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 19:58:03 +0100 Subject: [PATCH 212/430] Run metatests in selected components Run metatests in some components, covering both GCC and Clang, with ASan, MSan or neither. Note that this commit does not cover constant-flow testing builds or Valgrind. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 086677a60..5f5d2fd23 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1065,6 +1065,9 @@ component_test_default_cmake_gcc_asan () { msg "test: selftest (ASan build)" # ~ 10s programs/test/selftest + msg "test: metatests (GCC, ASan build)" + tests/scripts/run-metatests.sh any asan + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min tests/ssl-opt.sh @@ -1830,6 +1833,9 @@ component_test_everest () { msg "test: Everest ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s make test + msg "test: metatests (clang, ASan)" + tests/scripts/run-metatests.sh any asan + msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s tests/ssl-opt.sh -f ECDH @@ -1918,6 +1924,9 @@ component_test_full_cmake_clang () { msg "test: cpp_dummy_build (full config, clang)" # ~ 1s programs/test/cpp_dummy_build + msg "test: metatests (clang)" + tests/scripts/run-metatests.sh any + msg "program demos (full config, clang)" # ~10s tests/scripts/run_demos.py @@ -5403,6 +5412,9 @@ component_test_memsan () { msg "test: main suites (MSan)" # ~ 10s make test + msg "test: metatests (MSan)" + tests/scripts/run-metatests.sh any msan + msg "program demos (MSan)" # ~20s tests/scripts/run_demos.py From 6aa9f321246519690ec4c50fe04a2b256376c84a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 21:31:07 +0100 Subject: [PATCH 213/430] Use casts when doing nonstandard pointer conversions Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index eb3bb76af..36119f68d 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -45,7 +45,7 @@ void null_pointer_dereference(const char *name) { (void) name; volatile char *p; - mbedtls_platform_zeroize(&p, sizeof(p)); + mbedtls_platform_zeroize((void *) &p, sizeof(p)); mbedtls_printf("%p -> %u\n", p, (unsigned) *p); } @@ -54,7 +54,7 @@ void null_pointer_call(const char *name) (void) name; unsigned (*p)(void); mbedtls_platform_zeroize(&p, sizeof(p)); - mbedtls_printf("%p() -> %u\n", p, p()); + mbedtls_printf("%p() -> %u\n", (void *) p, p()); } From ee8109541a433d01add3be695e78653898c24e08 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Nov 2023 22:32:50 +0100 Subject: [PATCH 214/430] Don't cast a function pointer to a data pointer That's nonstandard. Instead, convert to an integer. Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 36119f68d..872dbf0f8 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -54,7 +54,7 @@ void null_pointer_call(const char *name) (void) name; unsigned (*p)(void); mbedtls_platform_zeroize(&p, sizeof(p)); - mbedtls_printf("%p() -> %u\n", (void *) p, p()); + mbedtls_printf("%llx() -> %u\n", (unsigned long long) p, p()); } From a1dfa14c066962ac5f8780e2e4fdbc97a9acad72 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 10:31:56 +0100 Subject: [PATCH 215/430] Fix cast from pointer to integer of different size Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 872dbf0f8..1a638b595 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -54,7 +54,7 @@ void null_pointer_call(const char *name) (void) name; unsigned (*p)(void); mbedtls_platform_zeroize(&p, sizeof(p)); - mbedtls_printf("%llx() -> %u\n", (unsigned long long) p, p()); + mbedtls_printf("%llx() -> %u\n", (unsigned long long) (uintptr_t) p, p()); } From f0d5cf9a0c7fe8742b3a8ddaf26d4e00a5a564c3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 10:58:57 +0100 Subject: [PATCH 216/430] Don't use %llx in printf We still do MinGW builds on our CI whose printf doesn't support it! Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 1a638b595..d3173f3d4 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -54,7 +54,10 @@ void null_pointer_call(const char *name) (void) name; unsigned (*p)(void); mbedtls_platform_zeroize(&p, sizeof(p)); - mbedtls_printf("%llx() -> %u\n", (unsigned long long) (uintptr_t) p, p()); + /* The pointer representation may be truncated, but we don't care: + * the only point of printing it is to have some use of the pointer + * to dissuade the compiler from optimizing it away. */ + mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p()); } From 102aea2ba834e584fc73ae308868187b9c102a39 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 18:05:38 +0100 Subject: [PATCH 217/430] Add metatests for mutex usage Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 100 ++++++++++++++++++++++++++++++++++++++- tests/scripts/all.sh | 2 +- 2 files changed, 100 insertions(+), 2 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index d3173f3d4..7e173ee27 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -13,10 +13,15 @@ #include #include #include "test/helpers.h" +#include "test/macros.h" #include #include +#if defined(MBEDTLS_THREADING_C) +#include +#endif + /* This is an external variable, so the compiler doesn't know that we're never * changing its value. @@ -62,7 +67,7 @@ void null_pointer_call(const char *name) /****************************************************************/ -/* Sanitizers */ +/* Memory */ /****************************************************************/ void read_after_free(const char *name) @@ -104,6 +109,84 @@ void memory_leak(const char *name) } +/****************************************************************/ +/* Threading */ +/****************************************************************/ + +void mutex_lock_not_initialized(const char *name) +{ + (void) name; + /* Mutex usage verification is only done with pthread, not with other + * threading implementations. See tests/src/threading_helpers.c. */ +#if defined(MBEDTLS_THREADING_PTHREAD) + mbedtls_threading_mutex_t mutex; + memset(&mutex, 0, sizeof(mutex)); + TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); +exit: + ; +#endif +} + +void mutex_unlock_not_initialized(const char *name) +{ + (void) name; + /* Mutex usage verification is only done with pthread, not with other + * threading implementations. See tests/src/threading_helpers.c. */ +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t mutex; + memset(&mutex, 0, sizeof(mutex)); + TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); +exit: + ; +#endif +} + +void mutex_free_not_initialized(const char *name) +{ + (void) name; + /* Mutex usage verification is only done with pthread, not with other + * threading implementations. See tests/src/threading_helpers.c. */ +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t mutex; + memset(&mutex, 0, sizeof(mutex)); + mbedtls_mutex_free(&mutex); +#endif +} + +void mutex_double_init(const char *name) +{ + (void) name; +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t mutex; + mbedtls_mutex_init(&mutex); + mbedtls_mutex_init(&mutex); + mbedtls_mutex_free(&mutex); +#endif +} + +void mutex_double_free(const char *name) +{ + (void) name; +#if defined(MBEDTLS_THREADING_C) + mbedtls_threading_mutex_t mutex; + mbedtls_mutex_init(&mutex); + mbedtls_mutex_free(&mutex); + mbedtls_mutex_free(&mutex); +#endif +} + +void mutex_leak(const char *name) +{ + (void) name; + /* Mutex usage verification is only done with pthread, not with other + * threading implementations. See tests/src/threading_helpers.c. */ +#if defined(MBEDTLS_THREADING_PTHREAD) + mbedtls_threading_mutex_t mutex; + mbedtls_mutex_init(&mutex); +#endif +} + + /****************************************************************/ /* Command line entry point */ /****************************************************************/ @@ -122,6 +205,14 @@ metatest_t metatests[] = { { "double_free", "asan", double_free }, { "read_uninitialized_stack", "msan", read_uninitialized_stack }, { "memory_leak", "asan", memory_leak }, + /* Mutex usage verification is only done with pthread, not with other + * threading implementations. See tests/src/threading_helpers.c. */ + { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized }, + { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized }, + { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized }, + { "mutex_double_init", "pthread", mutex_double_init }, + { "mutex_double_free", "pthread", mutex_double_free }, + { "mutex_leak", "pthread", mutex_leak }, { NULL, NULL, NULL } }; @@ -157,10 +248,17 @@ int main(int argc, char *argv[]) mbedtls_exit(MBEDTLS_EXIT_SUCCESS); } +#if defined(MBEDTLS_TEST_MUTEX_USAGE) + mbedtls_test_mutex_usage_init(); +#endif + for (const metatest_t *p = metatests; p->name != NULL; p++) { if (strcmp(argv[1], p->name) == 0) { mbedtls_printf("Running metatest %s...\n", argv[1]); p->entry_point(argv[1]); +#if defined(MBEDTLS_TEST_MUTEX_USAGE) + mbedtls_test_mutex_usage_check(); +#endif mbedtls_printf("Running metatest %s... done, result=%d\n", argv[1], (int) mbedtls_test_info.result); mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ? diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5f5d2fd23..04626c39f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1925,7 +1925,7 @@ component_test_full_cmake_clang () { programs/test/cpp_dummy_build msg "test: metatests (clang)" - tests/scripts/run-metatests.sh any + tests/scripts/run-metatests.sh any pthread msg "program demos (full config, clang)" # ~10s tests/scripts/run_demos.py From 4bc873f0a189ed906a77ee839869419ca1815e84 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 18:57:06 +0100 Subject: [PATCH 218/430] Add missing program to .gitignore Signed-off-by: Gilles Peskine --- programs/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/.gitignore b/programs/.gitignore index 2826a18a4..e0c49873e 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -38,6 +38,7 @@ psa/crypto_examples psa/hmac_demo psa/key_ladder_demo psa/psa_constant_names +psa/psa_hash random/gen_entropy random/gen_random_ctr_drbg ssl/dtls_client From a1023e2bd665233cc9562817f9f6222570d10c4c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Nov 2023 19:16:56 +0100 Subject: [PATCH 219/430] programs/test/metatest indirectly includes library/common.h Signed-off-by: Gilles Peskine --- programs/Makefile | 2 +- programs/test/CMakeLists.txt | 1 + scripts/generate_visualc_files.pl | 5 ++++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 7b538da4b..a3fa81679 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -416,7 +416,7 @@ endif test/metatest$(EXEXT): test/metatest.c $(DEP) echo " CC test/metatest.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I ../library test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ test/query_config.o: test/query_config.c test/query_config.h $(DEP) echo " CC test/query_config.c" diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 8469d064d..077873112 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -73,6 +73,7 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) add_executable(${exe} ${exe}.c $ ${extra_sources}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library) if(exe STREQUAL "query_compile_time_config") target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}) endif() diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 7f5609820..96ade2fa7 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -144,6 +144,7 @@ sub gen_app { my $guid = gen_app_guid( $path ); $path =~ s!/!\\!g; (my $appname = $path) =~ s/.*\\//; + my $is_test_app = ($path =~ m/^test\\/); my $srcs = ""; if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or @@ -158,7 +159,9 @@ sub gen_app { $content =~ s//$srcs/g; $content =~ s//$appname/g; $content =~ s//$guid/g; - $content =~ s/INCLUDE_DIRECTORIES\n/$include_directories/g; + $content =~ s/INCLUDE_DIRECTORIES\n/($is_test_app ? + $library_include_directories : + $include_directories)/ge; content_to_file( $content, "$dir/$appname.$ext" ); } From 1f00926142d383f877d961bb8d2fbfad28a8c856 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 7 Nov 2023 09:55:11 +0800 Subject: [PATCH 220/430] Change base config to full Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 086677a60..73206a811 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3631,9 +3631,6 @@ common_psa_crypto_config_accel_cipher_aead() { # Start from the full config helper_libtestdriver1_adjust_config "full" - # For time being, we don't support SSL module. - scripts/config.py unset MBEDTLS_SSL_TLS_C - scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_NIST_KW_C } From 44670c6edaafd4bc99bb21d054c3d3c4a540710c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 7 Nov 2023 09:58:53 +0800 Subject: [PATCH 221/430] Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption" This reverts commit dadeb20383956f6b8654fce1501ab2d572f09058. Signed-off-by: Pengyu Lv --- library/ssl_tls13_server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 49324d83c..5d86660fd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1026,8 +1026,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - return !ssl->handshake->resume && - mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && + return mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl) && ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); #else ((void) ssl); From 4ebf86e7802523acec351b8e394f3cd136cb64a1 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 7 Nov 2023 10:14:32 +0800 Subject: [PATCH 222/430] tls13-misc: Do not check kex mode for some cases Ephemeral is preferred over pure PSK, the change is to make CI happy. Signed-off-by: Pengyu Lv --- tests/opt-testcases/tls13-misc.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index cd01355cb..f1616f6d3 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -351,8 +351,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" \ - -s "key exchange mode: psk$" + -s "found matched identity" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -380,8 +379,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" \ - -s "key exchange mode: psk$" + -s "found matched identity" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -469,8 +467,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ 0 \ -c "Pre-configured PSK number = 1" \ -S "No suitable key exchange mode" \ - -s "found matched identity" \ - -s "key exchange mode: psk$" + -s "found matched identity" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ From d5ed36ff242f3f03ce52c8d6d312d1eb740e85f4 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 7 Nov 2023 11:40:43 +0800 Subject: [PATCH 223/430] early data: rename configuration function Rename mbedtls_ssl_tls13_conf_early_data as mbedtls_ssl_conf_early_data since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang --- include/mbedtls/ssl.h | 4 ++-- library/ssl_tls.c | 6 +++--- programs/ssl/ssl_client2.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c9110dead..88bba8c58 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2000,8 +2000,8 @@ void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); * \warning This interface is experimental and may change without notice. * */ -void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf, - int early_data_enabled); +void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, + int early_data_enabled); #if defined(MBEDTLS_SSL_SRV_C) /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a2c382286..2a2bd8f57 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1770,8 +1770,8 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf, } #if defined(MBEDTLS_SSL_EARLY_DATA) -void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf, - int early_data_enabled) +void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, + int early_data_enabled) { conf->early_data_enabled = early_data_enabled; } @@ -5247,7 +5247,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_tls13_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); + mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); #if defined(MBEDTLS_SSL_SRV_C) mbedtls_ssl_tls13_conf_max_early_data_size( conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index aa3bc40ec..f6a6bb6d9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1971,7 +1971,7 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_tls13_conf_early_data(&conf, opt.early_data); + mbedtls_ssl_conf_early_data(&conf, opt.early_data); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1bab9157b..e80996cc3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2776,7 +2776,7 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - mbedtls_ssl_tls13_conf_early_data(&conf, tls13_early_data_enabled); + mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled); if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { mbedtls_ssl_tls13_conf_max_early_data_size( &conf, opt.max_early_data_size); From 0751761b495753f3d0148c9a09dc7e8110a645f8 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 7 Nov 2023 11:47:36 +0800 Subject: [PATCH 224/430] max_early_data_size: rename configuration function Rename mbedtls_ssl_tls13_conf_max_early_data_size as mbedtls_ssl_conf_max_early_data_size since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang --- include/mbedtls/mbedtls_config.h | 2 +- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 5 ++--- programs/ssl/ssl_server2.c | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 6a940d44a..39884dc4b 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -4080,7 +4080,7 @@ * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE * * The default maximum amount of 0-RTT data. See the documentation of - * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information. + * \c mbedtls_ssl_conf_max_early_data_size() for more information. * * It must be positive and smaller than UINT32_MAX. * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 88bba8c58..ddb200bfe 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2027,7 +2027,7 @@ void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, * \warning This interface is experimental and may change without notice. * */ -void mbedtls_ssl_tls13_conf_max_early_data_size( +void mbedtls_ssl_conf_max_early_data_size( mbedtls_ssl_config *conf, uint32_t max_early_data_size); #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a2bd8f57..4751d3418 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1777,7 +1777,7 @@ void mbedtls_ssl_conf_early_data(mbedtls_ssl_config *conf, } #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_tls13_conf_max_early_data_size( +void mbedtls_ssl_conf_max_early_data_size( mbedtls_ssl_config *conf, uint32_t max_early_data_size) { conf->max_early_data_size = max_early_data_size; @@ -5249,8 +5249,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(conf, MBEDTLS_SSL_EARLY_DATA_DISABLED); #if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ssl_tls13_conf_max_early_data_size( - conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); + mbedtls_ssl_conf_max_early_data_size(conf, MBEDTLS_SSL_MAX_EARLY_DATA_SIZE); #endif #endif /* MBEDTLS_SSL_EARLY_DATA */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e80996cc3..c44aec00a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2778,7 +2778,7 @@ usage: #if defined(MBEDTLS_SSL_EARLY_DATA) mbedtls_ssl_conf_early_data(&conf, tls13_early_data_enabled); if (tls13_early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { - mbedtls_ssl_tls13_conf_max_early_data_size( + mbedtls_ssl_conf_max_early_data_size( &conf, opt.max_early_data_size); } #endif /* MBEDTLS_SSL_EARLY_DATA */ From 2bea94ce2e61620d101b96527f91f82ec2e4b27e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Nov 2023 14:18:17 +0800 Subject: [PATCH 225/430] check the ticket version unconditional Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 2288a1ae2..61559462b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -159,12 +159,10 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( /* We delete the temporary buffer */ mbedtls_free(ticket_buffer); -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid.")); ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } -#endif if (ret != 0) { goto exit; From 7ef9fd8989f5ced6185a9922a77e4cdc4627302d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Nov 2023 14:30:38 +0800 Subject: [PATCH 226/430] fix various issues - Debug message - Improve comments Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 18 ++++++++++-------- tests/opt-testcases/tls13-misc.sh | 1 - 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 61559462b..ee6e89c59 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -160,7 +160,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( mbedtls_free(ticket_buffer); if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket version invalid.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3.")); + /* TODO: Define new return value for this case. */ ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } @@ -1781,7 +1782,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) via a NewSessionTicket message thus in the case of a session resumption. */ MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, not resumption session.")); + 1, ("EarlyData: rejected, not a session resumption.")); return; } @@ -1796,26 +1797,27 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) * - The selected ALPN [RFC7301] protocol, if any * * NOTE: - * - ALPN hasn't been checked. - * - TLS version is checked in - * ssl_tls13_offered_psks_check_identity_match_ticket() + * - The TLS version number is checked in + * ssl_tls13_offered_psks_check_identity_match_ticket(). + * - ALPN is not checked for the time being (TODO). */ if (handshake->selected_identity != 0) { MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, first psk key is not offered.")); + 1, ("EarlyData: rejected, the selected key in " + "`pre_shared_key` is not the first one.")); return; } if (handshake->ciphersuite_info->id != ssl->session_negotiate->ciphersuite) { MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: rejected, selected ciphersuite mismatch.")); + 1, ("EarlyData: rejected, the selected ciphersuite is not the one " + "of the selected pre-shared key.")); return; } - /* TODO: Add more checks here. */ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index ffa914e92..2c25354af 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -513,7 +513,6 @@ run_test "TLS 1.3 G->m: EarlyData: feature is disabled, fail." \ -s "Last error was: -29056 - SSL - Verification of the message MAC failed" requires_gnutls_next - requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ From 1ccd6108e81e35cf2522af7e9ce40c65ad4d0c47 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Nov 2023 14:57:12 +0800 Subject: [PATCH 227/430] Revert "fix miss sent extensions mask" This reverts commit 06b364fdfd9a1816abaef3de336a4c701e760b3a. It has been set in write_binders Signed-off-by: Jerry Yu --- library/ssl_tls13_client.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 90f54f94b..c6fa3b390 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1022,8 +1022,6 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( MBEDTLS_SSL_DEBUG_BUF(3, "pre_shared_key identities", buf, p - buf); - mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_PRE_SHARED_KEY); - return 0; } From 7cca7f68207036bcb095abff2bf53473bfab5d80 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 7 Nov 2023 15:00:32 +0800 Subject: [PATCH 228/430] move ext print to the end of write client hello pre_shared_key extension is done at the end. The information should be print after that Signed-off-by: Jerry Yu --- library/ssl_client.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 1a56f1ebe..656a6eb0b 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -705,11 +705,6 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, p_extensions_len, extensions_len); } -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - MBEDTLS_SSL_PRINT_EXTS( - 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions); -#endif - *out_len = p - buf; return 0; } @@ -1021,6 +1016,11 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) #endif } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + MBEDTLS_SSL_PRINT_EXTS( + 3, MBEDTLS_SSL_HS_CLIENT_HELLO, ssl->handshake->sent_extensions); +#endif + cleanup: MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello")); From 4995e0c31b70502119eda086f00878102efdffc8 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 7 Nov 2023 17:50:52 +0800 Subject: [PATCH 229/430] cipher.c: return error for ECB-decrypt under BLOCK_CIPHER_NO_DECRYPT - fix remaining dependency in test_suite_psa_crypto.data Signed-off-by: Yanray Wang --- library/cipher.c | 4 ++++ tests/suites/test_suite_psa_crypto.data | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index de55efa78..909324aae 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -329,6 +329,10 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } + if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) && + MBEDTLS_DECRYPT == operation) { + return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + } #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5220b273e..76dc3a836 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2267,7 +2267,7 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_encrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT PSA symmetric encrypt: AES-ECB, 0 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"" PSA symmetric encrypt: AES-ECB, 16 bytes, good @@ -2411,7 +2411,7 @@ depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES cipher_decrypt_fail:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-ECB, input too short (15 bytes) -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) @@ -2423,7 +2423,7 @@ depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-ECB, 0 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"" PSA symmetric decrypt: AES-ECB, 16 bytes, good @@ -2487,7 +2487,7 @@ depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20 cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"000000000000004a00000000":"fb6d7b60e9e67669b607a9b94a606bdca678d44f0ebf24cbd623efd69cc2bdc0f615ac19d0366a8d00e3d6728f5ee01d61d74ab77edc17a7621f2268eea12e656e2e359a2568f98041ba0728dd0d6981e97e7aec1d4360c20a27afccfd9fae0bf91b65c5524733ab8f593dabcd62b3571639d624e65152ab8f530c359f0861d807ca0dbf500d6a6156a38e088a22b65e52bc514d16ccf806818ce91ab77937365af90bbf74a35be6b40b8eedf2785e42874d":"546865205246432037353339207465737420766563746f72207573657320636f756e7465723d312c2062757420505341207573657320636f756e7465723d302e4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e" PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, 16 bytes, good @@ -2519,7 +2519,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS PSA symmetric decrypt multipart: AES-ECB, input too short (15 bytes) -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":0:0:0:"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt multipart: AES-CBC-nopad, input too short (5 bytes) From 7604915ccecd53cf34cf8238e9d30e31d2b81ae6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 7 Nov 2023 12:33:17 +0000 Subject: [PATCH 230/430] Update Changelog with bugfix entry Signed-off-by: Dave Rodgman --- ChangeLog | 4 ++++ ChangeLog.d/fix-3rdparty-target-prefix.txt | 3 --- 2 files changed, 4 insertions(+), 3 deletions(-) delete mode 100644 ChangeLog.d/fix-3rdparty-target-prefix.txt diff --git a/ChangeLog b/ChangeLog index 3e3dc1086..28c45f718 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ Changes * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later license. Users may choose which license they take the code under. +Bugfix + * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules + in CMake. + = Mbed TLS 3.5.0 branch released 2023-10-05 API changes diff --git a/ChangeLog.d/fix-3rdparty-target-prefix.txt b/ChangeLog.d/fix-3rdparty-target-prefix.txt deleted file mode 100644 index db8ed07ee..000000000 --- a/ChangeLog.d/fix-3rdparty-target-prefix.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules - in CMake. From e92f6dcf5cce6b33c57de75e2b77cba54853e081 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Tue, 7 Nov 2023 15:16:35 +0100 Subject: [PATCH 231/430] New test cases requested in https://github.com/Mbed-TLS/mbedtls/pull/8378#discussion_r1383779861 Signed-off-by: Matthias Schulz --- tests/suites/test_suite_x509parse.data | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 9817536d7..261c220ee 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2940,15 +2940,23 @@ X509 CSR ASN.1 (OK) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n":0 -X509 CSR ASN.1 (Unsupported critical extension) +X509 CSR ASN.1 (Unsupported critical extension, critical=true) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_parse:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -X509 CSR ASN.1 (Unsupported critical extension accepted by callback) +X509 CSR ASN.1 (Unsupported non-critical extension, critical=false) +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +mbedtls_x509_csr_parse:"308201243081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004b5e718a7df6b21912733e77c42f266b8283e6cae7adf8afd56b990c1c6232ea0a2a46097c218353bc948444aea3d00423e84802e28c48099641fe9977cdfb505a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101000403010101300a06082a8648ce3d0403020348003045022100f0ba9a0846ad0a7cefd0a61d5fc92194dc06037a44158de2d0c569912c058d430220421f27a9f249c1687e2fa34db3f543c8512fd925dfe5ae00867f13963ffd4f8d":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 + +X509 CSR ASN.1 (Unsupported non-critical extension, critical undefined) +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +mbedtls_x509_csr_parse:"308201223081c802010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d030107034200045f94b28d133418833bf10c442d91306459d3925e7cea06ebb9220932e7de116fb671c5d2d6c0a3784a12897217aef8432e7228fcea0ab016bdb67b67ced4c612a025302306092a864886f70d01090e311630143012060b2b0601040183890c8622020403010101300a06082a8648ce3d04030203490030460221009b1e8b25775c18525e96753e1ed55875f8d62f026c5b7f70eb5037ad27dc92de022100ba1dfe14de6af6a603f763563fd046b1cd3714b54d6daf5d8a72076497f11014":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0 + +X509 CSR ASN.1 (Unsupported critical extension accepted by callback, critical=true) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"CSR version \: 1\nsubject name \: CN=Self signed test, C=DE, O=AuthCrtDB Test\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n":0:1 -X509 CSR ASN.1 (Unsupported critical extension rejected by callback) +X509 CSR ASN.1 (Unsupported critical extension rejected by callback, critical=true) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_parse_with_ext_cb:"308201233081cb02010030413119301706035504030c1053656c66207369676e65642074657374310b300906035504061302444531173015060355040a0c0e41757468437274444220546573743059301306072a8648ce3d020106082a8648ce3d03010703420004c11ebb9951848a436ca2c8a73382f24bbb6c28a92e401d4889b0c361f377b92a8b0497ff2f5a5f6057ae85f704ab1850bef075914f68ed3aeb15a1ff1ebc0dc6a028302606092a864886f70d01090e311930173015060b2b0601040183890c8622020101ff0403010101300a06082a8648ce3d040302034700304402200c4108fd098525993d3fd5b113f0a1ead8750852baf55a2f8e670a22cabc0ba1022034db93a0fcb993912adcf2ea8cb4b66389af30e264d43c0daea03255e45d2ccc":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:0 From c55b50034343d733f77441172ddda3cf2a9a9a89 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Tue, 7 Nov 2023 16:47:37 +0100 Subject: [PATCH 232/430] Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb. Signed-off-by: Matthias Schulz --- include/mbedtls/x509_csr.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index f3ac57045..dc4f86de4 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -87,7 +87,9 @@ mbedtls_x509write_csr; /** * \brief Load a Certificate Signing Request (CSR) in DER format * - * \note CSR attributes (if any) are currently silently ignored. + * \note Any unsupported requested extensions are silently + * ignored, unless the critical flag is set, in which case + * the CSR is rejected. * * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto * subsystem must have been initialized by calling @@ -140,7 +142,10 @@ typedef int (*mbedtls_x509_csr_ext_cb_t)(void *p_ctx, /** * \brief Load a Certificate Signing Request (CSR) in DER format * - * \note CSR attributes (if any) are currently silently ignored. + * \note Any unsupported requested extensions are silently + * ignored, unless the critical flag is set, in which case + * the result of the callback function decides whether + * CSR is rejected. * * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto * subsystem must have been initialized by calling From 8636d471b3db1294518ab2ab5016914cb5fe59e8 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 10:07:01 +0800 Subject: [PATCH 233/430] config-tfm.h: License Change Signed-off-by: Yanray Wang --- configs/config-tfm.h | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index b8233e900..191e4c4f4 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -5,19 +5,7 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ /* TF-M medium profile: mbedtls legacy configuration */ From fe03a4071badbdcfea7a4428c03b2fd4f8f9852f Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 10:30:48 +0800 Subject: [PATCH 234/430] ssl_helper: fix missin initialization of cli_log_obj Signed-off-by: Pengyu Lv --- tests/src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 4527885fb..1390b7abf 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -73,7 +73,7 @@ void mbedtls_test_init_handshake_options( opts->renegotiate = 0; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; opts->srv_log_obj = NULL; - opts->srv_log_obj = NULL; + opts->cli_log_obj = NULL; opts->srv_log_fun = NULL; opts->cli_log_fun = NULL; opts->resize_buffers = 1; From 7b320fa7c916a1e4f0b13d5d0e47f2d1d2e10e47 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 10:33:30 +0800 Subject: [PATCH 235/430] ssl-opt.sh: fix typo Signed-off-by: Yanray Wang --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e8e2a165..200ce6d86 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1513,7 +1513,7 @@ do_run_test_once() { # $1 and $2 contain the server and client command lines, respectively. # # Note: this function only provides some guess about TLS version by simply -# looking at the server/client command lines. Even thought this works +# looking at the server/client command lines. Even though this works # for the sake of tests' filtering (especially in conjunction with the # detect_required_features() function), it does NOT guarantee that the # result is accurate. It does not check other conditions, such as: @@ -1626,7 +1626,7 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi - # Check if we are trying to use an external tool wich does not support ECDH + # Check if we are trying to use an external tool which does not support ECDH EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") # Guess the TLS version which is going to be used From e870cc8c8686d33a307ae7ae1e0d028dba2b0263 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 11:24:47 +0800 Subject: [PATCH 236/430] ssl: add macro for available key types Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 57f5f89f8..0e56ff016 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -249,6 +249,20 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). */ +/* Some internal helpers to determine which keys are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_SSL_HAVE_AES +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) +#define MBEDTLS_SSL_HAVE_CAMELLIA +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) +#define MBEDTLS_SSL_HAVE_ARIA +#endif + /* Some internal helpers to determine which keys are availble for CBC mode. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) From f1b86b088fb6b1be3e036bfd0942a7500738b528 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 11:26:44 +0800 Subject: [PATCH 237/430] ssl: add macro to indicate CBC mode is available Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0e56ff016..b2b9830df 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -263,6 +263,12 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #define MBEDTLS_SSL_HAVE_ARIA #endif +/* Some internal helpers to determine which operation modes are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) +#define MBEDTLS_SSL_HAVE_CBC +#endif + /* Some internal helpers to determine which keys are availble for CBC mode. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_ALG_CBC_NO_PADDING) From 829dd2048a564b0e34eaf096b243988b1c5898d1 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 12:01:26 +0800 Subject: [PATCH 238/430] ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c Mainly done by the commands, with some manual adjust. ``` sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c ``` Signed-off-by: Pengyu Lv --- library/ssl_ciphersuites.c | 296 ++++++++++++++++++------------------- 1 file changed, 148 insertions(+), 148 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index dc027e555..6224ef205 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -280,7 +280,7 @@ static const int ciphersuite_preference[] = static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA384) { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", @@ -309,7 +309,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, #endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ #if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, "TLS1-3-CHACHA20-POLY1305-SHA256", @@ -383,9 +383,9 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_MD_CAN_SHA1) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, @@ -394,15 +394,15 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, @@ -411,12 +411,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, @@ -442,10 +442,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_CCM */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", @@ -460,7 +460,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -478,7 +478,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -491,9 +491,9 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_MD_CAN_SHA1) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, @@ -502,16 +502,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM)) +#endif /* MBEDTLS_SSL_HAVE_CBC */ +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, @@ -519,23 +519,23 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM)) +#endif /* MBEDTLS_SSL_HAVE_CBC */ +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", @@ -550,7 +550,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -568,7 +568,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -581,14 +581,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_MD_CAN_SHA384) && \ defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ +#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -598,7 +598,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, @@ -608,10 +608,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA1) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -623,7 +623,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -642,10 +642,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_CCM */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -669,7 +669,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -685,19 +685,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_MD_CAN_SHA384) && \ defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ +#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -707,7 +707,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -717,11 +717,11 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA1) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -731,7 +731,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ #if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", @@ -751,10 +751,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_CCM */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, @@ -778,7 +778,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -795,14 +795,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_MD_CAN_SHA1) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, @@ -811,15 +811,15 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, @@ -828,12 +828,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, @@ -841,10 +841,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", @@ -859,7 +859,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -877,7 +877,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -890,9 +890,9 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_MD_CAN_SHA1) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, @@ -901,15 +901,15 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, @@ -918,12 +918,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, @@ -931,10 +931,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", @@ -949,7 +949,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -967,7 +967,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_MD_CAN_SHA1) @@ -980,7 +980,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", @@ -997,7 +997,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1023,7 +1023,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1042,10 +1042,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_CCM */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1059,7 +1059,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1076,12 +1076,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", @@ -1098,7 +1098,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1124,7 +1124,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1143,10 +1143,10 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_CCM */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1160,7 +1160,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1177,14 +1177,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, @@ -1210,11 +1210,11 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", @@ -1230,13 +1230,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", @@ -1253,7 +1253,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1279,11 +1279,11 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_AES */ -#if defined(MBEDTLS_CAMELLIA_C) -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) +#if defined(MBEDTLS_SSL_HAVE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1297,7 +1297,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_MODE_CBC */ +#endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1314,19 +1314,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_CAMELLIA_C */ +#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -#if defined(MBEDTLS_AES_C) +#if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_CCM */ -#endif /* MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_HAVE_AES */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -1446,18 +1446,18 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#if defined(MBEDTLS_ARIA_C) +#if defined(MBEDTLS_SSL_HAVE_ARIA) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-RSA-WITH-ARIA-256-CBC-SHA384", @@ -1465,14 +1465,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, "TLS-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, "TLS-RSA-WITH-ARIA-128-CBC-SHA256", @@ -1485,14 +1485,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", @@ -1500,14 +1500,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", @@ -1520,14 +1520,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, "TLS-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-PSK-WITH-ARIA-256-CBC-SHA384", @@ -1535,14 +1535,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, "TLS-PSK-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, "TLS-PSK-WITH-ARIA-128-CBC-SHA256", @@ -1555,14 +1555,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", @@ -1570,14 +1570,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", @@ -1590,14 +1590,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", @@ -1605,14 +1605,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", @@ -1625,7 +1625,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", @@ -1633,7 +1633,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", @@ -1646,14 +1646,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", @@ -1661,14 +1661,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", @@ -1681,14 +1681,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", @@ -1696,14 +1696,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", @@ -1716,14 +1716,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", @@ -1731,14 +1731,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", @@ -1751,14 +1751,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA384)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", @@ -1766,14 +1766,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_MD_CAN_SHA256)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && \ +#if (defined(MBEDTLS_SSL_HAVE_CBC) && \ defined(MBEDTLS_MD_CAN_SHA256)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", @@ -1784,7 +1784,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#endif /* MBEDTLS_ARIA_C */ +#endif /* MBEDTLS_SSL_HAVE_ARIA */ { 0, "", From 65458fa96911ed0076a08a98e4e2b313ae6e22c2 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 12:16:29 +0800 Subject: [PATCH 239/430] ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h Done by commands: ``` sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h ``` Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b2b9830df..b3616b07a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -299,10 +299,10 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This macro determines whether CBC is supported. */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) && \ - (defined(MBEDTLS_AES_C) || \ - defined(MBEDTLS_CAMELLIA_C) || \ - defined(MBEDTLS_ARIA_C) || \ +#if defined(MBEDTLS_SSL_HAVE_CBC) && \ + (defined(MBEDTLS_SSL_HAVE_AES) || \ + defined(MBEDTLS_SSL_HAVE_CAMELLIA) || \ + defined(MBEDTLS_SSL_HAVE_ARIA) || \ defined(MBEDTLS_DES_C)) #define MBEDTLS_SSL_SOME_SUITES_USE_CBC #endif @@ -346,7 +346,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #define MBEDTLS_SSL_MAC_ADD 16 #endif -#if defined(MBEDTLS_CIPHER_MODE_CBC) +#if defined(MBEDTLS_SSL_HAVE_CBC) #define MBEDTLS_SSL_PADDING_ADD 256 #else #define MBEDTLS_SSL_PADDING_ADD 0 From eb61868878ab6bcf11c3dee29c6f8f3a894472f7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 13:41:32 +0800 Subject: [PATCH 240/430] tls1.3: early data: add ChangeLog entry Signed-off-by: Yanray Wang --- ChangeLog.d/rename-conf-early-data-API.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/rename-conf-early-data-API.txt diff --git a/ChangeLog.d/rename-conf-early-data-API.txt b/ChangeLog.d/rename-conf-early-data-API.txt new file mode 100644 index 000000000..5560a4dc3 --- /dev/null +++ b/ChangeLog.d/rename-conf-early-data-API.txt @@ -0,0 +1,5 @@ +API changes + * In TLS 1.3 early data, rename mbedtls_ssl_tls13_conf_early_data() and + mbedtls_ssl_tls13_conf_max_early_data_size() to + mbedtls_ssl_conf_early_data() and mbedtls_ssl_conf_max_early_data_size() + respectively. From ba6825e37bbd781db789940fdff5d681d5887d81 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 12:16:29 +0800 Subject: [PATCH 241/430] ssl: use MBEDTLS_SSL_HAVE_* in tests Done by commands: ``` sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl* sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl* sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl* ``` Signed-off-by: Pengyu Lv --- tests/include/test/ssl_helpers.h | 18 +- tests/src/test_helpers/ssl_helpers.c | 6 +- tests/suites/test_suite_ssl.data | 346 +++++++++---------- tests/suites/test_suite_ssl.function | 2 +- tests/suites/test_suite_ssl_decrypt.function | 2 +- 5 files changed, 187 insertions(+), 187 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index abdef9032..d03c62414 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -38,21 +38,21 @@ #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_SSL_HAVE_AES) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 #endif #if defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_GCM_SHA256 #endif -#endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256) +#endif /* MBEDTLS_SSL_HAVE_GCM */ +#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_SHA256 #define MBEDTLS_TEST_HAS_TLS1_3_AES_128_CCM_8_SHA256 #endif -#endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256) +#endif /* MBEDTLS_SSL_HAVE_AES */ +#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_TEST_HAS_TLS1_3_CHACHA20_POLY1305_SHA256 #endif @@ -485,7 +485,7 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) + defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, const unsigned char *iv, size_t iv_len, @@ -493,8 +493,8 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, size_t ilen, unsigned char *output, size_t *olen); -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && - MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && + MBEDTLS_SSL_HAVE_AES */ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_ssl_transform *t_out, diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 1390b7abf..be2aedec3 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1045,7 +1045,7 @@ static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl, MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_AES_C) + defined(MBEDTLS_SSL_HAVE_CBC) && defined(MBEDTLS_SSL_HAVE_AES) int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, const unsigned char *iv, size_t iv_len, @@ -1093,8 +1093,8 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, iv, iv_len, input, ilen, output, olen); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_CIPHER_MODE_CBC && - MBEDTLS_AES_C */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_HAVE_CBC && + MBEDTLS_SSL_HAVE_AES */ static void mbedtls_test_ssl_cipher_info_from_type(mbedtls_cipher_type_t cipher_type, mbedtls_cipher_mode_t *cipher_mode, diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 029dac821..fa8a73e5b 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -365,11 +365,11 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 Handshake, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 @@ -377,7 +377,7 @@ depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 @@ -393,11 +393,11 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RS handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 DTLS Handshake, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 @@ -405,7 +405,7 @@ depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 @@ -473,71 +473,71 @@ depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_ handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque @@ -710,99 +710,99 @@ DTLS legacy break handshake renegotiation with MFL=4096 resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM -depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 @@ -1538,243 +1538,243 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_ ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-GCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-GCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, AES-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-192-GCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-192-GCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, AES-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-GCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-GCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, AES-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-GCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-192-GCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-GCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, AES-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-192-CCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-192-CCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, AES-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-192-CCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, AES-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-192-CCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-192-CCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, NULL cipher, 1.2, SHA-384 @@ -1810,27 +1810,27 @@ depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ChachaPoly -depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ChachaPoly, 1.3 -depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_3 ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, ChachaPoly -depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ChachaPoly, 1.3 -depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_3 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, ChachaPoly, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ChachaPoly, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384 @@ -2410,243 +2410,243 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_ ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-GCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-GCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, AES-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-192-GCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-192-GCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, AES-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-GCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-GCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, AES-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-GCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-192-GCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-192-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-GCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-GCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_GCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, AES-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-192-CCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-192-CCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, AES-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-192-CCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CCM, 1.2 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CCM, 1.3 -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_3:0:0 Record crypt, little space, AES-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CCM, 1.2, short tag -depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-192-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-192-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_192_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CCM, 1.2, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CCM, 1.2, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HAVE_CCM ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, NULL cipher, 1.2, SHA-384 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9ebc56c34..a19e08ac9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2583,7 +2583,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_AES_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SSL_HAVE_AES:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function index ad94a5839..35f0adb53 100644 --- a/tests/suites/test_suite_ssl_decrypt.function +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -120,7 +120,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_PROTO_TLS1_2 */ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, int length_selector) { From 2bd56de3f48c4f9d5e9fed9f339beff3a784d7be Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 8 Nov 2023 14:21:19 +0800 Subject: [PATCH 242/430] ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros MBEDTLS_SSL_HAVE__CBC equals MBEDTLS_SSL_HAVE_ and MBEDTLS_SSL_HAVE_CBC. Signed-off-by: Pengyu Lv --- library/ssl_misc.h | 27 - tests/suites/test_suite_ssl.data | 648 +++++++++--------- tests/suites/test_suite_ssl_decrypt.misc.data | 192 +++--- 3 files changed, 420 insertions(+), 447 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index b3616b07a..7458330cb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -269,33 +269,6 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #define MBEDTLS_SSL_HAVE_CBC #endif -/* Some internal helpers to determine which keys are availble for CBC mode. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if defined(PSA_WANT_KEY_TYPE_AES) -#define MBEDTLS_SSL_HAVE_AES_CBC -#endif -#if defined(PSA_WANT_KEY_TYPE_ARIA) -#define MBEDTLS_SSL_HAVE_ARIA_CBC -#endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#define MBEDTLS_SSL_HAVE_CAMELLIA_CBC -#endif -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) -#if defined(MEDTLS_AES_C) -#define MBEDTLS_SSL_HAVE_AES_CBC -#endif -#if defined(MEDTLS_ARIA_C) -#define MBEDTLS_SSL_HAVE_ARIA_CBC -#endif -#if defined(MEDTLS_CAMELLIA_C) -#define MBEDTLS_SSL_HAVE_CAMELLIA_CBC -#endif -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* MBEDTLS_USE_PSA_CRYPTO*/ - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This macro determines whether CBC is supported. */ diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index fa8a73e5b..de998e3ff 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -373,7 +373,7 @@ depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_H handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:0 Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM @@ -381,11 +381,11 @@ depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:M handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_2 @@ -401,7 +401,7 @@ depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_RSA_C:MBEDTLS_ECP_H handshake_cipher:"TLS-RSA-WITH-AES-128-CCM":MBEDTLS_PK_RSA:1 DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM @@ -409,11 +409,11 @@ depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:M handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_MD_CAN_SHA1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1 DTLS Handshake with serialization, tls1_2 @@ -437,39 +437,39 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque @@ -541,39 +541,39 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDT handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation @@ -806,51 +806,51 @@ depends_on:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_SSL_HAVE_AES:MBEDTLS_KEY_EXCHANGE_RSA_EN resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM" DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" SSL DTLS replay: initial state, seqnum 0 @@ -962,579 +962,579 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 Record crypt, AES-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-GCM, 1.2 @@ -1834,579 +1834,579 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SS ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA1:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-GCM, 1.2 diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data index d86fad2d6..27ea27a17 100644 --- a/tests/suites/test_suite_ssl_decrypt.misc.data +++ b/tests/suites/test_suite_ssl_decrypt.misc.data @@ -15,385 +15,385 @@ depends_on:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_null:MBEDTLS_MD_SHA384 Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_AES_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_MD5 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA1 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 From f95b6787292fc81bfd0ff49ad91b5450cb929314 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 8 Nov 2023 10:08:09 +0100 Subject: [PATCH 243/430] Remove unused *.cocci files Signed-off-by: Ronald Cron --- scripts/find-mem-leak.cocci | 20 -------------------- scripts/rm-calloc-cast.cocci | 7 ------- 2 files changed, 27 deletions(-) delete mode 100644 scripts/find-mem-leak.cocci delete mode 100644 scripts/rm-calloc-cast.cocci diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci deleted file mode 100644 index 8179e2b3e..000000000 --- a/scripts/find-mem-leak.cocci +++ /dev/null @@ -1,20 +0,0 @@ -@@ -expression x, y; -statement S; -@@ - x = mbedtls_calloc(...); - y = mbedtls_calloc(...); - ... -* if (x == NULL || y == NULL) - S - -@@ -expression x, y; -statement S; -@@ - if ( -* (x = mbedtls_calloc(...)) == NULL - || -* (y = mbedtls_calloc(...)) == NULL - ) - S diff --git a/scripts/rm-calloc-cast.cocci b/scripts/rm-calloc-cast.cocci deleted file mode 100644 index 89481c01a..000000000 --- a/scripts/rm-calloc-cast.cocci +++ /dev/null @@ -1,7 +0,0 @@ -@rm_calloc_cast@ -expression x, n, m; -type T; -@@ - x = -- (T *) - mbedtls_calloc(n, m) From 65f7653bddfbdc13850175f308d83430d08618e7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 18:39:53 +0800 Subject: [PATCH 244/430] tls1.3: early data: rephrase ChangeLog Signed-off-by: Yanray Wang --- ChangeLog.d/rename-conf-early-data-API.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/rename-conf-early-data-API.txt b/ChangeLog.d/rename-conf-early-data-API.txt index 5560a4dc3..e63b95843 100644 --- a/ChangeLog.d/rename-conf-early-data-API.txt +++ b/ChangeLog.d/rename-conf-early-data-API.txt @@ -1,5 +1,4 @@ API changes - * In TLS 1.3 early data, rename mbedtls_ssl_tls13_conf_early_data() and - mbedtls_ssl_tls13_conf_max_early_data_size() to - mbedtls_ssl_conf_early_data() and mbedtls_ssl_conf_max_early_data_size() - respectively. + * Remove `tls13_` prefix in the name of mbedtls_ssl_tls13_conf_early_data() + and mbedtls_ssl_tls13_conf_max_early_data_size(). Early data feature may + not be TLS 1.3 specific in the furture, as requested in #6909. From 004a60c08779170a081847ba29141a1b155a15e9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 19:05:29 +0800 Subject: [PATCH 245/430] aes.c: remove non-functional code Signed-off-by: Yanray Wang --- library/aes.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/aes.c b/library/aes.c index 29a193e70..fa73a6362 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1070,7 +1070,6 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; #endif } - return mbedtls_internal_aes_encrypt(ctx, input, output); #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } From d137da5a93bf3e6d68fd94910e3a00a440efd8af Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 8 Nov 2023 19:12:23 +0800 Subject: [PATCH 246/430] check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer Signed-off-by: Yanray Wang --- include/mbedtls/check_config.h | 41 +++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 0abe8ae66..d76f4f717 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -183,23 +183,34 @@ #error "MBEDTLS_NIST_KW_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ - (defined(MBEDTLS_CIPHER_MODE_CBC) || \ - defined(MBEDTLS_CIPHER_MODE_XTS) || \ - defined(MBEDTLS_DES_C) || \ - defined(MBEDTLS_NIST_KW_C)) -#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC/MBEDTLS_CIPHER_MODE_XTS/MBEDTLS_DES_C/MBEDTLS_NIST_KW_C \ -cannot be defined simultaneously" +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_NO_PADDING cannot be defined simultaneously" +#endif +#if defined(PSA_WANT_ALG_CBC_PKCS7) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_CBC_PKCS7 cannot be defined simultaneously" +#endif +#if defined(PSA_WANT_ALG_ECB_NO_PADDING) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_ALG_ECB_NO_PADDING cannot be defined simultaneously" +#endif +#if defined(PSA_WANT_KEY_TYPE_DES) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously" +#endif #endif -#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) && \ - defined(MBEDTLS_PSA_CRYPTO_CONFIG) && \ - (defined(PSA_WANT_ALG_CBC_NO_PADDING) || \ - defined(PSA_WANT_ALG_CBC_PKCS7) || \ - defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ - defined(PSA_WANT_KEY_TYPE_DES)) -#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, MBEDTLS_PSA_CRYPTO_CONFIG and \ -PSA_WANT_ALG_CBC_NO_PADDING/PSA_WANT_ALG_CBC_PKCS7/PSA_WANT_ALG_ECB_NO_PADDING/PSA_WANT_KEY_TYPE_DES cannot be defined simultaneously" +#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) +#if defined(MBEDTLS_CIPHER_MODE_CBC) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_CBC cannot be defined simultaneously" +#endif +#if defined(MBEDTLS_CIPHER_MODE_XTS) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_CIPHER_MODE_XTS cannot be defined simultaneously" +#endif +#if defined(MBEDTLS_DES_C) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_DES_C cannot be defined simultaneously" +#endif +#if defined(MBEDTLS_NIST_KW_C) +#error "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT and MBEDTLS_NIST_KW_C cannot be defined simultaneously" +#endif #endif #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) From 0d9a3618bd3436fc2425347f92a02b17ad0b3afd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 7 Nov 2023 11:14:48 +0100 Subject: [PATCH 247/430] Rm unneeded dep on PK_PARSE_C in psa crypto tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Most of them were removed in 7162, not sure how these ones slipped in. There's no reason deterministic ECDSA verification would need PK parse more than the other tests. The following finds no match: grep -i pk_parse library/ecdsa.c library/psa_crypto_ecp.c Even if PK parse was actually needed for this, the right way would be to auto-enable it based on PSA_WANT symbols, and then only depend on PSA_WANT symbols here. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f790a118d..552beb6ac 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4645,15 +4645,15 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_ verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA verify hash: deterministic ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA verify hash: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384 verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"dbf3b9a150a2ec12ec4b16ff7d37be2fe354a357cb267af4296ccfda3acca2d796989f63eb192e4c43a7ff0d0b7f493b1334dfb3c32375351debcdd532f41e13" PSA verify hash: deterministic ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384 verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"bed412df472eef873fb0839f91a6867d1c6824d4c5781d4b851faa43c7df904d99dbdd28c0d2fd3a4a006e89d34993a120aff166deb4974e96449a7ffe93c66726ad9443b14b87330c86bdde3faff5fd1cbfdc9afe46f8090376f9664cb116b4" PSA vrfy hash int: ECDSA SECP256R1, good @@ -4665,15 +4665,15 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_ verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash: det ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash: det ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_384 verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"dbf3b9a150a2ec12ec4b16ff7d37be2fe354a357cb267af4296ccfda3acca2d796989f63eb192e4c43a7ff0d0b7f493b1334dfb3c32375351debcdd532f41e13":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash: det ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384 verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"bed412df472eef873fb0839f91a6867d1c6824d4c5781d4b851faa43c7df904d99dbdd28c0d2fd3a4a006e89d34993a120aff166deb4974e96449a7ffe93c66726ad9443b14b87330c86bdde3faff5fd1cbfdc9afe46f8090376f9664cb116b4":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) From 59a8b41ca3f1a9976918634e7b570dca7cbefeba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 7 Nov 2023 11:44:52 +0100 Subject: [PATCH 248/430] Fix incorrect RSA dependencies in psa_crypto tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There's no reason the tests would depend specifically on our built-in implementation and not work with drivers, so replace the RSA_C dependency with the correct PSA_WANT dependencies. Those 6 cases use two different test functions, but both of those functions only do `psa_import()`, so all that's needed is PUBLIC_KEY or KEYPAIR_IMPORT (which implies KEYPAIR_BASIC) depending on the kind of key being tested. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 552beb6ac..79a38eba4 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -225,19 +225,19 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:P import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1 PSA import RSA public key: 1022-bit (not supported) -depends_on:MBEDTLS_RSA_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_with_data:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED PSA import RSA keypair: 1022-bit (not supported) -depends_on:MBEDTLS_RSA_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_with_data:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED PSA import RSA public key: 1023-bit (not supported) -depends_on:MBEDTLS_RSA_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_with_data:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED PSA import RSA keypair: 1023-bit (not supported) -depends_on:MBEDTLS_RSA_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_with_data:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED PSA import/export EC secp224r1 key pair: good @@ -765,11 +765,11 @@ PSA import large key: raw, 65536 bits (not supported) import_large_key:PSA_KEY_TYPE_RAW_DATA:8192:PSA_ERROR_NOT_SUPPORTED PSA import RSA key pair: maximum size exceeded -depends_on:MBEDTLS_RSA_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED PSA import RSA public key: maximum size exceeded -depends_on:MBEDTLS_RSA_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED PSA key policy: AES ECB From 433150e8f2961368a2fd9704d947897c91b4129b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 7 Nov 2023 12:03:46 +0100 Subject: [PATCH 249/430] Rm redundant ECC dependencies in psa_crypto tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since _DERIVE can't be accelerated now, in config_adjust_legacy_from_psa.h we will notice and auto-enable ECP_LIGHT as well as the built-in version of each curve that's supported in this build. So, we don't need to list those as dependencies here - and they would cause issues when we add support for _DERIVE drivers. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto.data | 26 ++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 79a38eba4..43ee44bff 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6630,7 +6630,7 @@ depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_H derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256 derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY PSA key derivation: HKDF-SHA-256 -> ECC curve25519, exercise ECDH @@ -6678,11 +6678,11 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:!MBEDTLS derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf" PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256 derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5c0" PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256 derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:"46a5850b60ba10b0fd8e0feb8790e2819d46ea26fede564ff6dea94ef1945660" PSA key derivation: HKDF-SHA-256 -> raw (same input as secp256r1+redraw) @@ -6690,17 +6690,17 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4869212049276d20612074657374206b65792120486f772061726520796f753f":"":"e1ab5d0000000000":PSA_KEY_TYPE_RAW_DATA:256:"ffffffff55f60cea989fe02543c81b28aff09b5b51fdc43f91fe5c2511b0b9d9" PSA key derivation: HKDF-SHA-256 -> ECC secp384r1 -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_384 derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993c" # For secp521r1, the leading byte of the representation of the private key can # be either 0 or 1. Have one test case where it's 0 and one where it's 1. PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0 -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521 derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"00b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865b4b0a85a993b89b9b65683d60f0106d28fff039d0b6f3409" PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1 -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_521 derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8fa":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:"01122f37d10965c8455ecbd2bc73d5da5347d0ce772e54305d528295a64ffb7c567f5042e2d7e5803b407c08d1e110adcefc35564035d706582f723a2f76a32260da" # For Curve25519, test a few different outputs to exercise masking (last byte of input_2 variation). @@ -6812,7 +6812,7 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT:0 PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):7:PSA_ERROR_INVALID_ARGUMENT:0 @@ -6827,7 +6827,7 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):0:PSA_ERROR_INVALID_ARGUMENT:0 PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):7:PSA_ERROR_INVALID_ARGUMENT:0 @@ -6842,7 +6842,7 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):0:PSA_ERROR_INVALID_ARGUMENT:0 PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):7:PSA_ERROR_INVALID_ARGUMENT:0 @@ -6857,7 +6857,7 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):0:PSA_ERROR_INVALID_ARGUMENT:0 PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):7:PSA_ERROR_INVALID_ARGUMENT:0 @@ -6872,7 +6872,7 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):0:PSA_ERROR_INVALID_ARGUMENT:0 PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):7:PSA_ERROR_INVALID_ARGUMENT:0 @@ -6887,7 +6887,7 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):0:PSA_ERROR_INVALID_ARGUMENT:0 PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):7:PSA_ERROR_INVALID_ARGUMENT:0 @@ -6902,7 +6902,7 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):0:PSA_ERROR_INVALID_ARGUMENT:0 PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:MBEDTLS_ECP_LIGHT +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):7:PSA_ERROR_INVALID_ARGUMENT:0 From af302b9e5d37fd3cd300a5398c4a68e098fa429d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Nov 2023 12:07:15 +0100 Subject: [PATCH 250/430] Rm unjustified PK_C dependencies in PSA tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some are about raw or AES keys where PK seems really unrelated. The others are about RSA where PK may be relevant, but the necessary bits of PK are auto-enabled when RSA key types are requested, so we shouldn't need to list them as dependencies in tests. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto.data | 6 ++-- .../test_suite_psa_crypto_persistent_key.data | 36 +++++++++---------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 43ee44bff..c7aab8804 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7369,15 +7369,15 @@ depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0 PSA import persistent key: raw data, 8 bits -depends_on:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY PSA import persistent key: AES, 128 bits, exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY PSA import persistent key: AES, 128 bits, non-exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY PSA generate persistent key: raw data, 8 bits, exportable diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 3a35505e3..133e726ae 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -42,87 +42,87 @@ Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED Persistent key destroy -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key destroy after restart -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_destroy:17:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key import (RSA) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS Persistent key import with restart (RSA) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS Persistent key import (RSA) invalid key id (VENDOR_MIN) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_import:256:PSA_KEY_ID_VENDOR_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import (RSA) invalid key id (VOLATILE_MIN) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_import:256:PSA_KEY_ID_VOLATILE_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import (RSA) invalid key id (VENDOR_MAX) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_import:256:PSA_KEY_ID_VENDOR_MAX:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import garbage data, should fail -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT import/export persistent raw key: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0 import/export persistent key RSA public key: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:0 import/export persistent key RSA keypair: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:0 import/export persistent raw key file not exist: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:1 import/export persistent key RSA public key file not exist: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:1 import/export persistent key RSA keypair file not exist: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:1 import/export-persistent symmetric key: 16 bytes -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_AES import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0 import/export persistent raw key with restart: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0 import/export persistent key RSA public key with restart: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:0 import/export persistent key RSA keypair with restart: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:0 import/export persistent raw key file not exist with restart: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:1 import/export persistent key RSA public key file not exist with restart: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:1 import/export persistent key RSA keypair file not exist with restart: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:1 import/export-persistent symmetric key with restart: 16 bytes -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C +depends_on:PSA_WANT_KEY_TYPE_AES import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0 Destroy invalid id: 0 From fcc5f31bb8013b83f1279eb7c4f5c33211eddba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Nov 2023 12:23:17 +0100 Subject: [PATCH 251/430] Rm unjustified MD_C dependencies in PSA test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RSA will auto-enable MD_LIGHT, we don't need to list MD_C as a dependency here. Signed-off-by: Manuel Pégourié-Gonnard --- ...test_suite_psa_crypto_driver_wrappers.data | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 8ba3b7997..37c15ee38 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -15,35 +15,35 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS sign_hash transparent driver: in driver RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS sign_hash transparent driver: fallback RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS sign_hash transparent driver: error RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_ERROR_GENERIC_ERROR sign_hash transparent driver: fake RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":1:PSA_SUCCESS sign_hash transparent driver: in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_hash transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_hash transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR sign_hash transparent driver: fake RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS verify_hash transparent driver: in driver ECDSA SECP256R1 SHA-256 @@ -71,27 +71,27 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_ verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Public Key RSA PKCS#1 v1.5 SHA-256 @@ -99,35 +99,35 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Public Key RSA-1024 PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: fallback Public Key RSA-1024 PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: error Public Key RSA-1024 PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Public Key RSA-1024 PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: fallback Public Key RSA-1024 PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: error Public Key RSA-1024 PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR sign_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256 @@ -147,19 +147,19 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS sign_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_message transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR sign_message transparent driver: fake RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS verify_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256 @@ -187,51 +187,51 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_ verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver Public Key RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS verify_message transparent driver: fallback Public Key RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS verify_message transparent driver: error Public Key RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver Public Key RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS verify_message transparent driver: fallback Public Key RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS verify_message transparent driver: error Public Key RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_ERROR_GENERIC_ERROR generate_ec_key through transparent driver: fake From 1d6de4ceb7f9cca3badcb25d4ce4e4c59c3cb840 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 Jul 2023 14:04:39 +0200 Subject: [PATCH 252/430] No more limitations accelerated algorithms using a built-in hash It used to be the case that when an algorithm that uses a hash inside was accelerated through a PSA driver, it might end up calling a hash algorithm that is not available from the driver. Since we introduced MBEDTLS_MD_LIGHT, this no longer happens: PSA accelerated hashes are available to callers of the MD module, so the test driver can use all available hash algorithms. Hence the workaround to skip testing certain accelerated cases is no longer needed. Signed-off-by: Gilles Peskine --- ...t_suite_psa_crypto_storage_format.function | 86 +------------------ 1 file changed, 1 insertion(+), 85 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index 116f4cd53..bb1e2c68c 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -82,77 +82,6 @@ static int is_accelerated_rsa(psa_algorithm_t alg) (void) alg; return 0; } - -/* Whether the algorithm is implemented as a builtin, i.e. not accelerated, - * and calls mbedtls_md() functions that require the hash algorithm to - * also be built-in. */ -static int is_builtin_calling_md(psa_algorithm_t alg) -{ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if (PSA_ALG_IS_RSA_PSS(alg)) -#if defined(MBEDTLS_MD_C) - { return 1; } -#else - { return 0; } -#endif -#endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) - if (PSA_ALG_IS_RSA_OAEP(alg)) -#if defined(MBEDTLS_MD_C) - { return 1; } -#else - { return 0; } -#endif -#endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) { - return 1; - } -#endif - (void) alg; - return 0; -} - -static int has_builtin_hash(psa_algorithm_t alg) -{ -#if !defined(MBEDTLS_MD5_C) - if (alg == PSA_ALG_MD5) { - return 0; - } -#endif -#if !defined(MBEDTLS_RIPEMD160_C) - if (alg == PSA_ALG_RIPEMD160) { - return 0; - } -#endif -#if !defined(MBEDTLS_SHA1_C) - if (alg == PSA_ALG_SHA_1) { - return 0; - } -#endif -#if !defined(MBEDTLS_SHA224_C) - if (alg == PSA_ALG_SHA_224) { - return 0; - } -#endif -#if !defined(MBEDTLS_SHA256_C) - if (alg == PSA_ALG_SHA_256) { - return 0; - } -#endif -#if !defined(MBEDTLS_SHA384_C) - if (alg == PSA_ALG_SHA_384) { - return 0; - } -#endif -#if !defined(MBEDTLS_SHA512_C) - if (alg == PSA_ALG_SHA_512) { - return 0; - } -#endif - (void) alg; - return 1; -} #endif /* Mbed TLS doesn't support certain combinations of key type and algorithm @@ -193,24 +122,11 @@ static int can_exercise(const psa_key_attributes_t *attributes) return 0; } #endif + if (is_accelerated_rsa(alg) && (hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384)) { return 0; } -#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) - if (PSA_ALG_IS_RSA_OAEP(alg) && - (hash_alg == PSA_ALG_RIPEMD160 || hash_alg == PSA_ALG_SHA_384)) { - return 0; - } -#endif - - /* The built-in implementation of asymmetric algorithms that use a - * hash internally only dispatch to the internal md module, not to - * PSA. Until this is supported, don't try to actually perform - * operations when the operation is built-in and the hash isn't. */ - if (is_builtin_calling_md(alg) && !has_builtin_hash(hash_alg)) { - return 0; - } #endif /* MBEDTLS_TEST_LIBTESTDRIVER1 */ (void) key_type; From edb8fec9882084344a314368ac7fd957a187519c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 8 Nov 2023 11:36:00 +0000 Subject: [PATCH 253/430] Add docs re Everest license Signed-off-by: Dave Rodgman --- include/mbedtls/mbedtls_config.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 1d8433e2d..e1456b9ae 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -742,6 +742,9 @@ * contexts and therefore is a compatibility break for applications that access * fields of a mbedtls_ecdh_context structure directly. See also * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. + * + * The Everest code is provided under the Apache 2.0 license only; therefore enabling this + * option is not compatible with taking the library under the GPL v2.0-or-later license. */ //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED From 47854e638b48de67d7daa195b9ebc2f0cbd1eec6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 8 Nov 2023 11:37:56 +0000 Subject: [PATCH 254/430] Revert back to v3.5.0 git revert v3.5.0..v3.5.1 git rebase to combine the resulting revert commits Signed-off-by: Dave Rodgman --- .uncrustify.cfg | 14 +- 3rdparty/everest/CMakeLists.txt | 4 +- 3rdparty/p256-m/CMakeLists.txt | 4 +- 3rdparty/p256-m/README.md | 4 +- 3rdparty/p256-m/p256-m/LICENSE | 202 ++++++++++ 3rdparty/p256-m/p256-m/p256-m.c | 2 +- 3rdparty/p256-m/p256-m/p256-m.h | 2 +- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 14 +- 3rdparty/p256-m/p256-m_driver_entrypoints.h | 14 +- BRANCHES.md | 2 +- CMakeLists.txt | 2 +- CONTRIBUTING.md | 4 +- ChangeLog | 14 +- LICENSE | 351 ------------------ README.md | 6 +- configs/config-ccm-psk-dtls1_2.h | 14 +- configs/config-ccm-psk-tls1_2.h | 14 +- configs/config-no-entropy.h | 14 +- configs/config-suite-b.h | 14 +- configs/config-symmetric-only.h | 14 +- configs/config-thread.h | 14 +- configs/crypto-config-ccm-aes-sha256.h | 14 +- configs/crypto_config_profile_medium.h | 6 +- .../tfm_mbedcrypto_config_profile_medium.h | 18 +- docs/architecture/psa-migration/syms.sh | 14 +- doxygen/input/doc_encdec.h | 14 +- doxygen/input/doc_hashing.h | 14 +- doxygen/input/doc_mainpage.h | 16 +- doxygen/input/doc_rng.h | 14 +- doxygen/input/doc_ssltls.h | 14 +- doxygen/input/doc_tcpip.h | 14 +- doxygen/input/doc_x509.h | 14 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/aes.h | 14 +- include/mbedtls/aria.h | 14 +- include/mbedtls/asn1.h | 14 +- include/mbedtls/asn1write.h | 14 +- include/mbedtls/base64.h | 14 +- include/mbedtls/bignum.h | 14 +- include/mbedtls/build_info.h | 22 +- include/mbedtls/camellia.h | 14 +- include/mbedtls/ccm.h | 14 +- include/mbedtls/chacha20.h | 14 +- include/mbedtls/chachapoly.h | 14 +- include/mbedtls/check_config.h | 14 +- include/mbedtls/cipher.h | 14 +- include/mbedtls/cmac.h | 14 +- include/mbedtls/compat-2.x.h | 14 +- include/mbedtls/config_adjust_legacy_crypto.h | 14 +- .../mbedtls/config_adjust_legacy_from_psa.h | 14 +- .../mbedtls/config_adjust_psa_from_legacy.h | 14 +- .../config_adjust_psa_superset_legacy.h | 14 +- include/mbedtls/config_adjust_ssl.h | 14 +- include/mbedtls/config_adjust_x509.h | 14 +- include/mbedtls/config_psa.h | 14 +- include/mbedtls/constant_time.h | 14 +- include/mbedtls/ctr_drbg.h | 14 +- include/mbedtls/debug.h | 14 +- include/mbedtls/des.h | 14 +- include/mbedtls/dhm.h | 14 +- include/mbedtls/ecdh.h | 14 +- include/mbedtls/ecdsa.h | 14 +- include/mbedtls/ecjpake.h | 14 +- include/mbedtls/ecp.h | 14 +- include/mbedtls/entropy.h | 14 +- include/mbedtls/error.h | 14 +- include/mbedtls/gcm.h | 14 +- include/mbedtls/hkdf.h | 14 +- include/mbedtls/hmac_drbg.h | 14 +- include/mbedtls/lms.h | 14 +- include/mbedtls/mbedtls_config.h | 17 +- include/mbedtls/md.h | 14 +- include/mbedtls/md5.h | 14 +- include/mbedtls/memory_buffer_alloc.h | 14 +- include/mbedtls/net_sockets.h | 14 +- include/mbedtls/nist_kw.h | 14 +- include/mbedtls/oid.h | 14 +- include/mbedtls/pem.h | 14 +- include/mbedtls/pk.h | 14 +- include/mbedtls/pkcs12.h | 14 +- include/mbedtls/pkcs5.h | 14 +- include/mbedtls/pkcs7.h | 14 +- include/mbedtls/platform.h | 14 +- include/mbedtls/platform_time.h | 14 +- include/mbedtls/platform_util.h | 14 +- include/mbedtls/poly1305.h | 14 +- include/mbedtls/private_access.h | 14 +- include/mbedtls/psa_util.h | 14 +- include/mbedtls/ripemd160.h | 14 +- include/mbedtls/rsa.h | 14 +- include/mbedtls/sha1.h | 14 +- include/mbedtls/sha256.h | 14 +- include/mbedtls/sha3.h | 14 +- include/mbedtls/sha512.h | 14 +- include/mbedtls/ssl.h | 14 +- include/mbedtls/ssl_cache.h | 14 +- include/mbedtls/ssl_ciphersuites.h | 14 +- include/mbedtls/ssl_cookie.h | 14 +- include/mbedtls/ssl_ticket.h | 14 +- include/mbedtls/threading.h | 14 +- include/mbedtls/timing.h | 14 +- include/mbedtls/version.h | 14 +- include/mbedtls/x509.h | 14 +- include/mbedtls/x509_crl.h | 14 +- include/mbedtls/x509_crt.h | 14 +- include/mbedtls/x509_csr.h | 14 +- include/psa/build_info.h | 14 +- include/psa/crypto.h | 14 +- include/psa/crypto_adjust_auto_enabled.h | 14 +- .../psa/crypto_adjust_config_key_pair_types.h | 14 +- include/psa/crypto_adjust_config_synonyms.h | 14 +- include/psa/crypto_builtin_composites.h | 14 +- include/psa/crypto_builtin_key_derivation.h | 14 +- include/psa/crypto_builtin_primitives.h | 14 +- include/psa/crypto_compat.h | 14 +- include/psa/crypto_config.h | 14 +- include/psa/crypto_driver_common.h | 14 +- .../psa/crypto_driver_contexts_composites.h | 14 +- .../crypto_driver_contexts_key_derivation.h | 14 +- .../psa/crypto_driver_contexts_primitives.h | 14 +- include/psa/crypto_extra.h | 14 +- include/psa/crypto_legacy.h | 14 +- include/psa/crypto_platform.h | 14 +- include/psa/crypto_se_driver.h | 14 +- include/psa/crypto_sizes.h | 14 +- include/psa/crypto_struct.h | 14 +- include/psa/crypto_types.h | 14 +- include/psa/crypto_values.h | 14 +- library/CMakeLists.txt | 6 +- library/aes.c | 14 +- library/aesce.c | 14 +- library/aesce.h | 14 +- library/aesni.c | 14 +- library/aesni.h | 14 +- library/alignment.h | 14 +- library/aria.c | 14 +- library/asn1parse.c | 14 +- library/asn1write.c | 14 +- library/base64.c | 14 +- library/base64_internal.h | 14 +- library/bignum.c | 14 +- library/bignum_core.c | 14 +- library/bignum_core.h | 14 +- library/bignum_mod.c | 14 +- library/bignum_mod.h | 14 +- library/bignum_mod_raw.c | 14 +- library/bignum_mod_raw.h | 14 +- library/bignum_mod_raw_invasive.h | 14 +- library/bn_mul.h | 14 +- library/camellia.c | 14 +- library/ccm.c | 14 +- library/chacha20.c | 14 +- library/chachapoly.c | 14 +- library/check_crypto_config.h | 14 +- library/cipher.c | 14 +- library/cipher_wrap.c | 14 +- library/cipher_wrap.h | 14 +- library/cmac.c | 14 +- library/common.h | 14 +- library/constant_time.c | 14 +- library/constant_time_impl.h | 14 +- library/constant_time_internal.h | 14 +- library/ctr_drbg.c | 14 +- library/debug.c | 14 +- library/des.c | 14 +- library/dhm.c | 14 +- library/ecdh.c | 14 +- library/ecdsa.c | 14 +- library/ecjpake.c | 14 +- library/ecp.c | 14 +- library/ecp_curves.c | 14 +- library/ecp_curves_new.c | 14 +- library/ecp_internal_alt.h | 14 +- library/ecp_invasive.h | 14 +- library/entropy.c | 14 +- library/entropy_poll.c | 14 +- library/entropy_poll.h | 14 +- library/error.c | 14 +- library/gcm.c | 14 +- library/hkdf.c | 14 +- library/hmac_drbg.c | 14 +- library/lmots.c | 14 +- library/lmots.h | 14 +- library/lms.c | 14 +- library/md.c | 14 +- library/md5.c | 14 +- library/md_psa.h | 14 +- library/md_wrap.h | 14 +- library/memory_buffer_alloc.c | 14 +- library/mps_common.h | 16 +- library/mps_error.h | 16 +- library/mps_reader.c | 16 +- library/mps_reader.h | 16 +- library/mps_trace.c | 16 +- library/mps_trace.h | 16 +- library/net_sockets.c | 14 +- library/nist_kw.c | 14 +- library/oid.c | 14 +- library/padlock.c | 14 +- library/padlock.h | 14 +- library/pem.c | 14 +- library/pk.c | 14 +- library/pk_internal.h | 14 +- library/pk_wrap.c | 14 +- library/pk_wrap.h | 14 +- library/pkcs12.c | 14 +- library/pkcs5.c | 14 +- library/pkcs7.c | 14 +- library/pkparse.c | 14 +- library/pkwrite.c | 14 +- library/pkwrite.h | 14 +- library/platform.c | 14 +- library/platform_util.c | 14 +- library/poly1305.c | 14 +- library/psa_crypto.c | 14 +- library/psa_crypto_aead.c | 14 +- library/psa_crypto_aead.h | 14 +- library/psa_crypto_cipher.c | 14 +- library/psa_crypto_cipher.h | 14 +- library/psa_crypto_client.c | 14 +- library/psa_crypto_core.h | 14 +- library/psa_crypto_core_common.h | 14 +- library/psa_crypto_driver_wrappers.h | 14 +- .../psa_crypto_driver_wrappers_no_static.c | 14 +- .../psa_crypto_driver_wrappers_no_static.h | 14 +- library/psa_crypto_ecp.c | 14 +- library/psa_crypto_ecp.h | 14 +- library/psa_crypto_ffdh.c | 14 +- library/psa_crypto_ffdh.h | 14 +- library/psa_crypto_hash.c | 14 +- library/psa_crypto_hash.h | 14 +- library/psa_crypto_invasive.h | 14 +- library/psa_crypto_its.h | 14 +- library/psa_crypto_mac.c | 14 +- library/psa_crypto_mac.h | 14 +- library/psa_crypto_pake.c | 14 +- library/psa_crypto_pake.h | 14 +- library/psa_crypto_random_impl.h | 14 +- library/psa_crypto_rsa.c | 14 +- library/psa_crypto_rsa.h | 14 +- library/psa_crypto_se.c | 14 +- library/psa_crypto_se.h | 14 +- library/psa_crypto_slot_management.c | 14 +- library/psa_crypto_slot_management.h | 14 +- library/psa_crypto_storage.c | 14 +- library/psa_crypto_storage.h | 14 +- library/psa_its_file.c | 14 +- library/psa_util.c | 14 +- library/psa_util_internal.h | 14 +- library/ripemd160.c | 14 +- library/rsa.c | 14 +- library/rsa_alt_helpers.c | 14 +- library/rsa_alt_helpers.h | 14 +- library/sha1.c | 14 +- library/sha256.c | 14 +- library/sha3.c | 14 +- library/sha512.c | 14 +- library/ssl_cache.c | 14 +- library/ssl_ciphersuites.c | 14 +- library/ssl_client.c | 16 +- library/ssl_client.h | 14 +- library/ssl_cookie.c | 14 +- library/ssl_debug_helpers.h | 14 +- library/ssl_debug_helpers_generated.c | 14 +- library/ssl_misc.h | 14 +- library/ssl_msg.c | 14 +- library/ssl_ticket.c | 14 +- library/ssl_tls.c | 14 +- library/ssl_tls12_client.c | 14 +- library/ssl_tls12_server.c | 14 +- library/ssl_tls13_client.c | 16 +- library/ssl_tls13_generic.c | 14 +- library/ssl_tls13_invasive.h | 14 +- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_keys.h | 14 +- library/ssl_tls13_server.c | 14 +- library/threading.c | 14 +- library/timing.c | 14 +- library/version.c | 14 +- library/version_features.c | 14 +- library/x509.c | 14 +- library/x509_create.c | 14 +- library/x509_crl.c | 14 +- library/x509_crt.c | 14 +- library/x509_csr.c | 14 +- library/x509write.c | 14 +- library/x509write_crt.c | 14 +- library/x509write_csr.c | 14 +- programs/aes/crypt_and_hash.c | 14 +- programs/cipher/cipher_aead_demo.c | 14 +- programs/hash/generic_sum.c | 14 +- programs/hash/hello.c | 14 +- programs/hash/md_hmac_demo.c | 14 +- programs/pkey/dh_client.c | 14 +- programs/pkey/dh_genprime.c | 14 +- programs/pkey/dh_server.c | 14 +- programs/pkey/ecdh_curve25519.c | 14 +- programs/pkey/ecdsa.c | 14 +- programs/pkey/gen_key.c | 14 +- programs/pkey/key_app.c | 14 +- programs/pkey/key_app_writer.c | 14 +- programs/pkey/mpi_demo.c | 14 +- programs/pkey/pk_decrypt.c | 14 +- programs/pkey/pk_encrypt.c | 14 +- programs/pkey/pk_sign.c | 14 +- programs/pkey/pk_verify.c | 14 +- programs/pkey/rsa_decrypt.c | 14 +- programs/pkey/rsa_encrypt.c | 14 +- programs/pkey/rsa_genkey.c | 14 +- programs/pkey/rsa_sign.c | 14 +- programs/pkey/rsa_sign_pss.c | 14 +- programs/pkey/rsa_verify.c | 14 +- programs/pkey/rsa_verify_pss.c | 14 +- programs/psa/aead_demo.c | 14 +- programs/psa/crypto_examples.c | 14 +- programs/psa/hmac_demo.c | 14 +- programs/psa/key_ladder_demo.c | 14 +- programs/psa/key_ladder_demo.sh | 14 +- programs/psa/psa_constant_names.c | 14 +- programs/random/gen_entropy.c | 14 +- programs/random/gen_random_ctr_drbg.c | 14 +- programs/ssl/dtls_client.c | 14 +- programs/ssl/dtls_server.c | 14 +- programs/ssl/mini_client.c | 14 +- programs/ssl/ssl_client1.c | 14 +- programs/ssl/ssl_client2.c | 14 +- programs/ssl/ssl_context_info.c | 14 +- programs/ssl/ssl_fork_server.c | 14 +- programs/ssl/ssl_mail_client.c | 14 +- programs/ssl/ssl_pthread_server.c | 14 +- programs/ssl/ssl_server.c | 14 +- programs/ssl/ssl_server2.c | 14 +- programs/ssl/ssl_test_common_source.c | 14 +- programs/ssl/ssl_test_lib.c | 14 +- programs/ssl/ssl_test_lib.h | 14 +- programs/test/benchmark.c | 14 +- programs/test/cmake_package/cmake_package.c | 14 +- .../cmake_package_install.c | 14 +- .../test/cmake_subproject/cmake_subproject.c | 14 +- programs/test/dlopen.c | 14 +- programs/test/dlopen_demo.sh | 14 +- programs/test/generate_cpp_dummy_build.sh | 27 +- programs/test/query_compile_time_config.c | 14 +- programs/test/query_config.c | 14 +- programs/test/query_config.h | 14 +- programs/test/query_included_headers.c | 14 +- programs/test/selftest.c | 14 +- programs/test/udp_proxy.c | 14 +- programs/test/udp_proxy_wrapper.sh | 14 +- programs/test/zeroize.c | 14 +- programs/util/pem2der.c | 14 +- programs/util/strerror.c | 14 +- programs/wince_main.c | 14 +- programs/x509/cert_app.c | 14 +- programs/x509/cert_req.c | 14 +- programs/x509/cert_write.c | 14 +- programs/x509/crl_app.c | 14 +- programs/x509/load_roots.c | 39 ++ programs/x509/req_app.c | 14 +- scripts/abi_check.py | 14 +- scripts/apidoc_full.sh | 14 +- scripts/assemble_changelog.py | 14 +- scripts/bump_version.sh | 14 +- scripts/code_size_compare.py | 14 +- scripts/code_style.py | 14 +- scripts/config.pl | 13 +- scripts/config.py | 13 +- .../psa_crypto_driver_wrappers.h.jinja | 14 +- ...a_crypto_driver_wrappers_no_static.c.jinja | 14 +- scripts/data_files/error.fmt | 14 +- scripts/data_files/query_config.fmt | 14 +- scripts/data_files/version_features.fmt | 14 +- scripts/ecc-heap.sh | 14 +- scripts/ecp_comb_table.py | 14 +- scripts/footprint.sh | 14 +- scripts/generate_driver_wrappers.py | 14 +- scripts/generate_errors.pl | 14 +- scripts/generate_features.pl | 14 +- scripts/generate_psa_constants.py | 14 +- scripts/generate_query_config.pl | 14 +- scripts/generate_ssl_debug_helpers.py | 27 +- scripts/generate_visualc_files.pl | 14 +- scripts/lcov.sh | 14 +- scripts/massif_max.pl | 14 +- scripts/mbedtls_dev/asymmetric_key_data.py | 13 +- scripts/mbedtls_dev/bignum_common.py | 13 +- scripts/mbedtls_dev/bignum_core.py | 13 +- scripts/mbedtls_dev/bignum_data.py | 13 +- scripts/mbedtls_dev/bignum_mod.py | 13 +- scripts/mbedtls_dev/bignum_mod_raw.py | 13 +- scripts/mbedtls_dev/build_tree.py | 13 +- scripts/mbedtls_dev/c_build_helper.py | 13 +- scripts/mbedtls_dev/crypto_data_tests.py | 13 +- scripts/mbedtls_dev/crypto_knowledge.py | 13 +- scripts/mbedtls_dev/ecp.py | 13 +- scripts/mbedtls_dev/logging_util.py | 13 +- scripts/mbedtls_dev/macro_collector.py | 13 +- scripts/mbedtls_dev/psa_information.py | 13 +- scripts/mbedtls_dev/psa_storage.py | 13 +- scripts/mbedtls_dev/test_case.py | 13 +- scripts/mbedtls_dev/test_data_generation.py | 13 +- scripts/mbedtls_dev/typing_util.py | 13 +- scripts/memory.sh | 14 +- scripts/min_requirements.py | 14 +- scripts/output_env.sh | 14 +- scripts/prepare_release.sh | 14 +- scripts/tmp_ignore_makefiles.sh | 14 +- tests/compat-in-docker.sh | 14 +- tests/compat.sh | 14 +- tests/configs/tls13-only.h | 14 +- tests/configs/user-config-for-test.h | 14 +- tests/configs/user-config-malloc-0-null.h | 14 +- tests/configs/user-config-zeroize-memset.h | 14 +- tests/context-info.sh | 14 +- tests/data_files/dir-maxpath/long.sh | 14 +- tests/data_files/print_c.pl | 14 +- tests/data_files/test_certs.h.jinja2 | 14 +- tests/docker/bionic/Dockerfile | 14 +- tests/git-scripts/pre-push.sh | 14 +- tests/include/alt-dummy/aes_alt.h | 14 +- tests/include/alt-dummy/aria_alt.h | 14 +- tests/include/alt-dummy/camellia_alt.h | 14 +- tests/include/alt-dummy/ccm_alt.h | 14 +- tests/include/alt-dummy/chacha20_alt.h | 14 +- tests/include/alt-dummy/chachapoly_alt.h | 14 +- tests/include/alt-dummy/cmac_alt.h | 14 +- tests/include/alt-dummy/des_alt.h | 14 +- tests/include/alt-dummy/dhm_alt.h | 14 +- tests/include/alt-dummy/ecjpake_alt.h | 14 +- tests/include/alt-dummy/ecp_alt.h | 14 +- tests/include/alt-dummy/gcm_alt.h | 14 +- tests/include/alt-dummy/md5_alt.h | 14 +- tests/include/alt-dummy/nist_kw_alt.h | 14 +- tests/include/alt-dummy/platform_alt.h | 14 +- tests/include/alt-dummy/poly1305_alt.h | 14 +- tests/include/alt-dummy/ripemd160_alt.h | 14 +- tests/include/alt-dummy/rsa_alt.h | 14 +- tests/include/alt-dummy/sha1_alt.h | 14 +- tests/include/alt-dummy/sha256_alt.h | 14 +- tests/include/alt-dummy/sha512_alt.h | 14 +- tests/include/alt-dummy/threading_alt.h | 14 +- tests/include/alt-dummy/timing_alt.h | 14 +- tests/include/baremetal-override/time.h | 14 +- tests/include/spe/crypto_spe.h | 14 +- tests/include/test/arguments.h | 14 +- tests/include/test/asn1_helpers.h | 14 +- tests/include/test/bignum_helpers.h | 14 +- tests/include/test/certs.h | 14 +- tests/include/test/constant_flow.h | 14 +- tests/include/test/drivers/aead.h | 14 +- .../test/drivers/asymmetric_encryption.h | 14 +- tests/include/test/drivers/cipher.h | 14 +- .../include/test/drivers/config_test_driver.h | 14 +- tests/include/test/drivers/hash.h | 14 +- tests/include/test/drivers/key_agreement.h | 14 +- tests/include/test/drivers/key_management.h | 14 +- tests/include/test/drivers/mac.h | 14 +- tests/include/test/drivers/pake.h | 14 +- tests/include/test/drivers/signature.h | 14 +- tests/include/test/drivers/test_driver.h | 14 +- .../include/test/fake_external_rng_for_test.h | 14 +- tests/include/test/helpers.h | 14 +- tests/include/test/macros.h | 14 +- tests/include/test/psa_crypto_helpers.h | 14 +- tests/include/test/psa_exercise_key.h | 14 +- tests/include/test/psa_helpers.h | 14 +- tests/include/test/random.h | 14 +- tests/include/test/ssl_helpers.h | 14 +- tests/make-in-docker.sh | 14 +- tests/opt-testcases/tls13-compat.sh | 14 +- tests/opt-testcases/tls13-kex-modes.sh | 14 +- tests/opt-testcases/tls13-misc.sh | 14 +- tests/scripts/all-in-docker.sh | 14 +- tests/scripts/all.sh | 14 +- tests/scripts/audit-validity-dates.py | 14 +- tests/scripts/basic-build-test.sh | 14 +- tests/scripts/basic-in-docker.sh | 14 +- tests/scripts/check-doxy-blocks.pl | 14 +- tests/scripts/check-generated-files.sh | 14 +- tests/scripts/check-python-files.sh | 14 +- tests/scripts/check_files.py | 14 +- tests/scripts/check_names.py | 14 +- tests/scripts/check_test_cases.py | 14 +- tests/scripts/depends.py | 18 +- tests/scripts/docker_env.sh | 14 +- tests/scripts/doxygen.sh | 14 +- tests/scripts/gen_ctr_drbg.pl | 14 +- tests/scripts/gen_gcm_decrypt.pl | 14 +- tests/scripts/gen_gcm_encrypt.pl | 14 +- tests/scripts/gen_pkcs1_v21_sign_verify.pl | 14 +- tests/scripts/generate-afl-tests.sh | 14 +- tests/scripts/generate_bignum_tests.py | 14 +- tests/scripts/generate_ecp_tests.py | 14 +- tests/scripts/generate_pkcs7_tests.py | 14 +- tests/scripts/generate_psa_tests.py | 14 +- tests/scripts/generate_test_cert_macros.py | 14 +- tests/scripts/generate_test_code.py | 14 +- tests/scripts/generate_tls13_compat_tests.py | 28 +- tests/scripts/list-identifiers.sh | 14 +- tests/scripts/list_internal_identifiers.py | 14 +- tests/scripts/psa_collect_statuses.py | 14 +- tests/scripts/recursion.pl | 14 +- tests/scripts/run-test-suites.pl | 14 +- tests/scripts/scripts_path.py | 13 +- tests/scripts/set_psa_test_dependencies.py | 14 +- tests/scripts/tcp_client.pl | 14 +- tests/scripts/test-ref-configs.pl | 14 +- tests/scripts/test_config_script.py | 13 +- tests/scripts/test_generate_test_code.py | 14 +- tests/scripts/test_psa_compliance.py | 14 +- tests/scripts/test_psa_constant_names.py | 14 +- tests/scripts/test_zeroize.gdb | 14 +- tests/scripts/translate_ciphers.py | 14 +- tests/scripts/travis-log-failure.sh | 14 +- tests/src/asn1_helpers.c | 14 +- tests/src/bignum_helpers.c | 14 +- tests/src/certs.c | 14 +- tests/src/drivers/hash.c | 14 +- tests/src/drivers/platform_builtin_keys.c | 14 +- tests/src/drivers/test_driver_aead.c | 14 +- .../test_driver_asymmetric_encryption.c | 14 +- tests/src/drivers/test_driver_cipher.c | 14 +- tests/src/drivers/test_driver_key_agreement.c | 14 +- .../src/drivers/test_driver_key_management.c | 14 +- tests/src/drivers/test_driver_mac.c | 14 +- tests/src/drivers/test_driver_pake.c | 14 +- tests/src/drivers/test_driver_signature.c | 14 +- tests/src/fake_external_rng_for_test.c | 14 +- tests/src/helpers.c | 14 +- tests/src/psa_crypto_helpers.c | 14 +- tests/src/psa_exercise_key.c | 14 +- tests/src/random.c | 14 +- tests/src/test_certs.h | 14 +- tests/src/test_helpers/ssl_helpers.c | 14 +- tests/src/threading_helpers.c | 14 +- tests/ssl-opt-in-docker.sh | 14 +- tests/ssl-opt.sh | 14 +- tests/suites/test_suite_version.data | 4 +- 538 files changed, 7071 insertions(+), 920 deletions(-) create mode 100644 3rdparty/p256-m/p256-m/LICENSE diff --git a/.uncrustify.cfg b/.uncrustify.cfg index 8dc9db049..92b8ce9cd 100644 --- a/.uncrustify.cfg +++ b/.uncrustify.cfg @@ -4,7 +4,19 @@ # to Mbed TLS. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # Wrap lines at 100 characters diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index e0e5adecd..eefc15151 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -18,11 +18,11 @@ target_include_directories(${everest_target} # everest is not directly linked against any mbedtls targets # so does not inherit the compile definitions. if(MBEDTLS_CONFIG_FILE) - target_compile_definitions(${everest_target} + target_compile_definitions(everest PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") endif() if(MBEDTLS_USER_CONFIG_FILE) - target_compile_definitions(${everest_target} + target_compile_definitions(everest PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") endif() diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt index 2ef0d48b7..41be3c4a3 100644 --- a/3rdparty/p256-m/CMakeLists.txt +++ b/3rdparty/p256-m/CMakeLists.txt @@ -16,11 +16,11 @@ target_include_directories(${p256m_target} # p256m is not directly linked against any mbedtls targets # so does not inherit the compile definitions. if(MBEDTLS_CONFIG_FILE) - target_compile_definitions(${p256m_target} + target_compile_definitions(p256m PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}") endif() if(MBEDTLS_USER_CONFIG_FILE) - target_compile_definitions(${p256m_target} + target_compile_definitions(p256m PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}") endif() diff --git a/3rdparty/p256-m/README.md b/3rdparty/p256-m/README.md index ec90f3446..89648d413 100644 --- a/3rdparty/p256-m/README.md +++ b/3rdparty/p256-m/README.md @@ -1,4 +1,4 @@ -The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m). They are distributed here under a dual Apache-2.0 OR GPL-2.0-or-later license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project. +The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project. -The files `p256-m.c`, `p256-m.h` and `README.md` have been taken from the `p256-m` repository. +The files `p256-m.c` and `.h`, along with the license, have been taken from the `p256-m` repository. It should be noted that p256-m deliberately does not supply its own cryptographically secure RNG function. As a result, the PSA RNG is used, with `p256_generate_random()` wrapping `psa_generate_random()`. diff --git a/3rdparty/p256-m/p256-m/LICENSE b/3rdparty/p256-m/p256-m/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/3rdparty/p256-m/p256-m/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 42c35b5bf..3f878f758 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -3,7 +3,7 @@ * * Copyright The Mbed TLS Contributors * Author: Manuel Pégourié-Gonnard. - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 */ #include "p256-m.h" diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h index c26780024..28d319f39 100644 --- a/3rdparty/p256-m/p256-m/p256-m.h +++ b/3rdparty/p256-m/p256-m/p256-m.h @@ -3,7 +3,7 @@ * * Copyright The Mbed TLS Contributors * Author: Manuel Pégourié-Gonnard. - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 */ #ifndef P256_M_H #define P256_M_H diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index d272dcbb1..61310a87b 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/platform.h" diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index c740c4522..d92a8f00b 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef P256M_DRIVER_ENTRYPOINTS_H diff --git a/BRANCHES.md b/BRANCHES.md index c085b1616..d3bd75eff 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) maintained until at least the end of 2024, see - . + . Users are urged to always use the latest version of a maintained branch. diff --git a/CMakeLists.txt b/CMakeLists.txt index 87a41d75c..3c93b15c6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -377,7 +377,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 3.5.1) + VERSION 3.5.0) install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 261f745ba..8454fb8ea 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -84,11 +84,11 @@ Mbed TLS is well documented, but if you think documentation is needed, speak out License and Copyright --------------------- -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses. This means that users may choose which of these licenses they take the code under. +Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 or GPL-2.0-or-later licenses. -All new files should include the standard SPDX license identifier where possible, i.e. "SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later". +All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors". diff --git a/ChangeLog b/ChangeLog index 28c45f718..85f3665c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,22 +1,12 @@ Mbed TLS ChangeLog (Sorted per branch, date) -= Mbed TLS 3.5.1 branch released 2023-11-06 - -Changes - * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later - license. Users may choose which license they take the code under. - -Bugfix - * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules - in CMake. - = Mbed TLS 3.5.0 branch released 2023-10-05 API changes * Mbed TLS 3.4 introduced support for omitting the built-in implementation of ECDSA and/or EC J-PAKE when those are provided by a driver. However, - there was a flaw in the logic checking if the built-in implementation, in - that it failed to check if all the relevant curves were supported by the + their was a flaw in the logic checking if the built-in implementation, in + that if failed to check if all the relevant curves were supported by the accelerator. As a result, it was possible to declare no curves as accelerated and still have the built-in implementation compiled out. Starting with this release, it is necessary to declare which curves are diff --git a/LICENSE b/LICENSE index 776ac77ea..d64569567 100644 --- a/LICENSE +++ b/LICENSE @@ -1,10 +1,3 @@ -Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) -OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. -This means that users may choose which of these licenses they take the code -under. - -The full text of each of these licenses is given below. - Apache License Version 2.0, January 2004 @@ -207,347 +200,3 @@ The full text of each of these licenses is given below. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - - -=============================================================================== - - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/README.md b/README.md index 2505d8fd9..a3fcd2e15 100644 --- a/README.md +++ b/README.md @@ -307,14 +307,14 @@ When using drivers, you will generally want to enable two compilation options (s License ------- -Unless specifically indicated otherwise in a file, Mbed TLS files are provided under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license. See the [LICENSE](LICENSE) file for the full text of these licenses, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. +Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information. ### Third-party code included in Mbed TLS -This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, where it differs from the normal Mbed TLS license, and/or in source files. The projects are listed below: +This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below: * `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license. -* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is distributed in Mbed TLS under a dual Apache-2.0 OR GPL-2.0-or-later license with permission from the author. +* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by Mbed TLS under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project. Contributing ------------ diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index 19e09d957..af2415fe1 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * Minimal configuration for DTLS 1.2 with PSK and AES-CCM ciphersuites diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index d49adfd72..62c1d8013 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index ddb00b41e..1964e8e55 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * Minimal configuration of features that do not require an entropy source diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 9bba6e6cb..56a700f74 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * Minimal configuration for TLS NSA Suite B Profile (RFC 6460) diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 512dd7616..a014b5273 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* System support */ diff --git a/configs/config-thread.h b/configs/config-thread.h index 2f81f9007..e05b557ed 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h index 7f8d58768..6c12bd7b6 100644 --- a/configs/crypto-config-ccm-aes-sha256.h +++ b/configs/crypto-config-ccm-aes-sha256.h @@ -6,7 +6,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_CONFIG_H diff --git a/configs/crypto_config_profile_medium.h b/configs/crypto_config_profile_medium.h index f9b2c2fdd..3fa8552c9 100644 --- a/configs/crypto_config_profile_medium.h +++ b/configs/crypto_config_profile_medium.h @@ -1,6 +1,8 @@ /* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * Copyright (c) 2018-2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * */ /** * \file psa/crypto_config.h diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 34a3bd4ff..88736b54b 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -8,8 +8,22 @@ * memory footprint. */ /* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H diff --git a/docs/architecture/psa-migration/syms.sh b/docs/architecture/psa-migration/syms.sh index 6c9686eb2..1e1ec8c29 100755 --- a/docs/architecture/psa-migration/syms.sh +++ b/docs/architecture/psa-migration/syms.sh @@ -1,7 +1,19 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index cf77690b3..ec149aef7 100644 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -6,7 +6,19 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index 83613bfa9..931e6e928 100644 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -6,7 +6,19 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index c391c59ce..b67237fbc 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -6,11 +6,23 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** - * @mainpage Mbed TLS v3.5.1 API Documentation + * @mainpage Mbed TLS v3.5.0 API Documentation * * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/input/doc_rng.h b/doxygen/input/doc_rng.h index 22608a879..7da13cd73 100644 --- a/doxygen/input/doc_rng.h +++ b/doxygen/input/doc_rng.h @@ -6,7 +6,19 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** diff --git a/doxygen/input/doc_ssltls.h b/doxygen/input/doc_ssltls.h index 5757574f3..6961124e4 100644 --- a/doxygen/input/doc_ssltls.h +++ b/doxygen/input/doc_ssltls.h @@ -6,7 +6,19 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** diff --git a/doxygen/input/doc_tcpip.h b/doxygen/input/doc_tcpip.h index f8d8c6905..a705de146 100644 --- a/doxygen/input/doc_tcpip.h +++ b/doxygen/input/doc_tcpip.h @@ -6,7 +6,19 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** diff --git a/doxygen/input/doc_x509.h b/doxygen/input/doc_x509.h index 945830f11..904967501 100644 --- a/doxygen/input/doc_x509.h +++ b/doxygen/input/doc_x509.h @@ -6,7 +6,19 @@ /* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 89048f221..98b2d7973 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v3.5.1" +PROJECT_NAME = "Mbed TLS v3.5.0" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 77ecffd86..7c92162d1 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -22,7 +22,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_AES_H diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index abb8a3d76..7e55df7ec 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -11,7 +11,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ARIA_H diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 830458b55..c7aae0ff8 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ASN1_H #define MBEDTLS_ASN1_H diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 7af4aba41..6fe57c8f0 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ASN1_WRITE_H #define MBEDTLS_ASN1_WRITE_H diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 8f459b74c..635be713d 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BASE64_H #define MBEDTLS_BASE64_H diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 931e06d2c..eb8446ea8 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BIGNUM_H #define MBEDTLS_BIGNUM_H diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index c4fab1205..842f15c58 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -8,7 +8,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BUILD_INFO_H @@ -26,16 +38,16 @@ */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 5 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03050100 -#define MBEDTLS_VERSION_STRING "3.5.1" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.1" +#define MBEDTLS_VERSION_NUMBER 0x03050000 +#define MBEDTLS_VERSION_STRING "3.5.0" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.0" /* Macros for build-time platform detection */ diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 6c674fe04..8033c13ff 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CAMELLIA_H #define MBEDTLS_CAMELLIA_H diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index a98111b4e..e00e747de 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -29,7 +29,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CCM_H diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 680fe3604..e24e56b98 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -14,7 +14,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CHACHA20_H diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 3dc21e380..19baadefd 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -14,7 +14,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CHACHAPOLY_H diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e479ef3a0..e18e9a5fc 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CHECK_CONFIG_H diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 2596baa92..9c8701d38 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CIPHER_H diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 97b86fc42..b2aca5d04 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CMAC_H diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h index 096341ba7..cdf81dcbb 100644 --- a/include/mbedtls/compat-2.x.h +++ b/include/mbedtls/compat-2.x.h @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index f76976591..6ec59f193 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -16,7 +16,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index ab18d985d..e3c2ed117 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -10,7 +10,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index c31a46243..088711d37 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -12,7 +12,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h index 3a55c3f6e..3d9029b57 100644 --- a/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -11,7 +11,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 8415f3e5f..2275f3add 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -16,7 +16,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h index 346c8ae6d..99a0ace2f 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/config_adjust_x509.h @@ -16,7 +16,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_ADJUST_X509_H diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 17da61b3e..2d2397197 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -12,7 +12,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_PSA_H diff --git a/include/mbedtls/constant_time.h b/include/mbedtls/constant_time.h index d31bff677..ebecf35b0 100644 --- a/include/mbedtls/constant_time.h +++ b/include/mbedtls/constant_time.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONSTANT_TIME_H diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index d1f19e607..0348281e4 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -23,7 +23,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CTR_DRBG_H diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 0aef2ed65..d6dd15224 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_DEBUG_H #define MBEDTLS_DEBUG_H diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 2b097a13d..f445102d9 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ #ifndef MBEDTLS_DES_H diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index fcba3d2af..0232a71fd 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -45,7 +45,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_DHM_H diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 792db79fd..67c94f0fa 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -14,7 +14,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ECDH_H diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 2ecf34911..3b2b418f1 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -12,7 +12,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ECDSA_H diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index c2148a2bd..0008d7312 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ECJPAKE_H #define MBEDTLS_ECJPAKE_H diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7f5e88080..bf95b907a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -16,7 +16,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ECP_H diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 20fd6872b..c2bba41d2 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ENTROPY_H #define MBEDTLS_ENTROPY_H diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 186589ac5..a7454f234 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ERROR_H #define MBEDTLS_ERROR_H diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 837cecc09..c3343e6aa 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -13,7 +13,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_GCM_H diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h index 930e93f32..699c6d9e9 100644 --- a/include/mbedtls/hkdf.h +++ b/include/mbedtls/hkdf.h @@ -8,7 +8,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_HKDF_H #define MBEDTLS_HKDF_H diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 18b1b75a6..2e5aa6d06 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h index 95fce2133..5c8df42f8 100644 --- a/include/mbedtls/lms.h +++ b/include/mbedtls/lms.h @@ -10,7 +10,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_LMS_H #define MBEDTLS_LMS_H diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e1456b9ae..af0761395 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** @@ -742,9 +754,6 @@ * contexts and therefore is a compatibility break for applications that access * fields of a mbedtls_ecdh_context structure directly. See also * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. - * - * The Everest code is provided under the Apache 2.0 license only; therefore enabling this - * option is not compatible with taking the library under the GPL v2.0-or-later license. */ //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index ff7b13365..c9a7858f3 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -8,7 +8,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_MD_H diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 6bf0754a4..808188694 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_MD5_H #define MBEDTLS_MD5_H diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h index b527d9b66..9694d2458 100644 --- a/include/mbedtls/memory_buffer_alloc.h +++ b/include/mbedtls/memory_buffer_alloc.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H #define MBEDTLS_MEMORY_BUFFER_ALLOC_H diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 026f627ce..1096d66d9 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -21,7 +21,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_NET_SOCKETS_H #define MBEDTLS_NET_SOCKETS_H diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h index d353f3d1a..0c95c902e 100644 --- a/include/mbedtls/nist_kw.h +++ b/include/mbedtls/nist_kw.h @@ -17,7 +17,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_NIST_KW_H diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index e48817d68..954507229 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_OID_H #define MBEDTLS_OID_H diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index cc617a9bc..a33fc65e5 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PEM_H #define MBEDTLS_PEM_H diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 24b11886b..aea602be7 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PK_H diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index 42e84538a..ba1a2edf0 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PKCS12_H #define MBEDTLS_PKCS12_H diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h index e004f4555..8b086aa2e 100644 --- a/include/mbedtls/pkcs5.h +++ b/include/mbedtls/pkcs5.h @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PKCS5_H #define MBEDTLS_PKCS5_H diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 70b25a9c6..1231e3402 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -6,7 +6,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /** diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index de3d71d9d..3fc1fd0c1 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -21,7 +21,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h index 97f1963ab..21b369745 100644 --- a/include/mbedtls/platform_time.h +++ b/include/mbedtls/platform_time.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PLATFORM_TIME_H #define MBEDTLS_PLATFORM_TIME_H diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index cba02ab3d..3f23fef55 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -6,7 +6,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PLATFORM_UTIL_H #define MBEDTLS_PLATFORM_UTIL_H diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 61bcaa6b6..3025ef1f2 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -14,7 +14,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_POLY1305_H diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h index 580f3eb44..61fa8777b 100644 --- a/include/mbedtls/private_access.h +++ b/include/mbedtls/private_access.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PRIVATE_ACCESS_H diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 643e8aac4..8ce15927b 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PSA_UTIL_H diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 279f92b51..acec3c52d 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_RIPEMD160_H #define MBEDTLS_RIPEMD160_H diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df665240d..69f3981ed 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -11,7 +11,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_RSA_H #define MBEDTLS_RSA_H diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 592ffd13f..18bde93d3 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -12,7 +12,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 4ee780f7d..87e259f5b 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -8,7 +8,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 3eeee65e6..77748be1f 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SHA3_H diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 1c20e4c22..ea5467829 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 89f7b8164..debb1cc2c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index a1307b450..7a90191c3 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 8cecbb625..07f2facef 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 71c258ea4..5cd1847d0 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 6d59c12da..0cefe43a1 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index ed16a23b1..6a336c3ed 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 62ae1022d..830dcee63 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_TIMING_H #define MBEDTLS_TIMING_H diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 637f9d38b..073211a19 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * This set of run-time variables can be used to determine the version number of diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index e2e06679b..a9267c791 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_X509_H #define MBEDTLS_X509_H diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 6625a44f4..62694ae7f 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 3f1a1e761..3f9b25075 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_X509_CRT_H #define MBEDTLS_X509_CRT_H diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index e54010b10..513a83edd 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_X509_CSR_H #define MBEDTLS_X509_CSR_H diff --git a/include/psa/build_info.h b/include/psa/build_info.h index 3ee6cd7b1..34a138d72 100644 --- a/include/psa/build_info.h +++ b/include/psa/build_info.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_BUILD_INFO_H diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fe10ee0e4..6b06187bf 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4,7 +4,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_H diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h index 63fb29e85..5e18298c6 100644 --- a/include/psa/crypto_adjust_auto_enabled.h +++ b/include/psa/crypto_adjust_auto_enabled.h @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/include/psa/crypto_adjust_config_key_pair_types.h index 63afc0e40..7736e752d 100644 --- a/include/psa/crypto_adjust_config_key_pair_types.h +++ b/include/psa/crypto_adjust_config_key_pair_types.h @@ -13,7 +13,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h index cf33465b5..5142ef0ae 100644 --- a/include/psa/crypto_adjust_config_synonyms.h +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -8,7 +8,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 35c2e29b9..d9473ac00 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -15,7 +15,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 6b91ae73f..8a2143a7e 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -15,7 +15,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index 98ab4d333..d3e069223 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -15,7 +15,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index f896fae1c..70fa14e87 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -12,7 +12,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_COMPAT_H diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 5bf00f402..d34cbf339 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -32,7 +32,19 @@ #endif /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_CONFIG_H diff --git a/include/psa/crypto_driver_common.h b/include/psa/crypto_driver_common.h index cc11d3b9a..26363c6b2 100644 --- a/include/psa/crypto_driver_common.h +++ b/include/psa/crypto_driver_common.h @@ -17,7 +17,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_DRIVER_COMMON_H #define PSA_CRYPTO_DRIVER_COMMON_H diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index d717c5190..d0188647f 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -16,7 +16,19 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 21190515c..3fb29ff7f 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -15,7 +15,19 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index c90a5fbe7..b27a768e8 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -15,7 +15,19 @@ * to define the implementation-defined types of PSA multi-part state objects. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ef29b77db..4b0cc7041 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -10,7 +10,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_EXTRA_H diff --git a/include/psa/crypto_legacy.h b/include/psa/crypto_legacy.h index 7df3614d6..7a038d945 100644 --- a/include/psa/crypto_legacy.h +++ b/include/psa/crypto_legacy.h @@ -13,7 +13,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PSA_CRYPTO_LEGACY_H diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index f32a10146..ee41c897f 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -15,7 +15,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_PLATFORM_H diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 9ce14bba6..f39e2294c 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -17,7 +17,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_SE_DRIVER_H #define PSA_CRYPTO_SE_DRIVER_H diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index d22bf1017..1d5ed6c26 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -22,7 +22,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_SIZES_H diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index d5ea8d51b..b309bc854 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -43,7 +43,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_STRUCT_H diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 5a1318de0..445657eb9 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -15,7 +15,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TYPES_H diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 5e33f6bd5..241b7c80d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -21,7 +21,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_VALUES_H diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index eeda06aee..6a4ce51b4 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -296,7 +296,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) - set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.1 SOVERSION 15) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.0 SOVERSION 15) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) if(TARGET ${everest_target}) @@ -308,11 +308,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif() add_library(${mbedx509_target} SHARED ${src_x509}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.1 SOVERSION 6) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.0 SOVERSION 6) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.1 SOVERSION 20) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.0 SOVERSION 20) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/library/aes.c b/library/aes.c index feb455b6f..0a7b26ce9 100644 --- a/library/aes.c +++ b/library/aes.c @@ -2,7 +2,19 @@ * FIPS-197 compliant AES implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. diff --git a/library/aesce.c b/library/aesce.c index f2bdce2db..8b42b034f 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -2,7 +2,19 @@ * Armv8-A Cryptographic Extension support functions for Aarch64 * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \ diff --git a/library/aesce.h b/library/aesce.h index 9206a6b3b..d24c423b8 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_AESCE_H #define MBEDTLS_AESCE_H diff --git a/library/aesni.c b/library/aesni.c index 59bcd3d92..5f25a8249 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -2,7 +2,19 @@ * AES-NI support functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/aesni.h b/library/aesni.h index 165859ac3..ba1429029 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -8,7 +8,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_AESNI_H #define MBEDTLS_AESNI_H diff --git a/library/alignment.h b/library/alignment.h index 4bca10e8f..ab15986e5 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_LIBRARY_ALIGNMENT_H diff --git a/library/aria.c b/library/aria.c index 07a434f8f..098036225 100644 --- a/library/aria.c +++ b/library/aria.c @@ -2,7 +2,19 @@ * ARIA implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/asn1parse.c b/library/asn1parse.c index c02b233ec..abdd0b1bd 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -2,7 +2,19 @@ * Generic ASN.1 parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/asn1write.c b/library/asn1write.c index 114091d63..2e9b98ad5 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -2,7 +2,19 @@ * ASN.1 buffer writing functionality * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/base64.c b/library/base64.c index a58717d6b..fa22e5375 100644 --- a/library/base64.c +++ b/library/base64.c @@ -2,7 +2,19 @@ * RFC 1521 base64 encoding/decoding * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/library/base64_internal.h b/library/base64_internal.h index a09bd2377..f9f56d78d 100644 --- a/library/base64_internal.h +++ b/library/base64_internal.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BASE64_INTERNAL diff --git a/library/bignum.c b/library/bignum.c index 09ce0301f..7c265e04d 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2,7 +2,19 @@ * Multi-precision integer library * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/bignum_core.c b/library/bignum_core.c index dfed60d55..dbf6d1df4 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -2,7 +2,19 @@ * Core bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/bignum_core.h b/library/bignum_core.h index b56be0a71..e5500f117 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -62,7 +62,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BIGNUM_CORE_H diff --git a/library/bignum_mod.c b/library/bignum_mod.c index dfd332a70..2f0e9ed09 100644 --- a/library/bignum_mod.c +++ b/library/bignum_mod.c @@ -2,7 +2,19 @@ * Modular bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/bignum_mod.h b/library/bignum_mod.h index 963d8881a..39e8fd218 100644 --- a/library/bignum_mod.h +++ b/library/bignum_mod.h @@ -63,7 +63,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BIGNUM_MOD_H diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 5343bc650..5ee1b19b2 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -2,7 +2,19 @@ * Low-level modular bignum functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 7bb4ca3cf..c5ff9378e 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -60,7 +60,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BIGNUM_MOD_RAW_H diff --git a/library/bignum_mod_raw_invasive.h b/library/bignum_mod_raw_invasive.h index 94a0d06cf..ead83942c 100644 --- a/library/bignum_mod_raw_invasive.h +++ b/library/bignum_mod_raw_invasive.h @@ -6,7 +6,19 @@ */ /** * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_BIGNUM_MOD_RAW_INVASIVE_H diff --git a/library/bn_mul.h b/library/bn_mul.h index 0738469db..ab1a66ae5 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * Multiply source vector [s] with b, add result diff --git a/library/camellia.c b/library/camellia.c index 86c8bbfcd..409727d04 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -2,7 +2,19 @@ * Camellia implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The Camellia block cipher was designed by NTT and Mitsubishi Electric diff --git a/library/ccm.c b/library/ccm.c index 2cccd2809..237ef9f31 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -2,7 +2,19 @@ * NIST SP800-38C compliant CCM implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/chacha20.c b/library/chacha20.c index acaae5b2e..cbb01f4ad 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -6,7 +6,19 @@ * \author Daniel King * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/chachapoly.c b/library/chachapoly.c index a1314eab6..aebc646aa 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -4,7 +4,19 @@ * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h index 6469e9f43..b7d87fe07 100644 --- a/library/check_crypto_config.h +++ b/library/check_crypto_config.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/cipher.c b/library/cipher.c index e9ad2ba96..9f9f1075c 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -6,7 +6,19 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 7e12de630..bbf57ceee 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -6,7 +6,19 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index ab10aa295..c85a4efa8 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CIPHER_WRAP_H #define MBEDTLS_CIPHER_WRAP_H diff --git a/library/cmac.c b/library/cmac.c index f40cae20c..c07968685 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -4,7 +4,19 @@ * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/common.h b/library/common.h index c6ed14b68..3c472c685 100644 --- a/library/common.h +++ b/library/common.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_LIBRARY_COMMON_H diff --git a/library/constant_time.c b/library/constant_time.c index c7077c352..8b41aed19 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -2,7 +2,19 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index f0b2fc02f..7759ac384 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -2,7 +2,19 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONSTANT_TIME_IMPL_H diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 61a5c6d4e..cc26edcd1 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -2,7 +2,19 @@ * Constant-time functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONSTANT_TIME_INTERNAL_H diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index cf3816e9f..fdd753d1c 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -2,7 +2,19 @@ * CTR_DRBG implementation based on AES-256 (NIST SP 800-90) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The NIST SP 800-90 DRBGs are described in the following publication. diff --git a/library/debug.c b/library/debug.c index c7bbd41bd..0983cb0fb 100644 --- a/library/debug.c +++ b/library/debug.c @@ -2,7 +2,19 @@ * Debugging routines * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/des.c b/library/des.c index f0032b3b5..eaddf282a 100644 --- a/library/des.c +++ b/library/des.c @@ -2,7 +2,19 @@ * FIPS-46-3 compliant Triple-DES implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * DES, on which TDES is based, was originally designed by Horst Feistel diff --git a/library/dhm.c b/library/dhm.c index 3daf0c2d4..174137d54 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -2,7 +2,19 @@ * Diffie-Hellman-Merkle key exchange * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The following sources were referenced in the design of this implementation diff --git a/library/ecdh.c b/library/ecdh.c index e060b1883..58ef881f0 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -2,7 +2,19 @@ * Elliptic curve Diffie-Hellman * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/ecdsa.c b/library/ecdsa.c index 2f7a996a7..6e55f2205 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -2,7 +2,19 @@ * Elliptic curve DSA * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/ecjpake.c b/library/ecjpake.c index fb13a395b..6355b5ea5 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -2,7 +2,19 @@ * Elliptic curve J-PAKE * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/ecp.c b/library/ecp.c index dad744ce3..5f2a7b0c0 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2,7 +2,19 @@ * Elliptic curves over GF(p): generic functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 577e23b7a..7b850e5e8 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -2,7 +2,19 @@ * Elliptic curves over GF(p): curve-specific data and functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c index 4ee0f5800..d431dcf24 100644 --- a/library/ecp_curves_new.c +++ b/library/ecp_curves_new.c @@ -2,7 +2,19 @@ * Elliptic curves over GF(p): curve-specific data and functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ecp_internal_alt.h b/library/ecp_internal_alt.h index 668edc74c..f663d6737 100644 --- a/library/ecp_internal_alt.h +++ b/library/ecp_internal_alt.h @@ -6,7 +6,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index ff9f9ecf1..bb3b127ff 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ECP_INVASIVE_H #define MBEDTLS_ECP_INVASIVE_H diff --git a/library/entropy.c b/library/entropy.c index e3bc8516e..00079176a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -2,7 +2,19 @@ * Entropy accumulator implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/entropy_poll.c b/library/entropy_poll.c index e8c669f9c..9d5b1e652 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -2,7 +2,19 @@ * Platform-specific and custom entropy polling functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #if defined(__linux__) && !defined(_GNU_SOURCE) diff --git a/library/entropy_poll.h b/library/entropy_poll.h index 6b4aec03e..be4943cce 100644 --- a/library/entropy_poll.h +++ b/library/entropy_poll.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_ENTROPY_POLL_H #define MBEDTLS_ENTROPY_POLL_H diff --git a/library/error.c b/library/error.c index 1687e1fa0..2656e13b9 100644 --- a/library/error.c +++ b/library/error.c @@ -2,7 +2,19 @@ * Error message information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/gcm.c b/library/gcm.c index 42fd02078..c8618be7c 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -2,7 +2,19 @@ * NIST SP800-38D compliant GCM implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/hkdf.c b/library/hkdf.c index 631ac24e5..a3f071ece 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -2,7 +2,19 @@ * HKDF implementation -- RFC 5869 * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 90174d5d1..af205aacb 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -2,7 +2,19 @@ * HMAC_DRBG implementation (NIST SP 800-90) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/lmots.c b/library/lmots.c index e09e3e529..9d796943c 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -2,7 +2,19 @@ * The LM-OTS one-time public-key signature scheme * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/lmots.h b/library/lmots.h index 8e495c9dd..98d1941d5 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -8,7 +8,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_LMOTS_H diff --git a/library/lms.c b/library/lms.c index 0c470a0c3..c06f9c260 100644 --- a/library/lms.c +++ b/library/lms.c @@ -2,7 +2,19 @@ * The LMS stateful-hash public-key signature scheme * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/md.c b/library/md.c index 12a3ea237..6dfbba78d 100644 --- a/library/md.c +++ b/library/md.c @@ -6,7 +6,19 @@ * \author Adriaan de Jong * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/md5.c b/library/md5.c index e4a87a2e0..7e7e3ad9e 100644 --- a/library/md5.c +++ b/library/md5.c @@ -2,7 +2,19 @@ * RFC 1321 compliant MD5 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The MD5 algorithm was designed by Ron Rivest in 1991. diff --git a/library/md_psa.h b/library/md_psa.h index b201263b1..8e00bb149 100644 --- a/library/md_psa.h +++ b/library/md_psa.h @@ -5,7 +5,19 @@ * PSA Crypto; it is a helper for the transition period. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_MD_PSA_H #define MBEDTLS_MD_PSA_H diff --git a/library/md_wrap.h b/library/md_wrap.h index dad123540..166b43b99 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_MD_WRAP_H #define MBEDTLS_MD_WRAP_H diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 79b0a8b8f..e5052ce5a 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -2,7 +2,19 @@ * Buffer-based memory allocator * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/mps_common.h b/library/mps_common.h index f9fe09988..301d52532 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -1,6 +1,20 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_error.h b/library/mps_error.h index 016a84ce4..5113959be 100644 --- a/library/mps_error.h +++ b/library/mps_error.h @@ -1,6 +1,20 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_reader.c b/library/mps_reader.c index 27d0c04c1..dc2a91cbc 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -2,7 +2,21 @@ * Message Processing Stack, Reader implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) */ #include "common.h" diff --git a/library/mps_reader.h b/library/mps_reader.h index 3193a5e33..bb912ec17 100644 --- a/library/mps_reader.h +++ b/library/mps_reader.h @@ -1,6 +1,20 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_trace.c b/library/mps_trace.c index 69f6e5a0f..9ba1f85e5 100644 --- a/library/mps_trace.c +++ b/library/mps_trace.c @@ -2,7 +2,21 @@ * Message Processing Stack, Trace module * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) */ #include "common.h" diff --git a/library/mps_trace.h b/library/mps_trace.h index b456b2ffd..f8e0a5d80 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -1,6 +1,20 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/net_sockets.c b/library/net_sockets.c index 2b120c551..db80447a3 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -2,7 +2,19 @@ * TCP/IP or UDP/IP networking functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* Enable definition of getaddrinfo() even when compiling with -std=c99. Must diff --git a/library/nist_kw.c b/library/nist_kw.c index f15425b8b..7bdc807bc 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -3,7 +3,19 @@ * only * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * Definition of Key Wrapping: diff --git a/library/oid.c b/library/oid.c index 6184abe40..d139a6d0d 100644 --- a/library/oid.c +++ b/library/oid.c @@ -4,7 +4,19 @@ * \brief Object Identifier (OID) database * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/padlock.c b/library/padlock.c index 1b03069ca..563d40e7c 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -2,7 +2,19 @@ * VIA PadLock support functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * This implementation is based on the VIA PadLock Programming Guide: diff --git a/library/padlock.h b/library/padlock.h index 92d72af51..a00afe04f 100644 --- a/library/padlock.h +++ b/library/padlock.h @@ -9,7 +9,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PADLOCK_H #define MBEDTLS_PADLOCK_H diff --git a/library/pem.c b/library/pem.c index 9500ffcf7..bd269dda7 100644 --- a/library/pem.c +++ b/library/pem.c @@ -2,7 +2,19 @@ * Privacy Enhanced Mail (PEM) decoding * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/pk.c b/library/pk.c index 5a1698f12..96b8ef922 100644 --- a/library/pk.c +++ b/library/pk.c @@ -2,7 +2,19 @@ * Public Key abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/pk_internal.h b/library/pk_internal.h index 26373a3d1..004660e09 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -6,7 +6,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PK_INTERNAL_H #define MBEDTLS_PK_INTERNAL_H diff --git a/library/pk_wrap.c b/library/pk_wrap.c index b5b460399..4a3fef7ce 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -2,7 +2,19 @@ * Public Key abstraction layer: wrapper functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 28c815a77..b1e02180a 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PK_WRAP_H diff --git a/library/pkcs12.c b/library/pkcs12.c index 374e8e81c..dd3a24037 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -2,7 +2,19 @@ * PKCS#12 Personal Information Exchange Syntax * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The PKCS #12 Personal Information Exchange Syntax Standard v1.1 diff --git a/library/pkcs5.c b/library/pkcs5.c index c4572331f..2756d058e 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -6,7 +6,19 @@ * \author Mathias Olsson * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * PKCS#5 includes PBKDF2 and more diff --git a/library/pkcs7.c b/library/pkcs7.c index 36b49f53b..cf05afd2c 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/pkparse.c b/library/pkparse.c index b8e3c741e..e1422df77 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -2,7 +2,19 @@ * Public Key layer for parsing key files and structures * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/pkwrite.c b/library/pkwrite.c index 260bbd4c4..03db1454a 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -2,7 +2,19 @@ * Public Key layer for writing key files and structures * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/pkwrite.h b/library/pkwrite.h index 544ab2f32..8cfa64b8e 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PK_WRITE_H diff --git a/library/platform.c b/library/platform.c index 890c4cbab..b15b7b29a 100644 --- a/library/platform.c +++ b/library/platform.c @@ -2,7 +2,19 @@ * Platform abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/platform_util.c b/library/platform_util.c index 1f15260c2..09216edfb 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -3,7 +3,19 @@ * library. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/poly1305.c b/library/poly1305.c index c9ebe9e1d..f4e1d3f88 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -4,7 +4,19 @@ * \brief Poly1305 authentication algorithm. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 54b578ab7..1faf1dd6c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index b7ddbf5ba..85d1f39be 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index a3392199f..4b24b0f68 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_AEAD_H diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 977ca1c07..b997a07cf 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 2478d5860..bf43ff08a 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_CIPHER_H diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c index 564463fed..c3234275a 100644 --- a/library/psa_crypto_client.c +++ b/library/psa_crypto_client.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 304075ade..575f302d4 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_CORE_H diff --git a/library/psa_crypto_core_common.h b/library/psa_crypto_core_common.h index 98fce2cca..dd72ab162 100644 --- a/library/psa_crypto_core_common.h +++ b/library/psa_crypto_core_common.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_CORE_COMMON_H diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index c05e43c30..6ab959769 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -4,7 +4,19 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ diff --git a/library/psa_crypto_driver_wrappers_no_static.c b/library/psa_crypto_driver_wrappers_no_static.c index 66a6059bb..de1511bad 100644 --- a/library/psa_crypto_driver_wrappers_no_static.c +++ b/library/psa_crypto_driver_wrappers_no_static.c @@ -4,7 +4,19 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ diff --git a/library/psa_crypto_driver_wrappers_no_static.h b/library/psa_crypto_driver_wrappers_no_static.h index cd617f60e..4985403cd 100644 --- a/library/psa_crypto_driver_wrappers_no_static.h +++ b/library/psa_crypto_driver_wrappers_no_static.h @@ -3,7 +3,19 @@ * cryptographic accelerators. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index e4a372d24..5c7786504 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index a9f5d59de..f4ad3d277 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_ECP_H diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index a57f02e5e..20dfd2dcf 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index baeb9286c..67e5444fc 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_FFDH_H diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index eeb7666c1..dad182616 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index 0a7be8055..2dfb0115e 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_HASH_H diff --git a/library/psa_crypto_invasive.h b/library/psa_crypto_invasive.h index 6897bdd66..a900dd8ff 100644 --- a/library/psa_crypto_invasive.h +++ b/library/psa_crypto_invasive.h @@ -10,7 +10,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_INVASIVE_H diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 877063b87..3ceee49be 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_ITS_H diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 8fe621811..2f2c51dce 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 2f614bcc6..4f8024a9e 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_MAC_H diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index fc9623379..7a904d9de 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 3d3ee0cc9..f21b0e672 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_PAKE_H diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h index 64b894914..8719d9c70 100644 --- a/library/psa_crypto_random_impl.h +++ b/library/psa_crypto_random_impl.h @@ -12,7 +12,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_RANDOM_IMPL_H diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 0679f41ea..065e55af1 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index e4c5caf6f..bc24ef5d5 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_RSA_H diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 7a36a4f3a..9db3dedce 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index ebe378989..a1e5e0922 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_SE_H diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3b8a319cb..92646c07c 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 6041a3528..c8366abeb 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 13a3c8a90..574d4b05e 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index b6b5e154a..37ca46e28 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_STORAGE_H diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 3f32d7d4e..97486165e 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_util.c b/library/psa_util.c index 0225bbf02..dd5e13455 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h index fcc79aef4..4a36dbf88 100644 --- a/library/psa_util_internal.h +++ b/library/psa_util_internal.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PSA_UTIL_INTERNAL_H diff --git a/library/ripemd160.c b/library/ripemd160.c index b4fc3cdba..49fee8579 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -2,7 +2,19 @@ * RIPE MD-160 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/rsa.c b/library/rsa.c index db0b0f74f..3c538bf43 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2,7 +2,19 @@ * The RSA public-key cryptosystem * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/rsa_alt_helpers.c b/library/rsa_alt_helpers.c index 5c265a992..5cc4636e4 100644 --- a/library/rsa_alt_helpers.c +++ b/library/rsa_alt_helpers.c @@ -2,7 +2,19 @@ * Helper functions for the RSA module * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ diff --git a/library/rsa_alt_helpers.h b/library/rsa_alt_helpers.h index ca0840b2a..3b22ba853 100644 --- a/library/rsa_alt_helpers.h +++ b/library/rsa_alt_helpers.h @@ -36,7 +36,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ diff --git a/library/sha1.c b/library/sha1.c index dfbe481f3..28a57b644 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -2,7 +2,19 @@ * FIPS-180-1 compliant SHA-1 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The SHA-1 standard was published by NIST in 1993. diff --git a/library/sha256.c b/library/sha256.c index 31afec258..223badf00 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -2,7 +2,19 @@ * FIPS-180-2 compliant SHA-256 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. diff --git a/library/sha3.c b/library/sha3.c index d90fefaea..4c1a1a9d4 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -2,7 +2,19 @@ * FIPS-202 compliant SHA3 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The SHA-3 Secure Hash Standard was published by NIST in 2015. diff --git a/library/sha512.c b/library/sha512.c index e7af12175..e739af254 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -2,7 +2,19 @@ * FIPS-180-2 compliant SHA-384/512 implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 772cb8fdf..929c28bec 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -2,7 +2,19 @@ * SSL session cache implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * These session callbacks use a simple chained list diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 555d5db5e..736b1423b 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -4,7 +4,19 @@ * \brief SSL ciphersuites for Mbed TLS * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ssl_client.c b/library/ssl_client.c index 7a7840662..1a56f1ebe 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -2,7 +2,21 @@ * TLS 1.2 and 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/library/ssl_client.h b/library/ssl_client.h index 05ee7e4cc..f57bea33f 100644 --- a/library/ssl_client.h +++ b/library/ssl_client.h @@ -2,7 +2,19 @@ * TLS 1.2 and 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_CLIENT_H diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ee81eb420..098acedd3 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -2,7 +2,19 @@ * DTLS cookie callbacks implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * These session callbacks use a simple chained list diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 2b0e73772..5c22ed221 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_DEBUG_HELPERS_H diff --git a/library/ssl_debug_helpers_generated.c b/library/ssl_debug_helpers_generated.c index d2cb2bed4..a8cca54c8 100644 --- a/library/ssl_debug_helpers_generated.c +++ b/library/ssl_debug_helpers_generated.c @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e4d20d6d6..a99bb3343 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_MISC_H #define MBEDTLS_SSL_MISC_H diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 933e25d94..c312d816e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3,7 +3,19 @@ * (record layer + retransmission state machine) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * http://www.ietf.org/rfc/rfc2246.txt diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 875abcbb3..1adaa07fe 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -2,7 +2,19 @@ * TLS server tickets callbacks implementation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cfb279818..fc3fb85d7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2,7 +2,19 @@ * TLS shared functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * http://www.ietf.org/rfc/rfc2246.txt diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 9aa46bd15..27bbafa06 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2,7 +2,19 @@ * TLS client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 0a592d8c0..6ebd5064f 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2,7 +2,19 @@ * TLS server-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 58226ebd2..d018bee74 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2,7 +2,21 @@ * TLS 1.3 client-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5db4ff0a8..7072677f1 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -2,7 +2,19 @@ * TLS 1.3 functionality shared between client and server * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h index b4506f71c..3fb79a95d 100644 --- a/library/ssl_tls13_invasive.h +++ b/library/ssl_tls13_invasive.h @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_SSL_TLS13_INVASIVE_H diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index b64f9b026..afd84a974 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -2,7 +2,7 @@ * TLS 1.3 key schedule * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 ( the "License" ); you may * not use this file except in compliance with the License. diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index d3a4c6c99..21e9b4d73 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -2,7 +2,19 @@ * TLS 1.3 key schedule * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 ( the "License" ); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #if !defined(MBEDTLS_SSL_TLS1_3_KEYS_H) #define MBEDTLS_SSL_TLS1_3_KEYS_H diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 04c7d0c36..89bba04b3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2,7 +2,19 @@ * TLS 1.3 server-side functions * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/threading.c b/library/threading.c index 52fe8fca9..130c6963d 100644 --- a/library/threading.c +++ b/library/threading.c @@ -2,7 +2,19 @@ * Threading abstraction layer * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/library/timing.c b/library/timing.c index 58f1c1ec2..6852033ea 100644 --- a/library/timing.c +++ b/library/timing.c @@ -2,7 +2,19 @@ * Portable interface to the CPU cycle counter * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/version.c b/library/version.c index 04397332b..4f78c9cb1 100644 --- a/library/version.c +++ b/library/version.c @@ -2,7 +2,19 @@ * Version information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/version_features.c b/library/version_features.c index b48f4f6da..a89cef997 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -2,7 +2,19 @@ * Version feature information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/x509.c b/library/x509.c index b7b71f33c..990393c31 100644 --- a/library/x509.c +++ b/library/x509.c @@ -2,7 +2,19 @@ * X.509 common functions for parsing and verification * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_create.c b/library/x509_create.c index 5e732d67f..2583cdd0f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -2,7 +2,19 @@ * X.509 base functions for creating certificates / CSRs * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/library/x509_crl.c b/library/x509_crl.c index cad784eeb..79ace8fa0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -2,7 +2,19 @@ * X.509 Certificate Revocation List (CRL) parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_crt.c b/library/x509_crt.c index f41eb47d7..e9153e710 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2,7 +2,19 @@ * X.509 certificate parsing and verification * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509_csr.c b/library/x509_csr.c index b48b3a4ac..0b2bb6f3b 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -2,7 +2,19 @@ * X.509 Certificate Signing Request (CSR) parsing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * The ITU-T X.509 standard defines a certificate format for PKI. diff --git a/library/x509write.c b/library/x509write.c index e0331b128..cd3c7394d 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -2,7 +2,19 @@ * X.509 internal, common functions for writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" #if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4c019eee4..a8a3022cb 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -2,7 +2,19 @@ * X.509 certificate writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * References: diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 4e397553a..d996052ba 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -2,7 +2,19 @@ * X.509 Certificate Signing Request writing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* * References: diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 226718bc6..1d9b522a3 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -3,7 +3,19 @@ * security. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* Enable definition of fileno() even when compiling with -std=c99. Must be diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c index 853ec202c..ce3925628 100644 --- a/programs/cipher/cipher_aead_demo.c +++ b/programs/cipher/cipher_aead_demo.c @@ -25,7 +25,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index 3fd2b0089..995694af0 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -2,7 +2,19 @@ * generic message digest layer demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 8caae8851..7bb27ad4a 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -2,7 +2,19 @@ * Classic "Hello, world" demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c index 581816a1d..4c812fbd8 100644 --- a/programs/hash/md_hmac_demo.c +++ b/programs/hash/md_hmac_demo.c @@ -20,7 +20,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 946e049d7..5a2c30fc2 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -2,7 +2,19 @@ * Diffie-Hellman-Merkle key exchange (client side) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c index 6872e61e3..1f4cd59ee 100644 --- a/programs/pkey/dh_genprime.c +++ b/programs/pkey/dh_genprime.c @@ -2,7 +2,19 @@ * Diffie-Hellman-Merkle key exchange (prime generation) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index adddbf2fb..c940be0c0 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -2,7 +2,19 @@ * Diffie-Hellman-Merkle key exchange (server side) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index fedfcc9fe..980441707 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -2,7 +2,19 @@ * Example ECDHE with Curve25519 program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index afd6fb31a..953c14450 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -2,7 +2,19 @@ * Example ECDSA program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index f6bb23787..99e88505c 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -2,7 +2,19 @@ * Key generation application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 194c4102d..cd16e3320 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -2,7 +2,19 @@ * Key reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index c07c56464..179094cb5 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -2,7 +2,19 @@ * Key writing application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c index e83aa3259..88d745e92 100644 --- a/programs/pkey/mpi_demo.c +++ b/programs/pkey/mpi_demo.c @@ -2,7 +2,19 @@ * Simple MPI demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index b8f7943d6..f60c946ed 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -2,7 +2,19 @@ * Public key-based simple decryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c index a916bc6e2..04e5cc702 100644 --- a/programs/pkey/pk_encrypt.c +++ b/programs/pkey/pk_encrypt.c @@ -2,7 +2,19 @@ * RSA simple data encryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 59347addb..57bd796c8 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -2,7 +2,19 @@ * Public key-based signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c index 3127df540..bca985b14 100644 --- a/programs/pkey/pk_verify.c +++ b/programs/pkey/pk_verify.c @@ -2,7 +2,19 @@ * Public key-based signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 76bfddf5c..0462ba697 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -2,7 +2,19 @@ * RSA simple decryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 4bbb54e7d..2126a9b9b 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -2,7 +2,19 @@ * RSA simple data encryption program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index dc58215f7..17f6d6591 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -2,7 +2,19 @@ * Example RSA key generation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 9d8ebe39a..64375e9e7 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -2,7 +2,19 @@ * RSA/SHA-256 signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 3a1f7473b..999669e66 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -2,7 +2,19 @@ * RSASSA-PSS/SHA-256 signature creation program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index e7d72fd52..d525010df 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -2,7 +2,19 @@ * RSA/SHA-256 signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index afbbfa9d4..8a1fb5908 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -2,7 +2,19 @@ * RSASSA-PSS/SHA-256 signature verification program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c index 619166dba..0c2413e61 100644 --- a/programs/psa/aead_demo.c +++ b/programs/psa/aead_demo.c @@ -26,7 +26,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index b755f09ef..3f109d839 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "psa/crypto.h" diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c index 205505407..f25cdeb83 100644 --- a/programs/psa/hmac_demo.c +++ b/programs/psa/hmac_demo.c @@ -20,7 +20,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index 2734ceb7f..a79fac640 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -32,7 +32,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* First include Mbed TLS headers to get the Mbed TLS configuration and diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index 9d62228b4..e21d1abf0 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -1,7 +1,19 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -e -u diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index 0baf4a065..88426854d 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c index 887b2c988..cc3217169 100644 --- a/programs/random/gen_entropy.c +++ b/programs/random/gen_entropy.c @@ -2,7 +2,19 @@ * \brief Use and generate multiple entropies calls into a file * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c index 0eecf0ad4..e1db16eeb 100644 --- a/programs/random/gen_random_ctr_drbg.c +++ b/programs/random/gen_random_ctr_drbg.c @@ -2,7 +2,19 @@ * \brief Use and generate random data into a file via the CTR_DBRG based on AES * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index ddb3c34b9..f0abcabc7 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -2,7 +2,19 @@ * Simple DTLS client demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 732625e7f..b11a4f5b4 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -2,7 +2,19 @@ * Simple DTLS server demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 6bef2085c..e8f4797b8 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -3,7 +3,19 @@ * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h) * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index ee734b1ed..259b8f930 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -2,7 +2,19 @@ * SSL client demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index b41c45e7c..7c2c818d8 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2,7 +2,19 @@ * SSL client with certificate authentication * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index d809aa958..855b0911f 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -2,7 +2,19 @@ * MbedTLS SSL context deserializer from base64 code * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index f4822b7e6..6734a14d9 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -2,7 +2,19 @@ * SSL server demonstration program using fork() for handling multiple clients * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index febb881c8..1e648e8af 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -2,7 +2,19 @@ * SSL client for SMTP servers * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* Enable definition of gethostname() even when compiling with -std=c99. Must diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index fcb8f2f4d..12d3057b4 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -3,7 +3,19 @@ * clients. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 6becf8d91..ad82567f4 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -2,7 +2,19 @@ * SSL server demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 72c3dd49d..0efcb7f9a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2,7 +2,19 @@ * SSL client with options * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 1ff2077d4..67fc06115 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -9,7 +9,19 @@ * This file is meant to be #include'd and cannot be compiled separately. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ void eap_tls_key_derivation(void *p_expkey, diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 6e0c6153f..aea056b68 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -5,7 +5,19 @@ * that cannot be compiled separately in "ssl_test_common_source.c". * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index d06e0997d..ef0dba718 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -2,7 +2,19 @@ * Common code for SSL test programs * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index a6de92cf5..ecc4e94a6 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -2,7 +2,19 @@ * Benchmark demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c index 729800ad8..86e10776c 100644 --- a/programs/test/cmake_package/cmake_package.c +++ b/programs/test/cmake_package/cmake_package.c @@ -2,7 +2,19 @@ * Simple program to test that Mbed TLS builds correctly as a CMake package. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c index 44a2adadf..9aa4c3b1d 100644 --- a/programs/test/cmake_package_install/cmake_package_install.c +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -3,7 +3,19 @@ * package. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c index 8b4f18e28..d56b9a9cb 100644 --- a/programs/test/cmake_subproject/cmake_subproject.c +++ b/programs/test/cmake_subproject/cmake_subproject.c @@ -3,7 +3,19 @@ * work correctly. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index f24125423..2dcda3bb2 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -2,7 +2,19 @@ * Test dynamic loading of libmbed* * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh index 7b8868801..a6a9022fc 100755 --- a/programs/test/dlopen_demo.sh +++ b/programs/test/dlopen_demo.sh @@ -4,7 +4,19 @@ # This is only expected to work when Mbed TLS is built as a shared library. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -e -u diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 0b4bd0b7b..a55051652 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -14,7 +14,19 @@ EOF fi # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -e @@ -29,8 +41,19 @@ print_cpp () { * can be included and built with a C++ compiler. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c index a70e6daef..df0fe4a70 100644 --- a/programs/test/query_compile_time_config.c +++ b/programs/test/query_compile_time_config.c @@ -2,7 +2,19 @@ * Query the Mbed TLS compile time configuration * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 4b851210f..cb92f256b 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2,7 +2,19 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/test/query_config.h b/programs/test/query_config.h index 43f120bf0..ade73d080 100644 --- a/programs/test/query_config.h +++ b/programs/test/query_config.h @@ -2,7 +2,19 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c index cdafa1620..383a2ffc8 100644 --- a/programs/test/query_included_headers.c +++ b/programs/test/query_included_headers.c @@ -1,7 +1,19 @@ /* Ad hoc report on included headers. */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 61dde5ed1..cc5e00ed3 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -2,7 +2,19 @@ * Self-test demonstration program * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index c6b56ec09..685e336e6 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -2,7 +2,19 @@ * UDP proxy: emulate an unreliable UDP connection for DTLS testing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index aa6a6d10f..27de01390 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -3,7 +3,19 @@ # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -u diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index 1e9b98d71..b7842c4ef 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -10,7 +10,19 @@ * call to mbedtls_platform_zeroize() was not eliminated. * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index d682c2b06..5dd367a0c 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -2,7 +2,19 @@ * Convert PEM to DER * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/util/strerror.c b/programs/util/strerror.c index 316f28614..4bfd8a1c2 100644 --- a/programs/util/strerror.c +++ b/programs/util/strerror.c @@ -2,7 +2,19 @@ * Translate error code to error string * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/wince_main.c b/programs/wince_main.c index e817b9f5f..be98eae5e 100644 --- a/programs/wince_main.c +++ b/programs/wince_main.c @@ -2,7 +2,19 @@ * Windows CE console application entry point * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #if defined(_WIN32_WCE) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index cb1e5bc4e..51a79ecb5 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -2,7 +2,19 @@ * Certificate reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index cb908923c..558d8cc73 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -2,7 +2,19 @@ * Certificate request generation * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index e2f5dacbd..40b1871f3 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -2,7 +2,19 @@ * Certificate generation and signing * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 5e3fd5a94..6c671ff3f 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -2,7 +2,19 @@ * CRL reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c index f0e6acf25..d024e9822 100644 --- a/programs/x509/load_roots.c +++ b/programs/x509/load_roots.c @@ -3,6 +3,45 @@ * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + * This file is provided under the Apache License 2.0, or the + * GNU General Public License v2.0 or later. + * + * ********** + * Apache License 2.0: + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ********** + * + * ********** + * GNU General Public License v2.0 or later: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * ********** */ #include "mbedtls/build_info.h" diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index fff0983f0..64b9f0bb2 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -2,7 +2,19 @@ * Certificate request reading application * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 8a604c4e2..ac1d60ffd 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -84,7 +84,19 @@ function name and parameter list. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import glob import os diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index 34daf37b5..cf01e1f8e 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -8,7 +8,19 @@ # when multiple targets are invoked in the same parallel build. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -eu diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index dcdf9fc2f..f3aca7070 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -19,7 +19,19 @@ You must run this program from within a git working directory. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse from collections import OrderedDict, namedtuple diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 86ed74ead..19d90bce7 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -1,7 +1,19 @@ #!/bin/bash # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 3f8a4ed8d..53d859edf 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -9,7 +9,19 @@ Note: must be run from Mbed TLS root. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse import logging diff --git a/scripts/code_style.py b/scripts/code_style.py index 08ec4af42..ddd0a9800 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -4,7 +4,19 @@ This script must be run from the root of a Git work tree containing Mbed TLS. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse import os import re diff --git a/scripts/config.pl b/scripts/config.pl index ca02b9046..5dd89d225 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -2,8 +2,19 @@ # Backward compatibility redirection ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +## SPDX-License-Identifier: Apache-2.0 ## +## Licensed under the Apache License, Version 2.0 (the "License"); you may +## not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. my $py = $0; $py =~ s/\.pl$/.py/ or die "Unable to determine the name of the Python script"; diff --git a/scripts/config.py b/scripts/config.py index d48c73a10..17fbe653a 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -13,8 +13,19 @@ Basic usage, to read the Mbed TLS configuration: # in parts that are not backported to 2.28. ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +## SPDX-License-Identifier: Apache-2.0 ## +## Licensed under the Apache License, Version 2.0 (the "License"); you may +## not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. import os import re diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja index e31a292d8..de16284bd 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja @@ -4,7 +4,19 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja index 2aae62850..dbe424c03 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja @@ -4,7 +4,19 @@ * Warning: This file is now auto-generated. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 781e72a91..077500302 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -2,7 +2,19 @@ * Error message information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index b60aba010..e7e6fc602 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -2,7 +2,19 @@ * Query Mbed TLS compile time configurations from mbedtls_config.h * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "mbedtls/build_info.h" diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index d820d4d1a..0e4059760 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -2,7 +2,19 @@ * Version feature information * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 3eb2ff449..43fc7dfa1 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -8,7 +8,19 @@ # scripts/ecc-heap.sh | tee ecc-heap.log # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -eu diff --git a/scripts/ecp_comb_table.py b/scripts/ecp_comb_table.py index 6146e881c..6719be1c3 100755 --- a/scripts/ecp_comb_table.py +++ b/scripts/ecp_comb_table.py @@ -7,7 +7,19 @@ can use this script to generate codes to define `_T` in ecp_curves.c """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os import subprocess diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 614a49309..ae95db4a1 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,7 +1,19 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 2fdc4cd0b..e0f282792 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -7,7 +7,19 @@ based on template files in script/data_files/driver_templates/. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import sys import os diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 0134c94f0..664a349e9 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -6,7 +6,19 @@ # or generate_errors.pl include_dir data_dir error_file # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; use warnings; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index cea8c115a..49cca2ec3 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,7 +1,19 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index f13b507d0..960a07986 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -12,7 +12,19 @@ file is written: """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os import sys diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 39743da6d..69eca8344 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -19,7 +19,19 @@ # generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index a0544f153..19be41521 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -8,7 +8,19 @@ implemented by fixed codes. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import sys import re import os @@ -344,8 +356,19 @@ OUTPUT_C_TEMPLATE = '''\ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 7f5609820..4fad322a6 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -7,7 +7,19 @@ # Takes no argument. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use warnings; use strict; diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 7d23636b7..6bba02fd2 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -26,7 +26,19 @@ EOF } # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -eu diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index 52ca606b5..eaf56aee7 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -3,7 +3,19 @@ # Parse a massif.out.xxx file and output peak total memory usage # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use warnings; use strict; diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py index ef3e3a05e..6fd6223f3 100644 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ b/scripts/mbedtls_dev/asymmetric_key_data.py @@ -4,8 +4,19 @@ Meant for use in crypto_knowledge.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import binascii import re diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index eebc858b2..3bef16db6 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -1,7 +1,18 @@ """Common features for bignum in test generation framework.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. from abc import abstractmethod import enum diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 909f6a306..563492b29 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -1,7 +1,18 @@ """Framework classes for generation of bignum core test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import random diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py index 5c6c2c81e..897e31989 100644 --- a/scripts/mbedtls_dev/bignum_data.py +++ b/scripts/mbedtls_dev/bignum_data.py @@ -1,8 +1,19 @@ """Base values and datasets for bignum generated tests and helper functions that produced them.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import random diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py index f554001ec..77c7b1bbd 100644 --- a/scripts/mbedtls_dev/bignum_mod.py +++ b/scripts/mbedtls_dev/bignum_mod.py @@ -1,7 +1,18 @@ """Framework classes for generation of bignum mod test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. from typing import Dict, List diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 37ad27a11..7121f2f49 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -1,7 +1,18 @@ """Framework classes for generation of bignum mod_raw test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. from typing import Iterator, List diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index f63c3c828..b48a27711 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -2,8 +2,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os import inspect diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index f2cbbe4af..9bd17d608 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -2,8 +2,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os import platform diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py index a36de692e..7593952da 100644 --- a/scripts/mbedtls_dev/crypto_data_tests.py +++ b/scripts/mbedtls_dev/crypto_data_tests.py @@ -4,8 +4,19 @@ This module is a work in progress, only implementing a few cases for now. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import hashlib from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 285d6c638..45d253b9b 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -4,8 +4,19 @@ This module is entirely based on the PSA API. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import enum import re diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index b40f3b126..410c77e11 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -1,7 +1,18 @@ """Framework classes for generation of ecp test cases.""" # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. from typing import List diff --git a/scripts/mbedtls_dev/logging_util.py b/scripts/mbedtls_dev/logging_util.py index ddd7c7fd6..db1ebfe5c 100644 --- a/scripts/mbedtls_dev/logging_util.py +++ b/scripts/mbedtls_dev/logging_util.py @@ -2,8 +2,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import logging import sys diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py index d68be00bd..3cad2a3f6 100644 --- a/scripts/mbedtls_dev/macro_collector.py +++ b/scripts/mbedtls_dev/macro_collector.py @@ -2,8 +2,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import itertools import re diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index 32e500977..a82df41df 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -2,8 +2,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import re from typing import Dict, FrozenSet, List, Optional diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py index 00a8beaab..a2e4c74a4 100644 --- a/scripts/mbedtls_dev/psa_storage.py +++ b/scripts/mbedtls_dev/psa_storage.py @@ -7,8 +7,19 @@ before changing how test data is constructed or validated. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import re import struct diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py index 6ed5e849d..8f0870367 100644 --- a/scripts/mbedtls_dev/test_case.py +++ b/scripts/mbedtls_dev/test_case.py @@ -2,8 +2,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import binascii import os diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py index a84f7dd2f..02aa51051 100644 --- a/scripts/mbedtls_dev/test_data_generation.py +++ b/scripts/mbedtls_dev/test_data_generation.py @@ -7,8 +7,19 @@ These are used both by generate_psa_tests.py and generate_bignum_tests.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse import os diff --git a/scripts/mbedtls_dev/typing_util.py b/scripts/mbedtls_dev/typing_util.py index 2ec448d00..4c344492c 100644 --- a/scripts/mbedtls_dev/typing_util.py +++ b/scripts/mbedtls_dev/typing_util.py @@ -2,8 +2,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. from typing import Any diff --git a/scripts/memory.sh b/scripts/memory.sh index d119374d5..e3ce9d6d1 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -7,7 +7,19 @@ # since for memory we want debug information. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -eu diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py index 9888abe08..c00d58e05 100755 --- a/scripts/min_requirements.py +++ b/scripts/min_requirements.py @@ -3,7 +3,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse import os diff --git a/scripts/output_env.sh b/scripts/output_env.sh index d3eac22bb..535613298 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -3,7 +3,19 @@ # output_env.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 7f972e070..800383d2c 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -12,7 +12,19 @@ EOF } # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -eu diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index 455f892a2..558970f54 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -4,7 +4,19 @@ # git development # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. IGNORE="" diff --git a/tests/compat-in-docker.sh b/tests/compat-in-docker.sh index e703c5723..29c87877d 100755 --- a/tests/compat-in-docker.sh +++ b/tests/compat-in-docker.sh @@ -22,7 +22,19 @@ # - compat.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. source tests/scripts/docker_env.sh diff --git a/tests/compat.sh b/tests/compat.sh index 6abbe69e7..252736bb2 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -3,7 +3,19 @@ # compat.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index d825ee92c..38286d1fd 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* Enable TLS 1.3 and core 1.3 features */ diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index 639496be6..a9386a236 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #if defined(PSA_CRYPTO_DRIVER_TEST_ALL) diff --git a/tests/configs/user-config-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h index fada9ee93..226f4d187 100644 --- a/tests/configs/user-config-malloc-0-null.h +++ b/tests/configs/user-config-malloc-0-null.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h index 52d4b0833..fcdd1f099 100644 --- a/tests/configs/user-config-zeroize-memset.h +++ b/tests/configs/user-config-zeroize-memset.h @@ -4,7 +4,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/context-info.sh b/tests/context-info.sh index 55e321943..88dfcaa5e 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -3,7 +3,19 @@ # context-info.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This program is intended for testing the ssl_context_info program # diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index 4e1fd48dc..d7d879765 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,7 +1,19 @@ #!/bin/sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -eu diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index 5f4b3d0c6..ce8ed6f8e 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,7 +1,19 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; use warnings; diff --git a/tests/data_files/test_certs.h.jinja2 b/tests/data_files/test_certs.h.jinja2 index 4a64b3a79..92131ddc1 100644 --- a/tests/data_files/test_certs.h.jinja2 +++ b/tests/data_files/test_certs.h.jinja2 @@ -2,7 +2,19 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/tests/docker/bionic/Dockerfile b/tests/docker/bionic/Dockerfile index e4c49fac2..d44cdff25 100644 --- a/tests/docker/bionic/Dockerfile +++ b/tests/docker/bionic/Dockerfile @@ -10,7 +10,19 @@ # for the set of Docker images we use on the CI. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. ARG MAKEFLAGS_PARALLEL="" ARG MY_REGISTRY= diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index 9192678a5..ce43467b4 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -2,7 +2,19 @@ # pre-push.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h index dc47dd16c..21d85f1ff 100644 --- a/tests/include/alt-dummy/aes_alt.h +++ b/tests/include/alt-dummy/aes_alt.h @@ -1,7 +1,19 @@ /* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef AES_ALT_H diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h index 94db8c7fb..aabec9c9f 100644 --- a/tests/include/alt-dummy/aria_alt.h +++ b/tests/include/alt-dummy/aria_alt.h @@ -1,7 +1,19 @@ /* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ARIA_ALT_H diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h index 97bc16b78..b42613bc2 100644 --- a/tests/include/alt-dummy/camellia_alt.h +++ b/tests/include/alt-dummy/camellia_alt.h @@ -1,7 +1,19 @@ /* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CAMELLIA_ALT_H diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h index c25f42b4a..5ec7d4e48 100644 --- a/tests/include/alt-dummy/ccm_alt.h +++ b/tests/include/alt-dummy/ccm_alt.h @@ -1,7 +1,19 @@ /* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CCM_ALT_H diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h index 6fd84d031..a53a33002 100644 --- a/tests/include/alt-dummy/chacha20_alt.h +++ b/tests/include/alt-dummy/chacha20_alt.h @@ -1,7 +1,19 @@ /* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CHACHA20_ALT_H diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h index de28ced67..584a42174 100644 --- a/tests/include/alt-dummy/chachapoly_alt.h +++ b/tests/include/alt-dummy/chachapoly_alt.h @@ -1,7 +1,19 @@ /* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CHACHAPOLY_ALT_H diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h index 68b53d707..13c998d68 100644 --- a/tests/include/alt-dummy/cmac_alt.h +++ b/tests/include/alt-dummy/cmac_alt.h @@ -1,7 +1,19 @@ /* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef CMAC_ALT_H diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h index d07986128..3b8abe493 100644 --- a/tests/include/alt-dummy/des_alt.h +++ b/tests/include/alt-dummy/des_alt.h @@ -1,7 +1,19 @@ /* des_alt.h with dummy types for MBEDTLS_DES_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h index 3cb51d2ed..ccb3bd3c3 100644 --- a/tests/include/alt-dummy/dhm_alt.h +++ b/tests/include/alt-dummy/dhm_alt.h @@ -1,7 +1,19 @@ /* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef DHM_ALT_H diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h index 4d7524860..90c21da8b 100644 --- a/tests/include/alt-dummy/ecjpake_alt.h +++ b/tests/include/alt-dummy/ecjpake_alt.h @@ -1,7 +1,19 @@ /* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ECJPAKE_ALT_H diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h index d204b18d0..56c981095 100644 --- a/tests/include/alt-dummy/ecp_alt.h +++ b/tests/include/alt-dummy/ecp_alt.h @@ -1,7 +1,19 @@ /* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ECP_ALT_H diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h index cfa73d2a4..7be5b62f6 100644 --- a/tests/include/alt-dummy/gcm_alt.h +++ b/tests/include/alt-dummy/gcm_alt.h @@ -1,7 +1,19 @@ /* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef GCM_ALT_H diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h index e3a15d70f..1f3e5ed9b 100644 --- a/tests/include/alt-dummy/md5_alt.h +++ b/tests/include/alt-dummy/md5_alt.h @@ -1,7 +1,19 @@ /* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MD5_ALT_H diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h index 1274d4081..8fec116be 100644 --- a/tests/include/alt-dummy/nist_kw_alt.h +++ b/tests/include/alt-dummy/nist_kw_alt.h @@ -1,7 +1,19 @@ /* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef NIST_KW_ALT_H diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h index 67573926e..836f299c8 100644 --- a/tests/include/alt-dummy/platform_alt.h +++ b/tests/include/alt-dummy/platform_alt.h @@ -1,7 +1,19 @@ /* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PLATFORM_ALT_H diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h index c8ed1bc06..5a8295f16 100644 --- a/tests/include/alt-dummy/poly1305_alt.h +++ b/tests/include/alt-dummy/poly1305_alt.h @@ -1,7 +1,19 @@ /* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef POLY1305_ALT_H diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h index 72ae47efb..ca3b33827 100644 --- a/tests/include/alt-dummy/ripemd160_alt.h +++ b/tests/include/alt-dummy/ripemd160_alt.h @@ -1,7 +1,19 @@ /* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef RIPEMD160_ALT_H diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h index eabc26da1..24f672bb3 100644 --- a/tests/include/alt-dummy/rsa_alt.h +++ b/tests/include/alt-dummy/rsa_alt.h @@ -1,7 +1,19 @@ /* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef RSA_ALT_H diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h index d8ac97191..36bf71d84 100644 --- a/tests/include/alt-dummy/sha1_alt.h +++ b/tests/include/alt-dummy/sha1_alt.h @@ -1,7 +1,19 @@ /* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SHA1_ALT_H diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h index b1900adee..304734bfc 100644 --- a/tests/include/alt-dummy/sha256_alt.h +++ b/tests/include/alt-dummy/sha256_alt.h @@ -1,7 +1,19 @@ /* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SHA256_ALT_H diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h index 857bc916a..13e58109e 100644 --- a/tests/include/alt-dummy/sha512_alt.h +++ b/tests/include/alt-dummy/sha512_alt.h @@ -1,7 +1,19 @@ /* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SHA512_ALT_H diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h index 07d5da427..400350686 100644 --- a/tests/include/alt-dummy/threading_alt.h +++ b/tests/include/alt-dummy/threading_alt.h @@ -1,7 +1,19 @@ /* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef THREADING_ALT_H diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h index 69bee60f6..9d4e100ea 100644 --- a/tests/include/alt-dummy/timing_alt.h +++ b/tests/include/alt-dummy/timing_alt.h @@ -1,7 +1,19 @@ /* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TIMING_ALT_H diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h index 0a44275e7..40eed2d33 100644 --- a/tests/include/baremetal-override/time.h +++ b/tests/include/baremetal-override/time.h @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #error "time.h included in a configuration without MBEDTLS_HAVE_TIME" diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h index fdf3a2db5..de842642d 100644 --- a/tests/include/spe/crypto_spe.h +++ b/tests/include/spe/crypto_spe.h @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * */ diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h index 6d267b660..74bbbd569 100644 --- a/tests/include/test/arguments.h +++ b/tests/include/test/arguments.h @@ -8,7 +8,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_ARGUMENTS_H diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h index 2eb917128..dee3cbda9 100644 --- a/tests/include/test/asn1_helpers.h +++ b/tests/include/test/asn1_helpers.h @@ -2,7 +2,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef ASN1_HELPERS_H diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index 2f6bf8931..fc97d23ba 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_BIGNUM_HELPERS_H diff --git a/tests/include/test/certs.h b/tests/include/test/certs.h index db69536a6..65c55829d 100644 --- a/tests/include/test/certs.h +++ b/tests/include/test/certs.h @@ -5,7 +5,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CERTS_H #define MBEDTLS_CERTS_H diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h index c5658eb40..f3d676e28 100644 --- a/tests/include/test/constant_flow.h +++ b/tests/include/test/constant_flow.h @@ -6,7 +6,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_CONSTANT_FLOW_H diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h index a033e399d..037a255ca 100644 --- a/tests/include/test/drivers/aead.h +++ b/tests/include/test/drivers/aead.h @@ -2,7 +2,19 @@ * Test driver for AEAD driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h index 0ac77087d..c602d2f22 100644 --- a/tests/include/test/drivers/asymmetric_encryption.h +++ b/tests/include/test/drivers/asymmetric_encryption.h @@ -2,7 +2,19 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 950a17440..54c37f748 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -2,7 +2,19 @@ * Test driver for cipher functions */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 4eb27f024..81f988339 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -7,7 +7,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef MBEDTLS_CONFIG_H diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h index ad48c45d5..f1da8d3e4 100644 --- a/tests/include/test/drivers/hash.h +++ b/tests/include/test/drivers/hash.h @@ -2,7 +2,19 @@ * Test driver for hash driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h index ca82b3ad9..aaf74a8c5 100644 --- a/tests/include/test/drivers/key_agreement.h +++ b/tests/include/test/drivers/key_agreement.h @@ -2,7 +2,19 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 9e2c89885..43df0d610 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -2,7 +2,19 @@ * Test driver for generating and verifying keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h index d92eff903..bdc2b705c 100644 --- a/tests/include/test/drivers/mac.h +++ b/tests/include/test/drivers/mac.h @@ -2,7 +2,19 @@ * Test driver for MAC driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index d292ca0da..331ee49da 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -2,7 +2,19 @@ * Test driver for PAKE driver entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 8c5703edf..4c56a121c 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -2,7 +2,19 @@ * Test driver for signature functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 74605d6b8..541ee03d0 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -2,7 +2,19 @@ * Umbrella include for all of the test driver functionality */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_TEST_DRIVER_H diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h index e3e331d55..01bfb91a4 100644 --- a/tests/include/test/fake_external_rng_for_test.h +++ b/tests/include/test/fake_external_rng_for_test.h @@ -4,7 +4,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index ba117fbdf..dd4a6a2b4 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_HELPERS_H diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 8de9c4d95..3bfbe3333 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -6,7 +6,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_MACROS_H diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 58457320b..9ba7dbcd9 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_CRYPTO_HELPERS_H diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 0f3ee3db6..46f4d0810 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_EXERCISE_KEY_H diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h index b61718939..2665fac39 100644 --- a/tests/include/test/psa_helpers.h +++ b/tests/include/test/psa_helpers.h @@ -3,7 +3,19 @@ */ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef PSA_HELPERS_H diff --git a/tests/include/test/random.h b/tests/include/test/random.h index 6304e05d7..c5572088a 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef TEST_RANDOM_H diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index abdef9032..ddbd6a39e 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #ifndef SSL_HELPERS_H diff --git a/tests/make-in-docker.sh b/tests/make-in-docker.sh index e57d09d34..0ee08dc48 100755 --- a/tests/make-in-docker.sh +++ b/tests/make-in-docker.sh @@ -14,7 +14,19 @@ # for the set of Docker images we use on the CI. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. source tests/scripts/docker_env.sh diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 1190a87ee..56d2e2959 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -3,7 +3,19 @@ # tls13-compat.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 6556cd4b4..758da1da5 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -3,7 +3,19 @@ # tls13-kex-modes.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # DO NOT ADD NEW TEST CASES INTO THIS FILE. The left cases will be generated by diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index a56696a22..f30384d39 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -3,7 +3,19 @@ # tls13-misc.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # requires_gnutls_tls1_3 diff --git a/tests/scripts/all-in-docker.sh b/tests/scripts/all-in-docker.sh index b2a31c265..7c03d9135 100755 --- a/tests/scripts/all-in-docker.sh +++ b/tests/scripts/all-in-docker.sh @@ -17,7 +17,19 @@ # See also all.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. source tests/scripts/docker_env.sh diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fe2d73f0c..9e1d84f5d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3,7 +3,19 @@ # all.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index b2230dd47..623fd2352 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -1,7 +1,19 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """Audit validity date of X509 crt/crl/csr. diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 1f8ade663..43a91eed2 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -3,7 +3,19 @@ # basic-build-test.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh index 3aca3a134..02cafb0cc 100755 --- a/tests/scripts/basic-in-docker.sh +++ b/tests/scripts/basic-in-docker.sh @@ -18,7 +18,19 @@ # See docker_env.sh for prerequisites and other information. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. source tests/scripts/docker_env.sh diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index 3199c2ab4..dd955301f 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -9,7 +9,19 @@ # items that are documented, but not marked as such by mistake. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use warnings; use strict; diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 67dedeb26..d03e5cf6d 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -1,7 +1,19 @@ #! /usr/bin/env sh # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 51e80792b..35319d3e1 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -1,7 +1,19 @@ #! /usr/bin/env sh # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # Purpose: check Python files for potential programming errors or maintenance # hurdles. Run pylint to detect some potential mistakes and enforce PEP8 diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index e3593662b..352b55eaa 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -1,7 +1,19 @@ #!/usr/bin/env python3 # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """ This script checks the current state of the source code for minor issues, diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 635552e76..f812929c7 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -1,7 +1,19 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """ This script confirms that the naming of all symbols and identifiers in Mbed TLS diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 3b954af22..1395d4d90 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -7,7 +7,19 @@ independently of the checks. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse import glob diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index e355dfd94..e92564151 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -1,7 +1,21 @@ #!/usr/bin/env python3 -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# Copyright (c) 2022, Arm Limited, All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) """ Test Mbed TLS with a subset of algorithms. diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh index cfc98dfca..3dbc41d92 100755 --- a/tests/scripts/docker_env.sh +++ b/tests/scripts/docker_env.sh @@ -27,7 +27,19 @@ # the Docker image. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # default values, can be overridden by the environment diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index b6a1d4594..cb87829e2 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -3,7 +3,19 @@ # Make sure the doxygen documentation builds without warnings # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # Abort on errors (and uninitialised variables) set -eu diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index ec5e5d891..2345b9e36 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -5,7 +5,19 @@ # and concats nonce and personalization for initialization. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 30d45c307..354e351a4 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -4,7 +4,19 @@ # Only first 3 of every set used for compile time saving # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index b4f08494c..101456fed 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -4,7 +4,19 @@ # Only first 3 of every set used for compile time saving # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index fe2d3f5d3..609e5586a 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,7 +1,19 @@ #!/usr/bin/env perl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use strict; diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index d4ef0f3af..a51fbc965 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -9,7 +9,19 @@ # such as 'test_suite_rsa.data' # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # Abort on errors set -e diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index 8dbb6ed78..6ee6ab39a 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -40,7 +40,19 @@ of BaseTarget in test_data_generation.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import sys diff --git a/tests/scripts/generate_ecp_tests.py b/tests/scripts/generate_ecp_tests.py index df1e4696a..abbfda55f 100755 --- a/tests/scripts/generate_ecp_tests.py +++ b/tests/scripts/generate_ecp_tests.py @@ -6,7 +6,19 @@ as in generate_bignum_tests.py. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import sys diff --git a/tests/scripts/generate_pkcs7_tests.py b/tests/scripts/generate_pkcs7_tests.py index 0e484b023..0e7385043 100755 --- a/tests/scripts/generate_pkcs7_tests.py +++ b/tests/scripts/generate_pkcs7_tests.py @@ -1,7 +1,19 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # """ diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 801f8da8b..b6f83c111 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -6,7 +6,19 @@ generate only the specified files. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import enum import re diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index a3bca7e6f..4494917ef 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -6,7 +6,19 @@ Generate `tests/src/test_certs.h` which includes certficaties/keys/certificate l # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index 5f711bfb1..76806de95 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -2,7 +2,19 @@ # Test suites code generator. # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """ This script is a key part of Mbed TLS test suites framework. For diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index fdb264d7b..05d80a532 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -3,7 +3,19 @@ # generate_tls13_compat_tests.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """ Generate TLSv1.3 Compat test cases @@ -524,7 +536,19 @@ SSL_OUTPUT_HEADER = '''#!/bin/sh # {filename} # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 4ccac236e..9b930802f 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -10,7 +10,19 @@ # Usage: list-identifiers.sh [ -i | --internal ] # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -eu diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py index b648ce24f..6b41607e3 100755 --- a/tests/scripts/list_internal_identifiers.py +++ b/tests/scripts/list_internal_identifiers.py @@ -1,7 +1,19 @@ #!/usr/bin/env python3 # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """ This script generates a file called identifiers that contains all Mbed TLS diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index 11bbebcc1..f685bab8e 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -13,7 +13,19 @@ only supported with make (as opposed to CMake or other build methods). """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse import os diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index 3cdeff7f4..2a7dba541 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -9,7 +9,19 @@ # Typical usage: scripts/recursion.pl library/*.c # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use warnings; use strict; diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index e0ee3f515..cedc0bfa5 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -3,7 +3,19 @@ # run-test-suites.pl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. =head1 SYNOPSIS diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py index 5d83f29f9..10bf6f852 100644 --- a/tests/scripts/scripts_path.py +++ b/tests/scripts/scripts_path.py @@ -6,8 +6,19 @@ Usage: """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 # +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os import sys diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index f68dfcb72..7f4ebeb7f 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -4,7 +4,19 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import os import re diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index 9aff22db0..17f824e00 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -6,7 +6,19 @@ # RESPONSE: regexp that must match the server's response # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. use warnings; use strict; diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 0702074ab..15209b4a0 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -3,7 +3,19 @@ # test-ref-configs.pl # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/scripts/test_config_script.py b/tests/scripts/test_config_script.py index e500b3362..e230e3c87 100755 --- a/tests/scripts/test_config_script.py +++ b/tests/scripts/test_config_script.py @@ -14,8 +14,19 @@ Sample usage: """ ## Copyright The Mbed TLS Contributors -## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +## SPDX-License-Identifier: Apache-2.0 ## +## Licensed under the Apache License, Version 2.0 (the "License"); you may +## not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +## WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. import argparse import glob diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index abc46a729..b32d18423 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -2,7 +2,19 @@ # Unit test for generate_test_code.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """ Unit tests for generate_test_code.py diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 52169e285..359043620 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -8,7 +8,19 @@ keep the list of known defects as up to date as possible. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse import os diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 6883e279f..e43a0baef 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -8,7 +8,19 @@ or 1 (with a Python backtrace) if there was an operational error. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. import argparse from collections import namedtuple diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 57f771f56..66c630408 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,7 +1,19 @@ # test_zeroize.gdb # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py index 90514fca1..a8db4bb35 100755 --- a/tests/scripts/translate_ciphers.py +++ b/tests/scripts/translate_ciphers.py @@ -3,7 +3,19 @@ # translate_ciphers.py # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. """ Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards. diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh index 3daecf30d..249b3f807 100755 --- a/tests/scripts/travis-log-failure.sh +++ b/tests/scripts/travis-log-failure.sh @@ -3,7 +3,19 @@ # travis-log-failure.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c index c8df1995e..aaf7587aa 100644 --- a/tests/src/asn1_helpers.c +++ b/tests/src/asn1_helpers.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index c85e2caaf..214530df5 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS diff --git a/tests/src/certs.c b/tests/src/certs.c index 879f08882..b834e4aa1 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -2,7 +2,19 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index 76ec12a22..8fb198277 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -2,7 +2,19 @@ * Test driver for hash entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c index 01fc050bb..6334a438e 100644 --- a/tests/src/drivers/platform_builtin_keys.c +++ b/tests/src/drivers/platform_builtin_keys.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 314ce83a2..6dadf5282 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -2,7 +2,19 @@ * Test driver for AEAD entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index c906a664a..cf0e90cae 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -2,7 +2,19 @@ * Test driver for asymmetric encryption. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 678d8d5d6..42e79c490 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -3,7 +3,19 @@ * Currently only supports multi-part operations using AES-CTR. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index 8471959e2..9cf82a37a 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -2,7 +2,19 @@ * Test driver for key agreement functions. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 6442f2231..19da47ad6 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -3,7 +3,19 @@ * Currently only supports generating and verifying ECC keys. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 9f8120bd4..96c1685f5 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -2,7 +2,19 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index a0b6c1cb0..69bd4ffe2 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -2,7 +2,19 @@ * Test driver for MAC entry points. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index bd723b8bd..c312477c8 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -4,7 +4,19 @@ * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1. */ /* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c index c0bfde51a..89af7d34f 100644 --- a/tests/src/fake_external_rng_for_test.c +++ b/tests/src/fake_external_rng_for_test.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/helpers.c b/tests/src/helpers.c index eb28919b8..7cac6e0a0 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -1,6 +1,18 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index d59a8f872..52ff03186 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index f8b36e1fa..c4488b56f 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -4,7 +4,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/random.c b/tests/src/random.c index d041f36a1..d20103c35 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -7,7 +7,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* diff --git a/tests/src/test_certs.h b/tests/src/test_certs.h index b313ea88d..866d1e003 100644 --- a/tests/src/test_certs.h +++ b/tests/src/test_certs.h @@ -2,7 +2,19 @@ * X.509 test certificates * * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 52839eb96..5c305cb0a 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -5,7 +5,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 6f405b00c..ae6e59072 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -2,7 +2,19 @@ /* * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include diff --git a/tests/ssl-opt-in-docker.sh b/tests/ssl-opt-in-docker.sh index c0c85fc2e..159be4c50 100755 --- a/tests/ssl-opt-in-docker.sh +++ b/tests/ssl-opt-in-docker.sh @@ -22,7 +22,19 @@ # - ssl-opt.sh for notes about invocation of that script. # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. source tests/scripts/docker_env.sh diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 48b3c0cb2..efcbd2686 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3,7 +3,19 @@ # ssl-opt.sh # # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # Purpose # diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index faa31662a..11c41b0d0 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compile time library version -check_compiletime_version:"3.5.1" +check_compiletime_version:"3.5.0" Check runtime library version -check_runtime_version:"3.5.1" +check_runtime_version:"3.5.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 39b2a380765faaaaa6b243f7822e4ed8fd3d9ed9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 7 Nov 2023 12:39:51 +0000 Subject: [PATCH 255/430] Restore 3.5.1 ChangeLog Signed-off-by: Dave Rodgman --- ChangeLog | 10 ++++++++++ ChangeLog.d/fix-3rdparty-target-prefix.txt | 3 --- ChangeLog.d/license.txt | 3 --- 3 files changed, 10 insertions(+), 6 deletions(-) delete mode 100644 ChangeLog.d/fix-3rdparty-target-prefix.txt delete mode 100644 ChangeLog.d/license.txt diff --git a/ChangeLog b/ChangeLog index 4ba3164f6..28c45f718 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ Mbed TLS ChangeLog (Sorted per branch, date) += Mbed TLS 3.5.1 branch released 2023-11-06 + +Changes + * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later + license. Users may choose which license they take the code under. + +Bugfix + * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules + in CMake. + = Mbed TLS 3.5.0 branch released 2023-10-05 API changes diff --git a/ChangeLog.d/fix-3rdparty-target-prefix.txt b/ChangeLog.d/fix-3rdparty-target-prefix.txt deleted file mode 100644 index db8ed07ee..000000000 --- a/ChangeLog.d/fix-3rdparty-target-prefix.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules - in CMake. diff --git a/ChangeLog.d/license.txt b/ChangeLog.d/license.txt deleted file mode 100644 index 0b6bb1f02..000000000 --- a/ChangeLog.d/license.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later - license. Users may choose which license they take the code under. From 28d40930ae42f8ee42a65b2fda2b424ecfaa7abf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 12:46:57 +0000 Subject: [PATCH 256/430] Restore bump version Signed-off-by: Dave Rodgman --- CMakeLists.txt | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/build_info.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index cbe57486f..36baa3b40 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -377,7 +377,7 @@ if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) write_basic_package_version_file( "cmake/MbedTLSConfigVersion.cmake" COMPATIBILITY SameMajorVersion - VERSION 3.5.0) + VERSION 3.5.1) install( FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index f465a454b..c391c59ce 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -10,7 +10,7 @@ */ /** - * @mainpage Mbed TLS v3.5.0 API Documentation + * @mainpage Mbed TLS v3.5.1 API Documentation * * This documentation describes the internal structure of Mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 98b2d7973..89048f221 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "Mbed TLS v3.5.0" +PROJECT_NAME = "Mbed TLS v3.5.1" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 2c3d43876..44ecacf12 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -26,16 +26,16 @@ */ #define MBEDTLS_VERSION_MAJOR 3 #define MBEDTLS_VERSION_MINOR 5 -#define MBEDTLS_VERSION_PATCH 0 +#define MBEDTLS_VERSION_PATCH 1 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x03050000 -#define MBEDTLS_VERSION_STRING "3.5.0" -#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.0" +#define MBEDTLS_VERSION_NUMBER 0x03050100 +#define MBEDTLS_VERSION_STRING "3.5.1" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.1" /* Macros for build-time platform detection */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6a4ce51b4..eeda06aee 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -296,7 +296,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR}) add_library(${mbedcrypto_target} SHARED ${src_crypto}) - set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.0 SOVERSION 15) + set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.1 SOVERSION 15) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) if(TARGET ${everest_target}) @@ -308,11 +308,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif() add_library(${mbedx509_target} SHARED ${src_x509}) - set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.0 SOVERSION 6) + set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.1 SOVERSION 6) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) add_library(${mbedtls_target} SHARED ${src_tls}) - set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.0 SOVERSION 20) + set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.1 SOVERSION 20) target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target}) endif(USE_SHARED_MBEDTLS_LIBRARY) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 11c41b0d0..faa31662a 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compile time library version -check_compiletime_version:"3.5.0" +check_compiletime_version:"3.5.1" Check runtime library version -check_runtime_version:"3.5.0" +check_runtime_version:"3.5.1" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 9f747537cf9d547b57e10072603d4e37f3ccb66b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 6 Nov 2023 11:47:15 +0000 Subject: [PATCH 257/430] Update BRANCHES Signed-off-by: Dave Rodgman --- BRANCHES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BRANCHES.md b/BRANCHES.md index d3bd75eff..c085b1616 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -106,6 +106,6 @@ The following branches are currently maintained: - [`development`](https://github.com/Mbed-TLS/mbedtls/) - [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28) maintained until at least the end of 2024, see - . + . Users are urged to always use the latest version of a maintained branch. From 9eb2abd1e0c3b96cbe022b3b9fa476998294253a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 8 Nov 2023 11:36:00 +0000 Subject: [PATCH 258/430] Add docs re Everest license Signed-off-by: Dave Rodgman --- include/mbedtls/mbedtls_config.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 6a940d44a..542b76dfe 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -742,6 +742,9 @@ * contexts and therefore is a compatibility break for applications that access * fields of a mbedtls_ecdh_context structure directly. See also * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. + * + * The Everest code is provided under the Apache 2.0 license only; therefore enabling this + * option is not compatible with taking the library under the GPL v2.0-or-later license. */ //#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED From 3e1d39b33217b747760f9a50758ba789dc37f780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 8 Nov 2023 12:54:02 +0100 Subject: [PATCH 259/430] Add check about legacy dependencies in PSA tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 086677a60..652b48174 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1024,6 +1024,43 @@ component_check_test_cases () { unset opt } +component_check_test_dependencies () { + msg "Check: test case dependencies: legacy vs PSA" # < 1s + + found="check-test-deps-found-$$" + expected="check-test-deps-expected-$$" + + # Find legacy dependencies in PSA tests + grep 'depends_on' tests/suites/test_suite_psa* | + grep -Eo '!?MBEDTLS_[^: ]*' | + grep -v MBEDTLS_PSA_ | + sort -u > $found + + # Expected ones with justification - keep in sorted order! + rm -f $expected + # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes + echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected + # This is used by import_rsa_made_up() in test_suite_psa_crypto in order + # to build a fake RSA key of the wanted size based on + # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by + # the test code and that's probably the most convenient way of achieving + # the test's goal. + echo "MBEDTLS_ASN1_WRITE_C" >> $expected + # No PSA equivalent - we should probably have one in the future. + echo "MBEDTLS_ECP_RESTARTABLE" >> $expected + # No PSA equivalent - needed by some init tests + echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected + # Used by two tests that are about an extension to the PSA standard; + # as such, no PSA equivalent. + echo "MBEDTLS_PEM_PARSE_C" >> $expected + + # Compare reality with expectation. + # We want an exact match, to ensure the above list remains up-to-date. + diff -U0 $expected $found + + rm $found $expected +} + component_check_doxygen_warnings () { msg "Check: doxygen warnings (builds the documentation)" # ~ 3s tests/scripts/doxygen.sh From b9015385fdf8cad756ae39efff1dd7a1a2b2819c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 13:11:10 +0100 Subject: [PATCH 260/430] test_driver_extension: use same def/undef pattern for all accelerated symbols Signed-off-by: Valerio Setti --- .../crypto_config_test_driver_extension.h | 105 ++++++++++++++++-- 1 file changed, 97 insertions(+), 8 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index d39e9c158..5ee949ab8 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -521,17 +521,106 @@ #endif #endif -#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 -#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 +#if defined(PSA_WANT_ALG_GCM) +#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM) +#undef MBEDTLS_PSA_ACCEL_ALG_GCM +#else #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 -#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 -#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 -#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 -#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 -#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 +#endif +#endif +#if defined(PSA_WANT_ALG_CCM) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM) +#undef MBEDTLS_PSA_ACCEL_ALG_CCM +#else +#define MBEDTLS_PSA_ACCEL_ALG_CCM 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_CBC_MAC) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) +#undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC +#else +#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HMAC) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) +#undef MBEDTLS_PSA_ACCEL_ALG_HMAC +#else +#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HKDF) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) +#undef MBEDTLS_PSA_ACCEL_ALG_HKDF +#else +#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HKDF_EXTRACT) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) +#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT +#else +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_HKDF_EXPAND) +#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) +#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND +#else +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_OAEP) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) +#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT +#else +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DERIVE) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_HMAC) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_DES) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DES +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 +#endif +#endif + +#if defined(PSA_WANT_KEY_TYPE_RAW_DATA) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA +#else #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 +#endif +#endif From 5567e3a34bc43fdd3702ae782c6ea53afacf6c8f Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 8 Nov 2023 13:28:20 +0000 Subject: [PATCH 261/430] Make empty key slots explicit Add new status field to key slots, and use it. Signed-off-by: Ryan Everett --- library/psa_crypto.c | 1 + library/psa_crypto_core.h | 7 ++++++- library/psa_crypto_slot_management.c | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bbd6b24ed..0660ee411 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1786,6 +1786,7 @@ static psa_status_t psa_start_key_creation( * definition. */ slot->attr = attributes->core; + slot->status = PSA_SLOT_OCCUPIED; if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) slot->attr.id = volatile_key_id; diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index d406ce459..700e0fef6 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -39,6 +39,11 @@ int psa_can_do_hash(psa_algorithm_t hash_alg); typedef struct { psa_core_key_attributes_t attr; + enum { + PSA_SLOT_EMPTY = 0, + PSA_SLOT_OCCUPIED, + } status; + /* * Number of locks on the key slot held by the library. * @@ -88,7 +93,7 @@ typedef struct { */ static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot) { - return slot->attr.type != 0; + return slot->status == PSA_SLOT_OCCUPIED; } /** Test whether a key slot is locked. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 3b8a319cb..36d541044 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -221,6 +221,7 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) if (status != PSA_SUCCESS) { goto exit; } + slot->status = PSA_SLOT_OCCUPIED; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Special handling is required for loading keys associated with a @@ -315,6 +316,7 @@ static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot) /* Copy actual key length and core attributes into the slot on success */ slot->key.bytes = key_buffer_length; slot->attr = attributes.core; + slot->status = PSA_SLOT_OCCUPIED; exit: if (status != PSA_SUCCESS) { From de7ead0a649d79e9a79371ffe1e2a034fbdace07 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 9 Nov 2023 10:10:33 +0800 Subject: [PATCH 262/430] Update license Co-authored-by: Gilles Peskine Signed-off-by: Jerry Yu --- tests/scripts/generate_server9_bad_saltlen.py | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/tests/scripts/generate_server9_bad_saltlen.py b/tests/scripts/generate_server9_bad_saltlen.py index 36682152a..9af4dd3b6 100755 --- a/tests/scripts/generate_server9_bad_saltlen.py +++ b/tests/scripts/generate_server9_bad_saltlen.py @@ -5,19 +5,7 @@ Generate a certificate signed with RSA-PSS, with an incorrect salt length. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import subprocess import argparse From f03b49122c75e5b10a3c99016f329899d68114c9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 9 Nov 2023 11:23:17 +0800 Subject: [PATCH 263/430] aes.c: guard RSb and RTx properly If we enabled AES_DECRYPT_ALT and either AES_SETKEY_DEC_ALT or AES_USE_HARDWARE_ONLY, this means RSb and RTx are not needed. This commit extends how we guard RSb and RTx for the combinations of these configurations. Signed-off-by: Yanray Wang --- library/aes.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/aes.c b/library/aes.c index fa73a6362..9dc7b7d14 100644 --- a/library/aes.c +++ b/library/aes.c @@ -66,7 +66,12 @@ #include "mbedtls/platform.h" -#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)) && \ +/* + * This is a convenience shorthand macro to check if we need reverse S-box and + * reverse tables. It's private and only defined in this file. + */ +#if (!defined(MBEDTLS_AES_DECRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY))) && \ !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) #define MBEDTLS_AES_NEED_REVERSE_TABLES #endif @@ -447,7 +452,6 @@ MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void) #if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) x = RSb[i]; -#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x0D, x) << 16) ^ @@ -458,7 +462,6 @@ MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ #endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ } } From 6cdfe9d51f68a59c89c1dfe1b5aa5c83acb36c3c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 9 Nov 2023 16:00:39 +0800 Subject: [PATCH 264/430] tls1.3: early data: rephrase ChangeLog Signed-off-by: Yanray Wang --- ChangeLog.d/rename-conf-early-data-API.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/rename-conf-early-data-API.txt b/ChangeLog.d/rename-conf-early-data-API.txt index e63b95843..d43681199 100644 --- a/ChangeLog.d/rename-conf-early-data-API.txt +++ b/ChangeLog.d/rename-conf-early-data-API.txt @@ -1,4 +1,4 @@ API changes - * Remove `tls13_` prefix in the name of mbedtls_ssl_tls13_conf_early_data() - and mbedtls_ssl_tls13_conf_max_early_data_size(). Early data feature may - not be TLS 1.3 specific in the furture, as requested in #6909. + * Remove `tls13_` in mbedtls_ssl_tls13_conf_early_data() and + mbedtls_ssl_tls13_conf_max_early_data_size() API names. Early data + feature may not be TLS 1.3 specific in the future. Fixes #6909. From 70743b02dfaa08fc034665058bc30374eaf3ce41 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 9 Nov 2023 16:13:53 +0800 Subject: [PATCH 265/430] psa_information: compile a regex instead of using string directly Compiling a regex improves performance and avoids accidentally combining it with a string. This commit makes this change. Signed-off-by: Yanray Wang --- scripts/mbedtls_dev/psa_information.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index 3c51ee150..2287ae13e 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -102,11 +102,11 @@ def automatic_dependencies(*expressions: str) -> List[str]: # Skip AES test cases which require 192- or 256-bit key # if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined -AES_128BIT_ONLY_DEP_REGEX = r'AES\s(192|256)' +AES_128BIT_ONLY_DEP_REGEX = re.compile(r'AES\s(192|256)') AES_128BIT_ONLY_DEP = ['!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH'] # Skip AES/ARIA/CAMELLIA test cases which require decrypt operation in ECB mode # if MBEDTLS_BLOCK_CIPHER_NO_DECRYPT enabled. -ECB_NO_PADDING_DEP_REGEX = r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING' +ECB_NO_PADDING_DEP_REGEX = re.compile(r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING') ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT'] DEPENDENCY_FROM_DESCRIPTION = OrderedDict() From 99385545773005551e424c973f0879e1453e20b5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 9 Nov 2023 16:45:52 +0800 Subject: [PATCH 266/430] BLOCK_CIPHER_NO_DECRYPT: rephrase ChangeLog Signed-off-by: Yanray Wang --- ChangeLog.d/add-block-cipher-no-decrypt.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/add-block-cipher-no-decrypt.txt b/ChangeLog.d/add-block-cipher-no-decrypt.txt index 755eda35a..d05bf86ba 100644 --- a/ChangeLog.d/add-block-cipher-no-decrypt.txt +++ b/ChangeLog.d/add-block-cipher-no-decrypt.txt @@ -1,6 +1,6 @@ Features - * Add support to remove decryption operation for cipher type of AES, ARIA - and CAMELLIA. A new configuration option, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - can be used to enable this feature. - Note that this configuration option is incompatible with MBEDTLS_DES_C, - MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and MBEDTLS_NIST_KW_C. + * Enable the new option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to omit + the decryption direction of block ciphers (AES, ARIA, Camellia). + This affects both the low-level modules and the high-level APIs + (the cipher and PSA interfaces). This option is incompatible with modes + that use the decryption direction (ECB in PSA, CBC, XTS, KW) and with DES. From ee10b8470ada9988c560275cbe569fdd86befd50 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 9 Nov 2023 15:19:28 +0100 Subject: [PATCH 267/430] Fix compiler error on gcc 4.5.2. Signed-off-by: Matthias Schulz --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index f0b2fc02f..74d2732e7 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -31,7 +31,7 @@ * Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled * at the bottom of this file. */ -#ifdef __GNUC__ +#ifdef __GNUC__ > 4 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wredundant-decls" #endif From 2e068cef0938ee60d50a879045934bbc9d66a364 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 9 Nov 2023 15:25:52 +0100 Subject: [PATCH 268/430] fixes invalid default choice of thumb assembler syntax. Signed-off-by: Matthias Schulz --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index f0b2fc02f..aff48cfbb 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -123,7 +123,7 @@ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) * For gcc, restore divided syntax afterwards - otherwise old versions of gcc * seem to apply unified syntax globally, which breaks other asm code. */ -#if !defined(__clang__) +#if !defined(__clang__) && !(__GNUC__ == 4 && __GNUC_MINOR__ == 9) #define RESTORE_ASM_SYNTAX ".syntax divided \n\t" #else #define RESTORE_ASM_SYNTAX From 5ffc42442da437008a4c3ae4540a57893e59b1a5 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Thu, 9 Nov 2023 15:44:24 +0100 Subject: [PATCH 269/430] Fix preprocessor syntax error. Signed-off-by: Matthias Schulz --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 74d2732e7..793ded4b9 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -31,7 +31,7 @@ * Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled * at the bottom of this file. */ -#ifdef __GNUC__ > 4 +#if __GNUC__ > 4 #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wredundant-decls" #endif From d2fa6981550e0d0515a1d70bfc7840045f71bb62 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 9 Nov 2023 21:46:24 +0100 Subject: [PATCH 270/430] Strengthen against possible compiler optimizations Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 7e173ee27..805de2d30 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -25,10 +25,15 @@ /* This is an external variable, so the compiler doesn't know that we're never * changing its value. - * - * TODO: LTO (link-time-optimization) would defeat this. */ -int false_but_the_compiler_does_not_know = 0; +volatile int false_but_the_compiler_does_not_know = 0; + +/* Set n bytes at the address p to all-bits-zero, in such a way that + * the compiler should not know that p is all-bits-zero. */ +static void set_to_zero_but_the_compiler_does_not_know(void *p, size_t n) +{ + memset(p, false_but_the_compiler_does_not_know, n); +} /****************************************************************/ @@ -50,7 +55,7 @@ void null_pointer_dereference(const char *name) { (void) name; volatile char *p; - mbedtls_platform_zeroize((void *) &p, sizeof(p)); + set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); mbedtls_printf("%p -> %u\n", p, (unsigned) *p); } @@ -58,7 +63,7 @@ void null_pointer_call(const char *name) { (void) name; unsigned (*p)(void); - mbedtls_platform_zeroize(&p, sizeof(p)); + set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); /* The pointer representation may be truncated, but we don't care: * the only point of printing it is to have some use of the pointer * to dissuade the compiler from optimizing it away. */ @@ -104,8 +109,7 @@ void memory_leak(const char *name) { (void) name; volatile char *p = mbedtls_calloc(1, 1); - /* Hint to the compiler that calloc must not be optimized away. */ - (void) *p; + mbedtls_printf("%u\n", (unsigned) *p); } From 49cd4b5f7d5f710412600526b0352a9b0d139bd4 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 11:58:37 +0800 Subject: [PATCH 271/430] all.sh: refine and simplify component for block_cipher_no_decrypt Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 307 +++++++++++++------------------------------ 1 file changed, 89 insertions(+), 218 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d24ad9d10..937a8ea86 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4507,6 +4507,93 @@ component_test_aes_fewer_tables_and_rom_tables () { make test } +# helper for common_block_cipher_no_decrypt() which: +# - enable/disable the list of config options passed from -s/-u respectively. +# - build +# - test for tests_suite_xxx +# - selftest +# +# Usage: helper_block_cipher_no_decrypt_build_test +# [-s set_opts] [-u unset_opts] [-c cflags] [-l ldflags] [option [...]] +# Options: -s set_opts the list of config options to enable +# -u unset_opts the list of config options to disable +# -c cflags the list of options passed to CFLAGS +# -l ldflags the list of options passed to LDFLAGS +helper_block_cipher_no_decrypt_build_test () { + while [ $# -gt 0 ]; do + case "$1" in + -s) + shift; local set_opts="$1";; + -u) + shift; local unset_opts="$1";; + -c) + shift; local cflags="$1";; + -l) + shift; local ldflags="$1";; + esac + shift + done + set_opts="${set_opts:-}" + unset_opts="${unset_opts:-}" + cflags="${cflags:-}" + ldflags="${ldflags:-}" + + for opt in $set_opts; do + echo "Enabling $opt" + scripts/config.py set $opt + done + for opt in $unset_opts; do + echo "Disabling $opt" + scripts/config.py unset $opt + done + + msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" + make clean + make CC=gcc CFLAGS="$cflags" LDFLAGS="$ldflags" + + # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA + not grep mbedtls_aes_setkey_dec library/aes.o + not grep mbedtls_aria_setkey_dec library/aria.o + not grep mbedtls_camellia_setkey_dec library/camellia.o + # Make sure we don't have mbedtls_internal_aes_decrypt in AES + not grep mbedtls_internal_aes_decrypt library/aes.o + + msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" + make test + + msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" + programs/test/selftest +} + +# This is a common configuration function used in: +# - component_test_block_cipher_no_decrypt_aesni_legacy() +# - component_test_block_cipher_no_decrypt_aesni_use_psa() +# in order to test BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics, +# AESNI assembly and AES C implementation on x86_64 and with AESNI intrinsics +# on x86. +common_block_cipher_no_decrypt () { + # test AESNI intrinsics + helper_block_cipher_no_decrypt_build_test \ + -s "MBEDTLS_AESNI_C" \ + -c "-Werror -Wall -Wextra -mpclmul -msse2 -maes" + + # test AESNI assembly + helper_block_cipher_no_decrypt_build_test \ + -s "MBEDTLS_AESNI_C" \ + -c "-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes" + + # test AES C implementation + helper_block_cipher_no_decrypt_build_test \ + -u "MBEDTLS_AESNI_C" \ + -c "-Werror -Wall -Wextra" + + # test AESNI intrinsics for i386 target + helper_block_cipher_no_decrypt_build_test \ + -s "MBEDTLS_AESNI_C" \ + -c "-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes" \ + -l "-m32" +} + component_test_block_cipher_no_decrypt_aesni_legacy () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT @@ -4515,62 +4602,7 @@ component_test_block_cipher_no_decrypt_aesni_legacy () { scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C - # test AESNI intrinsics - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - programs/test/selftest - - # test AESNI assembly - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - programs/test/selftest - - # test AES C implementation - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - scripts/config.py unset MBEDTLS_AESNI_C - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - programs/test/selftest + common_block_cipher_no_decrypt } component_test_block_cipher_no_decrypt_aesni_use_psa () { @@ -4589,168 +4621,7 @@ component_test_block_cipher_no_decrypt_aesni_use_psa () { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - # test AESNI intrinsics - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI intrinsics" - programs/test/selftest - - # test AESNI assembly - scripts/config.py set MBEDTLS_AESNI_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AESNI assembly" - programs/test/selftest - - # test AES C implementation - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - scripts/config.py unset MBEDTLS_AESNI_C - make clean - make CC=gcc CFLAGS='-Werror -Wall -Wextra' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT with AES C Implementation" - programs/test/selftest -} - -component_test_block_cipher_no_decrypt_aesni_m32_legacy () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # test AESNI intrinsics for i386 with VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - programs/test/selftest - - # test AESNI intrinsics for i386 without VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - programs/test/selftest -} - -component_test_block_cipher_no_decrypt_aesni_m32_use_psa () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - - # test AESNI intrinsics for i386 with VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 with VIA PADLOCK" - programs/test/selftest - - # test AESNI intrinsics for i386 without VIA PADLOCK - scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C - msg "build: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make clean - make CC=gcc LDFLAGS='-m32' CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' - - # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA - not grep mbedtls_aes_setkey_dec library/aes.o - not grep mbedtls_aria_setkey_dec library/aria.o - not grep mbedtls_camellia_setkey_dec library/camellia.o - # Make sure we don't have mbedtls_internal_aes_decrypt in AES - not grep mbedtls_internal_aes_decrypt library/aes.o - - msg "test: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - make test - - msg "selftest: default config + BLOCK_CIPHER_NO_DECRYPT for i386 without VIA PADLOCK" - programs/test/selftest + common_block_cipher_no_decrypt } support_test_block_cipher_no_decrypt_aesce_armcc () { From 4cd1b1617d37fe66aef848996363648ef9ab7687 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 12:18:29 +0800 Subject: [PATCH 272/430] all.sh: check additional symbols in asece for block_cipher_no_decrypt check - mbedtls_aesce_inverse_key - aesce_decrypt_block Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 937a8ea86..ad443da77 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4670,6 +4670,9 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o + # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in aesce + not grep mbedtls_aesce_inverse_key library/aesce.o + not grep aesce_decrypt_block library/aesce.o } component_test_ctr_drbg_aes_256_sha_256 () { From 799bd84b0d50790a335d2ba9930687b3fb4f9df7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 12:21:35 +0800 Subject: [PATCH 273/430] all.sh: resue support_build_armcc for *_armcc test For time being, pre_check_tools check armcc and armclang together. Therefore, we can resue support_build_armcc even if the test only needs armclang. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ad443da77..5b649f6b3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3891,8 +3891,7 @@ component_build_psa_accel_key_type_rsa_public_key() { support_build_tfm_armcc () { - armc6_cc="$ARMC6_BIN_DIR/armclang" - (check_tools "$armc6_cc" > /dev/null 2>&1) + support_build_armcc } component_build_tfm_armcc() { @@ -4026,7 +4025,6 @@ component_build_aes_variations() { # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with CBC/XTS/DES/NIST_KW, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS @@ -4625,8 +4623,7 @@ component_test_block_cipher_no_decrypt_aesni_use_psa () { } support_test_block_cipher_no_decrypt_aesce_armcc () { - armc6_cc="$ARMC6_BIN_DIR/armclang" - (check_tools "$armc6_cc" > /dev/null 2>&1) + support_build_armcc } component_test_block_cipher_no_decrypt_aesce_armcc () { From 111159b89c08b6f691b4fe33a2732f4bf84da9a9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 13:41:12 +0800 Subject: [PATCH 274/430] BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally Signed-off-by: Yanray Wang --- include/mbedtls/aes.h | 2 -- library/aes.c | 9 ++++----- library/aesce.c | 9 ++++----- library/aesni.c | 25 ++++++++++--------------- library/psa_crypto.c | 1 - 5 files changed, 18 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c43134d45..c53f817c1 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -60,8 +60,6 @@ /* Error codes in range 0x0021-0x0025 */ /** Invalid input data. */ #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 -/** The requested feature is not available. */ -#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 #ifdef __cplusplus extern "C" { diff --git a/library/aes.c b/library/aes.c index 9dc7b7d14..f91d2519f 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1064,14 +1064,13 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, #endif #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) - if (mode == MBEDTLS_AES_ENCRYPT) { - return mbedtls_internal_aes_encrypt(ctx, input, output); - } else { #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { return mbedtls_internal_aes_decrypt(ctx, input, output); -#else - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + } else #endif + { + return mbedtls_internal_aes_encrypt(ctx, input, output); } #endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ } diff --git a/library/aesce.c b/library/aesce.c index 5883e6a83..9a82731f0 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -244,14 +244,13 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, uint8x16_t block = vld1q_u8(&input[0]); unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); - if (mode == MBEDTLS_AES_ENCRYPT) { - block = aesce_encrypt_block(block, keys, ctx->nr); - } else { #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { block = aesce_decrypt_block(block, keys, ctx->nr); -#else - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + } else #endif + { + block = aesce_encrypt_block(block, keys, ctx->nr); } vst1q_u8(&output[0], block); diff --git a/library/aesni.c b/library/aesni.c index 6c917daec..c68b081de 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -93,24 +93,25 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, ++rk; --nr; - if (mode == MBEDTLS_AES_ENCRYPT) { - while (nr != 0) { - state = _mm_aesenc_si128(state, *rk); - ++rk; - --nr; - } - state = _mm_aesenclast_si128(state, *rk); - } else { #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) + if (mode == MBEDTLS_AES_DECRYPT) { while (nr != 0) { state = _mm_aesdec_si128(state, *rk); ++rk; --nr; } state = _mm_aesdeclast_si128(state, *rk); + } else #else - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; + (void) mode; #endif + { + while (nr != 0) { + state = _mm_aesenc_si128(state, *rk); + ++rk; + --nr; + } + state = _mm_aesenclast_si128(state, *rk); } memcpy(output, &state, 16); @@ -445,12 +446,6 @@ int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) { -#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) - if (mode == MBEDTLS_AES_DECRYPT) { - return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE; - } -#endif - asm ("movdqu (%3), %%xmm0 \n\t" // load input "movdqu (%1), %%xmm1 \n\t" // load round key 0 "pxor %%xmm1, %%xmm0 \n\t" // round 0 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2ada2eb72..1faf1dd6c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -157,7 +157,6 @@ psa_status_t mbedtls_to_psa_error(int ret) #if defined(MBEDTLS_AES_C) case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: - case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; case MBEDTLS_ERR_AES_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; From ec9b25877fc69f47a624a5b93893420702202d0b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 16:50:54 +0100 Subject: [PATCH 275/430] all.sh: disable CIPHER_C in test_psa_crypto_config_accel_cipher_aead Extra features that depend on CIPHER_C are disabled also in the reference component in order to get test parity. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 73206a811..2f7ebbf5a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3631,6 +3631,12 @@ common_psa_crypto_config_accel_cipher_aead() { # Start from the full config helper_libtestdriver1_adjust_config "full" + # CIPHER_C is disabled in the accelerated test component so we disable + # all the features that depend on it both in the accelerated and in the + # reference components. + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_NIST_KW_C } @@ -3670,6 +3676,10 @@ component_test_psa_crypto_config_accel_cipher_aead () { scripts/config.py unset MBEDTLS_CHACHA20_C scripts/config.py unset MBEDTLS_CAMELLIA_C + # Disable CIPHER_C entirely as all ciphers/AEADs are accelerated and PSA + # does not depend on it. + scripts/config.py unset MBEDTLS_CIPHER_C + # Build # ----- @@ -3678,6 +3688,7 @@ component_test_psa_crypto_config_accel_cipher_aead () { helper_libtestdriver1_make_main "$loc_accel_list" # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_cipher library/cipher.o not grep mbedtls_des library/des.o not grep mbedtls_aes library/aes.o not grep mbedtls_aria library/aria.o From f941455e3b9f8fc7b7aced4a916f0daef57965ed Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 10:43:20 +0100 Subject: [PATCH 276/430] all.sh: enable ssl-opt testing in psa_crypto_config_[accel/reference]_cipher_aead Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 73206a811..09c981915 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3641,7 +3641,7 @@ common_psa_crypto_config_accel_cipher_aead() { # are meant to be used together in analyze_outcomes.py script in order to test # driver's coverage for ciphers and AEADs. component_test_psa_crypto_config_accel_cipher_aead () { - msg "test: crypto config with accelerated cipher and AEAD" + msg "build: crypto config with accelerated cipher and AEAD" loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ ALG_OFB ALG_XTS ALG_STREAM_CIPHER \ @@ -3687,18 +3687,29 @@ component_test_psa_crypto_config_accel_cipher_aead () { not grep mbedtls_chachapoly library/chachapoly.o not grep mbedtls_cmac library/cmac.o + make + # Run the tests # ------------- msg "test: crypto config with accelerated cipher and AEAD" make test + + msg "ssl-opt: crypto config with accelerated cipher and AEAD" + tests/ssl-opt.sh } component_test_psa_crypto_config_reference_cipher_aead () { + msg "build: crypto config with non-accelerated cipher and AEAD" common_psa_crypto_config_accel_cipher_aead + make + msg "test: crypto config with non-accelerated cipher and AEAD" make test + + msg "ssl-opt: crypto config with non-accelerated cipher and AEAD" + tests/ssl-opt.sh } component_test_aead_chachapoly_disabled() { From dd43d7b3a4f1f1dd6a1ead02b3acac7b6c943496 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 14:10:51 +0100 Subject: [PATCH 277/430] ssl-opt: set proper dependencies on tests with encrypted server5 key Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9c317d1fc..befe1e182 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2090,6 +2090,11 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ -c "Key size is 128" requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_MD_CAN_MD5 +# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM +# module does not support PSA dispatching so we need builtin support. +requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected client key" \ "$P_SRV force_version=tls12 auth_mode=required" \ @@ -2097,6 +2102,11 @@ run_test "TLS: password protected client key" \ 0 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_MD_CAN_MD5 +# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM +# module does not support PSA dispatching so we need builtin support. +requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected server key" \ "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ @@ -2105,6 +2115,11 @@ run_test "TLS: password protected server key" \ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_MD_CAN_MD5 +# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM +# module does not support PSA dispatching so we need builtin support. +requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled MBEDTLS_AES_C requires_hash_alg SHA_256 run_test "TLS: password protected server key, two certificates" \ "$P_SRV force_version=tls12\ From 01c4fa3e889551ce3f17d32e879ccf85ec4b58bc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 10:46:36 +0100 Subject: [PATCH 278/430] ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h This is useful to properly define MBEDTLS_PSK_MAX_LEN when it is not defined explicitly in mbedtls_config.h Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 22 +++++++++++++++++++++- library/ssl_misc.h | 20 -------------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c9110dead..0177df17c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -600,6 +600,26 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 +/* Some internal helpers to determine which keys are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_SSL_HAVE_AES +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) +#define MBEDTLS_SSL_HAVE_CAMELLIA +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) +#define MBEDTLS_SSL_HAVE_ARIA +#endif + +/* Some internal helpers to determine which operation modes are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) +#define MBEDTLS_SSL_HAVE_CBC +#endif + /* * Size defines */ @@ -613,7 +633,7 @@ */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \ - defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && \ + defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \ defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ #else diff --git a/library/ssl_misc.h b/library/ssl_misc.h index bde55b6ce..4ddd9c4bb 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -249,26 +249,6 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). */ -/* Some internal helpers to determine which keys are availble. */ -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) -#define MBEDTLS_SSL_HAVE_AES -#endif -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) -#define MBEDTLS_SSL_HAVE_CAMELLIA -#endif -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) -#define MBEDTLS_SSL_HAVE_ARIA -#endif - -/* Some internal helpers to determine which operation modes are availble. */ -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) -#define MBEDTLS_SSL_HAVE_CBC -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) /* This macro determines whether CBC is supported. */ From 38e75fb1a72f49a4ec42dc7196ae0a02dff270f2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 16:52:39 +0100 Subject: [PATCH 279/430] ssl_server2: remove usage of mbedtls_cipher_info_from_string() This removes the dependency from cipher module and legacy key/modes symbols which are used in cipher_wrap. Signed-off-by: Valerio Setti --- programs/ssl/ssl_server2.c | 56 +++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1bab9157b..fbcbb8dc8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -281,18 +281,11 @@ int main(void) #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) -#if defined(MBEDTLS_CIPHER_C) #define USAGE_TICKETS \ " tickets=%%d default: 1 (enabled)\n" \ " ticket_rotate=%%d default: 0 (disabled)\n" \ " ticket_timeout=%%d default: 86400 (one day)\n" \ " ticket_aead=%%s default: \"AES-256-GCM\"\n" -#else /* MBEDTLS_CIPHER_C */ -#define USAGE_TICKETS \ - " tickets=%%d default: 1 (enabled)\n" \ - " ticket_rotate=%%d default: 0 (disabled)\n" \ - " ticket_timeout=%%d default: 86400 (one day)\n" -#endif /* MBEDTLS_CIPHER_C */ #else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ #define USAGE_TICKETS "" #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */ @@ -1463,6 +1456,42 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ +int parse_cipher(char *buf) +{ + if (strcmp(buf, "AES-128-CCM")) { + return MBEDTLS_CIPHER_AES_128_CCM; + } else if (strcmp(buf, "AES-128-GCM")) { + return MBEDTLS_CIPHER_AES_128_GCM; + } else if (strcmp(buf, "AES-192-CCM")) { + return MBEDTLS_CIPHER_AES_192_CCM; + } else if (strcmp(buf, "AES-192-GCM")) { + return MBEDTLS_CIPHER_AES_192_GCM; + } else if (strcmp(buf, "AES-256-CCM")) { + return MBEDTLS_CIPHER_AES_256_CCM; + } else if (strcmp(buf, "ARIA-128-CCM")) { + return MBEDTLS_CIPHER_ARIA_128_CCM; + } else if (strcmp(buf, "ARIA-128-GCM")) { + return MBEDTLS_CIPHER_ARIA_128_GCM; + } else if (strcmp(buf, "ARIA-192-CCM")) { + return MBEDTLS_CIPHER_ARIA_192_CCM; + } else if (strcmp(buf, "ARIA-192-GCM")) { + return MBEDTLS_CIPHER_ARIA_192_GCM; + } else if (strcmp(buf, "ARIA-256-CCM")) { + return MBEDTLS_CIPHER_ARIA_256_CCM; + } else if (strcmp(buf, "ARIA-256-GCM")) { + return MBEDTLS_CIPHER_ARIA_256_GCM; + } else if (strcmp(buf, "CAMELLIA-128-CCM")) { + return MBEDTLS_CIPHER_CAMELLIA_128_CCM; + } else if (strcmp(buf, "CAMELLIA-192-CCM")) { + return MBEDTLS_CIPHER_CAMELLIA_192_CCM; + } else if (strcmp(buf, "CAMELLIA-256-CCM")) { + return MBEDTLS_CIPHER_CAMELLIA_256_CCM; + } else if (strcmp(buf, "CHACHA20-POLY1305")) { + return MBEDTLS_CIPHER_CHACHA20_POLY1305; + } + return MBEDTLS_CIPHER_NONE; +} + int main(int argc, char *argv[]) { int ret = 0, len, written, frags, exchanges_left; @@ -2143,18 +2172,13 @@ usage: if (opt.ticket_timeout < 0) { goto usage; } - } -#if defined(MBEDTLS_CIPHER_C) - else if (strcmp(p, "ticket_aead") == 0) { - const mbedtls_cipher_info_t *ci = mbedtls_cipher_info_from_string(q); + } else if (strcmp(p, "ticket_aead") == 0) { + opt.ticket_aead = parse_cipher(q); - if (ci == NULL) { + if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) { goto usage; } - opt.ticket_aead = mbedtls_cipher_info_get_type(ci); - } -#endif - else if (strcmp(p, "cache_max") == 0) { + } else if (strcmp(p, "cache_max") == 0) { opt.cache_max = atoi(q); if (opt.cache_max < 0) { goto usage; From 73d053123f9df90855938b0789b5d0fc79fb9ddb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 16:53:59 +0100 Subject: [PATCH 280/430] ssl-opt: set proper cipher dependencies in tests using ticket_aead parameters Check either legacy or PSA symbols based on USE_PSA_CRYPTO Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index befe1e182..5879b255a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -368,6 +368,34 @@ requires_ciphersuite_enabled() { esac } +requires_cipher_enabled() { + KEY_TYPE=$1 + MODE=${2:-} + if is_config_enabled MBEDTLS_USE_PSA_CRYPTO; then + case "$KEY_TYPE" in + CHACHA20) + requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305 + requires_config_enabled PSA_WANT_KEY_TYPE_CHACHA20 + ;; + *) + requires_config_enabled PSA_WANT_ALG_${MODE} + requires_config_enabled PSA_WANT_KEY_TYPE_${KEY_TYPE} + ;; + esac + else + case "$KEY_TYPE" in + CHACHA20) + requires_config_enabled MBEDTLS_CHACHA20_C + requires_config_enabled MBEDTLS_CHACHAPOLY_C + ;; + *) + requires_config_enabled MBEDTLS_${MODE}_C + requires_config_enabled MBEDTLS_${KEY_TYPE}_C + ;; + esac + fi +} + # Automatically detect required features based on command line parameters. # Parameters are: # - $1 = command line (call to a TLS client or server program) @@ -3848,6 +3876,7 @@ run_test "Session resume using tickets: openssl client" \ -s "session successfully restored from ticket" \ -s "a session has been resumed" +requires_cipher_enabled "AES" "GCM" run_test "Session resume using tickets: AES-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3862,6 +3891,7 @@ run_test "Session resume using tickets: AES-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "GCM" run_test "Session resume using tickets: AES-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3876,6 +3906,7 @@ run_test "Session resume using tickets: AES-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "CCM" run_test "Session resume using tickets: AES-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3890,6 +3921,7 @@ run_test "Session resume using tickets: AES-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "CCM" run_test "Session resume using tickets: AES-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3904,6 +3936,7 @@ run_test "Session resume using tickets: AES-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "AES" "CCM" run_test "Session resume using tickets: AES-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3918,6 +3951,7 @@ run_test "Session resume using tickets: AES-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CAMELLIA" "CCM" run_test "Session resume using tickets: CAMELLIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3932,6 +3966,7 @@ run_test "Session resume using tickets: CAMELLIA-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CAMELLIA" "CCM" run_test "Session resume using tickets: CAMELLIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3946,6 +3981,7 @@ run_test "Session resume using tickets: CAMELLIA-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CAMELLIA" "CCM" run_test "Session resume using tickets: CAMELLIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3960,6 +3996,7 @@ run_test "Session resume using tickets: CAMELLIA-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3974,6 +4011,7 @@ run_test "Session resume using tickets: ARIA-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3988,6 +4026,7 @@ run_test "Session resume using tickets: ARIA-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-256-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4002,6 +4041,7 @@ run_test "Session resume using tickets: ARIA-256-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4016,6 +4056,7 @@ run_test "Session resume using tickets: ARIA-128-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4030,6 +4071,7 @@ run_test "Session resume using tickets: ARIA-192-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "ARIA" "CCM" run_test "Session resume using tickets: ARIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4044,6 +4086,7 @@ run_test "Session resume using tickets: ARIA-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_cipher_enabled "CHACHA20" run_test "Session resume using tickets: CHACHA20-POLY1305" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ From cd25d2252655268326ebb78ccee61a846a3e57db Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 15:33:27 +0800 Subject: [PATCH 281/430] cipher.c: remove checks for CBC,XTS,KW,KWP in cipher_setkey We have checks for CBC, XTS and KW modes in check_config.h. This means we should never get a successful build with above three modes. Therefore, the checks in cipher_setkey is not necessary as other error will be emitted if asking for those modes in the cipher. Additionally, removing the checks can save extra code size. Signed-off-by: Yanray Wang --- library/cipher.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index 909324aae..33da58055 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -320,15 +320,6 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } #if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) - /* CBC, XTS, KW and KWP mode always need decryption, return an error to - * indicate those modes are not available under - * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT. */ - if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || - MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || - MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || - MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { - return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; - } if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) && MBEDTLS_DECRYPT == operation) { return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; From a742337ef69f88e466d4367c625cf3ee5e48213a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Nov 2023 09:58:31 +0100 Subject: [PATCH 282/430] all.sh: add diff to can_keep_going_after_failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 652b48174..da5368637 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -622,6 +622,7 @@ pre_setup_keep_going () { case "$1" in "msg "*) false;; "cd "*) false;; + "diff "*) true;; *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ... *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ... *make*check*) true;; From 5c6f787caab7684c7828cc33d20b972592eb30f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Nov 2023 10:04:22 +0100 Subject: [PATCH 283/430] all.sh: robustness improvement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The original pattern would catch any extension, which could include things like editor backup files etc, that we'd rather ignore. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index da5368637..c5a3aaf2c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1032,7 +1032,8 @@ component_check_test_dependencies () { expected="check-test-deps-expected-$$" # Find legacy dependencies in PSA tests - grep 'depends_on' tests/suites/test_suite_psa* | + grep 'depends_on' \ + tests/suites/test_suite_psa*.data tests/suites/test_suite_psa*.function | grep -Eo '!?MBEDTLS_[^: ]*' | grep -v MBEDTLS_PSA_ | sort -u > $found From da6e7a2ac27a3a3d579645e946b30d0928b2dbb3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Nov 2023 10:09:27 +0100 Subject: [PATCH 284/430] More consistent usage of volatile Fix MSVC warning C4090. Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 805de2d30..ce866edec 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -30,9 +30,9 @@ volatile int false_but_the_compiler_does_not_know = 0; /* Set n bytes at the address p to all-bits-zero, in such a way that * the compiler should not know that p is all-bits-zero. */ -static void set_to_zero_but_the_compiler_does_not_know(void *p, size_t n) +static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n) { - memset(p, false_but_the_compiler_does_not_know, n); + memset((void *) p, false_but_the_compiler_does_not_know, n); } @@ -54,7 +54,7 @@ void meta_test_fail(const char *name) void null_pointer_dereference(const char *name) { (void) name; - volatile char *p; + volatile char *volatile p; set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); mbedtls_printf("%p -> %u\n", p, (unsigned) *p); } @@ -62,7 +62,7 @@ void null_pointer_dereference(const char *name) void null_pointer_call(const char *name) { (void) name; - unsigned (*p)(void); + unsigned(*volatile p)(void); set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); /* The pointer representation may be truncated, but we don't care: * the only point of printing it is to have some use of the pointer From 9f164f01036d993ed06f918421611bf83c19dda2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Nov 2023 10:16:06 +0100 Subject: [PATCH 285/430] all.sh: more comments in check_test_cases() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c5a3aaf2c..78243c77c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1027,6 +1027,15 @@ component_check_test_cases () { component_check_test_dependencies () { msg "Check: test case dependencies: legacy vs PSA" # < 1s + # The purpose of this component is to catch unjustified dependencies on + # legacy feature macros (MBEDTLS_xxx) in PSA tests. Generally speaking, + # PSA test should use PSA feature macros (PSA_WANT_xxx, more rarely + # MBEDTLS_PSA_xxx). + # + # Most of the time, use of legacy MBEDTLS_xxx macros are mistakes, which + # this component is meant to catch. However a few of them are justified, + # mostly by the absence of a PSA equivalent, so this component includes a + # list of expected exceptions. found="check-test-deps-found-$$" expected="check-test-deps-expected-$$" @@ -1058,6 +1067,13 @@ component_check_test_dependencies () { # Compare reality with expectation. # We want an exact match, to ensure the above list remains up-to-date. + # + # The output should be empty. When it's not: + # - Each '+' line is a macro that was found but not expected. You want to + # find where that macro occurs, and either replace it with PSA macros, or + # add it to the exceptions list above with a justification. + # - Each '-' line is a macro that was expected but not found; it means the + # exceptions list above should be updated by removing that macro. diff -U0 $expected $found rm $found $expected From 21718769d18b317471d98a2bdbb64623de2318b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Nov 2023 11:21:17 +0100 Subject: [PATCH 286/430] Start adding internal module block_cipher.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/block_cipher.h | 58 ++++++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 1 + library/block_cipher.c | 69 +++++++++++++++++++ library/block_cipher_internal.h | 63 +++++++++++++++++ tests/scripts/all.sh | 2 +- tests/suites/test_suite_block_cipher.data | 2 + tests/suites/test_suite_block_cipher.function | 28 ++++++++ 8 files changed, 223 insertions(+), 1 deletion(-) create mode 100644 include/mbedtls/block_cipher.h create mode 100644 library/block_cipher.c create mode 100644 library/block_cipher_internal.h create mode 100644 tests/suites/test_suite_block_cipher.data create mode 100644 tests/suites/test_suite_block_cipher.function diff --git a/include/mbedtls/block_cipher.h b/include/mbedtls/block_cipher.h new file mode 100644 index 000000000..154ae26e2 --- /dev/null +++ b/include/mbedtls/block_cipher.h @@ -0,0 +1,58 @@ +/** + * \file block_cipher.h + * + * \brief Internal abstraction layer. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_BLOCK_CIPHER_H +#define MBEDTLS_BLOCK_CIPHER_H + +#include "mbedtls/private_access.h" + +#include "mbedtls/build_info.h" + +#if defined(MBEDTLS_AES_C) +#include "mbedtls/aes.h" +#endif +#if defined(MBEDTLS_ARIA_C) +#include "mbedtls/aria.h" +#endif +#if defined(MBEDTLS_CAMELLIA_C) +#include "mbedtls/camellia.h" +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + MBEDTLS_BLOCK_CIPHER_ID_NONE = 0, /**< Unset. */ + MBEDTLS_BLOCK_CIPHER_ID_AES, /**< The AES cipher. */ + MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ + MBEDTLS_BLOCK_CIPHER_ID_ARIA, /**< The Aria cipher. */ +} mbedtls_block_cipher_id_t; + +typedef struct { + mbedtls_block_cipher_id_t MBEDTLS_PRIVATE(id); + union { + unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ +#if defined(MBEDTLS_AES_C) + mbedtls_aes_context MBEDTLS_PRIVATE(aes); +#endif +#if defined(MBEDTLS_ARIA_C) + mbedtls_aria_context MBEDTLS_PRIVATE(aria); +#endif +#if defined(MBEDTLS_CAMELLIA_C) + mbedtls_camellia_context MBEDTLS_PRIVATE(camellia); +#endif + } MBEDTLS_PRIVATE(ctx); +} mbedtls_block_cipher_context_t; + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_BLOCK_CIPHER_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index eeda06aee..5c297e0a1 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -22,6 +22,7 @@ set(src_crypto bignum_core.c bignum_mod.c bignum_mod_raw.c + block_cipher.c camellia.c ccm.c chacha20.c diff --git a/library/Makefile b/library/Makefile index 9e2d72310..d11a98df0 100644 --- a/library/Makefile +++ b/library/Makefile @@ -91,6 +91,7 @@ OBJS_CRYPTO= \ bignum_core.o \ bignum_mod.o \ bignum_mod_raw.o \ + block_cipher.o \ camellia.o \ ccm.o \ chacha20.o \ diff --git a/library/block_cipher.c b/library/block_cipher.c new file mode 100644 index 000000000..08364d745 --- /dev/null +++ b/library/block_cipher.c @@ -0,0 +1,69 @@ +/** + * \file block_cipher.c + * + * \brief Lightweight abstraction layer for block ciphers with 128 bit blocks, + * for use by the GCM and CCM modules. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "common.h" + +#include "block_cipher_internal.h" + +#if defined(MBEDTLS_BLOCK_CIPHER_C) + +void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx) +{ + switch (ctx->id) { +#if defined(MBEDTLS_AES_C) + case MBEDTLS_BLOCK_CIPHER_ID_AES: + mbedtls_aes_free(&ctx->ctx.aes); + break; +#endif +#if defined(MBEDTLS_ARIA_C) + case MBEDTLS_BLOCK_CIPHER_ID_ARIA: + mbedtls_aria_free(&ctx->ctx.aria); + break; +#endif +#if defined(MBEDTLS_CAMELLIA_C) + case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: + mbedtls_camellia_free(&ctx->ctx.camellia); + break; +#endif + default: + break; + } + ctx->id = MBEDTLS_BLOCK_CIPHER_ID_NONE; +} + +int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, + mbedtls_cipher_id_t cipher_id) +{ + switch (cipher_id) { +#if defined(MBEDTLS_AES_C) + case MBEDTLS_CIPHER_ID_AES: + ctx->id = MBEDTLS_BLOCK_CIPHER_ID_AES; + mbedtls_aes_init(&ctx->ctx.aes); + return 0; +#endif +#if defined(MBEDTLS_ARIA_C) + case MBEDTLS_CIPHER_ID_ARIA: + ctx->id = MBEDTLS_BLOCK_CIPHER_ID_ARIA; + mbedtls_aria_init(&ctx->ctx.aria); + return 0; +#endif +#if defined(MBEDTLS_CAMELLIA_C) + case MBEDTLS_CIPHER_ID_CAMELLIA: + ctx->id = MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA; + mbedtls_camellia_init(&ctx->ctx.camellia); + return 0; +#endif + default: + return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; + } +} + +#endif /* MBEDTLS_BLOCK_CIPHER_C */ diff --git a/library/block_cipher_internal.h b/library/block_cipher_internal.h new file mode 100644 index 000000000..4f25e26ca --- /dev/null +++ b/library/block_cipher_internal.h @@ -0,0 +1,63 @@ +/** + * \file block_cipher_internal.h + * + * \brief Lightweight abstraction layer for block ciphers with 128 bit blocks, + * for use by the GCM and CCM modules. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_BLOCK_CIPHER_INTERNAL_H +#define MBEDTLS_BLOCK_CIPHER_INTERNAL_H + +#include "mbedtls/build_info.h" + +#include "mbedtls/cipher.h" + +#include "mbedtls/block_cipher.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Initialize the context. + * This must be the first API call before using the context. + * + * \param ctx The context to initialize. + */ +static inline void mbedtls_block_cipher_init(mbedtls_block_cipher_context_t *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +/** + * \brief Set the block cipher to use with this context. + * This must be called after mbedtls_block_cipher_init(). + * + * \param ctx The context to set up. + * \param cipher_id The identifier of the cipher to use. + * This must be either AES, ARIA or Camellia. + * Warning: this is a ::mbedtls_cipher_id_t, + * not a ::mbedtls_block_cipher_id_t! + * + * \retval \c 0 on success. + * \retval #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if \p cipher_id was + * invalid. + */ +int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, + mbedtls_cipher_id_t cipher_id); + +/** + * \brief Clear the context. + * + * \param ctx The context to clear. + */ +void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx); + +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_BLOCK_CIPHER_INTERNAL_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 086677a60..b1d6c19c1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1498,7 +1498,7 @@ component_test_full_no_cipher () { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE - make + make CFLAGS='-DMBEDTLS_BLOCK_CIPHER_C' msg "test: full no CIPHER no PSA_CRYPTO_C" make test diff --git a/tests/suites/test_suite_block_cipher.data b/tests/suites/test_suite_block_cipher.data new file mode 100644 index 000000000..f0529a92e --- /dev/null +++ b/tests/suites/test_suite_block_cipher.data @@ -0,0 +1,2 @@ +Invalid input +invalid: diff --git a/tests/suites/test_suite_block_cipher.function b/tests/suites/test_suite_block_cipher.function new file mode 100644 index 000000000..7133653e5 --- /dev/null +++ b/tests/suites/test_suite_block_cipher.function @@ -0,0 +1,28 @@ +/* BEGIN_HEADER */ +#include "block_cipher_internal.h" + +#define BLOCK_SIZE 16 +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_BLOCK_CIPHER_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void invalid() +{ + mbedtls_block_cipher_context_t ctx; + + mbedtls_block_cipher_init(&ctx); + + TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_block_cipher_setup(&ctx, MBEDTLS_CIPHER_ID_NONE)); + + TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, + mbedtls_block_cipher_setup(&ctx, MBEDTLS_CIPHER_ID_DES)); + +exit: + mbedtls_block_cipher_free(&ctx); +} +/* END_CASE */ From 0287b9d26037a2bbaff63c5a4cc35ad99acb74d9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 10 Nov 2023 18:21:21 +0800 Subject: [PATCH 287/430] padlock.c: guard mbedtls_padlock_xcryptcbc by CIPHER_MODE_CBC Signed-off-by: Yanray Wang --- library/padlock.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/padlock.c b/library/padlock.c index 563d40e7c..0ea412968 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -108,6 +108,7 @@ int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, return 0; } +#if defined(MBEDTLS_CIPHER_MODE_CBC) /* * PadLock AES-CBC buffer en(de)cryption */ @@ -161,6 +162,7 @@ int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, return 0; } +#endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */ From ccb121500d84567c30127b792128bf7e0f00f350 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Nov 2023 11:35:36 +0100 Subject: [PATCH 288/430] Uninitialized read: make the pointer non-volatile rather than the buffer Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index ce866edec..5e6a15f1d 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -96,12 +96,13 @@ void double_free(const char *name) void read_uninitialized_stack(const char *name) { (void) name; - volatile char buf[1]; + char buf[1]; if (false_but_the_compiler_does_not_know) { buf[0] = '!'; } - if (*buf != 0) { - mbedtls_printf("%u\n", (unsigned) *buf); + char *volatile p = buf; + if (*p != 0) { + mbedtls_printf("%u\n", (unsigned) *p); } } From 3e0884fc5344e14351e42054a612bba11266679b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Nov 2023 11:52:10 +0100 Subject: [PATCH 289/430] block_cipher: add setkey() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/block_cipher.c | 21 +++++++++++++ library/block_cipher_internal.h | 18 +++++++++++ tests/suites/test_suite_block_cipher.function | 31 +++++++++++++++++-- 3 files changed, 68 insertions(+), 2 deletions(-) diff --git a/library/block_cipher.c b/library/block_cipher.c index 08364d745..2146c6c67 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -66,4 +66,25 @@ int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, } } +int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, + const unsigned char *key, + unsigned key_bitlen) +{ + switch (ctx->id) { +#if defined(MBEDTLS_AES_C) + case MBEDTLS_BLOCK_CIPHER_ID_AES: + return mbedtls_aes_setkey_enc(&ctx->ctx.aes, key, key_bitlen); +#endif +#if defined(MBEDTLS_ARIA_C) + case MBEDTLS_BLOCK_CIPHER_ID_ARIA: + return mbedtls_aria_setkey_enc(&ctx->ctx.aria, key, key_bitlen); +#endif +#if defined(MBEDTLS_CAMELLIA_C) + case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: + return mbedtls_camellia_setkey_enc(&ctx->ctx.camellia, key, key_bitlen); +#endif + default: + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } +} #endif /* MBEDTLS_BLOCK_CIPHER_C */ diff --git a/library/block_cipher_internal.h b/library/block_cipher_internal.h index 4f25e26ca..47326fa8d 100644 --- a/library/block_cipher_internal.h +++ b/library/block_cipher_internal.h @@ -49,6 +49,24 @@ static inline void mbedtls_block_cipher_init(mbedtls_block_cipher_context_t *ctx int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, mbedtls_cipher_id_t cipher_id); +/** + * \brief Set the key into the context. + * + * \param ctx The context to configure. + * \param key The buffer holding the key material. + * \param key_bitlen The size of the key in bits. + * + * \retval \c 0 on success. + * \retval #MBEDTLS_ERR_CIPHER_INVALID_CONTEXT if the context was not + * properly set up before calling this function. + * \retval One of #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH, + * #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + * #MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA if \p key_bitlen is + * invalid. + */ +int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, + const unsigned char *key, + unsigned key_bitlen); /** * \brief Clear the context. * diff --git a/tests/suites/test_suite_block_cipher.function b/tests/suites/test_suite_block_cipher.function index 7133653e5..dcafdc841 100644 --- a/tests/suites/test_suite_block_cipher.function +++ b/tests/suites/test_suite_block_cipher.function @@ -2,6 +2,19 @@ #include "block_cipher_internal.h" #define BLOCK_SIZE 16 + +#if defined(MBEDTLS_AES_C) +#define VALID_CIPHER_ID MBEDTLS_CIPHER_ID_AES +#define BADKEY_ERROR MBEDTLS_ERR_AES_INVALID_KEY_LENGTH +#elif defined(MBEDTLS_ARIA_C) +#define VALID_CIPHER_ID MBEDTLS_CIPHER_ID_ARIA +#define BADKEY_ERROR MBEDTLS_ERR_ARIA_BAD_INPUT_DATA +#elif defined(MBEDTLS_CAMELLIA_C) +#define VALID_CIPHER_ID MBEDTLS_CIPHER_ID_CAMELLIA +#define BADKEY_ERROR MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA +#else +#undef VALID_CIPHER_ID +#endif /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -9,19 +22,33 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:VALID_CIPHER_ID */ void invalid() { + /* That size is valid for a key or an input/output block. */ + unsigned char buf[16] = { 0 }; + mbedtls_block_cipher_context_t ctx; mbedtls_block_cipher_init(&ctx); + /* Bad parameters to setup */ TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_block_cipher_setup(&ctx, MBEDTLS_CIPHER_ID_NONE)); - TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_block_cipher_setup(&ctx, MBEDTLS_CIPHER_ID_DES)); + /* setkey() before successful setup() */ + TEST_EQUAL(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT, + mbedtls_block_cipher_setkey(&ctx, buf, 128)); + + /* Now properly setup the context */ + TEST_EQUAL(0, mbedtls_block_cipher_setup(&ctx, VALID_CIPHER_ID)); + + /* Bad parameters to setkey() */ + TEST_EQUAL(BADKEY_ERROR, + mbedtls_block_cipher_setkey(&ctx, buf, 42)); + exit: mbedtls_block_cipher_free(&ctx); } From 76fa16cab32b14a4d09f8a9e324e5770bc1eb91c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Nov 2023 12:02:53 +0100 Subject: [PATCH 290/430] block_cipher: add encrypt() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Test data copied from existing test suites. Signed-off-by: Manuel Pégourié-Gonnard --- library/block_cipher.c | 26 ++ library/block_cipher_internal.h | 18 ++ tests/suites/test_suite_block_cipher.data | 235 ++++++++++++++++++ tests/suites/test_suite_block_cipher.function | 39 +++ 4 files changed, 318 insertions(+) diff --git a/library/block_cipher.c b/library/block_cipher.c index 2146c6c67..1118d3abb 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -87,4 +87,30 @@ int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; } } + +int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx, + const unsigned char input[16], + unsigned char output[16]) +{ + switch (ctx->id) { +#if defined(MBEDTLS_AES_C) + case MBEDTLS_BLOCK_CIPHER_ID_AES: + return mbedtls_aes_crypt_ecb(&ctx->ctx.aes, MBEDTLS_AES_ENCRYPT, + input, output); +#endif +#if defined(MBEDTLS_ARIA_C) + case MBEDTLS_BLOCK_CIPHER_ID_ARIA: + return mbedtls_aria_crypt_ecb(&ctx->ctx.aria, input, output); +#endif +#if defined(MBEDTLS_CAMELLIA_C) + case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: + return mbedtls_camellia_crypt_ecb(&ctx->ctx.camellia, + MBEDTLS_CAMELLIA_ENCRYPT, + input, output); +#endif + default: + return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; + } +} + #endif /* MBEDTLS_BLOCK_CIPHER_C */ diff --git a/library/block_cipher_internal.h b/library/block_cipher_internal.h index 47326fa8d..c57338b75 100644 --- a/library/block_cipher_internal.h +++ b/library/block_cipher_internal.h @@ -67,6 +67,24 @@ int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, const unsigned char *key, unsigned key_bitlen); + +/** + * \brief Encrypt one block (16 bytes) with the configured key. + * + * \param ctx The context holding the key. + * \param input The buffer holding the input block. Must be 16 bytes. + * \param output The buffer to which the output block will be written. + * Must be writable and 16 bytes long. + * This must either not overlap with \p input, or be equal. + * + * \retval \c 0 on success. + * \retval #MBEDTLS_ERR_CIPHER_INVALID_CONTEXT if the context was not + * properly set up before calling this function. + * \retval Another negative value if encryption failed. + */ +int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Clear the context. * diff --git a/tests/suites/test_suite_block_cipher.data b/tests/suites/test_suite_block_cipher.data index f0529a92e..cf321ae47 100644 --- a/tests/suites/test_suite_block_cipher.data +++ b/tests/suites/test_suite_block_cipher.data @@ -1,2 +1,237 @@ Invalid input invalid: + +AES-128-ECB Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e" + +AES-128-ECB Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"9798c4640bad75c7c3227db910174e72":"a9a1631bf4996954ebc093957b234589" + +AES-128-ECB Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"96ab5c2ff612d9dfaae8c31f30c42168":"ff4f8391a6a40ca5b25d23bedd44a597" + +AES-128-ECB Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"e0000000000000000000000000000000":"00000000000000000000000000000000":"72a1da770f5d7ac4c9ef94d822affd97" + +AES-128-ECB Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"f0000000000000000000000000000000":"00000000000000000000000000000000":"970014d634e2b7650777e8e84d03ccd8" + +AES-128-ECB Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"f8000000000000000000000000000000":"00000000000000000000000000000000":"f17e79aed0db7e279e955b5f493875a7" + +AES-128-ECB Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffff0000000000000000000":"00000000000000000000000000000000":"7b90785125505fad59b13c186dd66ce3" + +AES-128-ECB Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffff8000000000000000000":"00000000000000000000000000000000":"8b527a6aebdaec9eaef8eda2cb7783e5" + +AES-128-ECB Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffc000000000000000000":"00000000000000000000000000000000":"43fdaf53ebbc9880c228617d6a9b548b" + +AES-128-ECB Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffc000":"00000000000000000000000000000000":"70c46bb30692be657f7eaa93ebad9897" + +AES-128-ECB Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffe000":"00000000000000000000000000000000":"323994cfb9da285a5d9642e1759b224a" + +AES-128-ECB Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffffff000":"00000000000000000000000000000000":"1dbf57877b7b17385c85d0b54851e371" + +AES-128-ECB Encrypt NIST KAT #13 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"ffffffffffffffc00000000000000000":"3a4d354f02bb5a5e47d39666867f246a" + +AES-128-ECB Encrypt NIST KAT #14 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"ffffffffffffffe00000000000000000":"d451b8d6e1e1a0ebb155fbbf6e7b7dc3" + +AES-128-ECB Encrypt NIST KAT #15 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"fffffffffffffff00000000000000000":"6898d4f42fa7ba6a10ac05e87b9f2080" + +AES-128-ECB Encrypt NIST KAT #16 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"ffffffffffffffffffffffffe0000000":"082eb8be35f442fb52668e16a591d1d6" + +AES-128-ECB Encrypt NIST KAT #17 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"fffffffffffffffffffffffff0000000":"e656f9ecf5fe27ec3e4a73d00c282fb3" + +AES-128-ECB Encrypt NIST KAT #18 +depends_on:MBEDTLS_AES_C +test_vec:MBEDTLS_CIPHER_ID_AES:"00000000000000000000000000000000":"fffffffffffffffffffffffff8000000":"2ca8209d63274cd9a29bb74bcd77683a" + +AES-192-ECB Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01" + +AES-192-ECB Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffffc0000000000":"15eec9ebf42b9ca76897d2cd6c5a12e2" + +AES-192-ECB Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffffe0000000000":"db0d3a6fdcc13f915e2b302ceeb70fd8" + +AES-192-ECB Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"51719783d3185a535bd75adc65071ce1":"4f354592ff7c8847d2d0870ca9481b7c" + +AES-192-ECB Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"26aa49dcfe7629a8901a69a9914e6dfd":"d5e08bf9a182e857cf40b3a36ee248cc" + +AES-192-ECB Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"000000000000000000000000000000000000000000000000":"941a4773058224e1ef66d10e0a6ee782":"067cd9d3749207791841562507fa9626" + +AES-192-ECB Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"d2926527e0aa9f37b45e2ec2ade5853ef807576104c7ace3":"00000000000000000000000000000000":"dd619e1cf204446112e0af2b9afa8f8c" + +AES-192-ECB Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"982215f4e173dfa0fcffe5d3da41c4812c7bcc8ed3540f93":"00000000000000000000000000000000":"d4f0aae13c8fe9339fbf9e69ed0ad74d" + +AES-192-ECB Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"98c6b8e01e379fbd14e61af6af891596583565f2a27d59e9":"00000000000000000000000000000000":"19c80ec4a6deb7e5ed1033dda933498f" + +AES-192-ECB Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffff800000000000000000000":"00000000000000000000000000000000":"8dd274bd0f1b58ae345d9e7233f9b8f3" + +AES-192-ECB Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffffc00000000000000000000":"00000000000000000000000000000000":"9d6bdc8f4ce5feb0f3bed2e4b9a9bb0b" + +AES-192-ECB Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"fffffffffffffffffffffffffffe00000000000000000000":"00000000000000000000000000000000":"fd5548bcf3f42565f7efa94562528d46" + +AES-256-ECB Encrypt NIST KAT #1 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd" + +AES-256-ECB Encrypt NIST KAT #2 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627":"00000000000000000000000000000000":"4307456a9e67813b452e15fa8fffe398" + +AES-256-ECB Encrypt NIST KAT #3 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f":"00000000000000000000000000000000":"4663446607354989477a5c6f0f007ef4" + +AES-256-ECB Encrypt NIST KAT #4 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"0b24af36193ce4665f2825d7b4749c98":"a9ff75bd7cf6613d3731c77c3b6d0c04" + +AES-256-ECB Encrypt NIST KAT #5 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"761c1fe41a18acf20d241650611d90f1":"623a52fcea5d443e48d9181ab32c7421" + +AES-256-ECB Encrypt NIST KAT #6 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"8a560769d605868ad80d819bdba03771":"38f2c7ae10612415d27ca190d27da8b4" + +AES-256-ECB Encrypt NIST KAT #7 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"ffffff80000000000000000000000000":"36aff0ef7bf3280772cf4cac80a0d2b2" + +AES-256-ECB Encrypt NIST KAT #8 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"ffffffc0000000000000000000000000":"1f8eedea0f62a1406d58cfc3ecea72cf" + +AES-256-ECB Encrypt NIST KAT #9 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"0000000000000000000000000000000000000000000000000000000000000000":"ffffffe0000000000000000000000000":"abf4154a3375a1d3e6b1d454438f95a6" + +AES-256-ECB Encrypt NIST KAT #10 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffffffffff8000000000000000000000000000":"00000000000000000000000000000000":"45d089c36d5c5a4efc689e3b0de10dd5" + +AES-256-ECB Encrypt NIST KAT #11 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffffffffffc000000000000000000000000000":"00000000000000000000000000000000":"b4da5df4becb5462e03a0ed00d295629" + +AES-256-ECB Encrypt NIST KAT #12 +depends_on:MBEDTLS_AES_C:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +test_vec:MBEDTLS_CIPHER_ID_AES:"ffffffffffffffffffffffffffffffffffffe000000000000000000000000000":"00000000000000000000000000000000":"dcf4e129136c1a4b7a0f38935cc34b2b" + +ARIA-128-ECB Encrypt - RFC 5794 +depends_on:MBEDTLS_ARIA_C +test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f":"00112233445566778899aabbccddeeff":"d718fbd6ab644c739da95f3be6451778" + +ARIA-192-ECB Encrypt - RFC 5794 +depends_on:MBEDTLS_ARIA_C +test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f1011121314151617":"00112233445566778899aabbccddeeff":"26449c1805dbe7aa25a468ce263a9e79" + +ARIA-256-ECB Encrypt - RFC 5794 +depends_on:MBEDTLS_ARIA_C +test_vec:MBEDTLS_CIPHER_ID_ARIA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"00112233445566778899aabbccddeeff":"f92bd7c79fb72e2f2b8f80c1972d24fc" + +Camellia-128-ECB Encrypt RFC3713 #1 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba9876543210":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43" + +Camellia-192-ECB Encrypt RFC3713 #1 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba98765432100011223344556677":"0123456789abcdeffedcba9876543210":"b4993401b3e996f84ee5cee7d79b09b9" + +Camellia-256-ECB Encrypt RFC3713 #1 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff":"0123456789abcdeffedcba9876543210":"9acc237dff16d76c20ef7c919e3a7509" + +Camellia-128-ECB Encrypt Perl EVP #1 [#1] +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F":"00112233445566778899AABBCCDDEEFF":"77CF412067AF8270613529149919546F" + +Camellia-192-ECB Encrypt Perl EVP #1 [#1] +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F1011121314151617":"00112233445566778899AABBCCDDEEFF":"B22F3C36B72D31329EEE8ADDC2906C68" + +Camellia-256-ECB Encrypt Perl EVP #1 [#1] +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"00112233445566778899AABBCCDDEEFF":"2EDF1F3418D53B88841FC8985FB1ECF2" + +Camellia-128-ECB Encrypt Perl EVP #1 [#2] +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"6BC1BEE22E409F96E93D7E117393172A":"432FC5DCD628115B7C388D770B270C96" + +Camellia-128-ECB Encrypt Perl EVP #2 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"0BE1F14023782A22E8384C5ABB7FAB2B" + +Camellia-128-ECB Encrypt Perl EVP #3 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"30C81C46A35CE411E5FBC1191A0A52EF":"A0A1ABCD1893AB6FE0FE5B65DF5F8636" + +Camellia-128-ECB Encrypt Perl EVP #4 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"2B7E151628AED2A6ABF7158809CF4F3C":"F69F2445DF4F9B17AD2B417BE66C3710":"E61925E0D5DFAA9BB29F815B3076E51A" + +Camellia-192-ECB Encrypt Perl EVP #1 [#2] +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"6BC1BEE22E409F96E93D7E117393172A":"CCCC6C4E138B45848514D48D0D3439D3" + +Camellia-192-ECB Encrypt Perl EVP #2 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"5713C62C14B2EC0F8393B6AFD6F5785A" + +Camellia-192-ECB Encrypt Perl EVP #3 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"30C81C46A35CE411E5FBC1191A0A52EF":"B40ED2B60EB54D09D030CF511FEEF366" + +Camellia-192-ECB Encrypt Perl EVP #4 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B":"F69F2445DF4F9B17AD2B417BE66C3710":"909DBD95799096748CB27357E73E1D26" + +Camellia-256-ECB Encrypt Perl EVP #1 [#2] +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"6BC1BEE22E409F96E93D7E117393172A":"BEFD219B112FA00098919CD101C9CCFA" + +Camellia-256-ECB Encrypt Perl EVP #2 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"AE2D8A571E03AC9C9EB76FAC45AF8E51":"C91D3A8F1AEA08A9386CF4B66C0169EA" + +Camellia-256-ECB Encrypt Perl EVP #3 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"30C81C46A35CE411E5FBC1191A0A52EF":"A623D711DC5F25A51BB8A80D56397D28" + +Camellia-256-ECB Encrypt Perl EVP #4 +test_vec:MBEDTLS_CIPHER_ID_CAMELLIA:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"F69F2445DF4F9B17AD2B417BE66C3710":"7960109FB6DC42947FCFE59EA3C5EB6B" + diff --git a/tests/suites/test_suite_block_cipher.function b/tests/suites/test_suite_block_cipher.function index dcafdc841..239568c34 100644 --- a/tests/suites/test_suite_block_cipher.function +++ b/tests/suites/test_suite_block_cipher.function @@ -42,7 +42,16 @@ void invalid() TEST_EQUAL(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT, mbedtls_block_cipher_setkey(&ctx, buf, 128)); + /* encrypt() before successful setup() */ + TEST_EQUAL(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT, + mbedtls_block_cipher_encrypt(&ctx, buf, buf)); + + /* free() before successful setup() + * No return value to check, but shouldn't cause memory errors. */ + mbedtls_block_cipher_free(&ctx); + /* Now properly setup the context */ + mbedtls_block_cipher_init(&ctx); TEST_EQUAL(0, mbedtls_block_cipher_setup(&ctx, VALID_CIPHER_ID)); /* Bad parameters to setkey() */ @@ -53,3 +62,33 @@ exit: mbedtls_block_cipher_free(&ctx); } /* END_CASE */ + +/* BEGIN_CASE */ +void test_vec(int cipher_id_arg, data_t *key, data_t *input, data_t *outref) +{ + mbedtls_block_cipher_context_t ctx; + mbedtls_cipher_id_t cipher_id = cipher_id_arg; + unsigned char output[BLOCK_SIZE]; + + mbedtls_block_cipher_init(&ctx); + + memset(output, 0x00, sizeof(output)); + + TEST_EQUAL(0, mbedtls_block_cipher_setup(&ctx, cipher_id)); + TEST_EQUAL(0, mbedtls_block_cipher_setkey(&ctx, key->x, 8 * key->len)); + + /* Encrypt with input != output */ + TEST_EQUAL(0, mbedtls_block_cipher_encrypt(&ctx, input->x, output)); + ASSERT_COMPARE(output, BLOCK_SIZE, outref->x, outref->len); + + /* Encrypt with input == output. + * (Also, encrypting again ensures the previous call to encrypt() + * did not change the state of the context.) */ + memcpy(output, input->x, BLOCK_SIZE); + TEST_EQUAL(0, mbedtls_block_cipher_encrypt(&ctx, output, output)); + ASSERT_COMPARE(output, BLOCK_SIZE, outref->x, outref->len); + +exit: + mbedtls_block_cipher_free(&ctx); +} +/* END_CASE */ From 5f3361c0c66dfdb92a339c1427182b8c7470883f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Nov 2023 12:24:11 +0100 Subject: [PATCH 291/430] Temporary hack to pacify check_names.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/config_adjust_legacy_crypto.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index aafd42e7a..e4f6a2760 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -22,6 +22,13 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +/* Temporary hack to pacify check_names.py. + * (GCM and CCM still hard-depend on CIPHER_C for now.) */ +#if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \ + !defined(MBEDTLS_CIPHER_C) +#define MBEDTLS_BLOCK_CIPHER_C +#endif + /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. */ From cce0012463180e56ac85ab0cdea45900b1d60fae Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 10 Nov 2023 15:36:15 +0100 Subject: [PATCH 292/430] Add documentation Explain the goals of metatests, how to write them, and how to read their output. Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 48 ++++++++++++++++++++++++++++++++++ tests/scripts/run-metatests.sh | 8 ++++++ 2 files changed, 56 insertions(+) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 5e6a15f1d..c35e9a952 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -1,6 +1,24 @@ /** \file metatest.c * * \brief Test features of the test framework. + * + * When you run this program, it runs a single "meta-test". A meta-test + * performs an operation which should be caught as a failure by our + * test framework. The meta-test passes if this program calls `exit` with + * a nonzero status, or aborts, or is terminated by a signal, or if the + * framework running the program considers the run an error (this happens + * with Valgrind for a memory leak). The non-success of the meta-test + * program means that the test failure has been caught correctly. + * + * Some failures are purely functional: the logic of the code causes the + * test result to be set to FAIL. Other failures come from extra + * instrumentation which is not present in a normal build; for example, + * Asan or Valgrind to detect memory leaks. This is reflected by the + * "platform" associated with each meta-test. + * + * Use the companion script `tests/scripts/run-metatests.sh` to run all + * the meta-tests for a given platform and validate that they trigger a + * detected failure as expected. */ /* @@ -197,11 +215,41 @@ void mutex_leak(const char *name) /****************************************************************/ typedef struct { + /** Command line argument that will trigger that metatest. + * + * Conventionally matches "[a-z0-9_]+". */ const char *name; + + /** Platform under which that metatest is valid. + * + * - "any": should work anywhere. + * - "asan": triggers ASan (Address Sanitizer). + * - "msan": triggers MSan (Memory Sanitizer). + * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS. + */ const char *platform; + + /** Function that performs the metatest. + * + * The function receives the name as an argument. This allows using the + * same function to perform multiple variants of a test based on the name. + * + * When executed on a conforming platform, the function is expected to + * either cause a test failure (mbedtls_test_fail()), or cause the + * program to abort in some way (e.g. by causing a segfault or by + * triggering a sanitizer). + * + * When executed on a non-conforming platform, the function may return + * normally or may have unpredictable behavior. + */ void (*entry_point)(const char *name); } metatest_t; +/* The list of availble meta-tests. Remember to register new functions here! + * + * Note that we always compile all the functions, so that `metatest --list` + * will always list all the available meta-tests. + */ metatest_t metatests[] = { { "test_fail", "any", meta_test_fail }, { "null_dereference", "any", null_pointer_dereference }, diff --git a/tests/scripts/run-metatests.sh b/tests/scripts/run-metatests.sh index 182bf0410..09a6f8a4f 100755 --- a/tests/scripts/run-metatests.sh +++ b/tests/scripts/run-metatests.sh @@ -6,6 +6,14 @@ Usage: $0 [OPTION] [PLATFORM]... Run all the metatests whose platform matches any of the given PLATFORM. A PLATFORM can contain shell wildcards. +Expected output: a lot of scary-looking error messages, since each +metatest is expected to report a failure. The final line should be +"Ran N metatests, all good." + +If something goes wrong: the final line should be +"Ran N metatests, X unexpected successes". Look for "Unexpected success" +in the logs above. + -l List the available metatests, don't run them. EOF } From be1e9c595142f9826218706f52181e278dace6c6 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Mon, 13 Nov 2023 09:33:33 +0100 Subject: [PATCH 293/430] Pop only when pushed. Signed-off-by: Matthias Schulz --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 793ded4b9..273d2153b 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -546,7 +546,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t return (mbedtls_ct_condition_t) (~x); } -#ifdef __GNUC__ +#if __GNUC__ > 4 /* Restore warnings for -Wredundant-decls on gcc */ #pragma GCC diagnostic pop #endif From ca8981c1eec5c5d43bca19e8011d9ba71a5cebbc Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Mon, 13 Nov 2023 10:04:19 +0100 Subject: [PATCH 294/430] Added proposed fixes Signed-off-by: Matthias Schulz --- library/constant_time_impl.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index aff48cfbb..57bb52e3d 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -120,10 +120,12 @@ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) * On Thumb 2 and Arm, both compilers are happy with the "s" suffix, * although we don't actually care about setting the flags. * - * For gcc, restore divided syntax afterwards - otherwise old versions of gcc + * For old versions of gcc excluding 4.8 and 4.9 (see #8516 for details), + * restore divided syntax afterwards - otherwise old versions of gcc * seem to apply unified syntax globally, which breaks other asm code. */ -#if !defined(__clang__) && !(__GNUC__ == 4 && __GNUC_MINOR__ == 9) +#if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__thumb__) && !defined(__thumb2__) && \ + (__GNUC__ < 11) && !((__GNUC__ == 4) && ((__GNUC_MINOR__ == 8) || (__GNUC_MINOR__ == 9))) #define RESTORE_ASM_SYNTAX ".syntax divided \n\t" #else #define RESTORE_ASM_SYNTAX From 85b746571202fcc0da643bd709b7fdcf92ce7e04 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 16:48:36 +0800 Subject: [PATCH 295/430] all.sh: block_cipher_no_decrypt: fix various issues - improve test completeness - renaming - fix typo Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5b649f6b3..1c3c9e8cc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4555,6 +4555,8 @@ helper_block_cipher_no_decrypt_build_test () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o + # Make sure we don't have mbedtls_aesni_inverse_key in AESNI + not grep mbedtls_aesni_inverse_key library/aesni.o msg "test: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" make test @@ -4592,7 +4594,7 @@ common_block_cipher_no_decrypt () { -l "-m32" } -component_test_block_cipher_no_decrypt_aesni_legacy () { +component_test_block_cipher_no_decrypt_aesni () { # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC @@ -4667,7 +4669,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { not grep mbedtls_camellia_setkey_dec library/camellia.o # Make sure we don't have mbedtls_internal_aes_decrypt in AES not grep mbedtls_internal_aes_decrypt library/aes.o - # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in aesce + # Make sure we don't have mbedtls_aesce_inverse_key and aesce_decrypt_block in AESCE not grep mbedtls_aesce_inverse_key library/aesce.o not grep aesce_decrypt_block library/aesce.o } From b2d6e527587419e26dd23345aa93280811c40ecc Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 16:57:47 +0800 Subject: [PATCH 296/430] all.sh: block_cipher_no_decrypt: simplify code Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1c3c9e8cc..896a7d973 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4536,14 +4536,8 @@ helper_block_cipher_no_decrypt_build_test () { cflags="${cflags:-}" ldflags="${ldflags:-}" - for opt in $set_opts; do - echo "Enabling $opt" - scripts/config.py set $opt - done - for opt in $unset_opts; do - echo "Disabling $opt" - scripts/config.py unset $opt - done + [ -n "$set_opts" ] && echo "Enabling: $set_opts" && scripts/config.py set-all $set_opts + [ -n "$unset_opts" ] && echo "Disabling: $unset_opts" && scripts/config.py unset-all $unset_opts msg "build: default config + BLOCK_CIPHER_NO_DECRYPT${set_opts:+ + $set_opts}${unset_opts:+ - $unset_opts} with $cflags${ldflags:+, $ldflags}" make clean From 07e663de5eac0536387b88c0d5f2406f76172a7e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 17:15:39 +0800 Subject: [PATCH 297/430] all.sh: block_cipher_no_decrypt: clean up cflags Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 896a7d973..ddd644b8f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4525,7 +4525,7 @@ helper_block_cipher_no_decrypt_build_test () { -u) shift; local unset_opts="$1";; -c) - shift; local cflags="$1";; + shift; local cflags="-Werror -Wall -Wextra $1";; -l) shift; local ldflags="$1";; esac @@ -4569,22 +4569,21 @@ common_block_cipher_no_decrypt () { # test AESNI intrinsics helper_block_cipher_no_decrypt_build_test \ -s "MBEDTLS_AESNI_C" \ - -c "-Werror -Wall -Wextra -mpclmul -msse2 -maes" + -c "-mpclmul -msse2 -maes" # test AESNI assembly helper_block_cipher_no_decrypt_build_test \ -s "MBEDTLS_AESNI_C" \ - -c "-Werror -Wall -Wextra -mno-pclmul -mno-sse2 -mno-aes" + -c "-mno-pclmul -mno-sse2 -mno-aes" # test AES C implementation helper_block_cipher_no_decrypt_build_test \ - -u "MBEDTLS_AESNI_C" \ - -c "-Werror -Wall -Wextra" + -u "MBEDTLS_AESNI_C" # test AESNI intrinsics for i386 target helper_block_cipher_no_decrypt_build_test \ -s "MBEDTLS_AESNI_C" \ - -c "-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes" \ + -c "-m32 -mpclmul -msse2 -maes" \ -l "-m32" } From 3ae1199788c29f56ce1dc48e44aae2c0e6a190e9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 17:32:09 +0800 Subject: [PATCH 298/430] all.sh: add config_block_cipher_no_decrypt to simplify code Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 52 ++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 31 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ddd644b8f..0f653fed1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4587,33 +4587,36 @@ common_block_cipher_no_decrypt () { -l "-m32" } -component_test_block_cipher_no_decrypt_aesni () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs +# This is a configuration function used in component_test_block_cipher_no_decrypt_xxx: +# usage: 0: no PSA crypto configuration +# 1: use PSA crypto configuration +config_block_cipher_no_decrypt () { + use_psa=$1 + scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C scripts/config.py unset MBEDTLS_NIST_KW_C + if [ "$use_psa" -eq 1 ]; then + # Enable support for cryptographic mechanisms through the PSA API. + # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + fi +} + +component_test_block_cipher_no_decrypt_aesni () { + config_block_cipher_no_decrypt 0 common_block_cipher_no_decrypt } component_test_block_cipher_no_decrypt_aesni_use_psa () { - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES - + config_block_cipher_no_decrypt 1 common_block_cipher_no_decrypt } @@ -4636,20 +4639,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT scripts/config.py set MBEDTLS_HAVE_ASM - # enable BLOCK_CIPHER_NO_DECRYPT and disable its incompatible configs - scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS - scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_NIST_KW_C - - # Enable support for cryptographic mechanisms through the PSA API. - # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS. - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES + config_block_cipher_no_decrypt 1 # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C From 19583e44ed9200b35443b2e48da69bca19abec27 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 13 Nov 2023 17:39:32 +0800 Subject: [PATCH 299/430] psa_information: improve code readability Signed-off-by: Yanray Wang --- scripts/mbedtls_dev/psa_information.py | 4 ++-- tests/scripts/generate_psa_tests.py | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index 2287ae13e..ea8c12341 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -112,12 +112,12 @@ ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT'] DEPENDENCY_FROM_DESCRIPTION = OrderedDict() DEPENDENCY_FROM_DESCRIPTION[AES_128BIT_ONLY_DEP_REGEX] = AES_128BIT_ONLY_DEP DEPENDENCY_FROM_DESCRIPTION[ECB_NO_PADDING_DEP_REGEX] = ECB_NO_PADDING_DEP -def generate_description_dependencies( - dep_list: List[str], +def generate_deps_from_description( description: str ) -> List[str]: """Return additional dependencies based on test case description and REGEX. """ + dep_list = [] for regex, deps in DEPENDENCY_FROM_DESCRIPTION.items(): if re.search(regex, description): dep_list += deps diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 04c36f7f9..a6683f51d 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -508,8 +508,7 @@ class StorageFormat: key.alg.string, key.alg2.string, ) dependencies = psa_information.finish_family_dependencies(dependencies, key.bits) - dependencies = psa_information.generate_description_dependencies(dependencies, - key.description) + dependencies += psa_information.generate_deps_from_description(key.description) dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC') tc.set_dependencies(dependencies) tc.set_function('key_storage_' + verb) From c7473068487cf5763980a7396d05cc788031ce90 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:51:52 +0100 Subject: [PATCH 300/430] all.sh: remove redundant make in test_psa_crypto_config_accel_cipher_aead() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 09c981915..07e0e4983 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3687,8 +3687,6 @@ component_test_psa_crypto_config_accel_cipher_aead () { not grep mbedtls_chachapoly library/chachapoly.o not grep mbedtls_cmac library/cmac.o - make - # Run the tests # ------------- From 34d6a5c3df89b5d8c53272470b7287d85aaff575 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 13 Nov 2023 09:52:12 +0000 Subject: [PATCH 301/430] Move enum definition to satisfy `check_names.py` Signed-off-by: Ryan Everett --- library/psa_crypto_core.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 700e0fef6..46c57755e 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -33,16 +33,18 @@ */ int psa_can_do_hash(psa_algorithm_t hash_alg); +typedef enum { + PSA_SLOT_EMPTY = 0, + PSA_SLOT_OCCUPIED, +} psa_key_slot_status_t; + /** The data structure representing a key slot, containing key material * and metadata for one key. */ typedef struct { psa_core_key_attributes_t attr; - enum { - PSA_SLOT_EMPTY = 0, - PSA_SLOT_OCCUPIED, - } status; + psa_key_slot_status_t status; /* * Number of locks on the key slot held by the library. From 04c85e146c5c9bcffcd7020239809115f5a4b4e0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 Nov 2023 10:54:05 +0100 Subject: [PATCH 302/430] ssl-opt: fix wrong CCM dependencies with GCM Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5879b255a..9f00cc4f5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3996,7 +3996,7 @@ run_test "Session resume using tickets: CAMELLIA-256-CCM" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_cipher_enabled "ARIA" "CCM" +requires_cipher_enabled "ARIA" "GCM" run_test "Session resume using tickets: ARIA-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4011,7 +4011,7 @@ run_test "Session resume using tickets: ARIA-128-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_cipher_enabled "ARIA" "CCM" +requires_cipher_enabled "ARIA" "GCM" run_test "Session resume using tickets: ARIA-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4026,7 +4026,7 @@ run_test "Session resume using tickets: ARIA-192-GCM" \ -s "a session has been resumed" \ -c "a session has been resumed" -requires_cipher_enabled "ARIA" "CCM" +requires_cipher_enabled "ARIA" "GCM" run_test "Session resume using tickets: ARIA-256-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ From 35842f52f2b6eb0245cb246c841bcb63d69d918e Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Mon, 13 Nov 2023 13:57:05 +0100 Subject: [PATCH 303/430] Simplified check. Signed-off-by: Matthias Schulz --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 57bb52e3d..cd93767c6 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -125,7 +125,7 @@ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) * seem to apply unified syntax globally, which breaks other asm code. */ #if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__thumb__) && !defined(__thumb2__) && \ - (__GNUC__ < 11) && !((__GNUC__ == 4) && ((__GNUC_MINOR__ == 8) || (__GNUC_MINOR__ == 9))) + (__GNUC__ < 11) && !defined(__ARM_ARCH_2__) #define RESTORE_ASM_SYNTAX ".syntax divided \n\t" #else #define RESTORE_ASM_SYNTAX From e94525bd176de9384dbe7b5229a94b029011b334 Mon Sep 17 00:00:00 2001 From: Matthias Schulz Date: Mon, 13 Nov 2023 14:01:02 +0100 Subject: [PATCH 304/430] Updated comments. Signed-off-by: Matthias Schulz --- library/constant_time_impl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index cd93767c6..18a967b52 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -120,9 +120,9 @@ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) * On Thumb 2 and Arm, both compilers are happy with the "s" suffix, * although we don't actually care about setting the flags. * - * For old versions of gcc excluding 4.8 and 4.9 (see #8516 for details), - * restore divided syntax afterwards - otherwise old versions of gcc - * seem to apply unified syntax globally, which breaks other asm code. + * For old versions of gcc (see #8516 for details), restore divided + * syntax afterwards - otherwise old versions of gcc seem to apply + * unified syntax globally, which breaks other asm code. */ #if defined(MBEDTLS_COMPILER_IS_GCC) && defined(__thumb__) && !defined(__thumb2__) && \ (__GNUC__ < 11) && !defined(__ARM_ARCH_2__) From c43479103a3b8a8841000157944f0e090744d448 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 14 Nov 2023 10:10:49 +0800 Subject: [PATCH 305/430] aesce: fix unused parameter Signed-off-by: Yanray Wang --- library/aesce.c | 2 ++ tests/scripts/all.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/library/aesce.c b/library/aesce.c index 9a82731f0..b78656397 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -248,6 +248,8 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, if (mode == MBEDTLS_AES_DECRYPT) { block = aesce_decrypt_block(block, keys, ctx->nr); } else +#else + (void) mode; #endif { block = aesce_encrypt_block(block, keys, ctx->nr); diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0f653fed1..db5f29bf6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4644,7 +4644,7 @@ component_test_block_cipher_no_decrypt_aesce_armcc () { # test AESCE baremetal build scripts/config.py set MBEDTLS_AESCE_C msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE" - armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto" + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra" # Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA not grep mbedtls_aes_setkey_dec library/aes.o From 3f80ffb9ff89439cbed08169ed174476247fe110 Mon Sep 17 00:00:00 2001 From: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com> Date: Tue, 14 Nov 2023 16:35:45 +0100 Subject: [PATCH 306/430] Update library/constant_time_impl.h Co-authored-by: Dave Rodgman Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com> --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 273d2153b..821e7cffa 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -31,7 +31,7 @@ * Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled * at the bottom of this file. */ -#if __GNUC__ > 4 +#if defined(MBEDTLS_COMPILER_IS_GCC) && (__GNUC__ > 4) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wredundant-decls" #endif From 90c8c3235b588dfe711916bc77cfd03440e71f5e Mon Sep 17 00:00:00 2001 From: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com> Date: Tue, 14 Nov 2023 16:35:50 +0100 Subject: [PATCH 307/430] Update library/constant_time_impl.h Co-authored-by: Dave Rodgman Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com> --- library/constant_time_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 821e7cffa..08b2f6df1 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -546,7 +546,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t return (mbedtls_ct_condition_t) (~x); } -#if __GNUC__ > 4 +#if defined(MBEDTLS_COMPILER_IS_GCC) && (__GNUC__ > 4) /* Restore warnings for -Wredundant-decls on gcc */ #pragma GCC diagnostic pop #endif From 6c485dad44d66d15db34d233db8ea5a96de1198c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 10:18:47 +0800 Subject: [PATCH 308/430] improve document Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ad5fbc57a..8e187dd49 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1253,7 +1253,7 @@ struct mbedtls_ssl_session { #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_EARLY_DATA) - uint32_t MBEDTLS_PRIVATE(max_early_data_size); /*!< max_early_data_size of ticket */ + uint32_t MBEDTLS_PRIVATE(max_early_data_size); /*!< maximum amount of early data in tickets */ #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -2042,6 +2042,10 @@ void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf, * * \warning This interface is experimental and may change without notice. * + * \warning This interface DOES NOT influence/limit the amount of early data + * that can be received with tickets that were previously created and + * emitted and that clients may have stored. + * */ void mbedtls_ssl_tls13_conf_max_early_data_size( mbedtls_ssl_config *conf, uint32_t max_early_data_size); From fedaeb21b34b21adb8ae8818d758d3c706e3a4ea Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 13:59:07 +0800 Subject: [PATCH 309/430] improve document Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8e187dd49..07a74a490 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2043,8 +2043,8 @@ void mbedtls_ssl_tls13_conf_early_data(mbedtls_ssl_config *conf, * \warning This interface is experimental and may change without notice. * * \warning This interface DOES NOT influence/limit the amount of early data - * that can be received with tickets that were previously created and - * emitted and that clients may have stored. + * that can be received through previously created and issued tickets, + * which clients may have stored. * */ void mbedtls_ssl_tls13_conf_max_early_data_size( From cab5eff98cf8e1c1e201c99951f67ecae511416d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 Nov 2023 10:23:52 +0100 Subject: [PATCH 310/430] adjust_config_synonyms: make CCM and CCM* indipendent Signed-off-by: Valerio Setti --- include/psa/crypto_adjust_config_synonyms.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h index cf33465b5..332b622c9 100644 --- a/include/psa/crypto_adjust_config_synonyms.h +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -24,12 +24,6 @@ #define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA #endif -#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM) -#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG -#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM) -#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM -#endif - #if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW #elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) From c2d68f56118ce06debd8ad2e560ec7216f4c7bd5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 Nov 2023 10:36:55 +0100 Subject: [PATCH 311/430] adjust_legacy_from_psa: treat CCM and CCM* separately Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_from_psa.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 6356bddc1..ba623a8bc 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -847,6 +847,15 @@ defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 +#define MBEDTLS_CCM_C +#endif +#endif /* PSA_WANT_ALG_CCM */ + +#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) #define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 #define MBEDTLS_CCM_C #endif From bdfecb6a83ada71ad2f7846745f0216284c8c969 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 Nov 2023 15:37:20 +0100 Subject: [PATCH 312/430] all.sh: add test components for no-CCM and no-CCM* The idea is to show that there is no more any dependency between the two symbols: - component_test_full_no_ccm() keeps ALG_CCM_STAR_NO_TAG enabled, disables ALG_CCM and ensures that the latter does not get re-enabled accidentally - test_full_no_ccm_star_no_tag() keeps ALG_CCM enabled and disables ALG_CCM_STAR_NO_TAG and ensures that the latter does not get re-enabled accidentally Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 51 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index cba98c551..9f5712e7a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1632,6 +1632,57 @@ component_test_full_no_cipher_with_crypto_config() { common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER" } +component_test_full_no_ccm() { + msg "build: full no PSA_WANT_ALG_CCM" + + # Full config enables: + # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA + # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated + scripts/config.py full + + # Disable PSA_WANT_ALG_CCM so that CCM is not supported in PSA. CCM_C is still + # enabled, but not used from TLS since USE_PSA is set. + # This is helpful to ensure that TLS tests below have proper dependencies. + # + # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause + # PSA_WANT_ALG_CCM to be re-enabled. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM + + make tests + + msg "test: full no PSA_WANT_ALG_CCM" + ( cd tests; ./test_suite_ssl ) +} + +component_test_full_no_ccm_star_no_tag() { + msg "build: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" + + # Full config enables CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated + scripts/config.py full + + # Disable CCM_STAR_NO_TAG, which is the target of this test, as well as all + # other components that enable MBEDTLS_PSA_BUILTIN_CIPHER internal symbol. + # This basically disables all unauthenticated ciphers on the PSA side, while + # keeping AEADs enabled. + # + # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause + # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + + make tests + + # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled + msg "verify: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" + not grep mbedtls_psa_cipher library/psa_crypto_cipher.o +} + component_test_full_no_bignum () { msg "build: full minus bignum" scripts/config.py full From 51d5b196a1d98ed5f4de93145c93b5d1471b9be5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 10:56:54 +0100 Subject: [PATCH 313/430] all.sh: accelerate also CCM* in test_psa_crypto_config_accel_cipher_aead Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9f5712e7a..b18dd494b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3756,7 +3756,7 @@ component_test_psa_crypto_config_accel_cipher_aead () { msg "build: crypto config with accelerated cipher and AEAD" loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ - ALG_OFB ALG_XTS ALG_STREAM_CIPHER \ + ALG_OFB ALG_XTS ALG_STREAM_CIPHER ALG_CCM_STAR_NO_TAG \ ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 ALG_CMAC \ KEY_TYPE_DES KEY_TYPE_AES KEY_TYPE_ARIA KEY_TYPE_CHACHA20 KEY_TYPE_CAMELLIA" From a765eaa33e6e35bc24aa45f8082aded641ceddfa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 11:09:42 +0100 Subject: [PATCH 314/430] test_driver_extension: fix acceleration support for CCM and CCM* Signed-off-by: Valerio Setti --- .../test/drivers/crypto_config_test_driver_extension.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 5ee949ab8..768a9a69f 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -537,6 +537,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG) +#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG +#else +#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG 1 +#endif +#endif + #if defined(PSA_WANT_ALG_CBC_MAC) #if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) #undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC From a56eb46ce6b49e6a33fefb148f1c4ab707ada265 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 11:30:15 +0100 Subject: [PATCH 315/430] adjust_legacy_from_psa: fix comment Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_from_psa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index ba623a8bc..bf87c364e 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -859,7 +859,7 @@ #define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 #define MBEDTLS_CCM_C #endif -#endif /* PSA_WANT_ALG_CCM */ +#endif /* PSA_WANT_ALG_CCM_STAR_NO_TAG */ #if defined(PSA_WANT_ALG_GCM) #if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \ From ff2b06a23597b17da4f669fbe604fa8f4776249b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 12:35:36 +0100 Subject: [PATCH 316/430] all.sh: improve components for without CCM/CCM* Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b18dd494b..38c069867 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1648,10 +1648,10 @@ component_test_full_no_ccm() { # PSA_WANT_ALG_CCM to be re-enabled. scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM - make tests + make msg "test: full no PSA_WANT_ALG_CCM" - ( cd tests; ./test_suite_ssl ) + make test } component_test_full_no_ccm_star_no_tag() { @@ -1676,11 +1676,13 @@ component_test_full_no_ccm_star_no_tag() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 - make tests + make # Ensure MBEDTLS_PSA_BUILTIN_CIPHER was not enabled - msg "verify: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" not grep mbedtls_psa_cipher library/psa_crypto_cipher.o + + msg "test: full no PSA_WANT_ALG_CCM_STAR_NO_TAG" + make test } component_test_full_no_bignum () { From a4b60593c17aa01e7857cc6b8675d39e39e810a2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 12:36:02 +0100 Subject: [PATCH 317/430] psa_exercise_key: replace legacy symbols with PSA_WANT ones Signed-off-by: Valerio Setti --- tests/include/test/psa_exercise_key.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 0f3ee3db6..bd523d126 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -46,11 +46,11 @@ * * For simplicity's sake, stick to block ciphers with 16-byte blocks. */ -#if defined(MBEDTLS_AES_C) +#if defined(PSA_WANT_KEY_TYPE_AES) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES -#elif defined(MBEDTLS_ARIA_C) +#elif defined(PSA_WANT_KEY_TYPE_ARIA) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA -#elif defined(MBEDTLS_CAMELLIA_C) +#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA #undef KNOWN_SUPPORTED_BLOCK_CIPHER #endif @@ -81,13 +81,13 @@ * * This is used in some smoke tests. */ -#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CTR) +#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CBC) +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_CFB) +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB -#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CIPHER_MODE_OFB) +#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB) #define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB #else #undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG From 951faf6e7b1437e9015512d950773f2135a6a890 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 12:59:12 +0100 Subject: [PATCH 318/430] ChangeLog: add change log for CCM/CCM* coupling removal Signed-off-by: Valerio Setti --- ChangeLog.d/8482.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/8482.txt diff --git a/ChangeLog.d/8482.txt b/ChangeLog.d/8482.txt new file mode 100644 index 000000000..623d2e3c9 --- /dev/null +++ b/ChangeLog.d/8482.txt @@ -0,0 +1,6 @@ +Default behavior changes + * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and + they are now treated separately. This means that they should be + individually enabled in order to enable relative support; also the + corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case + acceleration is required. From a50b89ebab26ed826884d700c65faea3c4e8bddf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Nov 2023 15:58:47 +0100 Subject: [PATCH 319/430] all.sh: disable CCM_STAR_NO_TAG in test_psa_crypto_config_accel_aead() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 38c069867..5e150f2e0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3713,6 +3713,9 @@ component_test_psa_crypto_config_accel_aead () { scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Disable CCM_STAR_NO_TAG because this re-enables CCM_C. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG + # Build # ----- From 4809057ddf6c9aa863dc6d1da79a6ab3e633318d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 11:25:57 +0100 Subject: [PATCH 320/430] changelog: use better wording and modify changelog section Signed-off-by: Valerio Setti --- ChangeLog.d/8482.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/8482.txt b/ChangeLog.d/8482.txt index 623d2e3c9..a39223299 100644 --- a/ChangeLog.d/8482.txt +++ b/ChangeLog.d/8482.txt @@ -1,6 +1,6 @@ -Default behavior changes +Changes * PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG are no more synonyms and they are now treated separately. This means that they should be - individually enabled in order to enable relative support; also the + individually enabled in order to enable respective support; also the corresponding MBEDTLS_PSA_ACCEL symbol should be defined in case acceleration is required. From 5e378d70e61a13b1801389c34b27d0fe4e5d115f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 11:28:28 +0100 Subject: [PATCH 321/430] ssl_misc: remove DES from the list of key types supporting CBC Signed-off-by: Valerio Setti --- library/ssl_misc.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4ddd9c4bb..8482ee151 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -255,8 +255,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #if defined(MBEDTLS_SSL_HAVE_CBC) && \ (defined(MBEDTLS_SSL_HAVE_AES) || \ defined(MBEDTLS_SSL_HAVE_CAMELLIA) || \ - defined(MBEDTLS_SSL_HAVE_ARIA) || \ - defined(MBEDTLS_DES_C)) + defined(MBEDTLS_SSL_HAVE_ARIA)) #define MBEDTLS_SSL_SOME_SUITES_USE_CBC #endif From 776981ba422d5cf82fa012ffe97d2c4eb2bd9aee Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 Nov 2023 11:32:47 +0100 Subject: [PATCH 322/430] psa_exercise_key: add missing #else for KNOWN_SUPPORTED_BLOCK_CIPHER Signed-off-by: Valerio Setti --- tests/include/test/psa_exercise_key.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index bd523d126..a658d1773 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -52,6 +52,7 @@ #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA #elif defined(PSA_WANT_KEY_TYPE_CAMELLIA) #define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA +#else #undef KNOWN_SUPPORTED_BLOCK_CIPHER #endif From f561ed8b3a08b5f1e9521b4eb707521918b21802 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 14 Nov 2023 17:33:32 +0800 Subject: [PATCH 323/430] all.sh: enable compat.sh testing in psa_crypto_config_[accel/reference]_cipher_aead Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index cba98c551..a4f909dd6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3761,6 +3761,9 @@ component_test_psa_crypto_config_accel_cipher_aead () { msg "ssl-opt: crypto config with accelerated cipher and AEAD" tests/ssl-opt.sh + + msg "compat.sh: crypto config with accelerated cipher and AEAD" + tests/compat.sh -V NO -p mbedTLS } component_test_psa_crypto_config_reference_cipher_aead () { @@ -3774,6 +3777,9 @@ component_test_psa_crypto_config_reference_cipher_aead () { msg "ssl-opt: crypto config with non-accelerated cipher and AEAD" tests/ssl-opt.sh + + msg "compat.sh: crypto config with non-accelerated cipher and AEAD" + tests/compat.sh -V NO -p mbedTLS } component_test_aead_chachapoly_disabled() { From 799befd58e951d1444d311c00e57b5a6f3d71672 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 15 Nov 2023 11:04:08 +0100 Subject: [PATCH 324/430] Update to TEST_EQUAL macros for easier debuggability Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 083d0d630..a334fe832 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -34,13 +34,13 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result) res = mbedtls_pk_parse_keyfile(&ctx, key_file, pwd, mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(res == result); + TEST_EQUAL(res, result); if (res == 0) { mbedtls_rsa_context *rsa; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); - TEST_ASSERT(mbedtls_rsa_check_privkey(rsa) == 0); + TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); } exit: @@ -61,13 +61,13 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result) res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); - TEST_ASSERT(res == result); + TEST_EQUAL(res, result); if (res == 0) { mbedtls_rsa_context *rsa; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); - TEST_ASSERT(mbedtls_rsa_check_pubkey(rsa) == 0); + TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); } exit: @@ -87,7 +87,7 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); - TEST_ASSERT(res == result); + TEST_EQUAL(res, result); if (res == 0) { TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); @@ -98,7 +98,7 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) #else const mbedtls_ecp_keypair *eckey; eckey = mbedtls_pk_ec_ro(ctx); - TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0); + TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0); #endif } @@ -120,13 +120,13 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) res = mbedtls_pk_parse_keyfile(&ctx, key_file, password, mbedtls_test_rnd_std_rand, NULL); - TEST_ASSERT(res == result); + TEST_EQUAL(res, result); if (res == 0) { TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); #if defined(MBEDTLS_ECP_C) const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); - TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0); + TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0); #else /* PSA keys are already checked on import so nothing to do here. */ #endif From 4ebccc03969f81c37d1c509c46350d05b2cd4b11 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 15 Nov 2023 11:04:30 +0100 Subject: [PATCH 325/430] Update PSA init for md-ligt Also initialize PSA in builds where hashes are PSA-only, for the sake of encrypted keys (otherwise PBKDF fails). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index a334fe832..43dcea5f8 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -115,7 +115,7 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) int res; mbedtls_pk_init(&ctx); - USE_PSA_INIT(); + MD_PSA_INIT(); res = mbedtls_pk_parse_keyfile(&ctx, key_file, password, mbedtls_test_rnd_std_rand, NULL); @@ -134,7 +134,7 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) exit: mbedtls_pk_free(&ctx); - USE_PSA_DONE(); + MD_PSA_DONE(); } /* END_CASE */ From e7fc8a232fd34ec6fd74ffb93a1d200307ba9588 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 15 Nov 2023 16:56:26 +0100 Subject: [PATCH 326/430] Readability improvement Signed-off-by: Gilles Peskine --- tests/scripts/run-metatests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/run-metatests.sh b/tests/scripts/run-metatests.sh index 09a6f8a4f..22a302c62 100755 --- a/tests/scripts/run-metatests.sh +++ b/tests/scripts/run-metatests.sh @@ -46,7 +46,7 @@ shift $((OPTIND - 1)) list_matches () { while read name platform junk; do - for pattern; do + for pattern in "$@"; do case $platform in $pattern) echo "$name"; break;; esac From c5d4c46983e430a03c755fa560c094616ce67f50 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 15 Nov 2023 14:20:07 +0800 Subject: [PATCH 327/430] Add missing PSA init EC might be supported through PSA, so use `MD_OR_USE_PSA_INIT` in pk_parse_{public_}keyfile_ec. Signed-off-by: Pengyu Lv --- tests/suites/test_suite_pkparse.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 43dcea5f8..d416b8724 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -83,7 +83,7 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) int res; mbedtls_pk_init(&ctx); - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); res = mbedtls_pk_parse_public_keyfile(&ctx, key_file); @@ -104,7 +104,7 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -115,7 +115,7 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) int res; mbedtls_pk_init(&ctx); - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); res = mbedtls_pk_parse_keyfile(&ctx, key_file, password, mbedtls_test_rnd_std_rand, NULL); @@ -134,7 +134,7 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ From 1a369d68aadfc50c2fe27b29d81ae6c51e97224a Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Nov 2023 15:17:31 +0800 Subject: [PATCH 328/430] ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa Signed-off-by: Yanray Wang --- library/ssl_tls.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4751d3418..2632574a7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2698,131 +2698,181 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type size_t *key_size) { switch (mbedtls_cipher_type) { +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CBC) case MBEDTLS_CIPHER_AES_128_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_AES; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_AES_128_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_AES; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_AES_128_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_AES; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_AES_192_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_AES; *key_size = 192; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_AES_192_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_AES; *key_size = 192; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CBC) case MBEDTLS_CIPHER_AES_256_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_AES; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_AES_256_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_AES; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_AES_256_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_AES; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CBC) case MBEDTLS_CIPHER_ARIA_128_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_ARIA_128_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_ARIA_128_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_ARIA_192_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 192; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_ARIA_192_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 192; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CBC) case MBEDTLS_CIPHER_ARIA_256_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_ARIA_256_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_ARIA) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_ARIA_256_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_ARIA; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CBC) case MBEDTLS_CIPHER_CAMELLIA_128_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_CAMELLIA_128_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_CAMELLIA_128_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 128; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_CAMELLIA_192_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 192; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_CAMELLIA_192_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 192; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CBC) case MBEDTLS_CIPHER_CAMELLIA_256_CBC: *alg = PSA_ALG_CBC_NO_PADDING; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_CCM) case MBEDTLS_CIPHER_CAMELLIA_256_CCM: *alg = taglen ? PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen) : PSA_ALG_CCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CAMELLIA) && defined(MBEDTLS_SSL_HAVE_GCM) case MBEDTLS_CIPHER_CAMELLIA_256_GCM: *alg = PSA_ALG_GCM; *key_type = PSA_KEY_TYPE_CAMELLIA; *key_size = 256; break; +#endif +#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) case MBEDTLS_CIPHER_CHACHA20_POLY1305: *alg = PSA_ALG_CHACHA20_POLY1305; *key_type = PSA_KEY_TYPE_CHACHA20; *key_size = 256; break; +#endif case MBEDTLS_CIPHER_NULL: *alg = MBEDTLS_SSL_NULL_CIPHER; *key_type = 0; From 59de2ae6de5a36335ab62a020d78cff9e81a8ccc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Nov 2023 08:20:27 +0100 Subject: [PATCH 329/430] all.sh: re-enable CCM/GCM in test_full_no_cipher() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index dba8e7865..21cc3b10e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1538,9 +1538,7 @@ component_test_full_no_cipher () { # (currently ignored anyway because we completely disable PSA) scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG # Disable features that depend on CIPHER_C - scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_GCM_C scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -1553,7 +1551,6 @@ component_test_full_no_cipher () { scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_LMS_C scripts/config.py unset MBEDTLS_LMS_PRIVATE - make CFLAGS='-DMBEDTLS_BLOCK_CIPHER_C' msg "test: full no CIPHER no PSA_CRYPTO_C" make test From 4ed8691f6d1e86de4716e36711f5ad35855bfc75 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Nov 2023 15:20:56 +0800 Subject: [PATCH 330/430] ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h Signed-off-by: Yanray Wang --- include/mbedtls/config_adjust_legacy_crypto.h | 20 +++++++++++++++++++ include/mbedtls/ssl.h | 20 ------------------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index e4f6a2760..c60e1e32c 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -311,6 +311,26 @@ #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY #endif +/* Some internal helpers to determine which keys are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_SSL_HAVE_AES +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) +#define MBEDTLS_SSL_HAVE_ARIA +#endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) +#define MBEDTLS_SSL_HAVE_CAMELLIA +#endif + +/* Some internal helpers to determine which operation modes are availble. */ +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) +#define MBEDTLS_SSL_HAVE_CBC +#endif + #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) #define MBEDTLS_SSL_HAVE_GCM diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 30b868512..57390c168 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -600,26 +600,6 @@ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 -/* Some internal helpers to determine which keys are availble. */ -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) -#define MBEDTLS_SSL_HAVE_AES -#endif -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CAMELLIA_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_CAMELLIA)) -#define MBEDTLS_SSL_HAVE_CAMELLIA -#endif -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ARIA_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ARIA)) -#define MBEDTLS_SSL_HAVE_ARIA -#endif - -/* Some internal helpers to determine which operation modes are availble. */ -#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CIPHER_MODE_CBC)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CBC_NO_PADDING)) -#define MBEDTLS_SSL_HAVE_CBC -#endif - /* * Size defines */ From 7afd9a466310bac6b3effa19fcab5535f3acd614 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 16 Nov 2023 17:55:25 +0800 Subject: [PATCH 331/430] Change the test messages We are now testing driver-only cipher+aead with full config. Signed-off-by: Pengyu Lv --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a4f909dd6..8df3df83c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3702,7 +3702,7 @@ common_psa_crypto_config_accel_cipher_aead() { # are meant to be used together in analyze_outcomes.py script in order to test # driver's coverage for ciphers and AEADs. component_test_psa_crypto_config_accel_cipher_aead () { - msg "build: crypto config with accelerated cipher and AEAD" + msg "build: full config with accelerated cipher and AEAD" loc_accel_list="ALG_ECB_NO_PADDING ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB \ ALG_OFB ALG_XTS ALG_STREAM_CIPHER \ @@ -3756,29 +3756,29 @@ component_test_psa_crypto_config_accel_cipher_aead () { # Run the tests # ------------- - msg "test: crypto config with accelerated cipher and AEAD" + msg "test: full config with accelerated cipher and AEAD" make test - msg "ssl-opt: crypto config with accelerated cipher and AEAD" + msg "ssl-opt: full config with accelerated cipher and AEAD" tests/ssl-opt.sh - msg "compat.sh: crypto config with accelerated cipher and AEAD" + msg "compat.sh: full config with accelerated cipher and AEAD" tests/compat.sh -V NO -p mbedTLS } component_test_psa_crypto_config_reference_cipher_aead () { - msg "build: crypto config with non-accelerated cipher and AEAD" + msg "build: full config with non-accelerated cipher and AEAD" common_psa_crypto_config_accel_cipher_aead make - msg "test: crypto config with non-accelerated cipher and AEAD" + msg "test: full config with non-accelerated cipher and AEAD" make test - msg "ssl-opt: crypto config with non-accelerated cipher and AEAD" + msg "ssl-opt: full config with non-accelerated cipher and AEAD" tests/ssl-opt.sh - msg "compat.sh: crypto config with non-accelerated cipher and AEAD" + msg "compat.sh: full config with non-accelerated cipher and AEAD" tests/compat.sh -V NO -p mbedTLS } From dbfd6a9f62b15917249115575abe62919051b26a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Nov 2023 08:21:14 +0100 Subject: [PATCH 332/430] adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index e4f6a2760..edb1057c6 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -22,8 +22,8 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H -/* Temporary hack to pacify check_names.py. - * (GCM and CCM still hard-depend on CIPHER_C for now.) */ +/* GCM_C and CCM_C can either depend on (in order of preference) CIPHER_C or + * BLOCK_CIPHER_C. If the former is not defined, auto-enable the latter. */ #if (defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)) && \ !defined(MBEDTLS_CIPHER_C) #define MBEDTLS_BLOCK_CIPHER_C From 8db46e4ee10f7d95d4795a0c73aa7668a2d5ec75 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Nov 2023 08:22:04 +0100 Subject: [PATCH 333/430] check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C or BLOCK_CIPHER_C and the latter is auto-enabled in case the former is not enabled. As a consequence there is no need to enforce the dependency on CIPHER_C. Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 951db314e..7070dad7b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -306,19 +306,11 @@ #error "MBEDTLS_CCM_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C) -#error "MBEDTLS_CCM_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_GCM_C) && ( \ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) #error "MBEDTLS_GCM_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C) -#error "MBEDTLS_GCM_C defined, but not all prerequisites" -#endif - #if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C) #error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites" #endif From 19e4dc8df7904d8c65a146bc262720b855ac0c4c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 16 Nov 2023 18:02:05 +0800 Subject: [PATCH 334/430] tls: fix unused parameter in mbedtls_ssl_cipher_to_psa Signed-off-by: Yanray Wang --- library/ssl_tls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2632574a7..1a3fd7106 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2697,6 +2697,9 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type psa_key_type_t *key_type, size_t *key_size) { +#if !defined(MBEDTLS_SSL_HAVE_CCM) + (void) taglen; +#endif switch (mbedtls_cipher_type) { #if defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_CBC) case MBEDTLS_CIPHER_AES_128_CBC: From 9b7a8b2a0caac2e22fafde694946e11735410a9a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Nov 2023 08:24:51 +0100 Subject: [PATCH 335/430] ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones Signed-off-by: Valerio Setti --- include/mbedtls/ccm.h | 8 +++++ include/mbedtls/gcm.h | 8 +++++ library/ccm.c | 78 +++++++++++++++++++++++++++++++++++++------ library/gcm.c | 57 ++++++++++++++++++++++++++++--- 4 files changed, 137 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index a98111b4e..8bf8c3238 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -40,6 +40,10 @@ #include "mbedtls/cipher.h" +#if !defined(MBEDTLS_CIPHER_C) +#include "mbedtls/block_cipher.h" +#endif + #define MBEDTLS_CCM_DECRYPT 0 #define MBEDTLS_CCM_ENCRYPT 1 #define MBEDTLS_CCM_STAR_DECRYPT 2 @@ -80,7 +84,11 @@ typedef struct mbedtls_ccm_context { #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or #MBEDTLS_CCM_STAR_DECRYPT. */ +#if defined(MBEDTLS_CIPHER_C) mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ +#else + mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ +#endif int MBEDTLS_PRIVATE(state); /*!< Working value holding context's state. Used for chunked data input */ } diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 837cecc09..3925f6827 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -24,6 +24,10 @@ #include "mbedtls/cipher.h" +#if !defined(MBEDTLS_CIPHER_C) +#include "mbedtls/block_cipher.h" +#endif + #include #define MBEDTLS_GCM_ENCRYPT 1 @@ -46,7 +50,11 @@ extern "C" { * \brief The GCM context structure. */ typedef struct mbedtls_gcm_context { +#if defined(MBEDTLS_CIPHER_C) mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ +#else + mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ +#endif uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */ uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */ uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */ diff --git a/library/ccm.c b/library/ccm.c index 2cccd2809..444351df0 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -23,6 +23,10 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" +#if !defined(MBEDTLS_CIPHER_C) +#include "block_cipher_internal.h" +#endif + #include #if defined(MBEDTLS_PLATFORM_C) @@ -51,6 +55,8 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_CIPHER_C) const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, @@ -73,6 +79,17 @@ int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, MBEDTLS_ENCRYPT)) != 0) { return ret; } +#else + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); + + if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } + + if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { + return MBEDTLS_ERR_CCM_BAD_INPUT; + } +#endif return 0; } @@ -85,7 +102,11 @@ void mbedtls_ccm_free(mbedtls_ccm_context *ctx) if (ctx == NULL) { return; } +#if defined(MBEDTLS_CIPHER_C) mbedtls_cipher_free(&ctx->cipher_ctx); +#else + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); +#endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context)); } @@ -104,16 +125,25 @@ static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx, const unsigned char *input, unsigned char *output) { - size_t olen = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char tmp_buf[16] = { 0 }; +#if defined(MBEDTLS_CIPHER_C) + size_t olen = 0; + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen)) != 0) { ctx->state |= CCM_STATE__ERROR; mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); return ret; } +#else + if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf)) != 0) { + ctx->state |= CCM_STATE__ERROR; + mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); + return ret; + } +#endif mbedtls_xor(output, input, tmp_buf + offset, use_len); @@ -132,7 +162,10 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; - size_t len_left, olen; + size_t len_left; +#if defined(MBEDTLS_CIPHER_C) + size_t olen; +#endif /* length calculation can be done only after both * mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed @@ -178,10 +211,17 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) } /* Start CBC-MAC with first block*/ +#if defined(MBEDTLS_CIPHER_C) if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) { ctx->state |= CCM_STATE__ERROR; return ret; } +#else + if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y)) != 0) { + ctx->state |= CCM_STATE__ERROR; + return ret; + } +#endif return 0; } @@ -258,7 +298,10 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx, size_t add_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t olen, use_len, offset; + size_t use_len, offset; +#if defined(MBEDTLS_CIPHER_C) + size_t olen; +#endif if (ctx->state & CCM_STATE__ERROR) { return MBEDTLS_ERR_CCM_BAD_INPUT; @@ -298,8 +341,12 @@ int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx, add += use_len; if (use_len + offset == 16 || ctx->processed == ctx->add_len) { - if ((ret = - mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) { +#if defined(MBEDTLS_CIPHER_C) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); +#else + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#endif + if (ret != 0) { ctx->state |= CCM_STATE__ERROR; return ret; } @@ -322,7 +369,10 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; - size_t use_len, offset, olen; + size_t use_len, offset; +#if defined(MBEDTLS_CIPHER_C) + size_t olen; +#endif unsigned char local_output[16]; @@ -360,8 +410,12 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len); if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { - if ((ret = - mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) { +#if defined(MBEDTLS_CIPHER_C) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); +#else + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#endif + if (ret != 0) { ctx->state |= CCM_STATE__ERROR; goto exit; } @@ -391,8 +445,12 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, memcpy(output, local_output, use_len); if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { - if ((ret = - mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) { +#if defined(MBEDTLS_CIPHER_C) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); +#else + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#endif + if (ret != 0) { ctx->state |= CCM_STATE__ERROR; goto exit; } diff --git a/library/gcm.c b/library/gcm.c index 42fd02078..390bb3e15 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -25,6 +25,10 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" +#if !defined(MBEDTLS_CIPHER_C) +#include "block_cipher_internal.h" +#endif + #include #if defined(MBEDTLS_AESNI_C) @@ -59,12 +63,20 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) uint64_t hi, lo; uint64_t vl, vh; unsigned char h[16]; - size_t olen = 0; memset(h, 0, 16); + +#if defined(MBEDTLS_CIPHER_C) + size_t olen = 0; + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) { return ret; } +#else + if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h)) != 0) { + return ret; + } +#endif /* pack h as two 64-bits ints, big-endian */ hi = MBEDTLS_GET_UINT32_BE(h, 0); @@ -124,12 +136,14 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_cipher_info_t *cipher_info; if (keybits != 128 && keybits != 192 && keybits != 256) { return MBEDTLS_ERR_GCM_BAD_INPUT; } +#if defined(MBEDTLS_CIPHER_C) + const mbedtls_cipher_info_t *cipher_info; + cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, MBEDTLS_MODE_ECB); if (cipher_info == NULL) { @@ -150,6 +164,17 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, MBEDTLS_ENCRYPT)) != 0) { return ret; } +#else + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); + + if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { + return ret; + } + + if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { + return ret; + } +#endif if ((ret = gcm_gen_table(ctx)) != 0) { return ret; @@ -252,8 +277,11 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char work_buf[16]; const unsigned char *p; - size_t use_len, olen = 0; + size_t use_len; uint64_t iv_bits; +#if defined(MBEDTLS_CIPHER_C) + size_t olen = 0; +#endif /* IV is limited to 2^64 bits, so 2^61 bytes */ /* IV is not allowed to be zero length */ @@ -293,10 +321,18 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, gcm_mult(ctx, ctx->y, ctx->y); } + +#if defined(MBEDTLS_CIPHER_C) if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen)) != 0) { return ret; } +#else + if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, + ctx->base_ectr)) != 0) { + return ret; + } +#endif return 0; } @@ -386,8 +422,9 @@ static int gcm_mask(mbedtls_gcm_context *ctx, const unsigned char *input, unsigned char *output) { - size_t olen = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_CIPHER_C) + size_t olen = 0; if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen)) != 0) { @@ -395,6 +432,14 @@ static int gcm_mask(mbedtls_gcm_context *ctx, return ret; } +#else + + if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr)) != 0) { + mbedtls_platform_zeroize(ectr, 16); + return ret; + } +#endif + if (ctx->mode == MBEDTLS_GCM_DECRYPT) { mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len); } @@ -614,7 +659,11 @@ void mbedtls_gcm_free(mbedtls_gcm_context *ctx) if (ctx == NULL) { return; } +#if defined(MBEDTLS_CIPHER_C) mbedtls_cipher_free(&ctx->cipher_ctx); +#else + mbedtls_block_cipher_free(&ctx->block_cipher_ctx); +#endif mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); } From 975d411d9226a010bcf47d8f1ca2ddf144a702d6 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 16 Nov 2023 13:37:51 +0000 Subject: [PATCH 336/430] Only set slot to OCCUPIED on successful key loading Signed-off-by: Ryan Everett --- library/psa_crypto.c | 3 ++- library/psa_crypto_slot_management.c | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0660ee411..49dd91546 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1786,7 +1786,6 @@ static psa_status_t psa_start_key_creation( * definition. */ slot->attr = attributes->core; - slot->status = PSA_SLOT_OCCUPIED; if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) slot->attr.id = volatile_key_id; @@ -1850,6 +1849,8 @@ static psa_status_t psa_start_key_creation( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + slot->status = PSA_SLOT_OCCUPIED; + return PSA_SUCCESS; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 36d541044..38e327385 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -221,7 +221,6 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) if (status != PSA_SUCCESS) { goto exit; } - slot->status = PSA_SLOT_OCCUPIED; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Special handling is required for loading keys associated with a @@ -243,6 +242,11 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ status = psa_copy_key_material_into_slot(slot, key_data, key_data_length); + if (status != PSA_SUCCESS){ + goto exit; + } + + slot->status = PSA_SLOT_OCCUPIED; exit: psa_free_persistent_key_data(key_data, key_data_length); From ad2a17eb6038d9e31a0f3aa1a24774e3fec40315 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 Nov 2023 15:09:48 +0100 Subject: [PATCH 337/430] Uniformly use MBEDTLS_THREADING_C guards Since the code compiles with MBEDTLS_THREADING_C, not just with MBEDTLS_THREADING_PTHREAD, use MBEDTLS_THREADING_C as the guard. The runtime behavior is only as desired under certain conditions that imply MBEDTLS_THREADING_PTHREAD, but that's fine: no metatest is expected to pass in all scenarios, only under specific build- and run-time conditions. Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index c35e9a952..68e8da6fa 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -141,7 +141,7 @@ void mutex_lock_not_initialized(const char *name) (void) name; /* Mutex usage verification is only done with pthread, not with other * threading implementations. See tests/src/threading_helpers.c. */ -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; memset(&mutex, 0, sizeof(mutex)); TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); @@ -203,7 +203,7 @@ void mutex_leak(const char *name) (void) name; /* Mutex usage verification is only done with pthread, not with other * threading implementations. See tests/src/threading_helpers.c. */ -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; mbedtls_mutex_init(&mutex); #endif From 2f40cc05f01a34c6e091a8014b76e6f7be644c6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 Nov 2023 15:11:44 +0100 Subject: [PATCH 338/430] Improve explanations of what bad thing a metatest does Especially clarify the situation with respect to mutex usage. Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 47 ++++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 11 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 68e8da6fa..2973cce3f 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -74,6 +74,7 @@ void null_pointer_dereference(const char *name) (void) name; volatile char *volatile p; set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); + /* Undefined behavior (read from null data pointer) */ mbedtls_printf("%p -> %u\n", p, (unsigned) *p); } @@ -82,6 +83,7 @@ void null_pointer_call(const char *name) (void) name; unsigned(*volatile p)(void); set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); + /* Undefined behavior (execute null function pointer) */ /* The pointer representation may be truncated, but we don't care: * the only point of printing it is to have some use of the pointer * to dissuade the compiler from optimizing it away. */ @@ -99,6 +101,7 @@ void read_after_free(const char *name) volatile char *p = mbedtls_calloc(1, 1); *p = 'a'; mbedtls_free((void *) p); + /* Undefined behavior (read after free) */ mbedtls_printf("%u\n", (unsigned) *p); } @@ -108,6 +111,7 @@ void double_free(const char *name) volatile char *p = mbedtls_calloc(1, 1); *p = 'a'; mbedtls_free((void *) p); + /* Undefined behavior (double free) */ mbedtls_free((void *) p); } @@ -120,6 +124,7 @@ void read_uninitialized_stack(const char *name) } char *volatile p = buf; if (*p != 0) { + /* Unspecified result (read from uninitialized memory) */ mbedtls_printf("%u\n", (unsigned) *p); } } @@ -129,6 +134,7 @@ void memory_leak(const char *name) (void) name; volatile char *p = mbedtls_calloc(1, 1); mbedtls_printf("%u\n", (unsigned) *p); + /* Leak of a heap object */ } @@ -139,11 +145,13 @@ void memory_leak(const char *name) void mutex_lock_not_initialized(const char *name) { (void) name; - /* Mutex usage verification is only done with pthread, not with other - * threading implementations. See tests/src/threading_helpers.c. */ #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; memset(&mutex, 0, sizeof(mutex)); + /* This mutex usage error is detected by our test framework's mutex usage + * verification framework. See tests/src/threading_helpers.c. Other + * threading implementations (e.g. pthread without our instrumentation) + * might consider this normal usage. */ TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0); exit: ; @@ -153,11 +161,13 @@ exit: void mutex_unlock_not_initialized(const char *name) { (void) name; - /* Mutex usage verification is only done with pthread, not with other - * threading implementations. See tests/src/threading_helpers.c. */ #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; memset(&mutex, 0, sizeof(mutex)); + /* This mutex usage error is detected by our test framework's mutex usage + * verification framework. See tests/src/threading_helpers.c. Other + * threading implementations (e.g. pthread without our instrumentation) + * might consider this normal usage. */ TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0); exit: ; @@ -167,11 +177,13 @@ exit: void mutex_free_not_initialized(const char *name) { (void) name; - /* Mutex usage verification is only done with pthread, not with other - * threading implementations. See tests/src/threading_helpers.c. */ #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; memset(&mutex, 0, sizeof(mutex)); + /* This mutex usage error is detected by our test framework's mutex usage + * verification framework. See tests/src/threading_helpers.c. Other + * threading implementations (e.g. pthread without our instrumentation) + * might consider this normal usage. */ mbedtls_mutex_free(&mutex); #endif } @@ -182,6 +194,10 @@ void mutex_double_init(const char *name) #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; mbedtls_mutex_init(&mutex); + /* This mutex usage error is detected by our test framework's mutex usage + * verification framework. See tests/src/threading_helpers.c. Other + * threading implementations (e.g. pthread without our instrumentation) + * might consider this normal usage. */ mbedtls_mutex_init(&mutex); mbedtls_mutex_free(&mutex); #endif @@ -194,6 +210,10 @@ void mutex_double_free(const char *name) mbedtls_threading_mutex_t mutex; mbedtls_mutex_init(&mutex); mbedtls_mutex_free(&mutex); + /* This mutex usage error is detected by our test framework's mutex usage + * verification framework. See tests/src/threading_helpers.c. Other + * threading implementations (e.g. pthread without our instrumentation) + * might consider this normal usage. */ mbedtls_mutex_free(&mutex); #endif } @@ -201,12 +221,14 @@ void mutex_double_free(const char *name) void mutex_leak(const char *name) { (void) name; - /* Mutex usage verification is only done with pthread, not with other - * threading implementations. See tests/src/threading_helpers.c. */ #if defined(MBEDTLS_THREADING_C) mbedtls_threading_mutex_t mutex; mbedtls_mutex_init(&mutex); #endif + /* This mutex usage error is detected by our test framework's mutex usage + * verification framework. See tests/src/threading_helpers.c. Other + * threading implementations (e.g. pthread without our instrumentation) + * might consider this normal usage. */ } @@ -225,7 +247,9 @@ typedef struct { * - "any": should work anywhere. * - "asan": triggers ASan (Address Sanitizer). * - "msan": triggers MSan (Memory Sanitizer). - * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS. + * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS, + * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test + * framework (see tests/src/threading_helpers.c). */ const char *platform; @@ -249,6 +273,9 @@ typedef struct { * * Note that we always compile all the functions, so that `metatest --list` * will always list all the available meta-tests. + * + * See the documentation of metatest_t::platform for the meaning of + * platform values. */ metatest_t metatests[] = { { "test_fail", "any", meta_test_fail }, @@ -258,8 +285,6 @@ metatest_t metatests[] = { { "double_free", "asan", double_free }, { "read_uninitialized_stack", "msan", read_uninitialized_stack }, { "memory_leak", "asan", memory_leak }, - /* Mutex usage verification is only done with pthread, not with other - * threading implementations. See tests/src/threading_helpers.c. */ { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized }, { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized }, { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized }, From 5fa986c8cb77c081ab5046cdd8e519c1a1f4560b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Nov 2023 14:05:09 +0000 Subject: [PATCH 339/430] Move handling of mutex->is_valid into threading_helpers.c This is now a field only used for testing. Signed-off-by: Paul Elliott --- include/mbedtls/threading.h | 9 ++++++--- library/threading.c | 21 ++++++++++----------- tests/src/threading_helpers.c | 18 +++++++++++++----- 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index ed16a23b1..c136ea0b0 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -28,10 +28,13 @@ extern "C" { #include typedef struct mbedtls_threading_mutex_t { pthread_mutex_t MBEDTLS_PRIVATE(mutex); - /* is_valid is 0 after a failed init or a free, and nonzero after a - * successful init. This field is not considered part of the public - * API of Mbed TLS and may change without notice. */ + + /* is_valid is controlled by code in tests/src/threading_helpers - it will + * be 0 after a failed init or a free, and nonzero after a successful init. + * This field is for testing only and thus not considered part of the + * public API of Mbed TLS and may change without notice. */ char MBEDTLS_PRIVATE(is_valid); + } mbedtls_threading_mutex_t; #endif diff --git a/library/threading.c b/library/threading.c index 52fe8fca9..d97f0cfe7 100644 --- a/library/threading.c +++ b/library/threading.c @@ -56,28 +56,27 @@ static void threading_mutex_init_pthread(mbedtls_threading_mutex_t *mutex) return; } - /* A nonzero value of is_valid indicates a successfully initialized - * mutex. This is a workaround for not being able to return an error - * code for this function. The lock/unlock functions return an error - * if is_valid is nonzero. The Mbed TLS unit test code uses this field - * to distinguish more states of the mutex; see - * tests/src/threading_helpers for details. */ - mutex->is_valid = pthread_mutex_init(&mutex->mutex, NULL) == 0; + /* One problem here is that calling lock on a pthread mutex without first + * having initialised it is undefined behaviour. Obviously we cannot check + * this here in a thread safe manner without a significant performance + * hit, so state transitions are checked in tests only via the is_valid + * varaible. Please make sure any new mutex that gets added is exercised in + * tests; see tests/src/threading_helpers for more details. */ + (void) pthread_mutex_init(&mutex->mutex, NULL); } static void threading_mutex_free_pthread(mbedtls_threading_mutex_t *mutex) { - if (mutex == NULL || !mutex->is_valid) { + if (mutex == NULL) { return; } (void) pthread_mutex_destroy(&mutex->mutex); - mutex->is_valid = 0; } static int threading_mutex_lock_pthread(mbedtls_threading_mutex_t *mutex) { - if (mutex == NULL || !mutex->is_valid) { + if (mutex == NULL) { return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; } @@ -90,7 +89,7 @@ static int threading_mutex_lock_pthread(mbedtls_threading_mutex_t *mutex) static int threading_mutex_unlock_pthread(mbedtls_threading_mutex_t *mutex) { - if (mutex == NULL || !mutex->is_valid) { + if (mutex == NULL) { return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; } diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 6f405b00c..0ea1e98d8 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -64,9 +64,9 @@ enum value_of_mutex_is_valid_field { * compatibility with threading_mutex_init_pthread() and * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero * value. */ - MUTEX_FREED = 0, //!< Set by threading_mutex_free_pthread - MUTEX_IDLE = 1, //!< Set by threading_mutex_init_pthread and by our unlock - MUTEX_LOCKED = 2, //!< Set by our lock + MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free + MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock + MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock }; typedef struct { @@ -101,8 +101,12 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) { mutex_functions.init(mutex); - if (mutex->is_valid) { + + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + mutex->state = MUTEX_IDLE; ++live_mutexes; + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } } @@ -123,7 +127,11 @@ static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) mbedtls_test_mutex_usage_error(mutex, "corrupted state"); break; } + + /* Mark mutex as free'd first, because we need to release the mutex. If + * free fails, this could end up with inconsistent state. */ if (mutex->is_valid) { + mutex->is_valid = MUTEX_FREED; --live_mutexes; } mutex_functions.free(mutex); @@ -138,7 +146,7 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) break; case MUTEX_IDLE: if (ret == 0) { - mutex->is_valid = 2; + mutex->is_valid = MUTEX_LOCKED; } break; case MUTEX_LOCKED: From 3774637518fdb218ae899e991113d4459095de88 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 12 Nov 2023 19:05:57 +0000 Subject: [PATCH 340/430] Make threading helpers tests thread safe Signed-off-by: Paul Elliott --- include/mbedtls/threading.h | 9 +-- tests/src/threading_helpers.c | 115 +++++++++++++++++++--------------- 2 files changed, 69 insertions(+), 55 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index c136ea0b0..cdfa7d69e 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -29,10 +29,11 @@ extern "C" { typedef struct mbedtls_threading_mutex_t { pthread_mutex_t MBEDTLS_PRIVATE(mutex); - /* is_valid is controlled by code in tests/src/threading_helpers - it will - * be 0 after a failed init or a free, and nonzero after a successful init. - * This field is for testing only and thus not considered part of the - * public API of Mbed TLS and may change without notice. */ + /* WARNING - is_valid should only be accessed when holding the mutex lock in + * tests/src/threading_helpers.c, otherwise corruption can occur. + * is_valid will be 0 after a failed init or a free, and nonzero after a + * successful init. This field is for testing only and thus not considered + * part of the public API of Mbed TLS and may change without notice.*/ char MBEDTLS_PRIVATE(is_valid); } mbedtls_threading_mutex_t; diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 0ea1e98d8..0ffffbfd5 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -77,6 +77,8 @@ typedef struct { } mutex_functions_t; static mutex_functions_t mutex_functions; +mbedtls_threading_mutex_t mbedtls_test_mutex_mutex; + /** The total number of calls to mbedtls_mutex_init(), minus the total number * of calls to mbedtls_mutex_free(). * @@ -88,6 +90,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, const char *msg) { (void) mutex; + if (mbedtls_test_info.mutex_usage_error == NULL) { mbedtls_test_info.mutex_usage_error = msg; } @@ -112,73 +115,81 @@ static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { - switch (mutex->is_valid) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - /* Do nothing. The underlying free function will reset is_valid - * to 0. */ - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - /* Mark mutex as free'd first, because we need to release the mutex. If - * free fails, this could end up with inconsistent state. */ - if (mutex->is_valid) { - mutex->is_valid = MUTEX_FREED; - --live_mutexes; + switch (mutex->is_valid) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); + break; + case MUTEX_IDLE: + mutex->is_valid = MUTEX_FREED; + --live_mutexes; + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "free without unlock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } mutex_functions.free(mutex); } static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) { + /* Lock the passed in mutex first, so that the only way to change the state + * is to hold the passed in and internal mutex - otherwise we create a race + * condition. */ int ret = mutex_functions.lock(mutex); - switch (mutex->is_valid) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->is_valid = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->is_valid) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "lock without init"); + break; + case MUTEX_IDLE: + if (ret == 0) { + mutex->is_valid = MUTEX_LOCKED; + } + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "double lock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } return ret; } static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) { - int ret = mutex_functions.unlock(mutex); - switch (mutex->is_valid) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - if (ret == 0) { + /* Lock the internal mutex first and change state, so that the only way to + * change the state is to hold the passed in and internal mutex - otherwise + * we create a race condition. */ + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->is_valid) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "unlock without init"); + break; + case MUTEX_IDLE: + mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); + break; + case MUTEX_LOCKED: mutex->is_valid = MUTEX_IDLE; - } - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - return ret; + return mutex_functions.unlock(mutex); } void mbedtls_test_mutex_usage_init(void) @@ -191,6 +202,8 @@ void mbedtls_test_mutex_usage_init(void) mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free; mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock; mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock; + + mutex_functions.init(&mbedtls_test_mutex_mutex); } void mbedtls_test_mutex_usage_check(void) From 9e25936241c1e6096779899ddc1fc1cb068ed93f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Nov 2023 11:33:32 +0000 Subject: [PATCH 341/430] Rename mutex->is_valid to mutex->state Rename struct member to make it more representative of its current use. Signed-off-by: Paul Elliott --- include/mbedtls/threading.h | 6 +++--- tests/src/threading_helpers.c | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index cdfa7d69e..b504233bd 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -29,12 +29,12 @@ extern "C" { typedef struct mbedtls_threading_mutex_t { pthread_mutex_t MBEDTLS_PRIVATE(mutex); - /* WARNING - is_valid should only be accessed when holding the mutex lock in + /* WARNING - state should only be accessed when holding the mutex lock in * tests/src/threading_helpers.c, otherwise corruption can occur. - * is_valid will be 0 after a failed init or a free, and nonzero after a + * state will be 0 after a failed init or a free, and nonzero after a * successful init. This field is for testing only and thus not considered * part of the public API of Mbed TLS and may change without notice.*/ - char MBEDTLS_PRIVATE(is_valid); + char MBEDTLS_PRIVATE(state); } mbedtls_threading_mutex_t; #endif diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 0ffffbfd5..385a07926 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -58,8 +58,8 @@ * indicate the exact location of the problematic call. To locate the error, * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error(). */ -enum value_of_mutex_is_valid_field { - /* Potential values for the is_valid field of mbedtls_threading_mutex_t. +enum value_of_mutex_state_field { + /* Potential values for the state field of mbedtls_threading_mutex_t. * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for * compatibility with threading_mutex_init_pthread() and * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero @@ -117,12 +117,12 @@ static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->is_valid) { + switch (mutex->state) { case MUTEX_FREED: mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); break; case MUTEX_IDLE: - mutex->is_valid = MUTEX_FREED; + mutex->state = MUTEX_FREED; --live_mutexes; break; case MUTEX_LOCKED: @@ -145,13 +145,13 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) * condition. */ int ret = mutex_functions.lock(mutex); if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->is_valid) { + switch (mutex->state) { case MUTEX_FREED: mbedtls_test_mutex_usage_error(mutex, "lock without init"); break; case MUTEX_IDLE: if (ret == 0) { - mutex->is_valid = MUTEX_LOCKED; + mutex->state = MUTEX_LOCKED; } break; case MUTEX_LOCKED: @@ -173,7 +173,7 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) * change the state is to hold the passed in and internal mutex - otherwise * we create a race condition. */ if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->is_valid) { + switch (mutex->state) { case MUTEX_FREED: mbedtls_test_mutex_usage_error(mutex, "unlock without init"); break; @@ -181,7 +181,7 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); break; case MUTEX_LOCKED: - mutex->is_valid = MUTEX_IDLE; + mutex->state = MUTEX_IDLE; break; default: mbedtls_test_mutex_usage_error(mutex, "corrupted state"); From dd2a09a22bb787a43af8c5ab414ca13b60456aa6 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 15 Nov 2023 18:18:03 +0000 Subject: [PATCH 342/430] Introduce demo script for PSA hash program Signed-off-by: Thomas Daubney --- programs/psa/psa_hash_demo.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100755 programs/psa/psa_hash_demo.sh diff --git a/programs/psa/psa_hash_demo.sh b/programs/psa/psa_hash_demo.sh new file mode 100755 index 000000000..a26697cfe --- /dev/null +++ b/programs/psa/psa_hash_demo.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +. "${0%/*}/../demo_common.sh" + +msg <<'EOF' +This program demonstrates the use of the PSA cryptography interface to +compute a SHA-256 hash of a test string using the one-shot API call +and also using the multi-part operation API. +EOF + +depends_on MBEDTLS_PSA_CRYPTO_C PSA_WANT_ALG_SHA_256 + +program="${0%/*}"/psa_hash + +"$program" + +cleanup From dd426da7b8cbd4e9a312a50c15452ce50741643c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 16 Nov 2023 08:53:48 +0100 Subject: [PATCH 343/430] added changelog Signed-off-by: Valerio Setti --- ChangeLog.d/8060.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/8060.txt diff --git a/ChangeLog.d/8060.txt b/ChangeLog.d/8060.txt new file mode 100644 index 000000000..a5fd93c8d --- /dev/null +++ b/ChangeLog.d/8060.txt @@ -0,0 +1,4 @@ +Features + * The CCM and GCM modules no longer depend on MBEDTLS_CIPHER_C. People who + use CCM and GCM but don't need the Cipher API can now disable + MBEDTLS_CIPHER_C in order to save code size. From 5c7ab6fe865e96e42728aea2133da84013cae277 Mon Sep 17 00:00:00 2001 From: BrianX7c <151365853+BrianX7c@users.noreply.github.com> Date: Sat, 18 Nov 2023 11:07:37 +0100 Subject: [PATCH 344/430] [cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT) Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com> --- include/mbedtls/cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 2596baa92..815b5bb19 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -480,7 +480,7 @@ static inline size_t mbedtls_cipher_info_get_key_bitlen( if (info == NULL) { return 0; } else { - return info->MBEDTLS_PRIVATE(key_bitlen) << MBEDTLS_KEY_BITLEN_SHIFT; + return ((size_t) info->MBEDTLS_PRIVATE(key_bitlen)) << MBEDTLS_KEY_BITLEN_SHIFT; } } From d0eebc1f94cd2dd9f1543e46463ed416261b6fca Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Nov 2023 15:17:53 +0100 Subject: [PATCH 345/430] ccm/gcm: improve code maintainability Signed-off-by: Valerio Setti --- library/ccm.c | 23 ++++++++--------------- library/gcm.c | 36 +++++++++++++----------------------- 2 files changed, 21 insertions(+), 38 deletions(-) diff --git a/library/ccm.c b/library/ccm.c index 444351df0..6700dc743 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -130,20 +130,15 @@ static int mbedtls_ccm_crypt(mbedtls_ccm_context *ctx, #if defined(MBEDTLS_CIPHER_C) size_t olen = 0; - - if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, - &olen)) != 0) { - ctx->state |= CCM_STATE__ERROR; - mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); - return ret; - } + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen); #else - if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf)) != 0) { + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->ctr, tmp_buf); +#endif + if (ret != 0) { ctx->state |= CCM_STATE__ERROR; mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); return ret; } -#endif mbedtls_xor(output, input, tmp_buf + offset, use_len); @@ -212,16 +207,14 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx) /* Start CBC-MAC with first block*/ #if defined(MBEDTLS_CIPHER_C) - if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) { - ctx->state |= CCM_STATE__ERROR; - return ret; - } + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen); #else - if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y)) != 0) { + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->y); +#endif + if (ret != 0) { ctx->state |= CCM_STATE__ERROR; return ret; } -#endif return 0; } diff --git a/library/gcm.c b/library/gcm.c index 390bb3e15..8181ec88a 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -68,15 +68,13 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) #if defined(MBEDTLS_CIPHER_C) size_t olen = 0; - - if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) { - return ret; - } + ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen); #else - if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h)) != 0) { + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); +#endif + if (ret != 0) { return ret; } -#endif /* pack h as two 64-bits ints, big-endian */ hi = MBEDTLS_GET_UINT32_BE(h, 0); @@ -323,16 +321,13 @@ int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, #if defined(MBEDTLS_CIPHER_C) - if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, - ctx->base_ectr, &olen)) != 0) { - return ret; - } + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen); #else - if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, - ctx->base_ectr)) != 0) { + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr); +#endif + if (ret != 0) { return ret; } -#endif return 0; } @@ -423,22 +418,17 @@ static int gcm_mask(mbedtls_gcm_context *ctx, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + #if defined(MBEDTLS_CIPHER_C) size_t olen = 0; - - if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, - &olen)) != 0) { - mbedtls_platform_zeroize(ectr, 16); - return ret; - } - + ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, &olen); #else - - if ((ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr)) != 0) { + ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ectr); +#endif + if (ret != 0) { mbedtls_platform_zeroize(ectr, 16); return ret; } -#endif if (ctx->mode == MBEDTLS_GCM_DECRYPT) { mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len); From cebffc3446fb5d9865e2189450b7aa8ddc8cbd07 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 15 Dec 2022 18:00:05 +0800 Subject: [PATCH 346/430] change time unit of ticket to milliseconds Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 4 ++-- library/ssl_client.c | 7 +++--- library/ssl_ticket.c | 14 +++++++++++- library/ssl_tls13_client.c | 22 ++----------------- library/ssl_tls13_server.c | 45 +++++++++++++++++++------------------- programs/ssl/ssl_server2.c | 8 +++---- 6 files changed, 47 insertions(+), 53 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7294bb144..cf1c19a08 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1217,7 +1217,7 @@ struct mbedtls_ssl_session { mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ #endif int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */ @@ -1255,7 +1255,7 @@ struct mbedtls_ssl_session { #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) - mbedtls_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */ #endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ diff --git a/library/ssl_client.c b/library/ssl_client.c index 7a7840662..21114910e 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -756,10 +756,9 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) if (ssl->handshake->resume != 0 && session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && session_negotiate->ticket != NULL) { - mbedtls_time_t now = mbedtls_time(NULL); - uint64_t age = (uint64_t) (now - session_negotiate->ticket_received); - if (session_negotiate->ticket_received > now || - age > session_negotiate->ticket_lifetime) { + mbedtls_ms_time_t now = mbedtls_ms_time(); + mbedtls_ms_time_t age = now - session_negotiate->ticket_received; + if (age < 0 || age > session_negotiate->ticket_lifetime * 1000) { /* Without valid ticket, disable session resumption.*/ MBEDTLS_SSL_DEBUG_MSG( 3, ("Ticket expired, disable session resumption")); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 875abcbb3..c89a5cdb0 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -495,6 +495,18 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, } #if defined(MBEDTLS_HAVE_TIME) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { + /* Check for expiration */ + mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->start; + mbedtls_ms_time_t ticket_lifetime = ctx->ticket_lifetime * 1000; + + if (ticket_age < 0 || ticket_age > ticket_lifetime) { + ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; + goto cleanup; + } + } else +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ { /* Check for expiration */ mbedtls_time_t current_time = mbedtls_time(NULL); @@ -505,7 +517,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, goto cleanup; } } -#endif +#endif /* MBEDTLS_HAVE_TIME */ cleanup: #if defined(MBEDTLS_THREADING_C) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index eac632600..32ad7aaed 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -931,28 +931,10 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( if (ssl_tls13_ticket_get_identity( ssl, &hash_alg, &identity, &identity_len) == 0) { #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t now = mbedtls_time(NULL); + mbedtls_ms_time_t now = mbedtls_ms_time(); mbedtls_ssl_session *session = ssl->session_negotiate; uint32_t obfuscated_ticket_age = (uint32_t) (now - session->ticket_received); - - /* - * The ticket timestamp is in seconds but the ticket age is in - * milliseconds. If the ticket was received at the end of a second and - * re-used here just at the beginning of the next second, the computed - * age `now - session->ticket_received` is equal to 1s thus 1000 ms - * while the actual age could be just a few milliseconds or tens of - * milliseconds. If the server has more accurate ticket timestamps - * (typically timestamps in milliseconds), as part of the processing of - * the ClientHello, it may compute a ticket lifetime smaller than the - * one computed here and potentially reject the ticket. To avoid that, - * remove one second to the ticket age if possible. - */ - if (obfuscated_ticket_age > 0) { - obfuscated_ticket_age -= 1; - } - - obfuscated_ticket_age *= 1000; obfuscated_ticket_age += session->ticket_age_add; ret = ssl_tls13_write_identity(ssl, p, end, @@ -2837,7 +2819,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_HAVE_TIME) /* Store ticket creation time */ - session->ticket_received = mbedtls_time(NULL); + session->ticket_received = mbedtls_ms_time(); #endif ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index b418ee635..8bcb0e407 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -111,9 +111,10 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( unsigned char *ticket_buffer; unsigned int key_exchanges; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t now; - uint64_t age_in_s; - int64_t age_diff_in_ms; + mbedtls_ms_time_t now; + mbedtls_ms_time_t server_age; + mbedtls_ms_time_t client_age; + mbedtls_ms_time_t age_diff; #endif ((void) obfuscated_ticket_age); @@ -190,17 +191,16 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; #if defined(MBEDTLS_HAVE_TIME) - now = mbedtls_time(NULL); + now = mbedtls_ms_time(); if (now < session->start) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Invalid ticket start time ( now=%" MBEDTLS_PRINTF_LONGLONG - ", start=%" MBEDTLS_PRINTF_LONGLONG " )", - (long long) now, (long long) session->start)); + 3, ("Invalid ticket start time ( now=%" MBEDTLS_PRINTF_MS_TIME + ", start=%" MBEDTLS_PRINTF_MS_TIME " )", now, session->start)); goto exit; } - age_in_s = (uint64_t) (now - session->start); + server_age = now - session->start; /* RFC 8446 section 4.6.1 * @@ -213,10 +213,10 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * * For time being, the age MUST be less than 604800 seconds (7 days). */ - if (age_in_s > 604800) { + if (server_age > 604800*1000) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age exceeds limitation ticket_age=%lu", - (long unsigned int) age_in_s)); + 3, ("Ticket age exceeds limitation ticket_age=%" MBEDTLS_PRINTF_MS_TIME, + server_age)); goto exit; } @@ -227,18 +227,19 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is * within a small tolerance of the time since the ticket was issued. * - * NOTE: When `now == session->start`, `age_diff_in_ms` may be negative - * as the age units are different on the server (s) and in the - * client (ms) side. Add a -1000 ms tolerance window to take this - * into account. + * NOTE: Typical crystal RTC accuracy specifications are from ±100 to ±20 + * parts per million (360 to 72 million seconds per hour). Defualt + * tolerance windows is 6000 millionsections, that means client host + * MUST sync up system time every 16 hours. Otherwise, the ticket will + * be invalid. */ - age_diff_in_ms = age_in_s * 1000; - age_diff_in_ms -= (obfuscated_ticket_age - session->ticket_age_add); - if (age_diff_in_ms <= -1000 || - age_diff_in_ms > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { + client_age = obfuscated_ticket_age - session->ticket_age_add; + age_diff = server_age - client_age; + if (age_diff < -1000 || + age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age outside tolerance window ( diff=%d )", - (int) age_diff_in_ms)); + 3, ("Ticket age outside tolerance window ( diff=%" MBEDTLS_PRINTF_MS_TIME ")", + age_diff)); goto exit; } @@ -2877,7 +2878,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg")); #if defined(MBEDTLS_HAVE_TIME) - session->start = mbedtls_time(NULL); + session->start = mbedtls_ms_time(); #endif /* Set ticket_flags depends on the advertised psk key exchange mode */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e2360ed6..ce53f9274 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1420,16 +1420,16 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, case 2: return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; case 3: - session->start = mbedtls_time(NULL) + 10; + session->start = mbedtls_ms_time() + 10 * 1000; break; case 4: - session->start = mbedtls_time(NULL) - 10 - 7 * 24 * 3600; + session->start = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000; break; case 5: - session->start = mbedtls_time(NULL) - 10; + session->start = mbedtls_ms_time() - 10 * 1000; break; case 6: - session->start = mbedtls_time(NULL); + session->start = mbedtls_ms_time(); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) session->ticket_age_add -= 1000; #endif From fe38e948b83da423752deb6f0567f8a194f88628 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 15 Dec 2022 11:16:15 +0800 Subject: [PATCH 347/430] Add changelog entry for anti_replay_fail Signed-off-by: Jerry Yu --- ChangeLog.d/gnutls_anti_replay_fail.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/gnutls_anti_replay_fail.txt diff --git a/ChangeLog.d/gnutls_anti_replay_fail.txt b/ChangeLog.d/gnutls_anti_replay_fail.txt new file mode 100644 index 000000000..cb65b3ba6 --- /dev/null +++ b/ChangeLog.d/gnutls_anti_replay_fail.txt @@ -0,0 +1,4 @@ +Bugfix + * Fixes #6623. That is time unit issue. The unit of ticket age is seconds in + MBedTLS and milliseconds in GnuTLS. If the real age is 10ms, it might be + 1s(1000ms), as a result, the age of MBedTLS is bigger than GnuTLS server. From 03511b00aab27008bb4b900ecd5f433323cc8c03 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Feb 2023 10:48:41 +0800 Subject: [PATCH 348/430] Replace c99 fmt macro For c99 compatible compilers, we use PRI64d and others use official fix. Signed-off-by: Jerry Yu --- include/mbedtls/debug.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 0aef2ed65..9a17488d2 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -120,7 +120,12 @@ /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */ #if !defined(MBEDTLS_PRINTF_MS_TIME) +#include +#if !defined(PRId64) +#define MBEDTLS_PRINTF_MS_TIME MBEDTLS_PRINTF_LONGLONG +#else #define MBEDTLS_PRINTF_MS_TIME PRId64 +#endif #endif /* MBEDTLS_PRINTF_MS_TIME */ #ifdef __cplusplus From f16efbc78d917c46d18ea82ae1ed8e975c519261 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Oct 2023 11:06:24 +0800 Subject: [PATCH 349/430] fix various issues - Add comments for ticket test hooks - improve code style. Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 10 ++++++---- programs/ssl/ssl_server2.c | 14 +++++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8bcb0e407..7b8cc6e74 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -195,8 +195,9 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if (now < session->start) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Invalid ticket start time ( now=%" MBEDTLS_PRINTF_MS_TIME - ", start=%" MBEDTLS_PRINTF_MS_TIME " )", now, session->start)); + 3, ("Invalid ticket start time ( now = %" MBEDTLS_PRINTF_MS_TIME + ", start = %" MBEDTLS_PRINTF_MS_TIME " )", + now, session->start)); goto exit; } @@ -213,7 +214,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * * For time being, the age MUST be less than 604800 seconds (7 days). */ - if (server_age > 604800*1000) { + if (server_age > 604800 * 1000) { MBEDTLS_SSL_DEBUG_MSG( 3, ("Ticket age exceeds limitation ticket_age=%" MBEDTLS_PRINTF_MS_TIME, server_age)); @@ -238,7 +239,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if (age_diff < -1000 || age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age outside tolerance window ( diff=%" MBEDTLS_PRINTF_MS_TIME ")", + 3, ("Ticket age outside tolerance window ( diff = %" + MBEDTLS_PRINTF_MS_TIME ")", age_diff)); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ce53f9274..7df30f017 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1416,35 +1416,43 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, switch (opt.dummy_ticket % 11) { case 1: + /* Callback function return INVALID_MAC */ return MBEDTLS_ERR_SSL_INVALID_MAC; case 2: + /* Callback function return ticket expired */ return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; case 3: + /* Built-in check, the start time is in future. */ session->start = mbedtls_ms_time() + 10 * 1000; break; case 4: + /* Built-in check, ticket expired due to too old. */ session->start = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000; break; case 5: + /* Built-in check, age outside tolerance window, too young. */ session->start = mbedtls_ms_time() - 10 * 1000; break; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 6: + /* Built-in check, age outside tolerance window, too old. */ session->start = mbedtls_ms_time(); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) session->ticket_age_add -= 1000; -#endif break; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 7: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; break; case 8: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; break; case 9: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; break; case 10: + /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; break; #endif From 702fc590ed660467fd6a4733fd6367b3181ec510 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 14:22:04 +0800 Subject: [PATCH 350/430] Add ticket_creation field Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cf1c19a08..a152a30f7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1217,7 +1217,7 @@ struct mbedtls_ssl_session { mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); #if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ + mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< start time of current session */ #endif int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */ size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */ @@ -1248,6 +1248,7 @@ struct mbedtls_ssl_session { uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation); /*!< create time of ticket */ unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C) From ec6d07870d5ede5eebc7b5be0540e41145977482 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 14:42:20 +0800 Subject: [PATCH 351/430] Replace `start` with `ticket_creation` Signed-off-by: Jerry Yu --- library/ssl_ticket.c | 8 +++++--- library/ssl_tls.c | 4 ++-- library/ssl_tls13_server.c | 8 ++++---- programs/ssl/ssl_server2.c | 11 ++++++----- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index c89a5cdb0..05249ea07 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -498,16 +498,17 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { /* Check for expiration */ - mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->start; + mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->ticket_creation; mbedtls_ms_time_t ticket_lifetime = ctx->ticket_lifetime * 1000; if (ticket_age < 0 || ticket_age > ticket_lifetime) { ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; goto cleanup; } - } else + } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - { +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { /* Check for expiration */ mbedtls_time_t current_time = mbedtls_time(NULL); @@ -517,6 +518,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, goto cleanup; } } +#endif #endif /* MBEDTLS_HAVE_TIME */ cleanup: diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f8555767e..d7276362f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2537,7 +2537,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - MBEDTLS_PUT_UINT64_BE((uint64_t) session->start, p, 0); + MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation, p, 0); p += 8; } #endif /* MBEDTLS_HAVE_TIME */ @@ -2616,7 +2616,7 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, if (end - p < 8) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session->start = MBEDTLS_GET_UINT64_BE(p, 0); + session->ticket_creation = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; } #endif /* MBEDTLS_HAVE_TIME */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 7b8cc6e74..744e984ac 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -193,15 +193,15 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( #if defined(MBEDTLS_HAVE_TIME) now = mbedtls_ms_time(); - if (now < session->start) { + if (now < session->ticket_creation) { MBEDTLS_SSL_DEBUG_MSG( 3, ("Invalid ticket start time ( now = %" MBEDTLS_PRINTF_MS_TIME ", start = %" MBEDTLS_PRINTF_MS_TIME " )", - now, session->start)); + now, session->ticket_creation)); goto exit; } - server_age = now - session->start; + server_age = now - session->ticket_creation; /* RFC 8446 section 4.6.1 * @@ -2880,7 +2880,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg")); #if defined(MBEDTLS_HAVE_TIME) - session->start = mbedtls_ms_time(); + session->ticket_creation = mbedtls_ms_time(); #endif /* Set ticket_flags depends on the advertised psk key exchange mode */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 7df30f017..a8f47149f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1421,22 +1421,23 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, case 2: /* Callback function return ticket expired */ return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 3: /* Built-in check, the start time is in future. */ - session->start = mbedtls_ms_time() + 10 * 1000; + session->ticket_creation = mbedtls_ms_time() + 10 * 1000; break; case 4: /* Built-in check, ticket expired due to too old. */ - session->start = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000; + session->ticket_creation = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000; break; case 5: /* Built-in check, age outside tolerance window, too young. */ - session->start = mbedtls_ms_time() - 10 * 1000; + session->ticket_creation = mbedtls_ms_time() - 10 * 1000; break; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + case 6: /* Built-in check, age outside tolerance window, too old. */ - session->start = mbedtls_ms_time(); + session->ticket_creation = mbedtls_ms_time(); session->ticket_age_add -= 1000; break; case 7: From 28547c49ed07957d7da06c981642e5ffe5879094 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 14:42:50 +0800 Subject: [PATCH 352/430] update tests Signed-off-by: Jerry Yu --- tests/src/test_helpers/ssl_helpers.c | 6 ++- tests/suites/test_suite_ssl.function | 65 ++++++++++++++++++++++------ 2 files changed, 56 insertions(+), 15 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 54b57be81..f7cd1030f 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1633,6 +1633,7 @@ exit: } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, const char *crt_file) @@ -1729,6 +1730,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, return 0; } +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, @@ -1752,14 +1754,14 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->start = mbedtls_time(NULL) - 42; + session->ticket_creation = mbedtls_ms_time() - 42; } #endif #if defined(MBEDTLS_SSL_CLI_C) if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_HAVE_TIME) - session->ticket_received = mbedtls_time(NULL) - 40; + session->ticket_received = mbedtls_ms_time() - 40; #endif session->ticket_lifetime = 0xfedcba98; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7cdf17eb6..4f9ec1a06 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1943,16 +1943,21 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, /* Prepare a dummy session to work on */ ((void) endpoint_type); ((void) tls_version); + ((void) ticket_len); + ((void) crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &original, 0, endpoint_type) == 0); - } else + } #endif - { + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &original, ticket_len, crt_file) == 0); } +#endif /* Serialize it */ TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len) @@ -1968,8 +1973,20 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, * Make sure both session structures are identical */ #if defined(MBEDTLS_HAVE_TIME) - TEST_ASSERT(original.start == restored.start); +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { + TEST_ASSERT(original.ticket_creation == restored.ticket_creation); + } #endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { + TEST_ASSERT(original.start == restored.start); + } +#endif + +#endif + TEST_ASSERT(original.tls_version == restored.tls_version); TEST_ASSERT(original.ciphersuite == restored.ciphersuite); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -2049,7 +2066,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { - TEST_ASSERT(original.start == restored.start); + TEST_ASSERT(original.ticket_creation == restored.ticket_creation); } #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) @@ -2097,16 +2114,22 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, /* Prepare a dummy session to work on */ ((void) endpoint_type); ((void) tls_version); + ((void) ticket_len); + ((void) crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); - } else + } #endif - { + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &session, ticket_len, crt_file) == 0); } +#endif /* Get desired buffer size for serializing */ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) @@ -2160,16 +2183,22 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, /* Prepare dummy session and get serialized size */ ((void) endpoint_type); ((void) tls_version); + ((void) ticket_len); + ((void) crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); - } else + } #endif - { + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &session, ticket_len, crt_file) == 0); } +#endif + TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); @@ -2209,16 +2238,22 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, /* Prepare serialized session data */ ((void) endpoint_type); ((void) tls_version); + ((void) ticket_len); + ((void) crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); - } else + } #endif - { + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &session, ticket_len, crt_file) == 0); } +#endif + TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_CALLOC(good_buf, good_len); @@ -2272,11 +2307,15 @@ void ssl_session_serialize_version_check(int corrupt_major, if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( &session, 0, endpoint_type) == 0); - } else + } #endif - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, NULL) == 0); +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( + &session, 0, NULL) == 0); + } +#endif /* Infer length of serialized session. */ TEST_ASSERT(mbedtls_ssl_session_save(&session, From 8cf44953b23e498ac4aa046ce1e9d8862bad5f6c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 31 Oct 2023 16:48:45 +0800 Subject: [PATCH 353/430] guards ticket creation field Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a152a30f7..9365c6241 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1248,7 +1248,9 @@ struct mbedtls_ssl_session { uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ +#if defined(MBEDTLS_HAVE_TIME) mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation); /*!< create time of ticket */ +#endif unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C) From 31b601aa15e4080573ec75df00ab5be5db33a2bc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 11:27:21 +0800 Subject: [PATCH 354/430] improve comments Signed-off-by: Jerry Yu --- library/ssl_ticket.c | 2 +- library/ssl_tls13_server.c | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 05249ea07..5fef4ebb9 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -518,7 +518,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, goto cleanup; } } -#endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #endif /* MBEDTLS_HAVE_TIME */ cleanup: diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 744e984ac..fb579d58f 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -212,7 +212,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * Clients MUST NOT attempt to use tickets which have ages greater than * the "ticket_lifetime" value which was provided with the ticket. * - * For time being, the age MUST be less than 604800 seconds (7 days). */ if (server_age > 604800 * 1000) { MBEDTLS_SSL_DEBUG_MSG( @@ -228,11 +227,10 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * ticket_age_add from PskIdentity.obfuscated_ticket_age modulo 2^32) is * within a small tolerance of the time since the ticket was issued. * - * NOTE: Typical crystal RTC accuracy specifications are from ±100 to ±20 - * parts per million (360 to 72 million seconds per hour). Defualt - * tolerance windows is 6000 millionsections, that means client host - * MUST sync up system time every 16 hours. Otherwise, the ticket will - * be invalid. + * NOTE: The typical accuracy of an RTC crystal is ±100 to ±20 parts per + * million (360 to 72 milliseconds per hour). Default tolerance + * windows is 6s, thus in the worst case client and servers must + * sync up their system time every 6000/360/2~=8 hours. */ client_age = obfuscated_ticket_age - session->ticket_age_add; age_diff = server_age - client_age; From 3ff0b1fda3faa242ac023c62441c6c578b8024c4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 11:29:12 +0800 Subject: [PATCH 355/430] Cleanup ticket negative tests. - improve comments - case 3/4 is for server age check. - case 5/6 is for client age check Signed-off-by: Jerry Yu --- programs/ssl/ssl_server2.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a8f47149f..aa8afd9c6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1416,44 +1416,45 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, switch (opt.dummy_ticket % 11) { case 1: - /* Callback function return INVALID_MAC */ return MBEDTLS_ERR_SSL_INVALID_MAC; case 2: - /* Callback function return ticket expired */ return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 3: - /* Built-in check, the start time is in future. */ - session->ticket_creation = mbedtls_ms_time() + 10 * 1000; + /* Creation time in the future. */ + session->ticket_creation = mbedtls_ms_time() + + MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + + 4 * 1000; break; case 4: - /* Built-in check, ticket expired due to too old. */ - session->ticket_creation = mbedtls_ms_time() - 10 * 1000 - 7 * 24 * 3600 * 1000; + /* Ticket reaches the end of lifetime. */ + session->ticket_creation = mbedtls_ms_time() - session->ticket_lifetime - + MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - 4 * 1000; break; case 5: - /* Built-in check, age outside tolerance window, too young. */ - session->ticket_creation = mbedtls_ms_time() - 10 * 1000; + /* Ticket is valid, but client age is beyond the upper bound of tolerance window. */ + + session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; + /* Make sure the execution time does not affect the result */ + session->ticket_creation = mbedtls_ms_time(); break; case 6: - /* Built-in check, age outside tolerance window, too old. */ + /* Ticket is valid, but client age is beyond the lower bound of tolerance window. */ + session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; + /* Make sure the execution time does not affect the result */ session->ticket_creation = mbedtls_ms_time(); - session->ticket_age_add -= 1000; break; case 7: - /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; break; case 8: - /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; break; case 9: - /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; break; case 10: - /* Built-in check, ticket permission check. */ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; break; #endif From 28e7c554f48a61374793efd25373456a8d36a3a4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 12:05:56 +0800 Subject: [PATCH 356/430] Change the bottom of tolerance window The unit of ticket time has been changed to milliseconds. And age difference might be negative Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fb579d58f..e7800f1dd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -234,7 +234,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( */ client_age = obfuscated_ticket_age - session->ticket_age_add; age_diff = server_age - client_age; - if (age_diff < -1000 || + if (age_diff < -MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE || age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { MBEDTLS_SSL_DEBUG_MSG( 3, ("Ticket age outside tolerance window ( diff = %" From 034a8b77d1f4fcf00196be559178e65e93cdaeab Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 12:20:19 +0800 Subject: [PATCH 357/430] Update document of ticket age tolerance Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d137f00a2..4acac9c08 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -4099,19 +4099,21 @@ /** * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE * - * Maximum time difference in milliseconds tolerated between the age of a - * ticket from the server and client point of view. - * From the client point of view, the age of a ticket is the time difference - * between the time when the client proposes to the server to use the ticket - * (time of writing of the Pre-Shared Key Extension including the ticket) and - * the time the client received the ticket from the server. - * From the server point of view, the age of a ticket is the time difference - * between the time when the server receives a proposition from the client - * to use the ticket and the time when the ticket was created by the server. - * The server age is expected to be always greater than the client one and - * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the - * maximum difference tolerated for the server to accept the ticket. - * This is not used in TLS 1.2. + * Maximum allowd ticket age difference in milliseconds tolerated between + * server and client. Default value is 6000. This is not used in TLS 1.2. + * + * - The client ticket age is the time difference between the time when the + * client proposes to the server to use the ticket and the time the client + * received the ticket from the server. + * - The server ticket age is the time difference between the time when the + * server receives a proposition from the client to use the ticket and the + * time when the ticket was created by the server. + * + * The ages might be different due to accuracy of RTC crypstal. The typical + * accuracy of an RTC crystal is ±100 to ±20 parts per million (360 to 72 + * milliseconds per hour). Default tolerance windows is 6s, thus in the worst + * case client and servers must sync up their system time every 6000/360/2~=8 + * hours. * */ //#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 From 46c7926f747f3980c0dbdef4a2b23b52540b6c9a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 13:58:16 +0800 Subject: [PATCH 358/430] Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu --- library/ssl_misc.h | 3 +++ library/ssl_tls13_client.c | 10 ++++++++++ library/ssl_tls13_server.c | 4 ++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8482ee151..c636ad461 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2765,6 +2765,9 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) + +#define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800) + static inline unsigned int mbedtls_ssl_session_get_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 32ad7aaed..294a294cc 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -933,6 +933,10 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( #if defined(MBEDTLS_HAVE_TIME) mbedtls_ms_time_t now = mbedtls_ms_time(); mbedtls_ssl_session *session = ssl->session_negotiate; + /* The ticket age has been checked to be smaller that the + * `ticket_lifetime` in ssl_prepare_client_hello() which is smaller than + * 7 days (enforced in ssl_tls13_parse_new_session_ticket()) . Thus the + * cast to `uint32_t` of the ticket age is safe. */ uint32_t obfuscated_ticket_age = (uint32_t) (now - session->ticket_received); obfuscated_ticket_age += session->ticket_age_add; @@ -2744,6 +2748,12 @@ static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", (unsigned int) session->ticket_lifetime)); + if (session->ticket_lifetime > + MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { + /* TODO: Add new return value here? */ + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime exceeds 7 days.")); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 4); MBEDTLS_SSL_DEBUG_MSG(3, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e7800f1dd..5c606e4b2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3025,8 +3025,8 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, * MAY treat a ticket as valid for a shorter period of time than what * is stated in the ticket_lifetime. */ - if (ticket_lifetime > 604800) { - ticket_lifetime = 604800; + if (ticket_lifetime > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { + ticket_lifetime = MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME; } MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0); MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", From 25ba4d40ef4397c5b9ad42b79a0f0c3b3954ae4b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 14:12:20 +0800 Subject: [PATCH 359/430] rename `ticket_creation` to `ticket_creation_time` Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 14 ++++++++------ library/ssl_ticket.c | 2 +- library/ssl_tls.c | 6 +++--- library/ssl_tls13_server.c | 8 ++++---- programs/ssl/ssl_server2.c | 14 +++++++------- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_ssl.function | 4 ++-- 7 files changed, 26 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9365c6241..d01164278 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1248,18 +1248,20 @@ struct mbedtls_ssl_session { uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ -#if defined(MBEDTLS_HAVE_TIME) - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation); /*!< create time of ticket */ -#endif unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C) char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */ -#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_HAVE_TIME) +#if defined(MBEDTLS_SSL_CLI_C) + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time that ticket was received */ +#endif +#if defined(MBEDTLS_SSL_SRV_C) + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); /*!< create time of ticket */ +#endif +#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 5fef4ebb9..0277bfa2c 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -498,7 +498,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { /* Check for expiration */ - mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->ticket_creation; + mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->ticket_creation_time; mbedtls_ms_time_t ticket_lifetime = ctx->ticket_lifetime * 1000; if (ticket_age < 0 || ticket_age > ticket_lifetime) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d7276362f..42d1b86b1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2457,7 +2457,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( * uint32 max_early_data_size; * select ( endpoint ) { * case client: ClientOnlyData; - * case server: uint64 start_time; + * case server: uint64 ticket_creation_time_time; * }; * } serialized_session_tls13; * @@ -2537,7 +2537,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation, p, 0); + MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); p += 8; } #endif /* MBEDTLS_HAVE_TIME */ @@ -2616,7 +2616,7 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, if (end - p < 8) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session->ticket_creation = MBEDTLS_GET_UINT64_BE(p, 0); + session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; } #endif /* MBEDTLS_HAVE_TIME */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5c606e4b2..c9c0e1f08 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -193,15 +193,15 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( #if defined(MBEDTLS_HAVE_TIME) now = mbedtls_ms_time(); - if (now < session->ticket_creation) { + if (now < session->ticket_creation_time) { MBEDTLS_SSL_DEBUG_MSG( 3, ("Invalid ticket start time ( now = %" MBEDTLS_PRINTF_MS_TIME ", start = %" MBEDTLS_PRINTF_MS_TIME " )", - now, session->ticket_creation)); + now, session->ticket_creation_time)); goto exit; } - server_age = now - session->ticket_creation; + server_age = now - session->ticket_creation_time; /* RFC 8446 section 4.6.1 * @@ -2878,7 +2878,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg")); #if defined(MBEDTLS_HAVE_TIME) - session->ticket_creation = mbedtls_ms_time(); + session->ticket_creation_time = mbedtls_ms_time(); #endif /* Set ticket_flags depends on the advertised psk key exchange mode */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index aa8afd9c6..1bfa529af 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1422,28 +1422,28 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 3: /* Creation time in the future. */ - session->ticket_creation = mbedtls_ms_time() + - MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + - 4 * 1000; + session->ticket_creation_time = mbedtls_ms_time() + + MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + + 4 * 1000; break; case 4: /* Ticket reaches the end of lifetime. */ - session->ticket_creation = mbedtls_ms_time() - session->ticket_lifetime - - MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - 4 * 1000; + session->ticket_creation_time = mbedtls_ms_time() - session->ticket_lifetime - + MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - 4 * 1000; break; case 5: /* Ticket is valid, but client age is beyond the upper bound of tolerance window. */ session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; /* Make sure the execution time does not affect the result */ - session->ticket_creation = mbedtls_ms_time(); + session->ticket_creation_time = mbedtls_ms_time(); break; case 6: /* Ticket is valid, but client age is beyond the lower bound of tolerance window. */ session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; /* Make sure the execution time does not affect the result */ - session->ticket_creation = mbedtls_ms_time(); + session->ticket_creation_time = mbedtls_ms_time(); break; case 7: session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index f7cd1030f..9acb1997e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1754,7 +1754,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->ticket_creation = mbedtls_ms_time() - 42; + session->ticket_creation_time = mbedtls_ms_time() - 42; } #endif diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 4f9ec1a06..ebbbddb20 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1975,7 +1975,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(original.ticket_creation == restored.ticket_creation); + TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); } #endif @@ -2066,7 +2066,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { - TEST_ASSERT(original.ticket_creation == restored.ticket_creation); + TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); } #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) From 342a555eefd27dc20c44489de597477c5839879a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 14:23:39 +0800 Subject: [PATCH 360/430] rename ticket received Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 2 +- library/ssl_client.c | 2 +- library/ssl_tls.c | 8 ++++---- library/ssl_tls13_client.c | 4 ++-- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_ssl.function | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d01164278..3213a2bc8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1256,7 +1256,7 @@ struct mbedtls_ssl_session { #if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_SSL_CLI_C) - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time that ticket was received */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); /*!< time that ticket was received */ #endif #if defined(MBEDTLS_SSL_SRV_C) mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); /*!< create time of ticket */ diff --git a/library/ssl_client.c b/library/ssl_client.c index 21114910e..0e87d8607 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -757,7 +757,7 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) session_negotiate->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 && session_negotiate->ticket != NULL) { mbedtls_ms_time_t now = mbedtls_ms_time(); - mbedtls_ms_time_t age = now - session_negotiate->ticket_received; + mbedtls_ms_time_t age = now - session_negotiate->ticket_reception_time; if (age < 0 || age > session_negotiate->ticket_lifetime * 1000) { /* Without valid ticket, disable session resumption.*/ MBEDTLS_SSL_DEBUG_MSG( diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 42d1b86b1..2a52047ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2443,7 +2443,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( * * struct { * opaque hostname<0..2^16-1>; - * uint64 ticket_received; + * uint64 ticket_reception_time; * uint32 ticket_lifetime; * opaque ticket<1..2^16-1>; * } ClientOnlyData; @@ -2492,7 +2492,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #endif #if defined(MBEDTLS_HAVE_TIME) - needed += 8; /* start_time or ticket_received */ + needed += 8; /* start_time or ticket_reception_time */ #endif #if defined(MBEDTLS_SSL_CLI_C) @@ -2555,7 +2555,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_HAVE_TIME) - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_received, p, 0); + MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); p += 8; #endif MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); @@ -2651,7 +2651,7 @@ static int ssl_tls13_session_load(mbedtls_ssl_session *session, if (end - p < 8) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session->ticket_received = MBEDTLS_GET_UINT64_BE(p, 0); + session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); p += 8; #endif if (end - p < 4) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 294a294cc..bb688b79c 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -938,7 +938,7 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( * 7 days (enforced in ssl_tls13_parse_new_session_ticket()) . Thus the * cast to `uint32_t` of the ticket age is safe. */ uint32_t obfuscated_ticket_age = - (uint32_t) (now - session->ticket_received); + (uint32_t) (now - session->ticket_reception_time); obfuscated_ticket_age += session->ticket_age_add; ret = ssl_tls13_write_identity(ssl, p, end, @@ -2829,7 +2829,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_HAVE_TIME) /* Store ticket creation time */ - session->ticket_received = mbedtls_ms_time(); + session->ticket_reception_time = mbedtls_ms_time(); #endif ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 9acb1997e..dd06d176a 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1761,7 +1761,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_CLI_C) if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_HAVE_TIME) - session->ticket_received = mbedtls_ms_time() - 40; + session->ticket_reception_time = mbedtls_ms_time() - 40; #endif session->ticket_lifetime = 0xfedcba98; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index ebbbddb20..6963ce24d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2072,7 +2072,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_HAVE_TIME) - TEST_ASSERT(original.ticket_received == restored.ticket_received); + TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time); #endif TEST_ASSERT(original.ticket_lifetime == restored.ticket_lifetime); TEST_ASSERT(original.ticket_len == restored.ticket_len); From cf9135100eb57d4e0d5f2861418eafd97da3f877 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 14 Nov 2023 11:06:52 +0800 Subject: [PATCH 361/430] fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 12 ++++++------ include/mbedtls/ssl.h | 4 ++-- library/ssl_misc.h | 2 -- library/ssl_tls.c | 4 ++-- library/ssl_tls13_client.c | 8 +++----- library/ssl_tls13_server.c | 4 ++-- programs/ssl/ssl_server2.c | 13 +++++-------- 7 files changed, 20 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 4acac9c08..407b31e1c 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -4099,7 +4099,7 @@ /** * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE * - * Maximum allowd ticket age difference in milliseconds tolerated between + * Maximum allowed ticket age difference in milliseconds tolerated between * server and client. Default value is 6000. This is not used in TLS 1.2. * * - The client ticket age is the time difference between the time when the @@ -4109,11 +4109,11 @@ * server receives a proposition from the client to use the ticket and the * time when the ticket was created by the server. * - * The ages might be different due to accuracy of RTC crypstal. The typical - * accuracy of an RTC crystal is ±100 to ±20 parts per million (360 to 72 - * milliseconds per hour). Default tolerance windows is 6s, thus in the worst - * case client and servers must sync up their system time every 6000/360/2~=8 - * hours. + * The ages might be different due to the client and server clocks not running + * at the same pace. The typical accuracy of an RTC crystal is ±100 to ±20 parts + * per million (360 to 72 milliseconds per hour). Default tolerance window is + * 6s, thus in the worst case clients and servers must sync up their system time + * every 6000/360/2~=8 hours. * */ //#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3213a2bc8..07a9e888e 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1256,10 +1256,10 @@ struct mbedtls_ssl_session { #if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_SSL_CLI_C) - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); /*!< time that ticket was received */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); /*!< time when ticket was received. */ #endif #if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); /*!< create time of ticket */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); /*!< time when ticket was created. */ #endif #endif /* MBEDTLS_HAVE_TIME */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c636ad461..2d2504b75 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2766,8 +2766,6 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) -#define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800) - static inline unsigned int mbedtls_ssl_session_get_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a52047ec..944caa09c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2457,7 +2457,7 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( * uint32 max_early_data_size; * select ( endpoint ) { * case client: ClientOnlyData; - * case server: uint64 ticket_creation_time_time; + * case server: uint64 ticket_creation_time; * }; * } serialized_session_tls13; * @@ -2492,7 +2492,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, #endif #if defined(MBEDTLS_HAVE_TIME) - needed += 8; /* start_time or ticket_reception_time */ + needed += 8; /* ticket_creation_time or ticket_reception_time */ #endif #if defined(MBEDTLS_SSL_CLI_C) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index bb688b79c..e7a4aef79 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -933,7 +933,7 @@ int mbedtls_ssl_tls13_write_identities_of_pre_shared_key_ext( #if defined(MBEDTLS_HAVE_TIME) mbedtls_ms_time_t now = mbedtls_ms_time(); mbedtls_ssl_session *session = ssl->session_negotiate; - /* The ticket age has been checked to be smaller that the + /* The ticket age has been checked to be smaller than the * `ticket_lifetime` in ssl_prepare_client_hello() which is smaller than * 7 days (enforced in ssl_tls13_parse_new_session_ticket()) . Thus the * cast to `uint32_t` of the ticket age is safe. */ @@ -2748,11 +2748,9 @@ static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", (unsigned int) session->ticket_lifetime)); - if (session->ticket_lifetime > - MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { - /* TODO: Add new return value here? */ + if (session->ticket_lifetime > 604800) { MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime exceeds 7 days.")); - return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 4); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index c9c0e1f08..465bf99d6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3025,8 +3025,8 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, * MAY treat a ticket as valid for a shorter period of time than what * is stated in the ticket_lifetime. */ - if (ticket_lifetime > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { - ticket_lifetime = MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME; + if (ticket_lifetime > 604800) { + ticket_lifetime = 604800; } MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0); MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1bfa529af..f85bc1af8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1422,18 +1422,15 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 3: /* Creation time in the future. */ - session->ticket_creation_time = mbedtls_ms_time() + - MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + - 4 * 1000; + session->ticket_creation_time = mbedtls_ms_time() + 1000; break; case 4: - /* Ticket reaches the end of lifetime. */ - session->ticket_creation_time = mbedtls_ms_time() - session->ticket_lifetime - - MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - 4 * 1000; + /* Ticket has reached the end of lifetime. */ + session->ticket_creation_time = mbedtls_ms_time() - + (7 * 24 * 3600 * 1000 + 1000); break; case 5: - /* Ticket is valid, but client age is beyond the upper bound of tolerance window. */ - + /* Ticket is valid, but client age is below the upper bound of tolerance window. */ session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; /* Make sure the execution time does not affect the result */ session->ticket_creation_time = mbedtls_ms_time(); From 472a69260bf868c329607b0e2bcf9c09d10a31e4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 14 Nov 2023 11:25:24 +0800 Subject: [PATCH 362/430] fix build failure Signed-off-by: Jerry Yu --- library/ssl_ticket.c | 13 ++++++++++++- tests/src/test_helpers/ssl_helpers.c | 2 +- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 0277bfa2c..61c87bed9 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -498,7 +498,18 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { /* Check for expiration */ - mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - session->ticket_creation_time; + mbedtls_ms_time_t ticket_age = -1; +#if defined(MBEDTLS_SSL_SRV_C) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + ticket_age = mbedtls_ms_time() - session->ticket_creation_time; + } +#endif +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { + ticket_age = mbedtls_ms_time() - session->ticket_reception_time; + } +#endif + mbedtls_ms_time_t ticket_lifetime = ctx->ticket_lifetime * 1000; if (ticket_age < 0 || ticket_age > ticket_lifetime) { diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index dd06d176a..d02d30539 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1752,7 +1752,7 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, session->max_early_data_size = 0x87654321; #endif -#if defined(MBEDTLS_HAVE_TIME) +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { session->ticket_creation_time = mbedtls_ms_time() - 42; } From 8e0174ac05e19a986508c65e70cc1bd6621f6ab2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 13:58:16 +0800 Subject: [PATCH 363/430] Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 ++ library/ssl_tls13_client.c | 3 ++- library/ssl_tls13_server.c | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2d2504b75..c636ad461 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2766,6 +2766,8 @@ int mbedtls_ssl_session_set_hostname(mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) +#define MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME (604800) + static inline unsigned int mbedtls_ssl_session_get_ticket_flags( mbedtls_ssl_session *session, unsigned int flags) { diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e7a4aef79..44814b99f 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2748,7 +2748,8 @@ static int ssl_tls13_parse_new_session_ticket(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", (unsigned int) session->ticket_lifetime)); - if (session->ticket_lifetime > 604800) { + if (session->ticket_lifetime > + MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime exceeds 7 days.")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 465bf99d6..8076b1411 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -213,7 +213,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * the "ticket_lifetime" value which was provided with the ticket. * */ - if (server_age > 604800 * 1000) { + if (server_age > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME * 1000) { MBEDTLS_SSL_DEBUG_MSG( 3, ("Ticket age exceeds limitation ticket_age=%" MBEDTLS_PRINTF_MS_TIME, server_age)); @@ -3025,8 +3025,8 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, * MAY treat a ticket as valid for a shorter period of time than what * is stated in the ticket_lifetime. */ - if (ticket_lifetime > 604800) { - ticket_lifetime = 604800; + if (ticket_lifetime > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME) { + ticket_lifetime = MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME; } MBEDTLS_PUT_UINT32_BE(ticket_lifetime, p, 0); MBEDTLS_SSL_DEBUG_MSG(3, ("ticket_lifetime: %u", From 04fceb782ba776431134090c66f8e4e6ea636df9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 09:52:46 +0800 Subject: [PATCH 364/430] Add freshness check information into document Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 407b31e1c..a4e90c5af 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -4115,6 +4115,7 @@ * 6s, thus in the worst case clients and servers must sync up their system time * every 6000/360/2~=8 hours. * + * See section 8.3 of the TLS 1.3 specification(RFC 8446) for more information. */ //#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 From 9cb953a402da4f7bd5bdd0b3de8bb86fe0c743ef Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 09:54:11 +0800 Subject: [PATCH 365/430] improve document Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8076b1411..374e1a2b3 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -229,7 +229,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * * NOTE: The typical accuracy of an RTC crystal is ±100 to ±20 parts per * million (360 to 72 milliseconds per hour). Default tolerance - * windows is 6s, thus in the worst case client and servers must + * window is 6s, thus in the worst case clients and servers must * sync up their system time every 6000/360/2~=8 hours. */ client_age = obfuscated_ticket_age - session->ticket_age_add; From b2455d24724c0133b5dac84c96849cb8cb097eb4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Nov 2023 09:57:32 +0800 Subject: [PATCH 366/430] Guards ticket_creation_time Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6963ce24d..23f0ff9c9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1973,7 +1973,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, * Make sure both session structures are identical */ #if defined(MBEDTLS_HAVE_TIME) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SRV_C) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); } From d84c14f80c68b22180a8259a42ee31a187469ba7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Nov 2023 13:33:57 +0800 Subject: [PATCH 367/430] improve code style Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- tests/suites/test_suite_ssl.function | 56 +++++++++++++++++----------- 2 files changed, 35 insertions(+), 23 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 374e1a2b3..63929d831 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -215,7 +215,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( */ if (server_age > MBEDTLS_SSL_TLS1_3_MAX_ALLOWED_TICKET_LIFETIME * 1000) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Ticket age exceeds limitation ticket_age=%" MBEDTLS_PRINTF_MS_TIME, + 3, ("Ticket age exceeds limitation ticket_age = %" MBEDTLS_PRINTF_MS_TIME, server_age)); goto exit; } diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 23f0ff9c9..fb2ae5421 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2185,19 +2185,25 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, ((void) tls_version); ((void) ticket_len); ((void) crt_file); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - } -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, crt_file) == 0); - } + switch (tls_version) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + case MBEDTLS_SSL_VERSION_TLS1_3: + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type) == 0); + break; #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + case MBEDTLS_SSL_VERSION_TLS1_2: + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, crt_file) == 0); + break; +#endif + default: + /* should never happen */ + TEST_ASSERT(0); + break; + } TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); @@ -2303,19 +2309,25 @@ void ssl_session_serialize_version_check(int corrupt_major, USE_PSA_INIT(); ((void) endpoint_type); ((void) tls_version); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - } -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, NULL) == 0); - } + switch (tls_version) { +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) + case MBEDTLS_SSL_VERSION_TLS1_3: + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type) == 0); + break; #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + case MBEDTLS_SSL_VERSION_TLS1_2: + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( + &session, 0, NULL) == 0); + break; +#endif + default: + /* should never happen */ + TEST_ASSERT(0); + break; + } /* Infer length of serialized session. */ TEST_ASSERT(mbedtls_ssl_session_save(&session, From 4ac648ef20f3094298b374aebb0c54eddb0ff6d9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Nov 2023 13:58:38 +0800 Subject: [PATCH 368/430] improve readability Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.function | 46 +++++++++++++++++++--------- 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index fb2ae5421..fc9b75ce4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1973,17 +1973,24 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, * Make sure both session structures are identical */ #if defined(MBEDTLS_HAVE_TIME) + switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SRV_C) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); - } + case MBEDTLS_SSL_VERSION_TLS1_3: + TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); + break; +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + case MBEDTLS_SSL_VERSION_TLS1_2: + TEST_ASSERT(original.start == restored.start); + break; #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(original.start == restored.start); + default: + /* should never happen */ + TEST_ASSERT(0); + break; } -#endif + #endif @@ -2246,20 +2253,28 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, ((void) tls_version); ((void) ticket_len); ((void) crt_file); + + switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - } + case MBEDTLS_SSL_VERSION_TLS1_3: + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type) == 0); + break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, crt_file) == 0); - } + case MBEDTLS_SSL_VERSION_TLS1_2: + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, crt_file) == 0); + break; #endif + default: + /* should never happen */ + TEST_ASSERT(0); + break; + } + TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len) == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); TEST_CALLOC(good_buf, good_len); @@ -2321,6 +2336,7 @@ void ssl_session_serialize_version_check(int corrupt_major, case MBEDTLS_SSL_VERSION_TLS1_2: TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( &session, 0, NULL) == 0); + break; #endif default: From 713ce1f88981ab7e2fdbaef5f700d79f217673f0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 17 Nov 2023 15:32:12 +0800 Subject: [PATCH 369/430] various improvement - improve change log entry - improve comments - remove unnecessary statement - change type of client_age Signed-off-by: Jerry Yu --- ChangeLog.d/gnutls_anti_replay_fail.txt | 7 ++++--- library/ssl_tls13_server.c | 8 ++++---- programs/ssl/ssl_server2.c | 4 ++-- tests/suites/test_suite_ssl.function | 3 --- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/ChangeLog.d/gnutls_anti_replay_fail.txt b/ChangeLog.d/gnutls_anti_replay_fail.txt index cb65b3ba6..cb35284e1 100644 --- a/ChangeLog.d/gnutls_anti_replay_fail.txt +++ b/ChangeLog.d/gnutls_anti_replay_fail.txt @@ -1,4 +1,5 @@ Bugfix - * Fixes #6623. That is time unit issue. The unit of ticket age is seconds in - MBedTLS and milliseconds in GnuTLS. If the real age is 10ms, it might be - 1s(1000ms), as a result, the age of MBedTLS is bigger than GnuTLS server. + * Switch to milliseconds as the unit for ticket creation and reception time + instead of seconds. That avoids rounding errors when computing the age of + tickets compared to peer using a millisecond clock (observed with GnuTLS). + Fixes #6623. diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 63929d831..d8ce37508 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -113,7 +113,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( #if defined(MBEDTLS_HAVE_TIME) mbedtls_ms_time_t now; mbedtls_ms_time_t server_age; - mbedtls_ms_time_t client_age; + uint32_t client_age; mbedtls_ms_time_t age_diff; #endif @@ -195,8 +195,8 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( if (now < session->ticket_creation_time) { MBEDTLS_SSL_DEBUG_MSG( - 3, ("Invalid ticket start time ( now = %" MBEDTLS_PRINTF_MS_TIME - ", start = %" MBEDTLS_PRINTF_MS_TIME " )", + 3, ("Invalid ticket creation time ( now = %" MBEDTLS_PRINTF_MS_TIME + ", creation_time = %" MBEDTLS_PRINTF_MS_TIME " )", now, session->ticket_creation_time)); goto exit; } @@ -233,7 +233,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * sync up their system time every 6000/360/2~=8 hours. */ client_age = obfuscated_ticket_age - session->ticket_age_add; - age_diff = server_age - client_age; + age_diff = server_age - (mbedtls_ms_time_t)client_age; if (age_diff < -MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE || age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { MBEDTLS_SSL_DEBUG_MSG( diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f85bc1af8..c96128b94 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1430,14 +1430,14 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, (7 * 24 * 3600 * 1000 + 1000); break; case 5: - /* Ticket is valid, but client age is below the upper bound of tolerance window. */ + /* Ticket is valid, but client age is below the lower bound of the tolerance window. */ session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; /* Make sure the execution time does not affect the result */ session->ticket_creation_time = mbedtls_ms_time(); break; case 6: - /* Ticket is valid, but client age is beyond the lower bound of tolerance window. */ + /* Ticket is valid, but client age is beyond the upper bound of the tolerance window. */ session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; /* Make sure the execution time does not affect the result */ session->ticket_creation_time = mbedtls_ms_time(); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index fc9b75ce4..444c32a37 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2189,7 +2189,6 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, /* Prepare dummy session and get serialized size */ ((void) endpoint_type); - ((void) tls_version); ((void) ticket_len); ((void) crt_file); @@ -2250,7 +2249,6 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, /* Prepare serialized session data */ ((void) endpoint_type); - ((void) tls_version); ((void) ticket_len); ((void) crt_file); @@ -2323,7 +2321,6 @@ void ssl_session_serialize_version_check(int corrupt_major, mbedtls_ssl_session_init(&session); USE_PSA_INIT(); ((void) endpoint_type); - ((void) tls_version); switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) From 60e997205d618d10b77a820b3aed6cb4e1e27626 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 20 Nov 2023 09:55:24 +0800 Subject: [PATCH 370/430] replace check string The output has been changed Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- tests/opt-testcases/tls13-misc.sh | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d8ce37508..d983a0039 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -233,7 +233,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( * sync up their system time every 6000/360/2~=8 hours. */ client_age = obfuscated_ticket_age - session->ticket_age_add; - age_diff = server_age - (mbedtls_ms_time_t)client_age; + age_diff = server_age - (mbedtls_ms_time_t) client_age; if (age_diff < -MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE || age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { MBEDTLS_SSL_DEBUG_MSG( diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 3816a2b45..920838449 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -86,7 +86,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed -S "key exchange mode: psk$" \ -s "ticket is not authentic" \ -S "ticket is expired" \ - -S "Invalid ticket start time" \ + -S "Invalid ticket creation time" \ -S "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" @@ -105,7 +105,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -s "ticket is expired" \ - -S "Invalid ticket start time" \ + -S "Invalid ticket creation time" \ -S "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" @@ -124,7 +124,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -s "Invalid ticket start time" \ + -s "Invalid ticket creation time" \ -S "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" @@ -143,7 +143,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Invalid ticket start time" \ + -S "Invalid ticket creation time" \ -s "Ticket age exceeds limitation" \ -S "Ticket age outside tolerance window" @@ -162,7 +162,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Invalid ticket start time" \ + -S "Invalid ticket creation time" \ -S "Ticket age exceeds limitation" \ -s "Ticket age outside tolerance window" @@ -181,7 +181,7 @@ run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window -S "key exchange mode: psk$" \ -S "ticket is not authentic" \ -S "ticket is expired" \ - -S "Invalid ticket start time" \ + -S "Invalid ticket creation time" \ -S "Ticket age exceeds limitation" \ -s "Ticket age outside tolerance window" From aa5dc24df9206132118ab6d5868382069b8a9149 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 20 Nov 2023 18:07:54 +0800 Subject: [PATCH 371/430] Change if to switch case Signed-off-by: Jerry Yu --- tests/suites/test_suite_ssl.function | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 444c32a37..85776cca3 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2120,23 +2120,28 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, /* Prepare a dummy session to work on */ ((void) endpoint_type); - ((void) tls_version); ((void) ticket_len); ((void) crt_file); + + switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( - &session, 0, endpoint_type) == 0); - } + case MBEDTLS_SSL_VERSION_TLS1_3: + TEST_ASSERT(mbedtls_test_ssl_tls13_populate_session( + &session, 0, endpoint_type) == 0); + break; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - - TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, crt_file) == 0); - } + case MBEDTLS_SSL_VERSION_TLS1_2: + TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( + &session, ticket_len, crt_file) == 0); + break; #endif + default: + /* should never happen */ + TEST_ASSERT(0); + break; + } /* Get desired buffer size for serializing */ TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0) From 9f176a27664732e6476c2f461f323225b4bab6f0 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 21 Nov 2023 11:49:57 +0000 Subject: [PATCH 372/430] Fix status assignments when loading persistent keys Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 38e327385..5ecc3a76c 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -237,12 +237,16 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) data = (psa_se_key_data_storage_t *) key_data; status = psa_copy_key_material_into_slot( slot, data->slot_number, sizeof(data->slot_number)); + + if (status == PSA_SUCCESS) { + slot->status = PSA_SLOT_OCCUPIED; + } goto exit; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ status = psa_copy_key_material_into_slot(slot, key_data, key_data_length); - if (status != PSA_SUCCESS){ + if (status != PSA_SUCCESS) { goto exit; } From 7a715c4537775c780222d0545d3af9049d948f13 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Nov 2023 13:42:40 +0100 Subject: [PATCH 373/430] Fix the build with gcc-12 -Wuse-after-free Signed-off-by: Gilles Peskine --- programs/test/metatest.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 2973cce3f..b8dffa9bb 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -46,6 +46,12 @@ */ volatile int false_but_the_compiler_does_not_know = 0; +/* Hide calls to calloc/free from static checkers such as + * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about + * code where we do mean to cause a runtime error. */ +void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc; +void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free; + /* Set n bytes at the address p to all-bits-zero, in such a way that * the compiler should not know that p is all-bits-zero. */ static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n) @@ -98,9 +104,9 @@ void null_pointer_call(const char *name) void read_after_free(const char *name) { (void) name; - volatile char *p = mbedtls_calloc(1, 1); + volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); *p = 'a'; - mbedtls_free((void *) p); + free_but_the_compiler_does_not_know((void *) p); /* Undefined behavior (read after free) */ mbedtls_printf("%u\n", (unsigned) *p); } @@ -108,11 +114,11 @@ void read_after_free(const char *name) void double_free(const char *name) { (void) name; - volatile char *p = mbedtls_calloc(1, 1); + volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); *p = 'a'; - mbedtls_free((void *) p); + free_but_the_compiler_does_not_know((void *) p); /* Undefined behavior (double free) */ - mbedtls_free((void *) p); + free_but_the_compiler_does_not_know((void *) p); } void read_uninitialized_stack(const char *name) @@ -132,7 +138,7 @@ void read_uninitialized_stack(const char *name) void memory_leak(const char *name) { (void) name; - volatile char *p = mbedtls_calloc(1, 1); + volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); mbedtls_printf("%u\n", (unsigned) *p); /* Leak of a heap object */ } From e4a6f5a7ecceb603cfdc7a2be99693f0bd0aa1eb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 4 Nov 2023 12:20:09 +0000 Subject: [PATCH 374/430] Use size_t cast for pointer subtractions Signed-off-by: Dave Rodgman --- library/aesce.c | 2 +- library/base64.c | 4 ++-- library/bignum.c | 2 +- library/debug.c | 2 +- library/dhm.c | 4 ++-- library/ecdh.c | 4 ++-- library/ecjpake.c | 20 ++++++++++---------- library/lms.c | 8 ++++---- library/oid.c | 2 +- library/pem.c | 8 ++++---- library/pkcs7.c | 2 +- library/pkparse.c | 4 ++-- library/psa_crypto.c | 2 +- library/rsa.c | 6 +++--- library/ssl_client.c | 14 +++++++------- library/ssl_msg.c | 27 ++++++++++++++------------- library/ssl_ticket.c | 4 ++-- library/ssl_tls.c | 12 ++++++------ library/ssl_tls12_client.c | 10 +++++----- library/ssl_tls12_server.c | 28 ++++++++++++++-------------- library/x509_create.c | 8 ++++---- library/x509_crl.c | 4 ++-- library/x509_crt.c | 10 +++++----- library/x509_csr.c | 4 ++-- library/x509write_crt.c | 2 +- library/x509write_csr.c | 4 ++-- 26 files changed, 99 insertions(+), 98 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index f2bdce2db..1a0db163d 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -300,7 +300,7 @@ static void aesce_setkey_enc(unsigned char *rk, rki + key_len_in_words < rko_end; rki += key_len_in_words) { - size_t iteration = (rki - (uint32_t *) rk) / key_len_in_words; + size_t iteration = (size_t) (rki - (uint32_t *) rk) / key_len_in_words; uint32_t *rko; rko = rki + key_len_in_words; rko[0] = aes_rot_word(aes_sub_word(rki[key_len_in_words - 1])); diff --git a/library/base64.c b/library/base64.c index a58717d6b..9677dee5b 100644 --- a/library/base64.c +++ b/library/base64.c @@ -116,7 +116,7 @@ int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, *p++ = '='; } - *olen = p - dst; + *olen = (size_t) (p - dst); *p = 0; return 0; @@ -225,7 +225,7 @@ int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen, } } - *olen = p - dst; + *olen = (size_t) (p - dst); return 0; } diff --git a/library/bignum.c b/library/bignum.c index 09ce0301f..1b7ff5863 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -701,7 +701,7 @@ int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, } *p++ = '\0'; - *olen = p - buf; + *olen = (size_t) (p - buf); cleanup: diff --git a/library/debug.c b/library/debug.c index c7bbd41bd..a9d58e55b 100644 --- a/library/debug.c +++ b/library/debug.c @@ -366,7 +366,7 @@ static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level, start = text; for (cur = text; *cur != '\0'; cur++) { if (*cur == '\n') { - size_t len = cur - start + 1; + size_t len = (size_t) (cur - start) + 1; if (len > DEBUG_BUF_SIZE - 1) { len = DEBUG_BUF_SIZE - 1; } diff --git a/library/dhm.c b/library/dhm.c index 3daf0c2d4..e423657c1 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -51,7 +51,7 @@ static int dhm_read_bignum(mbedtls_mpi *X, n = ((*p)[0] << 8) | (*p)[1]; (*p) += 2; - if ((int) (end - *p) < n) { + if ((size_t) (end - *p) < (size_t) n) { return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; } @@ -257,7 +257,7 @@ int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size, DHM_MPI_EXPORT(&ctx->G, n2); DHM_MPI_EXPORT(&ctx->GX, n3); - *olen = p - output; + *olen = (size_t) (p - output); cleanup: if (ret != 0 && ret > -128) { diff --git a/library/ecdh.c b/library/ecdh.c index e060b1883..52b161706 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -363,7 +363,7 @@ static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx, const unsigned char *end) { return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf, - end - *buf); + (size_t) (end - *buf)); } /* @@ -379,7 +379,7 @@ int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf)) + if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, (size_t) (end - *buf))) != 0) { return ret; } diff --git a/library/ecjpake.c b/library/ecjpake.c index fb13a395b..cdf5d7ea4 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -168,7 +168,7 @@ static int ecjpake_write_len_point(unsigned char **p, } ret = mbedtls_ecp_point_write_binary(grp, P, pf, - &len, *p + 4, end - (*p + 4)); + &len, *p + 4, (size_t) (end - (*p + 4))); if (ret != 0) { return ret; } @@ -226,7 +226,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type, /* Compute hash */ MBEDTLS_MPI_CHK(mbedtls_ecjpake_compute_hash(md_type, - buf, p - buf, hash)); + buf, (size_t) (p - buf), hash)); /* Turn it into an integer mod n */ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash, @@ -269,7 +269,7 @@ static int ecjpake_zkp_read(const mbedtls_md_type_t md_type, return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p)); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, (size_t) (end - *p))); if (end < *p || (size_t) (end - *p) < 1) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; @@ -346,7 +346,7 @@ static int ecjpake_zkp_write(const mbedtls_md_type_t md_type, /* Write it out */ MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, &V, - pf, &len, *p, end - *p)); + pf, &len, *p, (size_t) (end - *p))); *p += len; len = mbedtls_mpi_size(&h); /* actually r */ @@ -392,7 +392,7 @@ static int ecjpake_kkp_read(const mbedtls_md_type_t md_type, * ECSchnorrZKP zkp; * } ECJPAKEKeyKP; */ - MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p)); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, (size_t) (end - *p))); if (mbedtls_ecp_is_zero(X)) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; @@ -431,7 +431,7 @@ static int ecjpake_kkp_write(const mbedtls_md_type_t md_type, MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X, f_rng, p_rng)); MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, X, - pf, &len, *p, end - *p)); + pf, &len, *p, (size_t) (end - *p))); *p += len; /* Generate and write proof */ @@ -504,7 +504,7 @@ static int ecjpake_kkpp_write(const mbedtls_md_type_t md_type, MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_type, grp, pf, G, xm2, Xb, id, &p, end, f_rng, p_rng)); - *olen = p - buf; + *olen = (size_t) (p - buf); cleanup: return ret; @@ -693,7 +693,7 @@ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, goto cleanup; } MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len, - p, end - p)); + p, (size_t) (end - p))); p += ec_len; } @@ -702,7 +702,7 @@ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, goto cleanup; } MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm, - ctx->point_format, &ec_len, p, end - p)); + ctx->point_format, &ec_len, p, (size_t) (end - p))); p += ec_len; MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_type, &ctx->grp, @@ -710,7 +710,7 @@ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, &G, &xm, &Xm, ID_MINE, &p, end, f_rng, p_rng)); - *olen = p - buf; + *olen = (size_t) (p - buf); cleanup: mbedtls_ecp_point_free(&G); diff --git a/library/lms.c b/library/lms.c index 0c470a0c3..00525bb74 100644 --- a/library/lms.c +++ b/library/lms.c @@ -505,7 +505,7 @@ static int get_merkle_path(mbedtls_lms_private_t *ctx, unsigned int height; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(ctx->params.type), + tree = mbedtls_calloc((size_t) MERKLE_TREE_NODE_AM(ctx->params.type), node_bytes); if (tree == NULL) { return MBEDTLS_ERR_LMS_ALLOC_FAILED; @@ -530,7 +530,7 @@ static int get_merkle_path(mbedtls_lms_private_t *ctx, exit: mbedtls_zeroize_and_free(tree, node_bytes * - MERKLE_TREE_NODE_AM(ctx->params.type)); + (size_t) MERKLE_TREE_NODE_AM(ctx->params.type)); return ret; } @@ -669,7 +669,7 @@ int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx, return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } - tree = mbedtls_calloc(MERKLE_TREE_NODE_AM(priv_ctx->params.type), + tree = mbedtls_calloc((size_t) MERKLE_TREE_NODE_AM(priv_ctx->params.type), node_bytes); if (tree == NULL) { return MBEDTLS_ERR_LMS_ALLOC_FAILED; @@ -692,7 +692,7 @@ int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx, exit: mbedtls_zeroize_and_free(tree, node_bytes * - MERKLE_TREE_NODE_AM(priv_ctx->params.type)); + (size_t) MERKLE_TREE_NODE_AM(priv_ctx->params.type)); return ret; } diff --git a/library/oid.c b/library/oid.c index 6184abe40..d8339c138 100644 --- a/library/oid.c +++ b/library/oid.c @@ -1129,7 +1129,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - encoded_len = out_ptr - oid->p; + encoded_len = (size_t) (out_ptr - oid->p); resized_mem = mbedtls_calloc(encoded_len, 1); if (resized_mem == NULL) { ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; diff --git a/library/pem.c b/library/pem.c index 9500ffcf7..539134c29 100644 --- a/library/pem.c +++ b/library/pem.c @@ -298,7 +298,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const if (*end == '\n') { end++; } - *use_len = end - data; + *use_len = (size_t) (end - data); enc = 0; @@ -383,7 +383,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return MBEDTLS_ERR_PEM_INVALID_DATA; } - ret = mbedtls_base64_decode(NULL, 0, &len, s1, s2 - s1); + ret = mbedtls_base64_decode(NULL, 0, &len, s1, (size_t) (s2 - s1)); if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); @@ -393,7 +393,7 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return MBEDTLS_ERR_PEM_ALLOC_FAILED; } - if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) { + if ((ret = mbedtls_base64_decode(buf, len, &len, s1, (size_t) (s2 - s1))) != 0) { mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } @@ -508,7 +508,7 @@ int mbedtls_pem_write_buffer(const char *header, const char *footer, p += strlen(footer); *p++ = '\0'; - *olen = p - buf; + *olen = (size_t) (p - buf); /* Clean any remaining data previously written to the buffer */ memset(buf + *olen, 0, buf_len - *olen); diff --git a/library/pkcs7.c b/library/pkcs7.c index 36b49f53b..0869c2e07 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -316,7 +316,7 @@ static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, goto out; } - signer->issuer_raw.len = *p - signer->issuer_raw.p; + signer->issuer_raw.len = (size_t) (*p - signer->issuer_raw.p); ret = mbedtls_x509_get_serial(p, end_issuer_and_sn, &signer->serial); if (ret != 0) { diff --git a/library/pkparse.c b/library/pkparse.c index 3bb5f7be2..edebf92ff 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -928,7 +928,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_use_ecparams(&alg_params, pk); } if (ret == 0) { - ret = pk_ecc_set_pubkey(pk, *p, end - *p); + ret = pk_ecc_set_pubkey(pk, *p, (size_t) (end - *p)); *p += end - *p; } } else @@ -1233,7 +1233,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - if ((ret = pk_ecc_set_pubkey(pk, p, end2 - p)) == 0) { + if ((ret = pk_ecc_set_pubkey(pk, p, (size_t) (end2 - p))) == 0) { pubkey_done = 1; } else { /* diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bbd6b24ed..06840140d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6625,7 +6625,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( memcpy(cur, data, data_length); cur += data_length; - status = psa_tls12_prf_set_key(prf, pms, cur - pms); + status = psa_tls12_prf_set_key(prf, pms, (size_t) (cur - pms)); mbedtls_zeroize_and_free(pms, pms_len); return status; diff --git a/library/rsa.c b/library/rsa.c index 38c3dd6be..1bf5d13ca 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1620,12 +1620,12 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, goto cleanup; } - if (ilen - (p - buf) > output_max_len) { + if (ilen - ((size_t) (p - buf)) > output_max_len) { ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; goto cleanup; } - *olen = ilen - (p - buf); + *olen = ilen - ((size_t) (p - buf)); if (*olen != 0) { memcpy(output, p, *olen); } @@ -2191,7 +2191,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_INVALID_PADDING; } - observed_salt_len = hash_start - p; + observed_salt_len = (size_t) (hash_start - p); if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && observed_salt_len != (size_t) expected_salt_len) { diff --git a/library/ssl_client.c b/library/ssl_client.c index 0e87d8607..7284ee2d5 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -155,7 +155,7 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, p += protocol_name_len; } - *out_len = p - buf; + *out_len = (size_t) (p - buf); /* List length = *out_len - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ MBEDTLS_PUT_UINT16_BE(*out_len - 6, buf, 4); @@ -285,7 +285,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, } /* Length of named_group_list */ - named_group_list_len = p - named_group_list; + named_group_list_len = (size_t) (p - named_group_list); if (named_group_list_len == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("No group available.")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -301,7 +301,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF(3, "Supported groups extension", buf + 4, named_group_list_len + 2); - *out_len = p - buf; + *out_len = (size_t) (p - buf); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_set_hs_sent_ext_mask( @@ -391,14 +391,14 @@ static int ssl_write_client_hello_cipher_suites( } /* Write the cipher_suites length in number of bytes */ - cipher_suites_len = p - cipher_suites; + cipher_suites_len = (size_t) (p - cipher_suites); MBEDTLS_PUT_UINT16_BE(cipher_suites_len, buf, 0); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, got %" MBEDTLS_PRINTF_SIZET " cipher suites", cipher_suites_len/2)); /* Output the total length of cipher_suites field. */ - *out_len = p - buf; + *out_len = (size_t) (p - buf); return 0; } @@ -679,7 +679,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ /* Write the length of the list of extensions. */ - extensions_len = p - p_extensions_len - 2; + extensions_len = (size_t) (p - p_extensions_len) - 2; if (extensions_len == 0) { p = p_extensions_len; @@ -696,7 +696,7 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, 3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->sent_extensions); #endif - *out_len = p - buf; + *out_len = (size_t) (p - buf); return 0; } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cffd1c90f..0d7188406 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -848,7 +848,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, cur += 2; } - *add_data_len = cur - add_data; + *add_data_len = (size_t) (cur - add_data); } #if defined(MBEDTLS_SSL_HAVE_AEAD) @@ -1212,7 +1212,7 @@ hmac_failed_etm_disabled: iv, transform->ivlen, add_data, add_data_len, data, rec->data_len, /* src */ - data, rec->buf_len - (data - rec->buf), /* dst */ + data, rec->buf_len - (size_t) (data - rec->buf), /* dst */ &rec->data_len, transform->taglen)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt_ext", ret); @@ -1635,12 +1635,13 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, return ret; } #else - if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, /* src */ - data, rec->buf_len - (data - rec->buf), &olen, /* dst */ - transform->taglen)) != 0) { + if ((ret = mbedtls_cipher_auth_decrypt_ext + (&transform->cipher_ctx_dec, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len + transform->taglen, /* src */ + data, rec->buf_len - (size_t) (data - rec->buf), &olen, /* dst */ + transform->taglen)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt_ext", ret); if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) { @@ -2228,7 +2229,7 @@ int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want) MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired")); ret = MBEDTLS_ERR_SSL_TIMEOUT; } else { - len = in_buf_len - (ssl->in_hdr - ssl->in_buf); + len = in_buf_len - (size_t) (ssl->in_hdr - ssl->in_buf); if (mbedtls_ssl_is_handshake_over(ssl) == 0) { timeout = ssl->handshake->retransmit_timeout; @@ -2592,7 +2593,7 @@ int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) } else { const unsigned char * const p = ssl->handshake->cur_msg_p; const size_t hs_len = cur->len - 12; - const size_t frag_off = p - (cur->p + 12); + const size_t frag_off = (size_t) (p - (cur->p + 12)); const size_t rem_len = hs_len - frag_off; size_t cur_hs_frag_len, max_hs_frag_len; @@ -2969,9 +2970,9 @@ int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, int force_flush) mbedtls_record rec; rec.buf = ssl->out_iv; - rec.buf_len = out_buf_len - (ssl->out_iv - ssl->out_buf); + rec.buf_len = out_buf_len - (size_t) (ssl->out_iv - ssl->out_buf); rec.data_len = ssl->out_msglen; - rec.data_offset = ssl->out_msg - rec.buf; + rec.data_offset = (size_t) (ssl->out_msg - rec.buf); memcpy(&rec.ctr[0], ssl->out_ctr, sizeof(rec.ctr)); mbedtls_ssl_write_version(rec.ver, ssl->conf->transport, tls_ver); @@ -3594,7 +3595,7 @@ int mbedtls_ssl_check_dtls_clihlo_cookie( return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - *olen = p - obuf; + *olen = (size_t) (p - obuf); /* Go back and fill length fields */ obuf[27] = (unsigned char) (*olen - 28); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 61c87bed9..0908982ed 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -341,7 +341,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, /* Dump session state */ if ((ret = mbedtls_ssl_session_save(session, - state, end - state, + state, (size_t) (end - state), &clear_len)) != 0 || (unsigned long) clear_len > 65535) { goto cleanup; @@ -364,7 +364,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, /* Additional data: key name, IV and length */ key_name, TICKET_ADD_DATA_LEN, state, clear_len, - state, end - state, &ciph_len, + state, (size_t) (end - state), &ciph_len, TICKET_AUTH_TAG_BYTES)) != 0) { goto cleanup; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 944caa09c..50f3a6161 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3755,7 +3755,7 @@ static int ssl_session_load(mbedtls_ssl_session *session, session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); /* Dispatch according to TLS version. */ - remaining_len = (end - p); + remaining_len = (size_t) (end - p); switch (session->tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: @@ -6795,7 +6795,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha /* Write length only when we know the actual value */ if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, - p + 2, end - (p + 2), &len, + p + 2, (size_t) (end - (p + 2)), &len, ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); return ret; @@ -6812,7 +6812,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha size_t zlen; if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen, - p + 2, end - (p + 2), + p + 2, (size_t) (end - (p + 2)), ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); return ret; @@ -6845,7 +6845,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_excha memcpy(p, psk, psk_len); p += psk_len; - ssl->handshake->pmslen = p - ssl->handshake->premaster; + ssl->handshake->pmslen = (size_t) (p - ssl->handshake->premaster); return 0; } @@ -9328,7 +9328,7 @@ int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, } /* Length of supported_signature_algorithms */ - supported_sig_alg_len = p - supported_sig_alg; + supported_sig_alg_len = (size_t) (p - supported_sig_alg); if (supported_sig_alg_len == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("No signature algorithms defined.")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -9338,7 +9338,7 @@ int mbedtls_ssl_write_sig_alg_ext(mbedtls_ssl_context *ssl, unsigned char *buf, MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len + 2, buf, 2); MBEDTLS_PUT_UINT16_BE(supported_sig_alg_len, buf, 4); - *out_len = p - buf; + *out_len = (size_t) (p - buf); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) mbedtls_ssl_tls13_set_hs_sent_ext_mask(ssl, MBEDTLS_TLS_EXT_SIG_ALG); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 9aa46bd15..78297e89e 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -607,7 +607,7 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, p += ext_len; #endif - *out_len = p - buf; + *out_len = (size_t) (p - buf); return 0; } @@ -2174,7 +2174,7 @@ start_processing: #endif p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); end = ssl->in_msg + ssl->in_hslen; - MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, end - p); + MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, (size_t) (end - p)); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || @@ -2299,7 +2299,7 @@ start_processing: mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - size_t params_len = p - params; + size_t params_len = (size_t) (p - params); void *rs_ctx = NULL; uint16_t sig_alg; @@ -3252,9 +3252,9 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) size_t hashlen; void *rs_ctx = NULL; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); #else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); #endif MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b007e5c66..c2e08146b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1858,7 +1858,7 @@ static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, *p++ = 0x00; } - *olen = p - buf; + *olen = (size_t) (p - buf); } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) @@ -1950,7 +1950,7 @@ static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, - p + 2, end - p - 2, &kkpp_len, + p + 2, (size_t) (end - p - 2), &kkpp_len, MBEDTLS_ECJPAKE_ROUND_ONE); if (ret != 0) { psa_destroy_key(ssl->handshake->psa_pake_password); @@ -1960,7 +1960,7 @@ static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, } #else ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, + p + 2, (size_t) (end - p - 2), &kkpp_len, ssl->conf->f_rng, ssl->conf->p_rng); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret); @@ -2081,7 +2081,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte); - ssl->out_msglen = p - ssl->out_msg; + ssl->out_msglen = (size_t) (p - ssl->out_msg); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; @@ -2386,7 +2386,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) p += 2 + ext_len; } - ssl->out_msglen = p - buf; + ssl->out_msglen = (size_t) (p - buf); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; @@ -2570,12 +2570,12 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size); - total_dn_size += 2 + dn_size; + total_dn_size += (unsigned short) (2 + dn_size); crt = crt->next; } } - ssl->out_msglen = p - buf; + ssl->out_msglen = (size_t) (p - buf); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); @@ -2779,9 +2779,9 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len = ssl->out_buf_len - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = ssl->out_buf_len - (size_t) (ssl->out_msg - ssl->out_buf); #else - size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (ssl->out_msg - ssl->out_buf); + size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - (size_t) (ssl->out_msg - ssl->out_buf); #endif #endif @@ -3086,7 +3086,7 @@ curve_matching_done: return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; + size_t dig_signed_len = (size_t) (ssl->out_msg + ssl->out_msglen - dig_signed); size_t hashlen = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; @@ -3763,7 +3763,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; #else if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, end - p)) != 0) { + p, (size_t) (end - p))) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); return MBEDTLS_ERR_SSL_DECODE_ERROR; } @@ -3976,7 +3976,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, - p, end - p)) != 0) { + p, (size_t) (end - p))) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); return MBEDTLS_ERR_SSL_DECODE_ERROR; } @@ -4005,7 +4005,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, p, end - p, + &ssl->handshake->psa_pake_ctx, p, (size_t) (end - p), MBEDTLS_ECJPAKE_ROUND_TWO)) != 0) { psa_destroy_key(ssl->handshake->psa_pake_password); psa_pake_abort(&ssl->handshake->psa_pake_ctx); @@ -4015,7 +4015,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) } #else ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, - p, end - p); + p, (size_t) (end - p)); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; diff --git a/library/x509_create.c b/library/x509_create.c index 424cce1d9..8f31c3bea 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -169,7 +169,7 @@ static int parse_attribute_value_string(const char *s, return MBEDTLS_ERR_X509_INVALID_NAME; } } - *data_len = d - data; + *data_len = (size_t) (d - data); return 0; } @@ -297,8 +297,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam while (c <= end) { if (in_attr_type && *c == '=') { - if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { - if ((mbedtls_oid_from_numeric_string(&oid, s, c - s)) != 0) { + if ((attr_descr = x509_attr_descr_from_name(s, (size_t) (c - s))) == NULL) { + if ((mbedtls_oid_from_numeric_string(&oid, s, (size_t) (c - s))) != 0) { return MBEDTLS_ERR_X509_INVALID_NAME; } else { numericoid = 1; @@ -322,7 +322,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam /* We know that c >= s (loop invariant) and c != s (in this * else branch), hence c - s - 1 >= 0. */ parse_ret = parse_attribute_value_hex_der_encoded( - s + 1, c - s - 1, + s + 1, (size_t) (c - s) - 1, data, sizeof(data), &data_len, &tag); if (parse_ret != 0) { mbedtls_free(oid.p); diff --git a/library/x509_crl.c b/library/x509_crl.c index cad784eeb..fdbad238a 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -367,7 +367,7 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, } end = p + len; - crl->tbs.len = end - crl->tbs.p; + crl->tbs.len = (size_t) (end - crl->tbs.p); /* * Version ::= INTEGER OPTIONAL { v1(0), v2(1) } @@ -411,7 +411,7 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, return ret; } - crl->issuer_raw.len = p - crl->issuer_raw.p; + crl->issuer_raw.len = (size_t) (p - crl->issuer_raw.p); /* * thisUpdate Time diff --git a/library/x509_crt.c b/library/x509_crt.c index f41eb47d7..1fe4448e4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1108,7 +1108,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, } end = crt_end = p + len; - crt->raw.len = crt_end - buf; + crt->raw.len = (size_t) (crt_end - buf); if (make_copy != 0) { /* Create and populate a new buffer for the raw field. */ crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); @@ -1138,7 +1138,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, } end = p + len; - crt->tbs.len = end - crt->tbs.p; + crt->tbs.len = (size_t) (end - crt->tbs.p); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } @@ -1185,7 +1185,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, return ret; } - crt->issuer_raw.len = p - crt->issuer_raw.p; + crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); /* * Validity ::= SEQUENCE { @@ -1215,7 +1215,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, return ret; } - crt->subject_raw.len = p - crt->subject_raw.p; + crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); /* * SubjectPublicKeyInfo @@ -1225,7 +1225,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, mbedtls_x509_crt_free(crt); return ret; } - crt->pk_raw.len = p - crt->pk_raw.p; + crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); /* * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, diff --git a/library/x509_csr.c b/library/x509_csr.c index a293ec017..79b158964 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -328,7 +328,7 @@ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, } end = p + len; - csr->cri.len = end - csr->cri.p; + csr->cri.len = (size_t) (end - csr->cri.p); /* * Version ::= INTEGER { v1(0) } @@ -361,7 +361,7 @@ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr, return ret; } - csr->subject_raw.len = p - csr->subject_raw.p; + csr->subject_raw.len = (size_t) (p - csr->subject_raw.p); /* * subjectPKInfo SubjectPublicKeyInfo diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4c019eee4..44b6b1781 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -481,7 +481,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, */ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->subject_key, - buf, c - buf)); + buf, (size_t) (c - buf))); c -= pub_len; len += pub_len; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 4e397553a..254da69a9 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -185,7 +185,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)); MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key, - buf, c - buf)); + buf, (size_t) (c - buf))); c -= pub_len; len += pub_len; @@ -276,7 +276,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); /* Zero the unused bytes at the start of buf */ - memset(buf, 0, c2 - buf); + memset(buf, 0, (size_t) (c2 - buf)); return (int) len; } From b2e8419b50144676328843482927b3c12bf36f23 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 23:32:39 +0000 Subject: [PATCH 375/430] Fix types in entropy_poll.c Signed-off-by: Dave Rodgman --- library/entropy_poll.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index e8c669f9c..de2e0387a 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -88,7 +88,7 @@ static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) memset(buf, 0, buflen); #endif #endif - return syscall(SYS_getrandom, buf, buflen, flags); + return (int) syscall(SYS_getrandom, buf, buflen, flags); } #endif /* SYS_getrandom */ #endif /* __linux__ || __midipix__ */ @@ -102,7 +102,7 @@ static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) #define HAVE_GETRANDOM static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) { - return getrandom(buf, buflen, flags); + return (int) getrandom(buf, buflen, flags); } #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) || (__DragonFly__ && __DragonFly_version >= 500700) */ @@ -156,7 +156,7 @@ int mbedtls_platform_entropy_poll(void *data, #if defined(HAVE_GETRANDOM) ret = getrandom_wrapper(output, len, 0); if (ret >= 0) { - *olen = ret; + *olen = (size_t) ret; return 0; } else if (errno != ENOSYS) { return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; From a3d0f61aec2499014564798e71d54e08ebed76b0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 23:34:02 +0000 Subject: [PATCH 376/430] Use MBEDTLS_GET_UINTxx_BE macro Signed-off-by: Dave Rodgman --- library/dhm.c | 2 +- library/psa_its_file.c | 11 +++-------- library/ssl_msg.c | 27 +++++++++------------------ library/ssl_ticket.c | 2 +- library/ssl_tls.c | 13 ++++++------- library/ssl_tls12_client.c | 33 +++++++++++++-------------------- library/ssl_tls12_server.c | 22 ++++++++++------------ 7 files changed, 43 insertions(+), 67 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index e423657c1..bcc07f544 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -48,7 +48,7 @@ static int dhm_read_bignum(mbedtls_mpi *X, return MBEDTLS_ERR_DHM_BAD_INPUT_DATA; } - n = ((*p)[0] << 8) | (*p)[1]; + n = MBEDTLS_GET_UINT16_BE(*p, 0); (*p) += 2; if ((size_t) (end - *p) < (size_t) n) { diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 3f32d7d4e..956713748 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -98,14 +98,9 @@ static psa_status_t psa_its_read_file(psa_storage_uid_t uid, return PSA_ERROR_DATA_CORRUPT; } - p_info->size = (header.size[0] | - header.size[1] << 8 | - header.size[2] << 16 | - header.size[3] << 24); - p_info->flags = (header.flags[0] | - header.flags[1] << 8 | - header.flags[2] << 16 | - header.flags[3] << 24); + p_info->size = MBEDTLS_GET_UINT32_LE(header.size, 0); + p_info->flags = MBEDTLS_GET_UINT32_LE(header.flags, 0); + return PSA_SUCCESS; } diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0d7188406..065336b67 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3097,16 +3097,12 @@ static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl) static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl) { - return (ssl->in_msg[9] << 16) | - (ssl->in_msg[10] << 8) | - ssl->in_msg[11]; + return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 9); } static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl) { - return (ssl->in_msg[6] << 16) | - (ssl->in_msg[7] << 8) | - ssl->in_msg[8]; + return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 6); } MBEDTLS_CHECK_RETURN_CRITICAL @@ -3219,9 +3215,7 @@ static size_t ssl_get_reassembly_buffer_size(size_t msg_len, static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) { - return (ssl->in_msg[1] << 16) | - (ssl->in_msg[2] << 8) | - ssl->in_msg[3]; + return MBEDTLS_GET_UINT24_BE(ssl->in_msg, 1); } int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) @@ -3242,7 +3236,7 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5]; + unsigned int recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); if (ssl_check_hs_header(ssl) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header")); @@ -3857,8 +3851,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, */ rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = ((size_t) buf[rec_hdr_len_offset + 0] << 8) | - ((size_t) buf[rec_hdr_len_offset + 1] << 0); + rec->data_len = MBEDTLS_GET_UINT16_BE(buf, rec_hdr_len_offset); MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset); MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, " @@ -3886,7 +3879,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { - rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1]; + rec_epoch = MBEDTLS_GET_UINT16_BE(rec->ctr, 0); /* Check that the datagram is large enough to contain a record * of the advertised length. */ @@ -3936,7 +3929,7 @@ static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl) { - unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1]; + unsigned int rec_epoch = MBEDTLS_GET_UINT16_BE(ssl->in_ctr, 0); /* * Check for an epoch 0 ClientHello. We can't use in_msg here to @@ -4258,9 +4251,7 @@ static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) hs_buf = &hs->buffering.hs[0]; if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) { /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = (hs_buf->data[1] << 16) | - (hs_buf->data[2] << 8) | - hs_buf->data[3]; + size_t msg_len = MBEDTLS_GET_UINT24_BE(hs_buf->data, 1); /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ @@ -4357,7 +4348,7 @@ static int ssl_buffer_message(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_MSG_HANDSHAKE: { unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5]; + unsigned recv_msg_seq = MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4); mbedtls_ssl_hs_buffer *hs_buf; size_t msg_len = ssl->in_hslen - 12; diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 0908982ed..8e7c145bc 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -444,7 +444,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, goto cleanup; } - enc_len = (enc_len_p[0] << 8) | enc_len_p[1]; + enc_len = MBEDTLS_GET_UINT16_BE(enc_len_p, 0); if (len != TICKET_MIN_LEN + enc_len) { ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 50f3a6161..0ba923533 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4747,7 +4747,7 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - ssl->mtu = (p[0] << 8) | p[1]; + ssl->mtu = MBEDTLS_GET_UINT16_BE(p, 0); p += 2; #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -7103,7 +7103,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, /* * Same message structure as in mbedtls_ssl_write_certificate() */ - n = (ssl->in_msg[i+1] << 8) | ssl->in_msg[i+2]; + n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); if (ssl->in_msg[i] != 0 || ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) { @@ -7137,8 +7137,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, } /* Read length of the next CRT in the chain. */ - n = ((unsigned int) ssl->in_msg[i + 1] << 8) - | (unsigned int) ssl->in_msg[i + 2]; + n = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i + 1); i += 3; if (n < 128 || i + n > ssl->in_hslen) { @@ -9038,7 +9037,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session->ciphersuite = (p[0] << 8) | p[1]; + session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); p += 2; session->id_len = *p++; @@ -9074,7 +9073,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - cert_len = (p[0] << 16) | (p[1] << 8) | p[2]; + cert_len = MBEDTLS_GET_UINT24_BE(p, 0); p += 3; if (cert_len != 0) { @@ -9146,7 +9145,7 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2]; + session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); p += 3; if (session->ticket_len != 0) { diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 78297e89e..08549a833 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -941,7 +941,7 @@ static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_DECODE_ERROR; } - list_len = (buf[0] << 8) | buf[1]; + list_len = MBEDTLS_GET_UINT16_BE(buf, 0); if (list_len != len - 2) { mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); @@ -1304,8 +1304,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) } if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) { - ext_len = ((buf[38 + n] << 8) - | (buf[39 + n])); + ext_len = MBEDTLS_GET_UINT16_BE(buf, 38 + n); if ((ext_len > 0 && ext_len < 4) || ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) { @@ -1326,7 +1325,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) } /* ciphersuite (used later) */ - i = (buf[35 + n] << 8) | buf[36 + n]; + i = (int) MBEDTLS_GET_UINT16_BE(buf, n + 35); /* * Read and check compression @@ -1447,10 +1446,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ext_len)); while (ext_len) { - unsigned int ext_id = ((ext[0] << 8) - | (ext[1])); - unsigned int ext_size = ((ext[2] << 8) - | (ext[3])); + unsigned int ext_id = MBEDTLS_GET_UINT16_BE(ext, 0); + unsigned int ext_size = MBEDTLS_GET_UINT16_BE(ext, 2); if (ext_size + 4 > ext_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); @@ -1741,9 +1738,8 @@ static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, } /* Next two bytes are the namedcurve value */ - tls_id = *(*p)++; - tls_id <<= 8; - tls_id |= *(*p)++; + tls_id = MBEDTLS_GET_UINT16_BE(*p, 0); + *p += 2; /* Check it's a curve we offered */ if (mbedtls_ssl_check_curve_tls_id(ssl, tls_id) != 0) { @@ -1883,7 +1879,7 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, ("bad server key exchange message (psk_identity_hint length)")); return MBEDTLS_ERR_SSL_DECODE_ERROR; } - len = (*p)[0] << 8 | (*p)[1]; + len = MBEDTLS_GET_UINT16_BE(*p, 0); *p += 2; if (end - (*p) < len) { @@ -2357,7 +2353,7 @@ start_processing: MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); return MBEDTLS_ERR_SSL_DECODE_ERROR; } - sig_len = (p[0] << 8) | p[1]; + sig_len = MBEDTLS_GET_UINT16_BE(p, 0); p += 2; if (p != end - sig_len) { @@ -2585,8 +2581,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) } /* supported_signature_algorithms */ - sig_alg_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8) - | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n])); + sig_alg_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); /* * The furthest access in buf is in the loop few lines below: @@ -2621,8 +2616,7 @@ static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) n += 2 + sig_alg_len; /* certificate_authorities */ - dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8) - | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n])); + dn_len = MBEDTLS_GET_UINT16_BE(buf, mbedtls_ssl_hs_hdr_len(ssl) + 1 + n); n += dn_len; if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) { @@ -3421,10 +3415,9 @@ static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) | - (msg[2] << 8) | (msg[3]); + lifetime = MBEDTLS_GET_UINT32_BE(msg, 0); - ticket_len = (msg[4] << 8) | (msg[5]); + ticket_len = MBEDTLS_GET_UINT16_BE(msg, 4); if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index c2e08146b..d3cb629cd 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -192,7 +192,7 @@ static int ssl_parse_supported_groups_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); return MBEDTLS_ERR_SSL_DECODE_ERROR; } - list_size = ((buf[0] << 8) | (buf[1])); + list_size = MBEDTLS_GET_UINT16_BE(buf, 0); if (list_size + 2 != len || list_size % 2 != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); @@ -957,7 +957,7 @@ read_record_header: } MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, message len.: %d", - (ssl->in_len[0] << 8) | ssl->in_len[1])); + MBEDTLS_GET_UINT16_BE(ssl->in_len, 0))); MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, protocol version: [%d:%d]", buf[1], buf[2])); @@ -993,7 +993,7 @@ read_record_header: } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1]; + msg_len = MBEDTLS_GET_UINT16_BE(ssl->in_len, 0); #if defined(MBEDTLS_SSL_RENEGOTIATION) if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { @@ -1251,8 +1251,7 @@ read_record_header: #endif /* MBEDTLS_SSL_PROTO_DTLS */ ciph_offset = 35 + sess_len; - ciph_len = (buf[ciph_offset + 0] << 8) - | (buf[ciph_offset + 1]); + ciph_len = MBEDTLS_GET_UINT16_BE(buf, ciph_offset); if (ciph_len < 2 || ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ @@ -1300,8 +1299,7 @@ read_record_header: return MBEDTLS_ERR_SSL_DECODE_ERROR; } - ext_len = (buf[ext_offset + 0] << 8) - | (buf[ext_offset + 1]); + ext_len = MBEDTLS_GET_UINT16_BE(buf, ext_offset); if (msg_len != ext_offset + 2 + ext_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); @@ -1325,8 +1323,8 @@ read_record_header: MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); return MBEDTLS_ERR_SSL_DECODE_ERROR; } - ext_id = ((ext[0] << 8) | (ext[1])); - ext_size = ((ext[2] << 8) | (ext[3])); + ext_id = MBEDTLS_GET_UINT16_BE(ext, 0); + ext_size = MBEDTLS_GET_UINT16_BE(ext, 2); if (ext_size + 4 > ext_len) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); @@ -3360,7 +3358,7 @@ static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char ** return MBEDTLS_ERR_SSL_DECODE_ERROR; } - n = ((*p)[0] << 8) | (*p)[1]; + n = MBEDTLS_GET_UINT16_BE(*p, 0); *p += 2; if (*p + n > end) { @@ -3593,7 +3591,7 @@ static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char return MBEDTLS_ERR_SSL_DECODE_ERROR; } - n = ((*p)[0] << 8) | (*p)[1]; + n = MBEDTLS_GET_UINT16_BE(*p, 0); *p += 2; if (n == 0 || n > end - *p) { @@ -4189,7 +4187,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_DECODE_ERROR; } - sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i+1]; + sig_len = MBEDTLS_GET_UINT16_BE(ssl->in_msg, i); i += 2; if (i + sig_len != ssl->in_hslen) { From df4d42106ac7ac2bded902bb65991397a107248e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 9 Nov 2023 14:01:39 +0000 Subject: [PATCH 377/430] Use standard byte conversion fns in lms Signed-off-by: Dave Rodgman --- library/lmots.c | 65 +++++++++---------------------------------------- library/lmots.h | 23 ----------------- library/lms.c | 45 ++++++++++------------------------ 3 files changed, 24 insertions(+), 109 deletions(-) diff --git a/library/lmots.c b/library/lmots.c index e09e3e529..c7091b49e 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -69,29 +69,6 @@ static const unsigned char D_MESSAGE_CONSTANT_BYTES[D_CONST_LEN] = { 0x81, 0x81 int (*mbedtls_lmots_sign_private_key_invalidated_hook)(unsigned char *) = NULL; #endif /* defined(MBEDTLS_TEST_HOOKS) */ -void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len, - unsigned char *bytes) -{ - size_t idx; - - for (idx = 0; idx < len; idx++) { - bytes[idx] = (val >> ((len - 1 - idx) * 8)) & 0xFF; - } -} - -unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len, - const unsigned char *bytes) -{ - size_t idx; - unsigned int val = 0; - - for (idx = 0; idx < len; idx++) { - val |= ((unsigned int) bytes[idx]) << (8 * (len - 1 - idx)); - } - - return val; -} - /* Calculate the checksum digits that are appended to the end of the LMOTS digit * string. See NIST SP800-208 section 3.1 or RFC8554 Algorithm 2 for details of * the checksum algorithm. @@ -191,8 +168,7 @@ static int create_digit_array_with_checksum(const mbedtls_lmots_parameters_t *pa } checksum = lmots_checksum_calculate(params, out); - mbedtls_lms_unsigned_int_to_network_bytes(checksum, CHECKSUM_LEN, - out + MBEDTLS_LMOTS_N_HASH_LEN(params->type)); + MBEDTLS_PUT_UINT16_BE(checksum, out, MBEDTLS_LMOTS_N_HASH_LEN(params->type)); exit: psa_hash_abort(&op); @@ -281,17 +257,13 @@ static int hash_digit_array(const mbedtls_lmots_parameters_t *params, goto exit; } - mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx, - I_DIGIT_IDX_LEN, - i_digit_idx_bytes); + MBEDTLS_PUT_UINT16_BE(i_digit_idx, i_digit_idx_bytes, 0); status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN); if (status != PSA_SUCCESS) { goto exit; } - mbedtls_lms_unsigned_int_to_network_bytes(j_hash_idx, - J_HASH_IDX_LEN, - j_hash_idx_bytes); + j_hash_idx_bytes[0] = (uint8_t) j_hash_idx; status = psa_hash_update(&op, j_hash_idx_bytes, J_HASH_IDX_LEN); if (status != PSA_SUCCESS) { goto exit; @@ -425,11 +397,8 @@ int mbedtls_lmots_import_public_key(mbedtls_lmots_public_t *ctx, return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } - ctx->params.type = - (mbedtls_lmots_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int( - MBEDTLS_LMOTS_TYPE_LEN, - key + - MBEDTLS_LMOTS_SIG_TYPE_OFFSET); + ctx->params.type = (mbedtls_lmots_algorithm_type_t) + MBEDTLS_GET_UINT32_BE(key, MBEDTLS_LMOTS_SIG_TYPE_OFFSET); if (key_len != MBEDTLS_LMOTS_PUBLIC_KEY_LEN(ctx->params.type)) { return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; @@ -464,9 +433,7 @@ int mbedtls_lmots_export_public_key(const mbedtls_lmots_public_t *ctx, return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } - mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type, - MBEDTLS_LMOTS_TYPE_LEN, - key + MBEDTLS_LMOTS_SIG_TYPE_OFFSET); + MBEDTLS_PUT_UINT32_BE(ctx->params.type, key, MBEDTLS_LMOTS_SIG_TYPE_OFFSET); memcpy(key + PUBLIC_KEY_I_KEY_ID_OFFSET, ctx->params.I_key_identifier, @@ -559,9 +526,7 @@ int mbedtls_lmots_verify(const mbedtls_lmots_public_t *ctx, return MBEDTLS_ERR_LMS_VERIFY_FAILED; } - if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN, - sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) != - MBEDTLS_LMOTS_SHA256_N32_W8) { + if (MBEDTLS_GET_UINT32_BE(sig, MBEDTLS_LMOTS_SIG_TYPE_OFFSET) != MBEDTLS_LMOTS_SHA256_N32_W8) { return MBEDTLS_ERR_LMS_VERIFY_FAILED; } @@ -607,7 +572,7 @@ int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx, size_t output_hash_len; unsigned int i_digit_idx; unsigned char i_digit_idx_bytes[2]; - unsigned char const_bytes[1]; + unsigned char const_bytes[1] = { 0xFF }; if (ctx->have_private_key) { return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; @@ -623,12 +588,7 @@ int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx, I_key_identifier, sizeof(ctx->params.I_key_identifier)); - mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - ctx->params.q_leaf_identifier); - - mbedtls_lms_unsigned_int_to_network_bytes(0xFF, sizeof(const_bytes), - const_bytes); + MBEDTLS_PUT_UINT32_BE(q_leaf_identifier, ctx->params.q_leaf_identifier, 0); for (i_digit_idx = 0; i_digit_idx < MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT(ctx->params.type); @@ -652,8 +612,7 @@ int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx, goto exit; } - mbedtls_lms_unsigned_int_to_network_bytes(i_digit_idx, I_DIGIT_IDX_LEN, - i_digit_idx_bytes); + MBEDTLS_PUT_UINT16_BE(i_digit_idx, i_digit_idx_bytes, 0); status = psa_hash_update(&op, i_digit_idx_bytes, I_DIGIT_IDX_LEN); if (status != PSA_SUCCESS) { goto exit; @@ -774,9 +733,7 @@ int mbedtls_lmots_sign(mbedtls_lmots_private_t *ctx, goto exit; } - mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type, - MBEDTLS_LMOTS_TYPE_LEN, - sig + MBEDTLS_LMOTS_SIG_TYPE_OFFSET); + MBEDTLS_PUT_UINT32_BE(ctx->params.type, sig, MBEDTLS_LMOTS_SIG_TYPE_OFFSET); /* Test hook to check if sig is being written to before we invalidate the * private key. diff --git a/library/lmots.h b/library/lmots.h index 8e495c9dd..cf92d326c 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -44,29 +44,6 @@ extern "C" { extern int (*mbedtls_lmots_sign_private_key_invalidated_hook)(unsigned char *); #endif /* defined(MBEDTLS_TEST_HOOKS) */ -/** - * \brief This function converts an unsigned int into a - * network-byte-order (big endian) string. - * - * \param val The unsigned integer value - * \param len The length of the string. - * \param bytes The string to output into. - */ -void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len, - unsigned char *bytes); - -/** - * \brief This function converts a network-byte-order - * (big endian) string into an unsigned integer. - * - * \param len The length of the string. - * \param bytes The string. - * - * \return The corresponding LMS error code. - */ -unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len, - const unsigned char *bytes); - #if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief This function converts a \ref psa_status_t to a diff --git a/library/lms.c b/library/lms.c index 00525bb74..08fe75300 100644 --- a/library/lms.c +++ b/library/lms.c @@ -112,7 +112,7 @@ static int create_merkle_leaf_value(const mbedtls_lms_parameters_t *params, goto exit; } - mbedtls_lms_unsigned_int_to_network_bytes(r_node_idx, 4, r_node_idx_bytes); + MBEDTLS_PUT_UINT32_BE(r_node_idx, r_node_idx_bytes, 0); status = psa_hash_update(&op, r_node_idx_bytes, 4); if (status != PSA_SUCCESS) { goto exit; @@ -186,7 +186,7 @@ static int create_merkle_internal_value(const mbedtls_lms_parameters_t *params, goto exit; } - mbedtls_lms_unsigned_int_to_network_bytes(r_node_idx, 4, r_node_idx_bytes); + MBEDTLS_PUT_UINT32_BE(r_node_idx, r_node_idx_bytes, 0); status = psa_hash_update(&op, r_node_idx_bytes, 4); if (status != PSA_SUCCESS) { goto exit; @@ -237,10 +237,7 @@ int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx, mbedtls_lms_algorithm_type_t type; mbedtls_lmots_algorithm_type_t otstype; - type = (mbedtls_lms_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int( - MBEDTLS_LMS_TYPE_LEN, - key + - PUBLIC_KEY_TYPE_OFFSET); + type = (mbedtls_lms_algorithm_type_t) MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_TYPE_OFFSET); if (type != MBEDTLS_LMS_SHA256_M32_H10) { return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } @@ -250,10 +247,8 @@ int mbedtls_lms_import_public_key(mbedtls_lms_public_t *ctx, return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } - otstype = (mbedtls_lmots_algorithm_type_t) mbedtls_lms_network_bytes_to_unsigned_int( - MBEDTLS_LMOTS_TYPE_LEN, - key + - PUBLIC_KEY_OTSTYPE_OFFSET); + otstype = (mbedtls_lmots_algorithm_type_t) + MBEDTLS_GET_UINT32_BE(key, PUBLIC_KEY_OTSTYPE_OFFSET); if (otstype != MBEDTLS_LMOTS_SHA256_N32_W8) { return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } @@ -282,12 +277,8 @@ int mbedtls_lms_export_public_key(const mbedtls_lms_public_t *ctx, return MBEDTLS_ERR_LMS_BAD_INPUT_DATA; } - mbedtls_lms_unsigned_int_to_network_bytes( - ctx->params.type, - MBEDTLS_LMS_TYPE_LEN, key + PUBLIC_KEY_TYPE_OFFSET); - mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.otstype, - MBEDTLS_LMOTS_TYPE_LEN, - key + PUBLIC_KEY_OTSTYPE_OFFSET); + MBEDTLS_PUT_UINT32_BE(ctx->params.type, key, PUBLIC_KEY_TYPE_OFFSET); + MBEDTLS_PUT_UINT32_BE(ctx->params.otstype, key, PUBLIC_KEY_OTSTYPE_OFFSET); memcpy(key + PUBLIC_KEY_I_KEY_ID_OFFSET, ctx->params.I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN); @@ -339,9 +330,7 @@ int mbedtls_lms_verify(const mbedtls_lms_public_t *ctx, return MBEDTLS_ERR_LMS_VERIFY_FAILED; } - if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMOTS_TYPE_LEN, - sig + SIG_OTS_SIG_OFFSET + - MBEDTLS_LMOTS_SIG_TYPE_OFFSET) + if (MBEDTLS_GET_UINT32_BE(sig, SIG_OTS_SIG_OFFSET + MBEDTLS_LMOTS_SIG_TYPE_OFFSET) != MBEDTLS_LMOTS_SHA256_N32_W8) { return MBEDTLS_ERR_LMS_VERIFY_FAILED; } @@ -350,15 +339,13 @@ int mbedtls_lms_verify(const mbedtls_lms_public_t *ctx, return MBEDTLS_ERR_LMS_VERIFY_FAILED; } - if (mbedtls_lms_network_bytes_to_unsigned_int(MBEDTLS_LMS_TYPE_LEN, - sig + SIG_TYPE_OFFSET(ctx->params.otstype)) + if (MBEDTLS_GET_UINT32_BE(sig, SIG_TYPE_OFFSET(ctx->params.otstype)) != MBEDTLS_LMS_SHA256_M32_H10) { return MBEDTLS_ERR_LMS_VERIFY_FAILED; } - q_leaf_identifier = mbedtls_lms_network_bytes_to_unsigned_int( - MBEDTLS_LMOTS_Q_LEAF_ID_LEN, sig + SIG_Q_LEAF_ID_OFFSET); + q_leaf_identifier = MBEDTLS_GET_UINT32_BE(sig, SIG_Q_LEAF_ID_OFFSET); if (q_leaf_identifier >= MERKLE_TREE_LEAF_NODE_AM(ctx->params.type)) { return MBEDTLS_ERR_LMS_VERIFY_FAILED; @@ -367,9 +354,7 @@ int mbedtls_lms_verify(const mbedtls_lms_public_t *ctx, memcpy(ots_params.I_key_identifier, ctx->params.I_key_identifier, MBEDTLS_LMOTS_I_KEY_ID_LEN); - mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - ots_params.q_leaf_identifier); + MBEDTLS_PUT_UINT32_BE(q_leaf_identifier, ots_params.q_leaf_identifier, 0); ots_params.type = ctx->params.otstype; ret = mbedtls_lmots_calculate_public_key_candidate(&ots_params, @@ -753,12 +738,8 @@ int mbedtls_lms_sign(mbedtls_lms_private_t *ctx, return ret; } - mbedtls_lms_unsigned_int_to_network_bytes(ctx->params.type, - MBEDTLS_LMS_TYPE_LEN, - sig + SIG_TYPE_OFFSET(ctx->params.otstype)); - mbedtls_lms_unsigned_int_to_network_bytes(q_leaf_identifier, - MBEDTLS_LMOTS_Q_LEAF_ID_LEN, - sig + SIG_Q_LEAF_ID_OFFSET); + MBEDTLS_PUT_UINT32_BE(ctx->params.type, sig, SIG_TYPE_OFFSET(ctx->params.otstype)); + MBEDTLS_PUT_UINT32_BE(q_leaf_identifier, sig, SIG_Q_LEAF_ID_OFFSET); ret = get_merkle_path(ctx, MERKLE_TREE_INTERNAL_NODE_AM(ctx->params.type) + q_leaf_identifier, From c37ad4432b6665ca32c19bc83c30d878f2d3ee7a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 23:36:06 +0000 Subject: [PATCH 378/430] misc type fixes in ssl Signed-off-by: Dave Rodgman --- library/ssl_misc.h | 2 +- library/ssl_msg.c | 2 +- library/ssl_tls.c | 9 +++++---- library/ssl_tls12_server.c | 4 ++-- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index c636ad461..eae192bac 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1409,7 +1409,7 @@ int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want); * Write handshake message header */ MBEDTLS_CHECK_RETURN_CRITICAL -int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned hs_type, +int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type, unsigned char **buf, size_t *buf_len); MBEDTLS_CHECK_RETURN_CRITICAL diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 065336b67..48d0a03dc 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2731,7 +2731,7 @@ void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl) /* * Handshake layer functions */ -int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned hs_type, +int mbedtls_ssl_start_handshake_msg(mbedtls_ssl_context *ssl, unsigned char hs_type, unsigned char **buf, size_t *buf_len) { /* diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0ba923533..036b37ae6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4466,7 +4466,7 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len; + used += 2U + ssl->transform->in_cid_len + ssl->transform->out_cid_len; if (used <= buf_len) { *p++ = ssl->transform->in_cid_len; memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len); @@ -5692,7 +5692,7 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, uint32_t *flags) { int ret = 0; - int usage = 0; + unsigned int usage = 0; const char *ext_oid; size_t ext_len; @@ -7665,7 +7665,7 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, unsigned char *padbuf, size_t hlen, unsigned char *buf, int from) { - int len = 12; + unsigned int len = 12; const char *sender; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; @@ -7865,7 +7865,8 @@ void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) { - int ret, hash_len; + int ret; + unsigned int hash_len; MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished")); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d3cb629cd..a07d0fb34 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3099,8 +3099,8 @@ curve_matching_done: mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); - unsigned int sig_hash = - mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( + unsigned char sig_hash = + (unsigned char) mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( ssl, mbedtls_ssl_sig_from_pk_alg(sig_alg)); mbedtls_md_type_t md_alg = mbedtls_ssl_md_alg_from_hash(sig_hash); From e467d620424a008c724e3e7367132c309de404d6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Nov 2023 23:40:31 +0000 Subject: [PATCH 379/430] Add casts for NEON Signed-off-by: Dave Rodgman --- library/aesce.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 1a0db163d..64f4b2b68 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -385,8 +385,8 @@ static inline uint8x16_t pmull_low(uint8x16_t a, uint8x16_t b) return vreinterpretq_u8_p128( MBEDTLS_VMULL_P64( - vget_low_p64(vreinterpretq_p64_u8(a)), - vget_low_p64(vreinterpretq_p64_u8(b)) + (poly64_t) vget_low_p64(vreinterpretq_p64_u8(a)), + (poly64_t) vget_low_p64(vreinterpretq_p64_u8(b)) )); } From 31dbc3613ad0fad4b4acc1a4ebf22ccdfb6f47a8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 10 Nov 2023 16:01:43 +0000 Subject: [PATCH 380/430] prepare_release: sed querry change to strip whitespace Signed-off-by: Minos Galanakis --- scripts/prepare_release.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 7f972e070..3b63ed9e6 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -39,11 +39,11 @@ done GITIGNORES=$(find . -name ".gitignore") for GITIGNORE in $GITIGNORES; do if [ -n "$unrelease" ]; then - sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE + sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^#//' $GITIGNORE sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE else - sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/# /' $GITIGNORE + sed -i '/###START_GENERATED_FILES###/,/###END_GENERATED_FILES###/s/^/#/' $GITIGNORE sed -i 's/###START_GENERATED_FILES###/###START_COMMENTED_GENERATED_FILES###/' $GITIGNORE sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE fi From fa8ec2611e08bc99e722850138d5b7195715b3fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Nov 2023 17:55:43 +0100 Subject: [PATCH 381/430] Detect enabled GCC/Clang sanitizers Occasionally we want tests to take advantage of sanitizers, or work around them. Signed-off-by: Gilles Peskine --- tests/include/test/helpers.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index ba117fbdf..cf791e2b6 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -20,6 +20,21 @@ #include "mbedtls/build_info.h" +#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */ +# define MBEDTLS_TEST_HAVE_ASAN +#endif +#if defined(__has_feature) +# if __has_feature(address_sanitizer) /* clang -fsanitize=address */ +# define MBEDTLS_TEST_HAVE_ASAN +# endif +# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */ +# define MBEDTLS_TEST_HAVE_MSAN +# endif +# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */ +# define MBEDTLS_TEST_HAVE_TSAN +# endif +#endif + #if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ defined(MBEDTLS_TEST_HOOKS) #define MBEDTLS_TEST_MUTEX_USAGE From 05ebe967bee0f90e21525235e09048916cf6f9bc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 1 Oct 2023 21:44:31 +0200 Subject: [PATCH 382/430] Disable check_mbedtls_calloc overallocation under ASan This test case exercises an integer overflow in calloc. Under Asan, with a modern Clang, this triggers an Asan complaint. The complaint can be avoided with ASAN_OPTIONS=allocator_may_return_null=1, but this has to be set in the environment before the program starts, and could hide other errors. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_platform.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_platform.data b/tests/suites/test_suite_platform.data index 4d5745076..397ff1b79 100644 --- a/tests/suites/test_suite_platform.data +++ b/tests/suites/test_suite_platform.data @@ -6,4 +6,10 @@ Time: get seconds time_get_seconds: Check mbedtls_calloc overallocation +# This test case exercises an integer overflow in calloc. Under Asan, with +# a modern Clang, this triggers an Asan complaint. The complaint can be +# avoided with ASAN_OPTIONS=allocator_may_return_null=1, but this has to +# be set in the environment before the program starts, and could hide +# other errors. +depends_on:!MBEDTLS_TEST_HAVE_ASAN check_mbedtls_calloc_overallocation:SIZE_MAX/2:SIZE_MAX/2 From 3b2b7f8acf5eb4697f4908a2938f7fe584f5d622 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Nov 2023 18:08:17 +0100 Subject: [PATCH 383/430] MSan and TSan complain as well, not just ASan Signed-off-by: Gilles Peskine --- tests/suites/test_suite_platform.data | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_platform.data b/tests/suites/test_suite_platform.data index 397ff1b79..653d2545c 100644 --- a/tests/suites/test_suite_platform.data +++ b/tests/suites/test_suite_platform.data @@ -7,9 +7,9 @@ time_get_seconds: Check mbedtls_calloc overallocation # This test case exercises an integer overflow in calloc. Under Asan, with -# a modern Clang, this triggers an Asan complaint. The complaint can be -# avoided with ASAN_OPTIONS=allocator_may_return_null=1, but this has to -# be set in the environment before the program starts, and could hide -# other errors. -depends_on:!MBEDTLS_TEST_HAVE_ASAN +# a modern Clang, this triggers an ASan/MSan/TSan complaint. The complaint +# can be avoided with e.g. ASAN_OPTIONS=allocator_may_return_null=1, +# but this has to be set in the environment before the program starts, +# and could hide other errors. +depends_on:!MBEDTLS_TEST_HAVE_ASAN:!MBEDTLS_TEST_HAVE_MSAN:!MBEDTLS_TEST_HAVE_TSAN check_mbedtls_calloc_overallocation:SIZE_MAX/2:SIZE_MAX/2 From a6cf5d67c516f1cb73815ec54db2606a27db4d80 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 22 Nov 2023 11:35:21 +0800 Subject: [PATCH 384/430] Share parsed outcomes among tasks when ananlyzing This extremely improves the performance. Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index a070b0163..ddacf2e06 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -179,23 +179,26 @@ by a semicolon. outcomes[key].failures.append(setup) return outcomes -def do_analyze_coverage(results: Results, outcome_file, args): +def do_analyze_coverage(results: Results, outcomes_or_file, args): """Perform coverage analysis.""" results.new_section("Analyze coverage") - outcomes = read_outcome_file(outcome_file) + outcomes = read_outcome_file(outcomes_or_file) \ + if isinstance(outcomes_or_file, str) else outcomes_or_file analyze_outcomes(results, outcomes, args) -def do_analyze_driver_vs_reference(results: Results, outcome_file, args): +def do_analyze_driver_vs_reference(results: Results, outcomes_or_file, args): """Perform driver vs reference analyze.""" results.new_section("Analyze driver {} vs reference {}", args['component_driver'], args['component_ref']) - execute_reference_driver_tests(results, args['component_ref'], \ - args['component_driver'], outcome_file) - ignored_suites = ['test_suite_' + x for x in args['ignored_suites']] - outcomes = read_outcome_file(outcome_file) + if isinstance(outcomes_or_file, str): + execute_reference_driver_tests(results, args['component_ref'], \ + args['component_driver'], outcomes_or_file) + outcomes = read_outcome_file(outcomes_or_file) + else: + outcomes = outcomes_or_file analyze_driver_vs_reference(results, outcomes, args['component_ref'], args['component_driver'], @@ -493,10 +496,19 @@ def main(): KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage + # If the outcome file already exists, we assume that the user wants to + # perform the comparison. + # Share the contents among tasks to improve performance. + if os.path.exists(options.outcomes): + main_results.info("Read outcome file from {}.", options.outcomes) + outcomes_or_file = read_outcome_file(options.outcomes) + else: + outcomes_or_file = options.outcomes + for task in tasks_list: test_function = KNOWN_TASKS[task]['test_function'] test_args = KNOWN_TASKS[task]['args'] - test_function(main_results, options.outcomes, test_args) + test_function(main_results, outcomes_or_file, test_args) main_results.info("Overall results: {} warnings and {} errors", main_results.warning_count, main_results.error_count) From a4428588782c60947b11a2ee703e4eceda7ac8b4 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 22 Nov 2023 19:02:15 +0800 Subject: [PATCH 385/430] Restruct the structure of outcome file presentation Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 68 ++++++++++++------------------- 1 file changed, 26 insertions(+), 42 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index ddacf2e06..2cd6257d3 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -40,25 +40,6 @@ class Results: def _print_line(fmt, *args, **kwargs): sys.stderr.write((fmt + '\n').format(*args, **kwargs)) -class TestCaseOutcomes: - """The outcomes of one test case across many configurations.""" - # pylint: disable=too-few-public-methods - - def __init__(self): - # Collect a list of witnesses of the test case succeeding or failing. - # Currently we don't do anything with witnesses except count them. - # The format of a witness is determined by the read_outcome_file - # function; it's the platform and configuration joined by ';'. - self.successes = [] - self.failures = [] - - def hits(self): - """Return the number of times a test case has been run. - - This includes passes and failures, but not skips. - """ - return len(self.successes) + len(self.failures) - def execute_reference_driver_tests(results: Results, ref_component, driver_component, \ outcome_file): """Run the tests specified in ref_component and driver_component. Results @@ -82,7 +63,12 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage): """Check that all available test cases are executed at least once.""" available = check_test_cases.collect_available_test_cases() for key in available: - hits = outcomes[key].hits() if key in outcomes else 0 + hits = 0 + for _comp, comp_outcomes in outcomes.items(): + if key in comp_outcomes["successes"] or \ + key in comp_outcomes["failures"]: + hits += 1 + if hits == 0 and key not in allow_list: if full_coverage: results.error('Test case not executed: {}', key) @@ -117,8 +103,14 @@ def analyze_driver_vs_reference(results: Results, outcomes, - only some specific test inside a test suite, for which the corresponding output string is provided """ - seen_reference_passing = False - for key in outcomes: + ref_outcomes = outcomes.get("component_" + component_ref) + driver_outcomes = outcomes.get("component_" + component_driver) + + if ref_outcomes is None or not ref_outcomes['successes']: + results.error("no passing test in reference component: bad outcome file?") + return + + for key in ref_outcomes["successes"]: # key is like "test_suite_foo.bar;Description of test case" (full_test_suite, test_string) = key.split(';') test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name @@ -136,23 +128,11 @@ def analyze_driver_vs_reference(results: Results, outcomes, if name_matches_pattern(test_string, str_or_re): ignored = True - # Search for tests that run in reference component and not in driver component - driver_test_passed = False - reference_test_passed = False - for entry in outcomes[key].successes: - if component_driver in entry: - driver_test_passed = True - if component_ref in entry: - reference_test_passed = True - seen_reference_passing = True - if reference_test_passed and not driver_test_passed and not ignored: + if not ignored and not key in driver_outcomes['successes']: results.error("PASS -> SKIP/FAIL: {}", key) - if ignored and driver_test_passed: + if ignored and key in driver_outcomes['successes']: results.error("uselessly ignored: {}", key) - if not seen_reference_passing: - results.error("no passing test in reference component: bad outcome file?") - def analyze_outcomes(results: Results, outcomes, args): """Run all analyses on the given outcome collection.""" analyze_coverage(results, outcomes, args['allow_list'], @@ -168,15 +148,19 @@ by a semicolon. outcomes = {} with open(outcome_file, 'r', encoding='utf-8') as input_file: for line in input_file: - (platform, config, suite, case, result, _cause) = line.split(';') + (_platform, config, suite, case, result, _cause) = line.split(';') key = ';'.join([suite, case]) - setup = ';'.join([platform, config]) - if key not in outcomes: - outcomes[key] = TestCaseOutcomes() + if config not in outcomes: + outcomes[config] = {"successes":[], "failures":[]} if result == 'PASS': - outcomes[key].successes.append(setup) + outcomes[config]['successes'].append(key) elif result == 'FAIL': - outcomes[key].failures.append(setup) + outcomes[config]['failures'].append(key) + + for config in outcomes: + outcomes[config]['successes'] = frozenset(outcomes[config]['successes']) + outcomes[config]['failures'] = frozenset(outcomes[config]['failures']) + return outcomes def do_analyze_coverage(results: Results, outcomes_or_file, args): From 31a9b7891adf28a7437b177cb547d2ffb58a8983 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 23 Nov 2023 14:15:37 +0800 Subject: [PATCH 386/430] Improve comments and variable naming Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 57 ++++++++++++++++++------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2cd6257d3..0baba1b7e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -62,24 +62,24 @@ def execute_reference_driver_tests(results: Results, ref_component, driver_compo def analyze_coverage(results, outcomes, allow_list, full_coverage): """Check that all available test cases are executed at least once.""" available = check_test_cases.collect_available_test_cases() - for key in available: + for suite_case in available: hits = 0 for _comp, comp_outcomes in outcomes.items(): - if key in comp_outcomes["successes"] or \ - key in comp_outcomes["failures"]: + if suite_case in comp_outcomes["successes"] or \ + suite_case in comp_outcomes["failures"]: hits += 1 - if hits == 0 and key not in allow_list: + if hits == 0 and suite_case not in allow_list: if full_coverage: - results.error('Test case not executed: {}', key) + results.error('Test case not executed: {}', suite_case) else: - results.warning('Test case not executed: {}', key) - elif hits != 0 and key in allow_list: + results.warning('Test case not executed: {}', suite_case) + elif hits != 0 and suite_case in allow_list: # Test Case should be removed from the allow list. if full_coverage: - results.error('Allow listed test case was executed: {}', key) + results.error('Allow listed test case was executed: {}', suite_case) else: - results.warning('Allow listed test case was executed: {}', key) + results.warning('Allow listed test case was executed: {}', suite_case) def name_matches_pattern(name, str_or_re): """Check if name matches a pattern, that may be a string or regex. @@ -96,8 +96,8 @@ def name_matches_pattern(name, str_or_re): def analyze_driver_vs_reference(results: Results, outcomes, component_ref, component_driver, ignored_suites, ignored_tests=None): - """Check that all tests executed in the reference component are also - executed in the corresponding driver component. + """Check that all tests passed in the reference component are also + passed in the corresponding driver component. Skip: - full test suites provided in ignored_suites list - only some specific test inside a test suite, for which the corresponding @@ -110,9 +110,9 @@ def analyze_driver_vs_reference(results: Results, outcomes, results.error("no passing test in reference component: bad outcome file?") return - for key in ref_outcomes["successes"]: - # key is like "test_suite_foo.bar;Description of test case" - (full_test_suite, test_string) = key.split(';') + for suite_case in ref_outcomes["successes"]: + # suite_case is like "test_suite_foo.bar;Description of test case" + (full_test_suite, test_string) = suite_case.split(';') test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name # Immediately skip fully-ignored test suites @@ -128,10 +128,10 @@ def analyze_driver_vs_reference(results: Results, outcomes, if name_matches_pattern(test_string, str_or_re): ignored = True - if not ignored and not key in driver_outcomes['successes']: - results.error("PASS -> SKIP/FAIL: {}", key) - if ignored and key in driver_outcomes['successes']: - results.error("uselessly ignored: {}", key) + if not ignored and not suite_case in driver_outcomes['successes']: + results.error("PASS -> SKIP/FAIL: {}", suite_case) + if ignored and suite_case in driver_outcomes['successes']: + results.error("uselessly ignored: {}", suite_case) def analyze_outcomes(results: Results, outcomes, args): """Run all analyses on the given outcome collection.""" @@ -141,22 +141,31 @@ def analyze_outcomes(results: Results, outcomes, args): def read_outcome_file(outcome_file): """Parse an outcome file and return an outcome collection. -An outcome collection is a dictionary mapping keys to TestCaseOutcomes objects. -The keys are the test suite name and the test case description, separated -by a semicolon. +An outcome collection is a dictionary presentation of the outcome file: +``` +outcomes = { + "": { + "successes": frozenset(["", ... ]), + "failures": frozenset(["", ...]) + } + ... +} +suite_case = ";" +``` """ outcomes = {} with open(outcome_file, 'r', encoding='utf-8') as input_file: for line in input_file: (_platform, config, suite, case, result, _cause) = line.split(';') - key = ';'.join([suite, case]) + suite_case = ';'.join([suite, case]) if config not in outcomes: outcomes[config] = {"successes":[], "failures":[]} if result == 'PASS': - outcomes[config]['successes'].append(key) + outcomes[config]['successes'].append(suite_case) elif result == 'FAIL': - outcomes[config]['failures'].append(key) + outcomes[config]['failures'].append(suite_case) + # Convert `list` to `frozenset` to improve search performance for config in outcomes: outcomes[config]['successes'] = frozenset(outcomes[config]['successes']) outcomes[config]['failures'] = frozenset(outcomes[config]['failures']) From 70642ecb249d6c88bf7f16031b7a6acfb771528c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 11:10:53 +0800 Subject: [PATCH 387/430] all.sh: check_test_dependencies: add one more option - add !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT in whitelist Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bc4570f88..2f952345c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1044,7 +1044,10 @@ component_check_test_dependencies () { tests/suites/test_suite_psa*.data tests/suites/test_suite_psa*.function | grep -Eo '!?MBEDTLS_[^: ]*' | grep -v MBEDTLS_PSA_ | - sort -u > $found + # By default, sort (v8.25) on ubuntu-16 and sort (v8.30) on ubuntu-20 + # sort text in different order. We use -d option to sort text in + # an order considering only blanks and alphanumeric characters. + sort -ud > $found # Expected ones with justification - keep in sorted order! rm -f $expected @@ -1056,6 +1059,8 @@ component_check_test_dependencies () { # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected + # No PSA equivalent - used to skip decryption tests in CBC/XTS/DES/NIST_KW + echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests From 42be1bab30b62fc9cc962049862d4e1d54e26930 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 14:28:47 +0800 Subject: [PATCH 388/430] block_cipher_no_decrypt: improve comment Signed-off-by: Yanray Wang --- scripts/config.py | 2 +- tests/scripts/all.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 0f5ad87f3..d5fb85e52 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -180,7 +180,7 @@ EXCLUDE_FROM_FULL = frozenset([ #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency - 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with DES/CBC/XTS/NIST_KW + 'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2f952345c..8ddbf4b40 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1059,7 +1059,7 @@ component_check_test_dependencies () { # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected - # No PSA equivalent - used to skip decryption tests in CBC/XTS/DES/NIST_KW + # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected @@ -4252,7 +4252,7 @@ component_build_aes_variations() { cd "$MBEDTLS_ROOT_DIR" msg "build: aes.o for all combinations of relevant config options + BLOCK_CIPHER_NO_DECRYPT" - # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with CBC/XTS/DES/NIST_KW, + # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is incompatible with ECB in PSA, CBC/XTS/NIST_KW/DES, # manually set or unset those configurations to check # MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with various combinations in aes.o. scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT From 18040ede3fc89b3e2b1f4f92ede4d5fe33c94b26 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Nov 2023 21:29:56 +0800 Subject: [PATCH 389/430] all.sh: export LC_COLLATE=C for sorting in ASCII order By default, 'sort' sorts characters with system default locale, which causes unexpected sorting order. To sort characters in ASCII from computer perspective, export LC_COLLATE=C to specify character collation for regular expressions and sorting with C locale. Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8ddbf4b40..5c2f1fd79 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -163,6 +163,9 @@ pre_initialize_variables () { # basic-build-test.sh as well. RELEASE_SEED=1 + # Specify character collation for regular expressions and sorting with C locale + export LC_COLLATE=C + : ${MBEDTLS_TEST_OUTCOME_FILE=} : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} export MBEDTLS_TEST_OUTCOME_FILE @@ -1044,23 +1047,20 @@ component_check_test_dependencies () { tests/suites/test_suite_psa*.data tests/suites/test_suite_psa*.function | grep -Eo '!?MBEDTLS_[^: ]*' | grep -v MBEDTLS_PSA_ | - # By default, sort (v8.25) on ubuntu-16 and sort (v8.30) on ubuntu-20 - # sort text in different order. We use -d option to sort text in - # an order considering only blanks and alphanumeric characters. - sort -ud > $found + sort -u > $found - # Expected ones with justification - keep in sorted order! + # Expected ones with justification - keep in sorted order by ASCII table! rm -f $expected # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected + # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES + echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # This is used by import_rsa_made_up() in test_suite_psa_crypto in order # to build a fake RSA key of the wanted size based on # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected - # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES - echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests From 34915fac3a5f0d051029501f007f5e24b45479e4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Nov 2023 17:20:19 +0100 Subject: [PATCH 390/430] ssl-opt.sh: Fix getting the list of supported ciphersuites. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 42f9f5e5a..b3f8ed4a4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -358,7 +358,7 @@ requires_protocol_version() { # Space-separated list of ciphersuites supported by this build of # Mbed TLS. -P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null | +P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null | grep 'TLS-\|TLS1-3' | tr -s ' \n' ' ')" requires_ciphersuite_enabled() { From d69f4017fbf949ab3aceca178b034b73e6e43dbc Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 23 Nov 2023 16:20:45 +0000 Subject: [PATCH 391/430] Refactor `psa_load_persistent_key_into_slot` to remove bad `goto` Merges the two calls to `psa_copy_key_material_into_slot. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 5ecc3a76c..027800984 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -234,14 +234,10 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) status = PSA_ERROR_DATA_INVALID; goto exit; } - data = (psa_se_key_data_storage_t *) key_data; - status = psa_copy_key_material_into_slot( - slot, data->slot_number, sizeof(data->slot_number)); - if (status == PSA_SUCCESS) { - slot->status = PSA_SLOT_OCCUPIED; - } - goto exit; + data = (psa_se_key_data_storage_t *) key_data; + key_data = data->slot_number; + key_data_length = sizeof(key_data); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ From 2a0d4e2995f22c47bfaa41bc66cf604099416277 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 23 Nov 2023 16:33:12 +0000 Subject: [PATCH 392/430] Revert "Refactor `psa_load_persistent_key_into_slot` to remove bad `goto`" This reverts commit d69f4017fbf949ab3aceca178b034b73e6e43dbc. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 027800984..5ecc3a76c 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -234,10 +234,14 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) status = PSA_ERROR_DATA_INVALID; goto exit; } - data = (psa_se_key_data_storage_t *) key_data; - key_data = data->slot_number; - key_data_length = sizeof(key_data); + status = psa_copy_key_material_into_slot( + slot, data->slot_number, sizeof(data->slot_number)); + + if (status == PSA_SUCCESS) { + slot->status = PSA_SLOT_OCCUPIED; + } + goto exit; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ From f25d83112389ec4b4cc23ae6c005c56fec53841f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Nov 2023 18:49:43 +0000 Subject: [PATCH 393/430] Ensure mutex test mutex gets free'd Signed-off-by: Paul Elliott --- programs/ssl/ssl_test_lib.c | 3 +++ tests/include/test/helpers.h | 12 ++++++++++-- tests/src/threading_helpers.c | 10 ++++++++++ tests/suites/host_test.function | 4 ++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 6e0c6153f..b49dd67c2 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -435,6 +435,9 @@ int test_hooks_failure_detected(void) void test_hooks_free(void) { +#if defined(MBEDTLS_TEST_MUTEX_USAGE) + mbedtls_test_mutex_usage_end(); +#endif } #endif /* MBEDTLS_TEST_HOOKS */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index ba117fbdf..4708df163 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -240,10 +240,18 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, #endif #if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** Permanently activate the mutex usage verification framework. See - * threading_helpers.c for information. */ +/** + * Activate the mutex usage verification framework. See threading_helpers.c for + * information. + * */ void mbedtls_test_mutex_usage_init(void); +/** + * Deactivate the mutex usage verification framework. See threading_helpers.c + * for information. + */ +void mbedtls_test_mutex_usage_end(void); + /** Call this function after executing a test case to check for mutex usage * errors. */ void mbedtls_test_mutex_usage_check(void); diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 385a07926..434d124f1 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -228,4 +228,14 @@ void mbedtls_test_mutex_usage_check(void) mbedtls_test_info.mutex_usage_error = NULL; } +void mbedtls_test_mutex_usage_end(void) +{ + mbedtls_mutex_init = mutex_functions.init; + mbedtls_mutex_free = mutex_functions.free; + mbedtls_mutex_lock = mutex_functions.lock; + mbedtls_mutex_unlock = mutex_functions.unlock; + + mutex_functions.free(&mbedtls_test_mutex_mutex); +} + #endif /* MBEDTLS_TEST_MUTEX_USAGE */ diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index d8ff49ef1..cc286973c 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -772,6 +772,10 @@ int execute_tests(int argc, const char **argv) mbedtls_fprintf(stdout, " (%u / %u tests (%u skipped))\n", total_tests - total_errors, total_tests, total_skipped); +#if defined(MBEDTLS_TEST_MUTEX_USAGE) + mbedtls_test_mutex_usage_end(); +#endif + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \ !defined(TEST_SUITE_MEMORY_BUFFER_ALLOC) #if defined(MBEDTLS_MEMORY_DEBUG) From 8c6d332c44bd4a212119c278f3f8a21fb420257d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 23 Nov 2023 18:53:13 +0000 Subject: [PATCH 394/430] Fix comment typos Signed-off-by: Paul Elliott --- library/threading.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/threading.c b/library/threading.c index d97f0cfe7..873b5077b 100644 --- a/library/threading.c +++ b/library/threading.c @@ -59,9 +59,9 @@ static void threading_mutex_init_pthread(mbedtls_threading_mutex_t *mutex) /* One problem here is that calling lock on a pthread mutex without first * having initialised it is undefined behaviour. Obviously we cannot check * this here in a thread safe manner without a significant performance - * hit, so state transitions are checked in tests only via the is_valid - * varaible. Please make sure any new mutex that gets added is exercised in - * tests; see tests/src/threading_helpers for more details. */ + * hit, so state transitions are checked in tests only via the state + * variable. Please make sure any new mutex that gets added is exercised in + * tests; see tests/src/threading_helpers.c for more details. */ (void) pthread_mutex_init(&mutex->mutex, NULL); } From 392ed3fe7fe9d0ed7769fbb3ad9a6329114a7e1e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Nov 2023 15:48:28 +0000 Subject: [PATCH 395/430] Add better documentation for mbedtls_test_mutex_mutex Signed-off-by: Paul Elliott --- tests/src/threading_helpers.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 434d124f1..5fbf65b2d 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -77,12 +77,30 @@ typedef struct { } mutex_functions_t; static mutex_functions_t mutex_functions; +/** + * The mutex used to guard live_mutexes below and access to the status variable + * in every mbedtls_threading_mutex_t. + * Note that we are not reporting any errors when locking and unlocking this + * mutex. This is for a couple of reasons: + * + * 1. We have no real way of reporting any errors with this mutex - we cannot + * report it back to the caller, as the failure was not that of the mutex + * passed in. We could fail the test, but again this would indicate a problem + * with the test code that did not exist. + * + * 2. Any failure to lock is unlikely to be intermittent, and will thus not + * give false test results - the overall result would be to turn off the + * testing. This is not a situation that is likely to happen with normal + * testing and we still have TSan to fall back on should this happen. + */ mbedtls_threading_mutex_t mbedtls_test_mutex_mutex; -/** The total number of calls to mbedtls_mutex_init(), minus the total number - * of calls to mbedtls_mutex_free(). +/** + * The total number of calls to mbedtls_mutex_init(), minus the total number + * of calls to mbedtls_mutex_free(). * - * Reset to 0 after each test case. + * Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset + * to 0 after each test case. */ static int live_mutexes; From 16b00f9522cc802c8e23628d7cb6f047ed3c5939 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 27 Nov 2023 15:52:24 +0800 Subject: [PATCH 396/430] mbedtls_config: improve documentation for BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- include/mbedtls/mbedtls_config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 552d944fb..abdb0a34f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2382,7 +2382,10 @@ * \note This feature is incompatible with insecure block cipher, * MBEDTLS_DES_C, and cipher modes which always require decryption * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and - * MBEDTLS_NIST_KW_C. + * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, + * this feature is incompatible with following supported PSA equivalence, + * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING, + * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES. * * Module: library/aes.c * library/aesce.c From 6f6090d19b3734d16b5983276d8fac92abc40b1b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 27 Nov 2023 15:54:53 +0800 Subject: [PATCH 397/430] tf-m config: update and enable BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang --- .../tfm_mbedcrypto_config_profile_medium.h | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index 34a3bd4ff..53243dd93 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -325,6 +325,28 @@ */ #define MBEDTLS_AES_C +/** + * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + * + * Remove decryption operation for AES, ARIA and Camellia block cipher. + * + * \note This feature is incompatible with insecure block cipher, + * MBEDTLS_DES_C, and cipher modes which always require decryption + * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and + * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, + * this feature is incompatible with following supported PSA equivalence, + * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING, + * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES. + * + * Module: library/aes.c + * library/aesce.c + * library/aesni.c + * library/aria.c + * library/camellia.c + * library/cipher.c + */ +#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + /** * \def MBEDTLS_CIPHER_C * From 150002c9f9d644c0ad752d4d5404716050d2819d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 27 Nov 2023 18:24:45 +0100 Subject: [PATCH 398/430] Skip calloc overallocation test case This test case is incompatible with sanitizers (e.g. ASan), and thus skipped. If the driver component uses a sanitizer but the reference component doesn't, we have a PASS vs SKIP mismatch. Since this test case is unrelated to drivers, we don't mind ignoring it. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 51 ++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index a070b0163..0028f7502 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -232,6 +232,12 @@ KNOWN_TASKS = { 'psa_crypto_low_hash.generated', # testing the builtins ], 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], } } }, @@ -255,6 +261,12 @@ KNOWN_TASKS = { 'test_suite_pem': [ re.compile(r'PEM read .*(AES|DES|\bencrypt).*'), ], + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], # Following tests depend on AES_C/DES_C but are not about # them really, just need to know some error code is there. 'test_suite_error': [ @@ -297,6 +309,12 @@ KNOWN_TASKS = { 'ecdsa', 'ecdh', 'ecjpake', ], 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], # This test wants a legacy function that takes f_rng, p_rng # arguments, and uses legacy ECDSA for that. The test is # really about the wrapper around the PSA RNG, not ECDSA. @@ -330,6 +348,12 @@ KNOWN_TASKS = { 'ecp', 'ecdsa', 'ecdh', 'ecjpake', ], 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], # See ecp_light_only 'test_suite_random': [ 'PSA classic wrapper: ECDSA signature (SECP256R1)', @@ -363,6 +387,12 @@ KNOWN_TASKS = { 'bignum.generated', 'bignum.misc', ], 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], # See ecp_light_only 'test_suite_random': [ 'PSA classic wrapper: ECDSA signature (SECP256R1)', @@ -400,6 +430,12 @@ KNOWN_TASKS = { 'bignum.generated', 'bignum.misc', ], 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], # See ecp_light_only 'test_suite_random': [ 'PSA classic wrapper: ECDSA signature (SECP256R1)', @@ -431,7 +467,14 @@ KNOWN_TASKS = { 'component_ref': 'test_psa_crypto_config_reference_ffdh', 'component_driver': 'test_psa_crypto_config_accel_ffdh', 'ignored_suites': ['dhm'], - 'ignored_tests': {} + 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], + } } }, 'analyze_driver_vs_reference_tfm_config': { @@ -447,6 +490,12 @@ KNOWN_TASKS = { 'bignum.generated', 'bignum.misc', ], 'ignored_tests': { + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], # See ecp_light_only 'test_suite_random': [ 'PSA classic wrapper: ECDSA signature (SECP256R1)', From a1ddcfaef8d7cd5e49ae30825d43004596cce616 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 09:46:01 +0800 Subject: [PATCH 399/430] Extend the pattern of pkparse test on encrypted keys These test cases are ignored when analyzing outcomes on analyze_driver_vs_reference_cipher_aead task. Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index a070b0163..71e9bd8b4 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -282,7 +282,7 @@ KNOWN_TASKS = { 'test_suite_pkparse': [ 'Key ASN1 (Encrypted key PKCS12, trailing garbage data)', 'Key ASN1 (Encrypted key PKCS5, trailing garbage data)', - re.compile(r'Parse RSA Key .*\(PKCS#8 encrypted .*\)'), + re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'), ], } } From dd1d6a7cca72bd65ac54dba85b1e7bf9a2f4cef3 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 27 Nov 2023 17:57:31 +0800 Subject: [PATCH 400/430] Improve readability of the script Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 0baba1b7e..4d1367608 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -64,7 +64,7 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage): available = check_test_cases.collect_available_test_cases() for suite_case in available: hits = 0 - for _comp, comp_outcomes in outcomes.items(): + for comp_outcomes in outcomes.values(): if suite_case in comp_outcomes["successes"] or \ suite_case in comp_outcomes["failures"]: hits += 1 @@ -96,8 +96,8 @@ def name_matches_pattern(name, str_or_re): def analyze_driver_vs_reference(results: Results, outcomes, component_ref, component_driver, ignored_suites, ignored_tests=None): - """Check that all tests passed in the reference component are also - passed in the corresponding driver component. + """Check that all tests passing in the reference component are also + passing in the corresponding driver component. Skip: - full test suites provided in ignored_suites list - only some specific test inside a test suite, for which the corresponding @@ -144,7 +144,7 @@ def read_outcome_file(outcome_file): An outcome collection is a dictionary presentation of the outcome file: ``` outcomes = { - "": { + "": { "successes": frozenset(["", ... ]), "failures": frozenset(["", ...]) } @@ -156,19 +156,19 @@ suite_case = ";" outcomes = {} with open(outcome_file, 'r', encoding='utf-8') as input_file: for line in input_file: - (_platform, config, suite, case, result, _cause) = line.split(';') + (_platform, component, suite, case, result, _cause) = line.split(';') suite_case = ';'.join([suite, case]) - if config not in outcomes: - outcomes[config] = {"successes":[], "failures":[]} + if component not in outcomes: + outcomes[component] = {"successes":[], "failures":[]} if result == 'PASS': - outcomes[config]['successes'].append(suite_case) + outcomes[component]['successes'].append(suite_case) elif result == 'FAIL': - outcomes[config]['failures'].append(suite_case) + outcomes[component]['failures'].append(suite_case) # Convert `list` to `frozenset` to improve search performance - for config in outcomes: - outcomes[config]['successes'] = frozenset(outcomes[config]['successes']) - outcomes[config]['failures'] = frozenset(outcomes[config]['failures']) + for component in outcomes: + outcomes[component]['successes'] = frozenset(outcomes[component]['successes']) + outcomes[component]['failures'] = frozenset(outcomes[component]['failures']) return outcomes @@ -489,9 +489,9 @@ def main(): KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage - # If the outcome file already exists, we assume that the user wants to - # perform the comparison. - # Share the contents among tasks to improve performance. + # If the outcome file exists, parse it once and share the result + # among tasks to improve performance. + # Otherwise, it will be generated by do_analyze_driver_vs_reference. if os.path.exists(options.outcomes): main_results.info("Read outcome file from {}.", options.outcomes) outcomes_or_file = read_outcome_file(options.outcomes) From f28cf594b1f297e2d6354c3de6f85d0ea2a32dca Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 10:56:29 +0800 Subject: [PATCH 401/430] Break the loop when case hits We don't care about the number of hits of the test cases, so break the iteration when the case hits. Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 4d1367608..488c96bba 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -68,6 +68,7 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage): if suite_case in comp_outcomes["successes"] or \ suite_case in comp_outcomes["failures"]: hits += 1 + break if hits == 0 and suite_case not in allow_list: if full_coverage: From 59b9efc6dd89e761ac961798123363774c8e074d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 11:15:00 +0800 Subject: [PATCH 402/430] Check if driver_component is missing Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 488c96bba..2515b309e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -107,7 +107,11 @@ def analyze_driver_vs_reference(results: Results, outcomes, ref_outcomes = outcomes.get("component_" + component_ref) driver_outcomes = outcomes.get("component_" + component_driver) - if ref_outcomes is None or not ref_outcomes['successes']: + if ref_outcomes is None or driver_outcomes is None: + results.error("required components are missing: bad outcome file?") + return + + if not ref_outcomes['successes']: results.error("no passing test in reference component: bad outcome file?") return From 28ae4648a61504acdfde9758e81368f8a7ec54bd Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 11:35:19 +0800 Subject: [PATCH 403/430] Use mutable set all the time Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2515b309e..890c70dd6 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -164,16 +164,11 @@ suite_case = ";" (_platform, component, suite, case, result, _cause) = line.split(';') suite_case = ';'.join([suite, case]) if component not in outcomes: - outcomes[component] = {"successes":[], "failures":[]} + outcomes[component] = {"successes":set(), "failures":set()} if result == 'PASS': - outcomes[component]['successes'].append(suite_case) + outcomes[component]['successes'].add(suite_case) elif result == 'FAIL': - outcomes[component]['failures'].append(suite_case) - - # Convert `list` to `frozenset` to improve search performance - for component in outcomes: - outcomes[component]['successes'] = frozenset(outcomes[component]['successes']) - outcomes[component]['failures'] = frozenset(outcomes[component]['failures']) + outcomes[component]['failures'].add(suite_case) return outcomes From 18908ec2767a1557b908137ad37ebecc52eca932 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 12:11:52 +0800 Subject: [PATCH 404/430] Define named tuple for component outcomes Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 42 +++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 890c70dd6..b52952458 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -12,9 +12,14 @@ import traceback import re import subprocess import os +import typing import check_test_cases +ComponentOutcomes = typing.NamedTuple('ComponentOutcomes', + [('successes', typing.Set[str]), + ('failures', typing.Set[str])]) + class Results: """Process analysis results.""" @@ -65,8 +70,8 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage): for suite_case in available: hits = 0 for comp_outcomes in outcomes.values(): - if suite_case in comp_outcomes["successes"] or \ - suite_case in comp_outcomes["failures"]: + if suite_case in comp_outcomes.successes or \ + suite_case in comp_outcomes.failures: hits += 1 break @@ -111,11 +116,11 @@ def analyze_driver_vs_reference(results: Results, outcomes, results.error("required components are missing: bad outcome file?") return - if not ref_outcomes['successes']: + if not ref_outcomes.successes: results.error("no passing test in reference component: bad outcome file?") return - for suite_case in ref_outcomes["successes"]: + for suite_case in ref_outcomes.successes: # suite_case is like "test_suite_foo.bar;Description of test case" (full_test_suite, test_string) = suite_case.split(';') test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name @@ -133,9 +138,9 @@ def analyze_driver_vs_reference(results: Results, outcomes, if name_matches_pattern(test_string, str_or_re): ignored = True - if not ignored and not suite_case in driver_outcomes['successes']: + if not ignored and not suite_case in driver_outcomes.successes: results.error("PASS -> SKIP/FAIL: {}", suite_case) - if ignored and suite_case in driver_outcomes['successes']: + if ignored and suite_case in driver_outcomes.successes: results.error("uselessly ignored: {}", suite_case) def analyze_outcomes(results: Results, outcomes, args): @@ -149,12 +154,23 @@ def read_outcome_file(outcome_file): An outcome collection is a dictionary presentation of the outcome file: ``` outcomes = { - "": { - "successes": frozenset(["", ... ]), - "failures": frozenset(["", ...]) - } + "": ComponentOutcomes, ... } + +CompoentOutcomes is a named tuple which is defined as: + +ComponentOutcomes( + successes = { + , + ... + }, + failures = { + , + ... + } +) + suite_case = ";" ``` """ @@ -164,11 +180,11 @@ suite_case = ";" (_platform, component, suite, case, result, _cause) = line.split(';') suite_case = ';'.join([suite, case]) if component not in outcomes: - outcomes[component] = {"successes":set(), "failures":set()} + outcomes[component] = ComponentOutcomes(set(), set()) if result == 'PASS': - outcomes[component]['successes'].add(suite_case) + outcomes[component].successes.add(suite_case) elif result == 'FAIL': - outcomes[component]['failures'].add(suite_case) + outcomes[component].failures.add(suite_case) return outcomes From da3c206ebde6c29904fb46a61ec7534f90c0d08e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 28 Nov 2023 14:28:03 +0800 Subject: [PATCH 405/430] fix build warning with arm64 gcc 5.4 GCC 5.4 reports below warning on Arm64 ``` warning: 'vst1q_u8' is static but used in inline function 'mbedtls_xor' which is not static ``` This inline function miss `static`, others have the keyword Signed-off-by: Jerry Yu --- library/common.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index c20f6b260..ec30a7da1 100644 --- a/library/common.h +++ b/library/common.h @@ -165,7 +165,10 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * \param b Pointer to input (buffer of at least \p n bytes) * \param n Number of bytes to process. */ -inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n) +static inline void mbedtls_xor(unsigned char *r, + const unsigned char *a, + const unsigned char *b, + size_t n) { size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) From 20e3ca391ed30347ed611e9bfe83600f3455ed4d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 15:30:03 +0800 Subject: [PATCH 406/430] Run tests for ref_vs_driver outside task function Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 45 +++++++++++++++---------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index b52952458..4e925a18e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -50,11 +50,7 @@ def execute_reference_driver_tests(results: Results, ref_component, driver_compo """Run the tests specified in ref_component and driver_component. Results are stored in the output_file and they will be used for the following coverage analysis""" - # If the outcome file already exists, we assume that the user wants to - # perform the comparison analysis again without repeating the tests. - if os.path.exists(outcome_file): - results.info("Outcome file ({}) already exists. Tests will be skipped.", outcome_file) - return + results.new_section("Test {} and {}", ref_component, driver_component) shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \ " " + ref_component + " " + driver_component @@ -188,27 +184,18 @@ suite_case = ";" return outcomes -def do_analyze_coverage(results: Results, outcomes_or_file, args): +def do_analyze_coverage(results: Results, outcomes, args): """Perform coverage analysis.""" results.new_section("Analyze coverage") - outcomes = read_outcome_file(outcomes_or_file) \ - if isinstance(outcomes_or_file, str) else outcomes_or_file analyze_outcomes(results, outcomes, args) -def do_analyze_driver_vs_reference(results: Results, outcomes_or_file, args): +def do_analyze_driver_vs_reference(results: Results, outcomes, args): """Perform driver vs reference analyze.""" results.new_section("Analyze driver {} vs reference {}", args['component_driver'], args['component_ref']) ignored_suites = ['test_suite_' + x for x in args['ignored_suites']] - if isinstance(outcomes_or_file, str): - execute_reference_driver_tests(results, args['component_ref'], \ - args['component_driver'], outcomes_or_file) - outcomes = read_outcome_file(outcomes_or_file) - else: - outcomes = outcomes_or_file - analyze_driver_vs_reference(results, outcomes, args['component_ref'], args['component_driver'], ignored_suites, args['ignored_tests']) @@ -507,17 +494,29 @@ def main(): # If the outcome file exists, parse it once and share the result # among tasks to improve performance. - # Otherwise, it will be generated by do_analyze_driver_vs_reference. - if os.path.exists(options.outcomes): - main_results.info("Read outcome file from {}.", options.outcomes) - outcomes_or_file = read_outcome_file(options.outcomes) - else: - outcomes_or_file = options.outcomes + # Otherwise, it will be generated by execute_reference_driver_tests. + if not os.path.exists(options.outcomes): + if len(tasks_list) > 1: + sys.stderr.write("mutiple tasks found, please provide a valid outcomes file.\n") + sys.exit(2) + + task_name = tasks_list[0] + task = KNOWN_TASKS[task_name] + if task['test_function'] != do_analyze_driver_vs_reference: + sys.stderr.write("please provide valid outcomes file for {}.\n".format(task_name)) + sys.exit(2) + + execute_reference_driver_tests(main_results, + task['args']['component_ref'], + task['args']['component_driver'], + options.outcomes) + + outcomes = read_outcome_file(options.outcomes) for task in tasks_list: test_function = KNOWN_TASKS[task]['test_function'] test_args = KNOWN_TASKS[task]['args'] - test_function(main_results, outcomes_or_file, test_args) + test_function(main_results, outcomes, test_args) main_results.info("Overall results: {} warnings and {} errors", main_results.warning_count, main_results.error_count) From c2e8f3a0800d720ea92a93e5c1911e9691694a3b Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 17:22:04 +0800 Subject: [PATCH 407/430] Add type annotations to analyze_outcomes.py Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 74 +++++++++++++++---------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 4e925a18e..018d94111 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -16,10 +16,32 @@ import typing import check_test_cases + +# `CompoentOutcomes` is a named tuple which is defined as: +# ComponentOutcomes( +# successes = { +# "", +# ... +# }, +# failures = { +# "", +# ... +# } +# ) +# suite_case = ";" ComponentOutcomes = typing.NamedTuple('ComponentOutcomes', [('successes', typing.Set[str]), ('failures', typing.Set[str])]) +# `Outcomes` is a representation of the outcomes file, +# which defined as: +# Outcomes = { +# "": ComponentOutcomes, +# ... +# } +Outcomes = typing.Dict[str, ComponentOutcomes] + + class Results: """Process analysis results.""" @@ -45,8 +67,8 @@ class Results: def _print_line(fmt, *args, **kwargs): sys.stderr.write((fmt + '\n').format(*args, **kwargs)) -def execute_reference_driver_tests(results: Results, ref_component, driver_component, \ - outcome_file): +def execute_reference_driver_tests(results: Results, ref_component: str, driver_component: str, \ + outcome_file: str) -> None: """Run the tests specified in ref_component and driver_component. Results are stored in the output_file and they will be used for the following coverage analysis""" @@ -60,7 +82,8 @@ def execute_reference_driver_tests(results: Results, ref_component, driver_compo if ret_val != 0: results.error("failed to run reference/driver components") -def analyze_coverage(results, outcomes, allow_list, full_coverage): +def analyze_coverage(results: Results, outcomes: Outcomes, + allow_list: typing.List[str], full_coverage: bool) -> None: """Check that all available test cases are executed at least once.""" available = check_test_cases.collect_available_test_cases() for suite_case in available: @@ -83,7 +106,7 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage): else: results.warning('Allow listed test case was executed: {}', suite_case) -def name_matches_pattern(name, str_or_re): +def name_matches_pattern(name: str, str_or_re) -> bool: """Check if name matches a pattern, that may be a string or regex. - If the pattern is a string, name must be equal to match. - If the pattern is a regex, name must fully match. @@ -91,13 +114,13 @@ def name_matches_pattern(name, str_or_re): # The CI's python is too old for re.Pattern #if isinstance(str_or_re, re.Pattern): if not isinstance(str_or_re, str): - return str_or_re.fullmatch(name) + return str_or_re.fullmatch(name) is not None else: return str_or_re == name -def analyze_driver_vs_reference(results: Results, outcomes, - component_ref, component_driver, - ignored_suites, ignored_tests=None): +def analyze_driver_vs_reference(results: Results, outcomes: Outcomes, + component_ref: str, component_driver: str, + ignored_suites: typing.List[str], ignored_tests=None) -> None: """Check that all tests passing in the reference component are also passing in the corresponding driver component. Skip: @@ -139,37 +162,14 @@ def analyze_driver_vs_reference(results: Results, outcomes, if ignored and suite_case in driver_outcomes.successes: results.error("uselessly ignored: {}", suite_case) -def analyze_outcomes(results: Results, outcomes, args): +def analyze_outcomes(results: Results, outcomes: Outcomes, args) -> None: """Run all analyses on the given outcome collection.""" analyze_coverage(results, outcomes, args['allow_list'], args['full_coverage']) -def read_outcome_file(outcome_file): +def read_outcome_file(outcome_file: str) -> Outcomes: """Parse an outcome file and return an outcome collection. - -An outcome collection is a dictionary presentation of the outcome file: -``` -outcomes = { - "": ComponentOutcomes, - ... -} - -CompoentOutcomes is a named tuple which is defined as: - -ComponentOutcomes( - successes = { - , - ... - }, - failures = { - , - ... - } -) - -suite_case = ";" -``` -""" + """ outcomes = {} with open(outcome_file, 'r', encoding='utf-8') as input_file: for line in input_file: @@ -184,12 +184,12 @@ suite_case = ";" return outcomes -def do_analyze_coverage(results: Results, outcomes, args): +def do_analyze_coverage(results: Results, outcomes: Outcomes, args) -> None: """Perform coverage analysis.""" results.new_section("Analyze coverage") analyze_outcomes(results, outcomes, args) -def do_analyze_driver_vs_reference(results: Results, outcomes, args): +def do_analyze_driver_vs_reference(results: Results, outcomes: Outcomes, args) -> None: """Perform driver vs reference analyze.""" results.new_section("Analyze driver {} vs reference {}", args['component_driver'], args['component_ref']) @@ -502,7 +502,7 @@ def main(): task_name = tasks_list[0] task = KNOWN_TASKS[task_name] - if task['test_function'] != do_analyze_driver_vs_reference: + if task['test_function'] != do_analyze_driver_vs_reference: # pylint: disable=comparison-with-callable sys.stderr.write("please provide valid outcomes file for {}.\n".format(task_name)) sys.exit(2) From 451ec8a4bca2eea57304013ade53b403d59a3b5a Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 28 Nov 2023 17:59:05 +0800 Subject: [PATCH 408/430] Add comment to read_outcome_file in analyze_outcomes.py Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 018d94111..02aac225f 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -174,6 +174,9 @@ def read_outcome_file(outcome_file: str) -> Outcomes: with open(outcome_file, 'r', encoding='utf-8') as input_file: for line in input_file: (_platform, component, suite, case, result, _cause) = line.split(';') + # Note that `component` is not unique. If a test case passes on Linux + # and fails on FreeBSD, it'll end up in both the successes set and + # the failures set. suite_case = ';'.join([suite, case]) if component not in outcomes: outcomes[component] = ComponentOutcomes(set(), set()) From 897bb77c0cfa8a1d37aea77a171c6c88bbcd49a9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 15 Nov 2023 16:34:20 +0000 Subject: [PATCH 409/430] Update tf-m tests in all.sh for P256-M Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5c2f1fd79..bd6b966c2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3254,14 +3254,6 @@ common_tfm_config () { # # Enable filesystem I/O for the benefit of PK parse/write tests. echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" - - # Config adjustments for features that are not supported - # when using only drivers / by p256-m - # - # Disable all the features that auto-enable ECP_LIGHT (see config_adjust_legacy_crypto.h) - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - # Disable deterministic ECDSA as p256-m only does randomized - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA } # Keep this in sync with component_test_tfm_config() as they are both meant @@ -3271,8 +3263,8 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config - # Build crypto library specifying we want to use P256M code for EC operations - make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_P256M_DRIVER_ENABLED -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS" + # Build crypto library + make CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o @@ -3283,6 +3275,8 @@ component_test_tfm_config_p256m_driver_accel_ec () { not grep mbedtls_rsa_ library/rsa.o not grep mbedtls_dhm_ library/dhm.o not grep mbedtls_mpi_ library/bignum.o + # Check that p256m was built + grep -q p256_ecdsa_verify library/libmbedcrypto.a # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" @@ -3295,9 +3289,16 @@ component_test_tfm_config_p256m_driver_accel_ec () { component_test_tfm_config() { common_tfm_config + # Disable P256M driver, which is on by default, so that analyze_outcomes + # can compare this test with test_tfm_config_p256m_driver_accel_ec + echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H" + msg "build: TF-M config" make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests + # Check that p256m was not built + not grep p256_ecdsa_verify library/libmbedcrypto.a + msg "test: TF-M config" make test } From be5489ae9835aa7e8ffcad771bcb6050a298be64 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 27 Nov 2023 10:30:03 +0000 Subject: [PATCH 410/430] Simplify test for building P256-M Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bd6b966c2..e15fb2afb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3276,7 +3276,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { not grep mbedtls_dhm_ library/dhm.o not grep mbedtls_mpi_ library/bignum.o # Check that p256m was built - grep -q p256_ecdsa_verify library/libmbedcrypto.a + grep -q p256_ecdsa_ library/libmbedcrypto.a # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" @@ -3297,7 +3297,7 @@ component_test_tfm_config() { make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests # Check that p256m was not built - not grep p256_ecdsa_verify library/libmbedcrypto.a + not grep p256_ecdsa_ library/libmbedcrypto.a msg "test: TF-M config" make test From a326eb990d086e344660aea23928c6dd98c7020c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 27 Nov 2023 10:56:41 +0000 Subject: [PATCH 411/430] We no longer need to undef ALT defines Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 191e4c4f4..4fa08caf6 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -21,16 +21,6 @@ /* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ #undef MBEDTLS_PSA_CRYPTO_SPM -/* TF-M provides its own dummy implementations to save code size. - * We don't have any way to disable the tests that need these feature, - * so we just keep AES decryption enabled. We will resolve this through - * an official way to disable AES decryption, then this deviation - * will no longer be needed: - * https://github.com/Mbed-TLS/mbedtls/issues/7368 - */ -#undef MBEDTLS_AES_SETKEY_DEC_ALT -#undef MBEDTLS_AES_DECRYPT_ALT - /* Use built-in platform entropy functions (TF-M provides its own). */ #undef MBEDTLS_NO_PLATFORM_ENTROPY From 4edcf693e7d96ef4b6678f7d8b27529f8090d1dd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 15 Nov 2023 12:23:29 +0000 Subject: [PATCH 412/430] Use latest TF-M config with bare-minimum changes Move all changes local to Mbed TLS into config-tfm.h (except for commenting out a couple of #include's). Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 38 +++ configs/ext/crypto_config_profile_medium.h | 44 ++-- .../tfm_mbedcrypto_config_profile_medium.h | 222 +++++++----------- 3 files changed, 139 insertions(+), 165 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 4fa08caf6..d987b6331 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -28,3 +28,41 @@ * but using the native allocator is faster and works better with * memory management analysis frameworks such as ASan. */ #undef MBEDTLS_MEMORY_BUFFER_ALLOC_C + +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +#undef MBEDTLS_PSA_CRYPTO_STORAGE_C + +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +#undef MBEDTLS_ENTROPY_NV_SEED + +// These platform-related TF-M settings are not useful here. +#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#undef MBEDTLS_PLATFORM_STD_MEM_HDR +#undef MBEDTLS_PLATFORM_SNPRINTF_MACRO +#undef MBEDTLS_PLATFORM_PRINTF_ALT +#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS +#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE + +// We expect TF-M to pick this up soon +#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + +/*********************************************************************** + * Local changes to crypto config below this delimiter + **********************************************************************/ + +/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro + * (commented-out above) has been replaced with the following new macros: */ +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ + +/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h index 682835a06..63ed4701d 100644 --- a/configs/ext/crypto_config_profile_medium.h +++ b/configs/ext/crypto_config_profile_medium.h @@ -50,7 +50,7 @@ //#define PSA_WANT_ALG_CFB 1 //#define PSA_WANT_ALG_CHACHA20_POLY1305 1 //#define PSA_WANT_ALG_CTR 1 -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +//#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 //#define PSA_WANT_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_ECDH 1 #define PSA_WANT_ALG_ECDSA 1 @@ -105,33 +105,27 @@ //#define PSA_WANT_KEY_TYPE_CAMELLIA 1 //#define PSA_WANT_KEY_TYPE_CHACHA20 1 //#define PSA_WANT_KEY_TYPE_DES 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 /* Deprecated */ +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 /* Deprecated */ +//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + +/* + * The following symbols extend and deprecate the legacy + * PSA_WANT_KEY_TYPE_xxx_KEY_PAIR ones. They include the usage of that key in + * the name's suffix. "_USE" is the most generic and it can be used to describe + * a generic suport, whereas other ones add more features on top of that and + * they are more specific. + */ +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 -//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 +//#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -/*********************************************************************** - * Local edits below this delimiter - **********************************************************************/ - -/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro - * (commented-out above) has been replaced with the following new macros: */ -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ - -/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported +#ifdef CRYPTO_HW_ACCELERATOR +#include "crypto_accelerator_config.h" +#endif #endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index 53243dd93..c435b5957 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -8,13 +8,29 @@ * memory footprint. */ /* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H #define PROFILE_M_MBEDTLS_CONFIG_H +//#include "config_tfm.h" + #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif @@ -80,44 +96,6 @@ * \{ */ -/** - * \def MBEDTLS_MD2_PROCESS_ALT - * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you - * alternate core implementation of symmetric crypto or hash function. Keep in - * mind that function prototypes should remain the same. - * - * This replaces only one function. The header file from mbed TLS is still - * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. - * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will - * no longer provide the mbedtls_sha1_process() function, but it will still provide - * the other function (using your mbedtls_sha1_process() function) and the definition - * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible - * with this definition. - * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * must stay untouched. - * - * \note If you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. - * - * Uncomment a macro to enable alternate implementation of the corresponding - * function. - * - * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use - * constitutes a security risk. If possible, we recommend avoiding - * dependencies on them, and considering stronger message digests - * and ciphers instead. - * - */ -#define MBEDTLS_AES_SETKEY_DEC_ALT -#define MBEDTLS_AES_DECRYPT_ALT - /** * \def MBEDTLS_AES_ROM_TABLES * @@ -171,21 +149,6 @@ */ #define MBEDTLS_ECP_NIST_OPTIM -/** - * \def MBEDTLS_ERROR_STRERROR_DUMMY - * - * Enable a dummy error function to make use of mbedtls_strerror() in - * third party libraries easier when MBEDTLS_ERROR_C is disabled - * (no effect when MBEDTLS_ERROR_C is enabled). - * - * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're - * not using mbedtls_strerror() or error_strerror() in your application. - * - * Disable if you run into name conflicts and want to really remove the - * mbedtls_strerror() - */ -#define MBEDTLS_ERROR_STRERROR_DUMMY - /** * \def MBEDTLS_NO_PLATFORM_ENTROPY * @@ -223,26 +186,7 @@ * \note The entropy collector will write to the seed file before entropy is * given to an external source, to update it. */ -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -//#define MBEDTLS_ENTROPY_NV_SEED - -/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - * - * Enable key identifiers that encode a key owner identifier. - * - * This is only meaningful when building the library as part of a - * multi-client service. When you activate this option, you must provide an - * implementation of the type mbedtls_key_owner_id_t and a translation from - * mbedtls_svc_key_id_t to file name in all the storage backends that you - * you wish to support. - * - * Note that while this define has been removed from TF-M's copy of this config - * file, TF-M still passes this option to Mbed TLS during the build via CMake. - * Therefore we keep it in our copy. See discussion on PR #7426 for more info. - * - */ -#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#define MBEDTLS_ENTROPY_NV_SEED /** * \def MBEDTLS_PSA_CRYPTO_SPM @@ -326,26 +270,21 @@ #define MBEDTLS_AES_C /** - * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT + * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH * - * Remove decryption operation for AES, ARIA and Camellia block cipher. + * Use only 128-bit keys in AES operations to save ROM. * - * \note This feature is incompatible with insecure block cipher, - * MBEDTLS_DES_C, and cipher modes which always require decryption - * operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and - * MBEDTLS_NIST_KW_C. When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, - * this feature is incompatible with following supported PSA equivalence, - * PSA_WANT_ALG_ECB_NO_PADDING, PSA_WANT_ALG_CBC_NO_PADDING, - * PSA_WANT_ALG_CBC_PKCS7 and PSA_WANT_KEY_TYPE_DES. + * Uncomment this macro to remove support for AES operations that use 192- + * or 256-bit keys. + * + * Uncommenting this macro reduces the size of AES code by ~300 bytes + * on v8-M/Thumb2. * * Module: library/aes.c - * library/aesce.c - * library/aesni.c - * library/aria.c - * library/camellia.c - * library/cipher.c + * + * Requires: MBEDTLS_AES_C */ -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT +#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH /** * \def MBEDTLS_CIPHER_C @@ -388,18 +327,6 @@ */ #define MBEDTLS_ENTROPY_C -/** - * \def MBEDTLS_ERROR_C - * - * Enable error code to error string conversion. - * - * Module: library/error.c - * Caller: - * - * This module enables mbedtls_strerror(). - */ -#define MBEDTLS_ERROR_C - /** * \def MBEDTLS_HKDF_C * @@ -413,40 +340,7 @@ * This module adds support for the Hashed Message Authentication Code * (HMAC)-based key derivation function (HKDF). */ -#define MBEDTLS_HKDF_C /* Used for HUK deriviation */ - -/** - * \def MBEDTLS_MD_C - * - * Enable the generic layer for message digest (hashing) and HMAC. - * - * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, - * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, - * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least - * one hash. - * Module: library/md.c - * Caller: library/constant_time.c - * library/ecdsa.c - * library/ecjpake.c - * library/hkdf.c - * library/hmac_drbg.c - * library/pk.c - * library/pkcs5.c - * library/pkcs12.c - * library/psa_crypto_ecp.c - * library/psa_crypto_rsa.c - * library/rsa.c - * library/ssl_cookie.c - * library/ssl_msg.c - * library/ssl_tls.c - * library/x509.c - * library/x509_crt.c - * library/x509write_crt.c - * library/x509write_csr.c - * - * Uncomment to enable generic message digest wrappers. - */ -#define MBEDTLS_MD_C +//#define MBEDTLS_HKDF_C /* Used for HUK deriviation */ /** * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C @@ -484,6 +378,15 @@ */ #define MBEDTLS_PLATFORM_C +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_STD_MEM_HDR + +#include + +#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf +#define MBEDTLS_PLATFORM_PRINTF_ALT +#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /** * \def MBEDTLS_PSA_CRYPTO_C @@ -508,9 +411,7 @@ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of * the PSA ITS interface */ -// This macro is enabled in TFM Medium but is disabled here because it is -// incompatible with baremetal builds in Mbed TLS. -//#define MBEDTLS_PSA_CRYPTO_STORAGE_C +#define MBEDTLS_PSA_CRYPTO_STORAGE_C /* \} name SECTION: mbed TLS modules */ @@ -614,6 +515,47 @@ /* ECP options */ #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */ +/** + * Uncomment to enable p256-m. This is an alternative implementation of + * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. + * Compared to the default implementation: + * + * - p256-m has a much smaller code size and RAM footprint. + * - p256-m is only available via the PSA API. This includes the pk module + * when #MBEDTLS_USE_PSA_CRYPTO is enabled. + * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols + * over the core arithmetic, or deterministic derivation of keys. + * + * We recommend enabling this option if your application uses the PSA API + * and the only elliptic curve support it needs is ECDH and ECDSA over + * SECP256R1. + * + * If you enable this option, you do not need to enable any ECC-related + * MBEDTLS_xxx option. You do need to separately request support for the + * cryptographic mechanisms through the PSA API: + * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based + * configuration; + * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; + * - #PSA_WANT_ECC_SECP_R1_256; + * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; + * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + * + * \note To benefit from the smaller code size of p256-m, make sure that you + * do not enable any ECC-related option not supported by p256-m: this + * would cause the built-in ECC implementation to be built as well, in + * order to provide the required option. + * Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than + * SECP256R1 are disabled as they are not supported by this driver. + * Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or + * #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of + * the built-in ECC implementation, see docs/driver-only-builds.md. + */ +#define MBEDTLS_PSA_P256M_DRIVER_ENABLED + /* \} name SECTION: Customisation configuration options */ #if CRYPTO_NV_SEED @@ -621,7 +563,7 @@ #endif /* CRYPTO_NV_SEED */ #if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) -#include "mbedtls_entropy_nv_seed_config.h" +//#include "mbedtls_entropy_nv_seed_config.h" #endif #ifdef CRYPTO_HW_ACCELERATOR From 6632a12fa3e3ab8e0fa7b11c61a4b9b1e7e4c363 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Nov 2023 16:03:56 +0100 Subject: [PATCH 413/430] all.sh: re-enable CCM/GCM in test_full_no_cipher_with_crypto[_config]() Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 08136c014..93a32aefe 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1583,9 +1583,7 @@ common_test_full_no_cipher_with_psa_crypto () { # on CIPHER_C so we disable them. # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 # so we keep them enabled. - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 @@ -1594,27 +1592,19 @@ common_test_full_no_cipher_with_psa_crypto () { scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_AES scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_CAMELLIA - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ARIA else # Don't pull in cipher via PSA mechanisms scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG # Disable cipher modes/keys that make PSA depend on CIPHER_C. # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C. scripts/config.py unset-all MBEDTLS_CIPHER_MODE - scripts/config.py unset MBEDTLS_AES_C scripts/config.py unset MBEDTLS_DES_C - scripts/config.py unset MBEDTLS_ARIA_C - scripts/config.py unset MBEDTLS_CAMELLIA_C # Dependencies on AES_C scripts/config.py unset MBEDTLS_CTR_DRBG_C fi # The following modules directly depends on CIPHER_C - scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_GCM_C scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_PKCS5_C From b1cf8aeda445757209323b8e3eb864140c83adb8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Nov 2023 16:24:00 +0100 Subject: [PATCH 414/430] adjust_psa_from_legacy: add required CIPHER_C dependencies Some PSA_WANT symbols do not have a 1:1 matching with legacy ones. For example, previous to this commit: - CCM_C enabled both PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG even thought the two are not equivalent (authenticated VS non-authenticated). - there was no legacy equivalent for ECB_NO_PADDING What it is common to both PSA_WANT_ALG_CCM_STAR_NO_TAG and PSA_WANT_ALG_ECB_NO_PADDING is the fact that the builtin implementation depends on CIPHER_C. Therefore this commits adds this guards to select whether or not to enable the above mentioned PSA_WANT symbols. Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_psa_from_legacy.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index 60b00c1e4..b841875cf 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -25,9 +25,11 @@ #if defined(MBEDTLS_CCM_C) #define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 -#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 #define PSA_WANT_ALG_CCM 1 +#if defined(MBEDTLS_CIPHER_C) +#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 #define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 +#endif /* MBEDTLS_CIPHER_C */ #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CMAC_C) @@ -247,8 +249,9 @@ #endif #endif -#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ - defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C) +#if (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ + defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)) && \ + defined(MBEDTLS_CIPHER_C) #define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_ECB_NO_PADDING 1 #endif From 919e3fa729ed71cb075c1af8c2fc030b2067fa03 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Nov 2023 16:30:05 +0100 Subject: [PATCH 415/430] check_config: fix guards for PSA builtin implementation of cipher/AEAD While the PSA builtin implementation of cipher still depends on CIPHER_C, the same is no more true for AEADs. When CIPHER_C is not defined, BLOCK_CIPHER_C is used instead, thus making it possible to support AEADs without CIPHER_C. Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 792e7d70d..9b5b6467e 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -785,9 +785,8 @@ #error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)" #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) && \ - (defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || defined(PSA_HAVE_SOFT_BLOCK_AEAD)) && \ - !defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_HAVE_SOFT_BLOCK_MODE) && \ + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) && !defined(MBEDTLS_CIPHER_C) #error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites" #endif From 5b73de8ddb6db3ffde86f53a87a3059491127186 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 28 Nov 2023 15:49:25 +0100 Subject: [PATCH 416/430] ssl-opt.sh: Add a check of the list of supported ciphersuites Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b3f8ed4a4..f92642dec 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -358,9 +358,18 @@ requires_protocol_version() { # Space-separated list of ciphersuites supported by this build of # Mbed TLS. -P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null | - grep 'TLS-\|TLS1-3' | - tr -s ' \n' ' ')" +P_CIPHERSUITES="" +if [ "$LIST_TESTS" -eq 0 ]; then + P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null | + grep 'TLS-\|TLS1-3' | + tr -s ' \n' ' ')" + + if [ -z "${P_CIPHERSUITES# }" ]; then + echo >&2 "$0: fatal error: no cipher suites found!" + exit 125 + fi +fi + requires_ciphersuite_enabled() { case $P_CIPHERSUITES in *" $1 "*) :;; From 41bc42ac1b1a11496b202e7f2559c0bd6f664638 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 28 Nov 2023 15:03:57 +0100 Subject: [PATCH 417/430] ssl-opt.sh: Fix some symmetric crypto dependencies Fix some dependencies on symmetric crypto that were not correct in case of driver but not builtin support. Revealed by "Analyze driver test_psa_crypto_config_accel_cipher_aead vs reference test_psa_crypto_config_reference_cipher_aead" in analyze_outcomes.py. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 56 +++++++++++++++++------------------------------- 1 file changed, 20 insertions(+), 36 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f92642dec..ac7860c9a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2341,7 +2341,7 @@ run_test "Opaque key for server authentication: invalid alg: ecdh with RSA ke requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_CCM_C +requires_config_enabled PSA_WANT_ALG_CCM run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ key_file=data_files/server5.key key_opaque_algs=ecdh,none \ @@ -2395,7 +2395,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_384 -requires_config_enabled MBEDTLS_CCM_C +requires_config_enabled PSA_WANT_ALG_CCM requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \ "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ @@ -2575,7 +2575,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ @@ -9124,8 +9124,7 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \ # Tests for ECC extensions (rfc 4492) -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED run_test "Force a non ECC ciphersuite in the client side" \ @@ -9137,8 +9136,7 @@ run_test "Force a non ECC ciphersuite in the client side" \ -S "found supported elliptic curves extension" \ -S "found supported point formats extension" -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED run_test "Force a non ECC ciphersuite in the server side" \ @@ -9148,8 +9146,7 @@ run_test "Force a non ECC ciphersuite in the server side" \ -C "found supported_point_formats extension" \ -S "server hello, supported_point_formats extension" -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 run_test "Force an ECC ciphersuite in the client side" \ "$P_SRV debug_level=3" \ @@ -9160,8 +9157,7 @@ run_test "Force an ECC ciphersuite in the client side" \ -s "found supported elliptic curves extension" \ -s "found supported point formats extension" -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 run_test "Force an ECC ciphersuite in the server side" \ "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -9686,8 +9682,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: both (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -9716,8 +9711,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \ not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ -p "$P_PXY mtu=508" \ @@ -9739,8 +9733,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ -p "$P_PXY mtu=508" \ @@ -9791,8 +9784,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -9840,8 +9832,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -9875,8 +9866,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ -p "$P_PXY mtu=1450" \ @@ -9904,7 +9894,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_CHACHAPOLY_C +requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ -p "$P_PXY mtu=512" \ @@ -9934,8 +9924,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ -p "$P_PXY mtu=512" \ @@ -9965,8 +9954,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_CCM_C +requires_config_enabled PSA_WANT_ALG_CCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ -p "$P_PXY mtu=1024" \ @@ -9996,8 +9984,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ @@ -10028,8 +10015,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_CIPHER_MODE_CBC +requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -p "$P_PXY mtu=1024" \ @@ -10055,8 +10041,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d" \ @@ -10078,8 +10063,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_AES_C -requires_config_enabled MBEDTLS_GCM_C +requires_config_enabled PSA_WANT_ALG_GCM client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ From 82d7a875ff53578e74c0703ef623f63ad7ee37e1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 28 Nov 2023 10:06:33 +0000 Subject: [PATCH 418/430] Update tests to refer to our tf-m config wrapper Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e15fb2afb..177736a51 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4123,8 +4123,10 @@ support_build_tfm_armcc () { component_build_tfm_armcc() { # test the TF-M configuration can build cleanly with various warning flags enabled - cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp configs/config-tfm.h "$CONFIG_H" + + # MBEDTLS_NO_PLATFORM_ENTROPY is needed as we are building for baremetal + ./scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY msg "build: TF-M config, armclang armv7-m thumb2" armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" @@ -4136,8 +4138,7 @@ component_build_tfm() { # TF-M configuration needs a TF-M platform. A tweaked version of # the configuration that works on mainstream platforms is in # configs/config-tfm.h, tested via test-ref-configs.pl. - cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" - cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + cp configs/config-tfm.h "$CONFIG_H" msg "build: TF-M config, clang, armv7-m thumb2" make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" From c89f7817e174dc7c3fbcf113c0d90dfb86658771 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 28 Nov 2023 13:55:20 +0000 Subject: [PATCH 419/430] Use common license header Signed-off-by: Dave Rodgman --- .../ext/tfm_mbedcrypto_config_profile_medium.h | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index c435b5957..beebddf5a 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -8,22 +8,8 @@ * memory footprint. */ /* - * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #ifndef PROFILE_M_MBEDTLS_CONFIG_H From 29ad2d7609183ff0a82abbfdeb2d979f9b16b039 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 28 Nov 2023 17:43:49 +0100 Subject: [PATCH 420/430] ssl-opt.sh: Remove unnecessary symmetric crypto dependencies Same test cases as in the previous commit. Remove the redundant symmetric crypto dependency. The dependency is ensured by the fact that: 1) the test case forces a cipher suite 2) ssl-opt.sh enforces automatically that the forced ciphersuite is available. 3) The fact that the forced ciphersuite is available implies that the symmetric cipher algorithm it uses is available as well. Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index ac7860c9a..b0d94bde0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2341,7 +2341,6 @@ run_test "Opaque key for server authentication: invalid alg: ecdh with RSA ke requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_256 -requires_config_enabled PSA_WANT_ALG_CCM run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ key_file=data_files/server5.key key_opaque_algs=ecdh,none \ @@ -2395,7 +2394,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_hash_alg SHA_384 -requires_config_enabled PSA_WANT_ALG_CCM requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \ "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ @@ -2575,7 +2573,6 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 -requires_config_enabled PSA_WANT_ALG_GCM requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ @@ -9124,7 +9121,6 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \ # Tests for ECC extensions (rfc 4492) -requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED run_test "Force a non ECC ciphersuite in the client side" \ @@ -9136,7 +9132,6 @@ run_test "Force a non ECC ciphersuite in the client side" \ -S "found supported elliptic curves extension" \ -S "found supported point formats extension" -requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED run_test "Force a non ECC ciphersuite in the server side" \ @@ -9146,7 +9141,6 @@ run_test "Force a non ECC ciphersuite in the server side" \ -C "found supported_point_formats extension" \ -S "server hello, supported_point_formats extension" -requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 run_test "Force an ECC ciphersuite in the client side" \ "$P_SRV debug_level=3" \ @@ -9157,7 +9151,6 @@ run_test "Force an ECC ciphersuite in the client side" \ -s "found supported elliptic curves extension" \ -s "found supported point formats extension" -requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_hash_alg SHA_256 run_test "Force an ECC ciphersuite in the server side" \ "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -9682,7 +9675,6 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: both (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -9711,7 +9703,6 @@ run_test "DTLS fragmenting: both (MTU=512)" \ not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ -p "$P_PXY mtu=508" \ @@ -9733,7 +9724,6 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ -p "$P_PXY mtu=508" \ @@ -9784,7 +9774,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -9832,7 +9821,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ -p "$P_PXY mtu=512" \ @@ -9866,7 +9854,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ -p "$P_PXY mtu=1450" \ @@ -9894,7 +9881,6 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ -p "$P_PXY mtu=512" \ @@ -9924,7 +9910,6 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled PSA_WANT_ALG_GCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ -p "$P_PXY mtu=512" \ @@ -9954,7 +9939,6 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled PSA_WANT_ALG_CCM requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ -p "$P_PXY mtu=1024" \ @@ -9984,7 +9968,6 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ @@ -10015,7 +9998,6 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION -requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ -p "$P_PXY mtu=1024" \ @@ -10041,7 +10023,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled PSA_WANT_ALG_GCM client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d" \ @@ -10063,7 +10044,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled PSA_WANT_ALG_GCM client_needs_more_time 2 requires_max_content_len 2048 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ From 60f76663c0ffffad28973e2ba2d7fe09ee8c0dfa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 28 Nov 2023 17:52:42 +0100 Subject: [PATCH 421/430] Align forced ciphersuite with test description Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b0d94bde0..4762285b0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9894,7 +9894,7 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ crt_file=data_files/server8_int-ca2.crt \ key_file=data_files/server8.key \ exchanges=2 renegotiation=1 renegotiate=1 \ - force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ + force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \ hs_timeout=10000-60000 \ mtu=512" \ 0 \ From 550cd6f9b2a5773060ec87926dcdcdd26148d1a3 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 29 Nov 2023 09:17:59 +0800 Subject: [PATCH 422/430] Use boolean `hit` instead of int `hits` Also fix a typo in the comments. Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 02aac225f..52059bda0 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -17,7 +17,7 @@ import typing import check_test_cases -# `CompoentOutcomes` is a named tuple which is defined as: +# `ComponentOutcomes` is a named tuple which is defined as: # ComponentOutcomes( # successes = { # "", @@ -87,19 +87,19 @@ def analyze_coverage(results: Results, outcomes: Outcomes, """Check that all available test cases are executed at least once.""" available = check_test_cases.collect_available_test_cases() for suite_case in available: - hits = 0 + hit = False for comp_outcomes in outcomes.values(): if suite_case in comp_outcomes.successes or \ suite_case in comp_outcomes.failures: - hits += 1 + hit = True break - if hits == 0 and suite_case not in allow_list: + if hit == 0 and suite_case not in allow_list: if full_coverage: results.error('Test case not executed: {}', suite_case) else: results.warning('Test case not executed: {}', suite_case) - elif hits != 0 and suite_case in allow_list: + elif hit != 0 and suite_case in allow_list: # Test Case should be removed from the allow list. if full_coverage: results.error('Allow listed test case was executed: {}', suite_case) From 5b96b819803d69b2be8b7afb65d500f92faeb98f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Nov 2023 10:25:00 +0800 Subject: [PATCH 423/430] Revert "fix build warning with arm64 gcc 5.4" This reverts commit da3c206ebde6c29904fb46a61ec7534f90c0d08e. Signed-off-by: Jerry Yu --- library/common.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/common.h b/library/common.h index ec30a7da1..c20f6b260 100644 --- a/library/common.h +++ b/library/common.h @@ -165,10 +165,7 @@ static inline const unsigned char *mbedtls_buffer_offset_const( * \param b Pointer to input (buffer of at least \p n bytes) * \param n Number of bytes to process. */ -static inline void mbedtls_xor(unsigned char *r, - const unsigned char *a, - const unsigned char *b, - size_t n) +inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n) { size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) From 71fada10e5b05e328d3a7ae75ea5a0edaf9d271a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Nov 2023 10:38:07 +0800 Subject: [PATCH 424/430] Guards neon path Old GCC(<7.3) reports warning in NEON path Signed-off-by: Jerry Yu --- library/common.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index c20f6b260..78d71fda2 100644 --- a/library/common.h +++ b/library/common.h @@ -169,7 +169,9 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned { size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) -#if defined(__ARM_NEON) +#if defined(__ARM_NEON) && \ + (defined(__GNUC__) && !defined(__clang__) && \ + __GNUC__ >= 7 && __GNUC_MINOR__ >= 3) for (; (i + 16) <= n; i += 16) { uint8x16_t v1 = vld1q_u8(a + i); uint8x16_t v2 = vld1q_u8(b + i); From e743aa74b50470e6b1d4df55766f0fefb80b942b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Nov 2023 15:54:32 +0800 Subject: [PATCH 425/430] add non-gcc arm_neon support Signed-off-by: Jerry Yu --- library/common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/common.h b/library/common.h index 78d71fda2..cc58bf4f6 100644 --- a/library/common.h +++ b/library/common.h @@ -170,8 +170,8 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned size_t i = 0; #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) #if defined(__ARM_NEON) && \ - (defined(__GNUC__) && !defined(__clang__) && \ - __GNUC__ >= 7 && __GNUC_MINOR__ >= 3) + (!defined(MBEDTLS_COMPILER_IS_GCC) || \ + (defined(MBEDTLS_COMPILER_IS_GCC) && __GNUC__ >= 7 && __GNUC_MINOR__ >= 3)) for (; (i + 16) <= n; i += 16) { uint8x16_t v1 = vld1q_u8(a + i); uint8x16_t v2 = vld1q_u8(b + i); From 92787e42c42433b6a9cde0dd5a79b5baf011815a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 29 Nov 2023 16:30:38 +0800 Subject: [PATCH 426/430] fix wrong gcc version check Signed-off-by: Jerry Yu --- library/common.h | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/library/common.h b/library/common.h index cc58bf4f6..bd5a0c392 100644 --- a/library/common.h +++ b/library/common.h @@ -23,6 +23,15 @@ #include #endif /* __ARM_NEON */ + +#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ + && !defined(__llvm__) && !defined(__INTEL_COMPILER) +/* Defined if the compiler really is gcc and not clang, etc */ +#define MBEDTLS_COMPILER_IS_GCC +#define MBEDTLS_GCC_VERSION \ + (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#endif + /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be @@ -171,7 +180,7 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned #if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) #if defined(__ARM_NEON) && \ (!defined(MBEDTLS_COMPILER_IS_GCC) || \ - (defined(MBEDTLS_COMPILER_IS_GCC) && __GNUC__ >= 7 && __GNUC_MINOR__ >= 3)) + (defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION >= 70300)) for (; (i + 16) <= n; i += 16) { uint8x16_t v1 = vld1q_u8(a + i); uint8x16_t v2 = vld1q_u8(b + i); @@ -326,12 +335,6 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_ASSUME(x) do { } while (0) #endif -#if defined(__GNUC__) && !defined(__ARMCC_VERSION) && !defined(__clang__) \ - && !defined(__llvm__) && !defined(__INTEL_COMPILER) -/* Defined if the compiler really is gcc and not clang, etc */ -#define MBEDTLS_COMPILER_IS_GCC -#endif - /* For gcc -Os, override with -O2 for a given function. * * This will not affect behaviour for other optimisation settings, e.g. -O0. From 2d9b7d491af6560ba7db0ed6a39b7c256d322a2e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 29 Nov 2023 09:42:44 +0000 Subject: [PATCH 427/430] Remove references to 3.4 Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index d987b6331..a21d041cd 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -51,18 +51,3 @@ /*********************************************************************** * Local changes to crypto config below this delimiter **********************************************************************/ - -/* Between Mbed TLS 3.4 and 3.5, the PSA_WANT_KEY_TYPE_RSA_KEY_PAIR macro - * (commented-out above) has been replaced with the following new macros: */ -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE 1 /* Not supported */ - -/* Between Mbed TLS 3.4 and 3.5, the following macros have been added: */ -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -//#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 1 // Not supported From e4cf9b6f95264784d5b768d63bbb63c6fb74601f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 29 Nov 2023 09:43:20 +0000 Subject: [PATCH 428/430] Move MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to correct section Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index a21d041cd..1925cdcb2 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -45,9 +45,9 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE -// We expect TF-M to pick this up soon -#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT - /*********************************************************************** * Local changes to crypto config below this delimiter **********************************************************************/ + +// We expect TF-M to pick this up soon +#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT From 51e72456f9dd7bfc3a4eee53de046f4390a3d83b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 29 Nov 2023 09:44:44 +0000 Subject: [PATCH 429/430] Automatically set MBEDTLS_NO_PLATFORM_ENTROPY in TF-M config Signed-off-by: Dave Rodgman --- configs/config-tfm.h | 9 +++++++++ tests/scripts/all.sh | 3 --- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 1925cdcb2..85b677b4c 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -45,6 +45,15 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE +/* + * In order to get an example config that works cleanly out-of-the-box + * for both baremetal and non-baremetal builds, we detect baremetal builds + * and set this variable automatically. + */ +#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARM_EABI__) +#define MBEDTLS_NO_PLATFORM_ENTROPY +#endif + /*********************************************************************** * Local changes to crypto config below this delimiter **********************************************************************/ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 177736a51..036bdceac 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4125,9 +4125,6 @@ component_build_tfm_armcc() { # test the TF-M configuration can build cleanly with various warning flags enabled cp configs/config-tfm.h "$CONFIG_H" - # MBEDTLS_NO_PLATFORM_ENTROPY is needed as we are building for baremetal - ./scripts/config.py --force set MBEDTLS_NO_PLATFORM_ENTROPY - msg "build: TF-M config, armclang armv7-m thumb2" armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe" } From 5dcfd0c613eb31a20e02d901fdb26d72262b9835 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 29 Nov 2023 18:03:28 +0800 Subject: [PATCH 430/430] Some improvements Signed-off-by: Pengyu Lv --- tests/scripts/analyze_outcomes.py | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 52059bda0..0d8289bda 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -87,19 +87,16 @@ def analyze_coverage(results: Results, outcomes: Outcomes, """Check that all available test cases are executed at least once.""" available = check_test_cases.collect_available_test_cases() for suite_case in available: - hit = False - for comp_outcomes in outcomes.values(): - if suite_case in comp_outcomes.successes or \ - suite_case in comp_outcomes.failures: - hit = True - break + hit = any(suite_case in comp_outcomes.successes or + suite_case in comp_outcomes.failures + for comp_outcomes in outcomes.values()) - if hit == 0 and suite_case not in allow_list: + if not hit and suite_case not in allow_list: if full_coverage: results.error('Test case not executed: {}', suite_case) else: results.warning('Test case not executed: {}', suite_case) - elif hit != 0 and suite_case in allow_list: + elif hit and suite_case in allow_list: # Test Case should be removed from the allow list. if full_coverage: results.error('Allow listed test case was executed: {}', suite_case)