Merge pull request #8 from deneraraujo/develop

Fix quotes warning on ovpnapi header
Merge pull request #7 from deneraraujo/hotfix/syntax_warning
2026-02-11 00:00:08 +08:00 · 2020-09-20 00:13:29 -03:00 · 2020-09-20 00:09:57 -03:00 · 2020-09-20 00:07:13 -03:00 · 2020-09-19 23:31:22 -03:00 · 2020-09-19 23:30:33 -03:00
71 changed files with 3984 additions and 697 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,15 @@
 # Changelog
 ## 0.7.0
 - **Added**: An option to evaluate configuration without creating an instance of `OpenVPNAdapter`.
 - **Updated**: Class `OpenVPNProperties` renamed to `OpenVPNConfigurationEvaluation`.
 - **Updated**: openvpn3 library to 3.5.6 version, mbedTLS library to 2.7.13 version;
 ## 0.6.0
 - **Updated**: Slightly changed API of the framework.
 - **Fixed**: Reading packets issue affecting on connection when network interface is changed.
 ## 0.5.0
 - **Added**: Swift Package Manager support;
- **Updated**: openvpn3 library – 3.5.4 version;
+- **Updated**: openvpn3 library to 3.5.4 version;
 - **Fixed**: Network issue when adapter used in macOS projects.
--- a/OpenVPNAdapter.podspec
+++ b/OpenVPNAdapter.podspec
@@ -3,7 +3,7 @@ Pod::Spec.new do |s|
  # ―――  Spec Metadata  ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――― #
  s.name = "OpenVPNAdapter"
-  s.version = "0.6.0"
+  s.version = "0.7.0"
  s.summary   = "Objective-C wrapper for OpenVPN library. Compatible with iOS and macOS."
  s.description = <<-DESC
    OpenVPNAdapter is an Objective-C framework that allows to easily configure and establish VPN connection using OpenVPN protocol.
--- a/OpenVPNAdapter.xcodeproj/project.pbxproj
+++ b/OpenVPNAdapter.xcodeproj/project.pbxproj
@@ -7,6 +7,12 @@
 	objects = {
 /* Begin PBXBuildFile section */
 		C910EAE524EBB1DA0081AF13 /* OpenVPNReachabilityTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C97E5FD624123F48005C2EBC /* OpenVPNReachabilityTests.swift */; };
 		C910EAE724EBB5210081AF13 /* OpenVPNConfigurationEvaluation.h in Headers */ = {isa = PBXBuildFile; fileRef = C910EAE624EBB5210081AF13 /* OpenVPNConfigurationEvaluation.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		C910EAEE24EBBFB60081AF13 /* client.crt in Resources */ = {isa = PBXBuildFile; fileRef = C910EAEB24EBBFB60081AF13 /* client.crt */; };
 		C910EAEF24EBBFB60081AF13 /* ca.crt in Resources */ = {isa = PBXBuildFile; fileRef = C910EAEC24EBBFB60081AF13 /* ca.crt */; };
 		C910EAF024EBBFB60081AF13 /* client.key in Resources */ = {isa = PBXBuildFile; fileRef = C910EAED24EBBFB60081AF13 /* client.key */; };
 		C910EAF224EBC6F90081AF13 /* client.ovpn in Resources */ = {isa = PBXBuildFile; fileRef = C910EAF124EBC6F90081AF13 /* client.ovpn */; };
 		C97E5F6E24122F12005C2EBC /* NSArray+OpenVPNAdditions.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F6D24122F12005C2EBC /* NSArray+OpenVPNAdditions.h */; };
 		C97E5F7024122F22005C2EBC /* NSError+OpenVPNError.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F6F24122F22005C2EBC /* NSError+OpenVPNError.h */; };
 		C97E5F7224122F5C005C2EBC /* OpenVPNClient.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F7124122F5C005C2EBC /* OpenVPNClient.h */; };
@@ -31,8 +37,8 @@
 		C97E5F98241230F7005C2EBC /* OpenVPNPacket.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F97241230F7005C2EBC /* OpenVPNPacket.h */; };
 		C97E5F9A24123135005C2EBC /* OpenVPNPacketFlowBridge.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F9924123135005C2EBC /* OpenVPNPacketFlowBridge.h */; };
 		C97E5F9C2412313F005C2EBC /* OpenVPNPrivateKey.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F9B2412313F005C2EBC /* OpenVPNPrivateKey.h */; };
-		C97E5F9E2412314A005C2EBC /* OpenVPNProperties.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F9D24123149005C2EBC /* OpenVPNProperties.h */; };
+		C97E5F9E2412314A005C2EBC /* OpenVPNConfigurationEvaluation.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F9D24123149005C2EBC /* OpenVPNConfigurationEvaluation.h */; };
-		C97E5FA024123152005C2EBC /* OpenVPNProperties+Internal.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F9F24123151005C2EBC /* OpenVPNProperties+Internal.h */; };
+		C97E5FA024123152005C2EBC /* OpenVPNConfigurationEvaluation+Internal.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5F9F24123151005C2EBC /* OpenVPNConfigurationEvaluation+Internal.h */; };
 		C97E5FA22412315D005C2EBC /* OpenVPNReachability.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5FA12412315C005C2EBC /* OpenVPNReachability.h */; };
 		C97E5FA424123168005C2EBC /* OpenVPNReachability+Internal.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5FA324123168005C2EBC /* OpenVPNReachability+Internal.h */; };
 		C97E5FA62412317B005C2EBC /* OpenVPNReachabilityStatus.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5FA52412317B005C2EBC /* OpenVPNReachabilityStatus.h */; };
@@ -46,7 +52,6 @@
 		C97E5FB6241231FF005C2EBC /* OpenVPNTransportStats+Internal.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5FB5241231FF005C2EBC /* OpenVPNTransportStats+Internal.h */; };
 		C97E5FB824123211005C2EBC /* OpenVPNTransportProtocol.h in Headers */ = {isa = PBXBuildFile; fileRef = C97E5FB724123211005C2EBC /* OpenVPNTransportProtocol.h */; };
 		C97E5FDD24123F48005C2EBC /* OpenVPNConfigurationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C97E5FD724123F48005C2EBC /* OpenVPNConfigurationTests.swift */; };
 		C97E5FDE24123F48005C2EBC /* CustomFlow.swift in Sources */ = {isa = PBXBuildFile; fileRef = C97E5FD824123F48005C2EBC /* CustomFlow.swift */; };
 		C97E5FDF24123F48005C2EBC /* OpenVPNAdapterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C97E5FD924123F48005C2EBC /* OpenVPNAdapterTests.swift */; };
 		C97E5FE024123F48005C2EBC /* VPNProfile.swift in Sources */ = {isa = PBXBuildFile; fileRef = C97E5FDA24123F48005C2EBC /* VPNProfile.swift */; };
 		C97E5FE124123F48005C2EBC /* Bundle.swift in Sources */ = {isa = PBXBuildFile; fileRef = C97E5FDB24123F48005C2EBC /* Bundle.swift */; };
@@ -55,6 +60,10 @@
 		C97E5FEC24124B73005C2EBC /* mbedTLS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = "OpenVPNAdapter::mbedTLS::Product" /* mbedTLS.framework */; };
 		C9EABF3124110BE200D828D4 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C9EABF3024110BE200D828D4 /* SystemConfiguration.framework */; };
 		C9EABF772411215C00D828D4 /* UIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C9EABF642411189800D828D4 /* UIKit.framework */; platformFilter = ios; };
 		EDC86AE92516F50000504FFA /* OpenVPNDhcpOptionEntry.h in Headers */ = {isa = PBXBuildFile; fileRef = EDC86AE62516F50000504FFA /* OpenVPNDhcpOptionEntry.h */; };
 		EDC86AEA2516F50000504FFA /* OpenVPNDhcpOptionEntry.mm in Sources */ = {isa = PBXBuildFile; fileRef = EDC86AE72516F50000504FFA /* OpenVPNDhcpOptionEntry.mm */; };
 		EDC86AEB2516F50000504FFA /* OpenVPNDhcpOptionEntry+Internal.h in Headers */ = {isa = PBXBuildFile; fileRef = EDC86AE82516F50000504FFA /* OpenVPNDhcpOptionEntry+Internal.h */; };
 		EDC86AF22516F52300504FFA /* OpenVPNDhcpOptionEntry.h in Headers */ = {isa = PBXBuildFile; fileRef = EDC86AF12516F52300504FFA /* OpenVPNDhcpOptionEntry.h */; };
 		OBJ_250 /* lz4.c in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_16 /* lz4.c */; };
 		OBJ_251 /* lz4frame.c in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_17 /* lz4frame.c */; };
 		OBJ_252 /* lz4hc.c in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_18 /* lz4hc.c */; };
@@ -73,7 +82,7 @@
 		OBJ_271 /* OpenVPNPacket.mm in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_39 /* OpenVPNPacket.mm */; };
 		OBJ_272 /* OpenVPNPacketFlowBridge.mm in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_40 /* OpenVPNPacketFlowBridge.mm */; };
 		OBJ_273 /* OpenVPNPrivateKey.m in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_41 /* OpenVPNPrivateKey.m */; };
-		OBJ_274 /* OpenVPNProperties.mm in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_42 /* OpenVPNProperties.mm */; };
+		OBJ_274 /* OpenVPNConfigurationEvaluation.mm in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_42 /* OpenVPNConfigurationEvaluation.mm */; };
 		OBJ_275 /* OpenVPNReachability.mm in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_43 /* OpenVPNReachability.mm */; };
 		OBJ_276 /* OpenVPNReachabilityTracker.mm in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_44 /* OpenVPNReachabilityTracker.mm */; };
 		OBJ_277 /* OpenVPNServerEntry.mm in Sources */ = {isa = PBXBuildFile; fileRef = OBJ_45 /* OpenVPNServerEntry.mm */; };
@@ -87,7 +96,6 @@
 		OBJ_286 /* OpenVPNTLSCertProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = OBJ_54 /* OpenVPNTLSCertProfile.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		OBJ_287 /* OpenVPNPrivateKey.h in Headers */ = {isa = PBXBuildFile; fileRef = OBJ_55 /* OpenVPNPrivateKey.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		OBJ_288 /* OpenVPNInterfaceStats.h in Headers */ = {isa = PBXBuildFile; fileRef = OBJ_56 /* OpenVPNInterfaceStats.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		OBJ_289 /* OpenVPNProperties.h in Headers */ = {isa = PBXBuildFile; fileRef = OBJ_57 /* OpenVPNProperties.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		OBJ_290 /* OpenVPNReachability.h in Headers */ = {isa = PBXBuildFile; fileRef = OBJ_58 /* OpenVPNReachability.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		OBJ_291 /* OpenVPNIPv6Preference.h in Headers */ = {isa = PBXBuildFile; fileRef = OBJ_59 /* OpenVPNIPv6Preference.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		OBJ_292 /* OpenVPNAdapterPacketFlow.h in Headers */ = {isa = PBXBuildFile; fileRef = OBJ_60 /* OpenVPNAdapterPacketFlow.h */; settings = {ATTRIBUTES = (Public, ); }; };
@@ -225,6 +233,11 @@
 /* End PBXContainerItemProxy section */
 /* Begin PBXFileReference section */
 		C910EAE624EBB5210081AF13 /* OpenVPNConfigurationEvaluation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNConfigurationEvaluation.h; sourceTree = "<group>"; };
 		C910EAEB24EBBFB60081AF13 /* client.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = client.crt; sourceTree = "<group>"; };
 		C910EAEC24EBBFB60081AF13 /* ca.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = ca.crt; sourceTree = "<group>"; };
 		C910EAED24EBBFB60081AF13 /* client.key */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = client.key; sourceTree = "<group>"; };
 		C910EAF124EBC6F90081AF13 /* client.ovpn */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = client.ovpn; sourceTree = "<group>"; };
 		C97E5F6D24122F12005C2EBC /* NSArray+OpenVPNAdditions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSArray+OpenVPNAdditions.h"; sourceTree = "<group>"; };
 		C97E5F6F24122F22005C2EBC /* NSError+OpenVPNError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSError+OpenVPNError.h"; sourceTree = "<group>"; };
 		C97E5F7124122F5C005C2EBC /* OpenVPNClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNClient.h; sourceTree = "<group>"; };
@@ -249,8 +262,8 @@
 		C97E5F97241230F7005C2EBC /* OpenVPNPacket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNPacket.h; sourceTree = "<group>"; };
 		C97E5F9924123135005C2EBC /* OpenVPNPacketFlowBridge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNPacketFlowBridge.h; sourceTree = "<group>"; };
 		C97E5F9B2412313F005C2EBC /* OpenVPNPrivateKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNPrivateKey.h; sourceTree = "<group>"; };
-		C97E5F9D24123149005C2EBC /* OpenVPNProperties.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNProperties.h; sourceTree = "<group>"; };
+		C97E5F9D24123149005C2EBC /* OpenVPNConfigurationEvaluation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNConfigurationEvaluation.h; sourceTree = "<group>"; };
-		C97E5F9F24123151005C2EBC /* OpenVPNProperties+Internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "OpenVPNProperties+Internal.h"; sourceTree = "<group>"; };
+		C97E5F9F24123151005C2EBC /* OpenVPNConfigurationEvaluation+Internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "OpenVPNConfigurationEvaluation+Internal.h"; sourceTree = "<group>"; };
 		C97E5FA12412315C005C2EBC /* OpenVPNReachability.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNReachability.h; sourceTree = "<group>"; };
 		C97E5FA324123168005C2EBC /* OpenVPNReachability+Internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "OpenVPNReachability+Internal.h"; sourceTree = "<group>"; };
 		C97E5FA52412317B005C2EBC /* OpenVPNReachabilityStatus.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNReachabilityStatus.h; sourceTree = "<group>"; };
@@ -268,7 +281,6 @@
 		C97E5FCD24123F2E005C2EBC /* OpenVPNAdapterTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = OpenVPNAdapterTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
 		C97E5FD624123F48005C2EBC /* OpenVPNReachabilityTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OpenVPNReachabilityTests.swift; sourceTree = "<group>"; };
 		C97E5FD724123F48005C2EBC /* OpenVPNConfigurationTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OpenVPNConfigurationTests.swift; sourceTree = "<group>"; };
 		C97E5FD824123F48005C2EBC /* CustomFlow.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CustomFlow.swift; sourceTree = "<group>"; };
 		C97E5FD924123F48005C2EBC /* OpenVPNAdapterTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OpenVPNAdapterTests.swift; sourceTree = "<group>"; };
 		C97E5FDA24123F48005C2EBC /* VPNProfile.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VPNProfile.swift; sourceTree = "<group>"; };
 		C97E5FDB24123F48005C2EBC /* Bundle.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Bundle.swift; sourceTree = "<group>"; };
@@ -281,6 +293,10 @@
 		C9EABF7424111D6100D828D4 /* OpenVPNAdapter.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = OpenVPNAdapter.xcconfig; sourceTree = "<group>"; };
 		C9EABF7524111E9C00D828D4 /* LZ4.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = LZ4.xcconfig; sourceTree = "<group>"; };
 		C9EABF7624111F1600D828D4 /* mbedTLS.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = mbedTLS.xcconfig; sourceTree = "<group>"; };
 		EDC86AE62516F50000504FFA /* OpenVPNDhcpOptionEntry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNDhcpOptionEntry.h; sourceTree = "<group>"; };
 		EDC86AE72516F50000504FFA /* OpenVPNDhcpOptionEntry.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNDhcpOptionEntry.mm; sourceTree = "<group>"; };
 		EDC86AE82516F50000504FFA /* OpenVPNDhcpOptionEntry+Internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "OpenVPNDhcpOptionEntry+Internal.h"; sourceTree = "<group>"; };
 		EDC86AF12516F52300504FFA /* OpenVPNDhcpOptionEntry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNDhcpOptionEntry.h; sourceTree = "<group>"; };
 		OBJ_100 /* debug.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = debug.c; sourceTree = "<group>"; };
 		OBJ_101 /* des.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = des.c; sourceTree = "<group>"; };
 		OBJ_102 /* dhm.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = dhm.c; sourceTree = "<group>"; };
@@ -431,7 +447,7 @@
 		OBJ_39 /* OpenVPNPacket.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNPacket.mm; sourceTree = "<group>"; };
 		OBJ_40 /* OpenVPNPacketFlowBridge.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNPacketFlowBridge.mm; sourceTree = "<group>"; };
 		OBJ_41 /* OpenVPNPrivateKey.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = OpenVPNPrivateKey.m; sourceTree = "<group>"; };
-		OBJ_42 /* OpenVPNProperties.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNProperties.mm; sourceTree = "<group>"; };
+		OBJ_42 /* OpenVPNConfigurationEvaluation.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNConfigurationEvaluation.mm; sourceTree = "<group>"; };
 		OBJ_43 /* OpenVPNReachability.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNReachability.mm; sourceTree = "<group>"; };
 		OBJ_44 /* OpenVPNReachabilityTracker.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNReachabilityTracker.mm; sourceTree = "<group>"; };
 		OBJ_45 /* OpenVPNServerEntry.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNServerEntry.mm; sourceTree = "<group>"; };
@@ -445,7 +461,6 @@
 		OBJ_54 /* OpenVPNTLSCertProfile.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenVPNTLSCertProfile.h; sourceTree = "<group>"; };
 		OBJ_55 /* OpenVPNPrivateKey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenVPNPrivateKey.h; sourceTree = "<group>"; };
 		OBJ_56 /* OpenVPNInterfaceStats.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenVPNInterfaceStats.h; sourceTree = "<group>"; };
 		OBJ_57 /* OpenVPNProperties.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenVPNProperties.h; sourceTree = "<group>"; };
 		OBJ_58 /* OpenVPNReachability.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenVPNReachability.h; sourceTree = "<group>"; };
 		OBJ_59 /* OpenVPNIPv6Preference.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenVPNIPv6Preference.h; sourceTree = "<group>"; };
 		OBJ_60 /* OpenVPNAdapterPacketFlow.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = OpenVPNAdapterPacketFlow.h; sourceTree = "<group>"; };
@@ -527,12 +542,23 @@
 /* End PBXFrameworksBuildPhase section */
 /* Begin PBXGroup section */
 		C910EAEA24EBBFB60081AF13 /* Resources */ = {
 			isa = PBXGroup;
 			children = (
 				C910EAF124EBC6F90081AF13 /* client.ovpn */,
 				C910EAEB24EBBFB60081AF13 /* client.crt */,
 				C910EAEC24EBBFB60081AF13 /* ca.crt */,
 				C910EAED24EBBFB60081AF13 /* client.key */,
 			);
 			name = Resources;
 			path = Tests/Resources;
 			sourceTree = "<group>";
 		};
 		C97E5FD524123F48005C2EBC /* OpenVPNAdapter */ = {
 			isa = PBXGroup;
 			children = (
 				C97E5FDB24123F48005C2EBC /* Bundle.swift */,
 				C97E5FDA24123F48005C2EBC /* VPNProfile.swift */,
 				C97E5FD824123F48005C2EBC /* CustomFlow.swift */,
 				C97E5FD624123F48005C2EBC /* OpenVPNReachabilityTests.swift */,
 				C97E5FD724123F48005C2EBC /* OpenVPNConfigurationTests.swift */,
 				C97E5FD924123F48005C2EBC /* OpenVPNAdapterTests.swift */,
@@ -673,6 +699,7 @@
 		OBJ_231 /* Tests */ = {
 			isa = PBXGroup;
 			children = (
 				C910EAEA24EBBFB60081AF13 /* Resources */,
 				C97E5FD524123F48005C2EBC /* OpenVPNAdapter */,
 			);
 			name = Tests;
@@ -705,6 +732,9 @@
 		OBJ_27 /* library */ = {
 			isa = PBXGroup;
 			children = (
 				EDC86AE62516F50000504FFA /* OpenVPNDhcpOptionEntry.h */,
 				EDC86AE72516F50000504FFA /* OpenVPNDhcpOptionEntry.mm */,
 				EDC86AE82516F50000504FFA /* OpenVPNDhcpOptionEntry+Internal.h */,
 				C97E5F752412300A005C2EBC /* OpenVPNAdapterEvent.h */,
 				C97E5F7724123019005C2EBC /* OpenVPNAdapterPacketFlow.h */,
 				C97E5F7B24123036005C2EBC /* OpenVPNCompressionMode.h */,
@@ -746,9 +776,9 @@
 				OBJ_40 /* OpenVPNPacketFlowBridge.mm */,
 				C97E5F9B2412313F005C2EBC /* OpenVPNPrivateKey.h */,
 				OBJ_41 /* OpenVPNPrivateKey.m */,
-				C97E5F9D24123149005C2EBC /* OpenVPNProperties.h */,
+				C97E5F9D24123149005C2EBC /* OpenVPNConfigurationEvaluation.h */,
-				C97E5F9F24123151005C2EBC /* OpenVPNProperties+Internal.h */,
+				C97E5F9F24123151005C2EBC /* OpenVPNConfigurationEvaluation+Internal.h */,
-				OBJ_42 /* OpenVPNProperties.mm */,
+				OBJ_42 /* OpenVPNConfigurationEvaluation.mm */,
 				C97E5FA12412315C005C2EBC /* OpenVPNReachability.h */,
 				C97E5FA324123168005C2EBC /* OpenVPNReachability+Internal.h */,
 				OBJ_43 /* OpenVPNReachability.mm */,
@@ -770,6 +800,7 @@
 		OBJ_48 /* include */ = {
 			isa = PBXGroup;
 			children = (
 				EDC86AF12516F52300504FFA /* OpenVPNDhcpOptionEntry.h */,
 				OBJ_49 /* OpenVPNCompressionMode.h */,
 				OBJ_50 /* OpenVPNKeyType.h */,
 				OBJ_51 /* OpenVPNAdapterEvent.h */,
@@ -778,7 +809,7 @@
 				OBJ_54 /* OpenVPNTLSCertProfile.h */,
 				OBJ_55 /* OpenVPNPrivateKey.h */,
 				OBJ_56 /* OpenVPNInterfaceStats.h */,
-				OBJ_57 /* OpenVPNProperties.h */,
+				C910EAE624EBB5210081AF13 /* OpenVPNConfigurationEvaluation.h */,
 				OBJ_58 /* OpenVPNReachability.h */,
 				OBJ_59 /* OpenVPNIPv6Preference.h */,
 				OBJ_60 /* OpenVPNAdapterPacketFlow.h */,
@@ -974,12 +1005,12 @@
 				C97E5F6E24122F12005C2EBC /* NSArray+OpenVPNAdditions.h in Headers */,
 				OBJ_286 /* OpenVPNTLSCertProfile.h in Headers */,
 				C97E5FAE241231B3005C2EBC /* OpenVPNSessionToken.h in Headers */,
-				C97E5F9E2412314A005C2EBC /* OpenVPNProperties.h in Headers */,
+				C97E5F9E2412314A005C2EBC /* OpenVPNConfigurationEvaluation.h in Headers */,
 				C97E5FA62412317B005C2EBC /* OpenVPNReachabilityStatus.h in Headers */,
 				OBJ_287 /* OpenVPNPrivateKey.h in Headers */,
 				EDC86AEB2516F50000504FFA /* OpenVPNDhcpOptionEntry+Internal.h in Headers */,
 				C97E5F7424122FE6005C2EBC /* OpenVPNAdapter.h in Headers */,
 				OBJ_288 /* OpenVPNInterfaceStats.h in Headers */,
 				OBJ_289 /* OpenVPNProperties.h in Headers */,
 				OBJ_290 /* OpenVPNReachability.h in Headers */,
 				OBJ_291 /* OpenVPNIPv6Preference.h in Headers */,
 				C97E5F8C24123091005C2EBC /* OpenVPNInterfaceStats.h in Headers */,
@@ -987,13 +1018,14 @@
 				C97E5F92241230C6005C2EBC /* OpenVPNKeyType.h in Headers */,
 				C97E5F94241230D9005C2EBC /* OpenVPNMinTLSVersion.h in Headers */,
 				C97E5F7E24123046005C2EBC /* OpenVPNConfiguration.h in Headers */,
-				C97E5FA024123152005C2EBC /* OpenVPNProperties+Internal.h in Headers */,
+				C97E5FA024123152005C2EBC /* OpenVPNConfigurationEvaluation+Internal.h in Headers */,
 				C97E5FB2241231DA005C2EBC /* OpenVPNTLSCertProfile.h in Headers */,
 				OBJ_292 /* OpenVPNAdapterPacketFlow.h in Headers */,
 				C97E5FA824123186005C2EBC /* OpenVPNReachabilityTracker.h in Headers */,
 				OBJ_293 /* OpenVPNMinTLSVersion.h in Headers */,
 				C97E5F7224122F5C005C2EBC /* OpenVPNClient.h in Headers */,
 				OBJ_294 /* OpenVPNAdapter.h in Headers */,
 				EDC86AE92516F50000504FFA /* OpenVPNDhcpOptionEntry.h in Headers */,
 				OBJ_295 /* OpenVPNConnectionInfo.h in Headers */,
 				OBJ_296 /* OpenVPNReachabilityStatus.h in Headers */,
 				C97E5F822412305C005C2EBC /* OpenVPNConnectionInfo.h in Headers */,
@@ -1009,8 +1041,10 @@
 				OBJ_301 /* OpenVPNSessionToken.h in Headers */,
 				C97E5FA424123168005C2EBC /* OpenVPNReachability+Internal.h in Headers */,
 				OBJ_302 /* OpenVPNCertificate.h in Headers */,
 				C910EAE724EBB5210081AF13 /* OpenVPNConfigurationEvaluation.h in Headers */,
 				C97E5FAC241231AA005C2EBC /* OpenVPNServerEntry+Internal.h in Headers */,
 				C97E5F90241230B3005C2EBC /* OpenVPNIPv6Preference.h in Headers */,
 				EDC86AF22516F52300504FFA /* OpenVPNDhcpOptionEntry.h in Headers */,
 				C97E5FE624124B0E005C2EBC /* Umbrella-Header.h in Headers */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
@@ -1147,6 +1181,10 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
 				C910EAEE24EBBFB60081AF13 /* client.crt in Resources */,
 				C910EAF024EBBFB60081AF13 /* client.key in Resources */,
 				C910EAEF24EBBFB60081AF13 /* ca.crt in Resources */,
 				C910EAF224EBC6F90081AF13 /* client.ovpn in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -1160,7 +1198,7 @@
 				C97E5FE124123F48005C2EBC /* Bundle.swift in Sources */,
 				C97E5FDD24123F48005C2EBC /* OpenVPNConfigurationTests.swift in Sources */,
 				C97E5FDF24123F48005C2EBC /* OpenVPNAdapterTests.swift in Sources */,
-				C97E5FDE24123F48005C2EBC /* CustomFlow.swift in Sources */,
+				C910EAE524EBB1DA0081AF13 /* OpenVPNReachabilityTests.swift in Sources */,
 				C97E5FE024123F48005C2EBC /* VPNProfile.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
@@ -1192,9 +1230,10 @@
 				OBJ_269 /* OpenVPNInterfaceStats.mm in Sources */,
 				OBJ_270 /* OpenVPNNetworkSettingsBuilder.m in Sources */,
 				OBJ_271 /* OpenVPNPacket.mm in Sources */,
 				EDC86AEA2516F50000504FFA /* OpenVPNDhcpOptionEntry.mm in Sources */,
 				OBJ_272 /* OpenVPNPacketFlowBridge.mm in Sources */,
 				OBJ_273 /* OpenVPNPrivateKey.m in Sources */,
-				OBJ_274 /* OpenVPNProperties.mm in Sources */,
+				OBJ_274 /* OpenVPNConfigurationEvaluation.mm in Sources */,
 				OBJ_275 /* OpenVPNReachability.mm in Sources */,
 				OBJ_276 /* OpenVPNReachabilityTracker.mm in Sources */,
 				OBJ_277 /* OpenVPNServerEntry.mm in Sources */,
@@ -1524,7 +1563,7 @@
 					"$(inherited)",
 					"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx",
 				);
-				MARKETING_VERSION = 0.6.0;
+				MARKETING_VERSION = 0.7.0;
 				OTHER_SWIFT_FLAGS = "$(inherited)";
 				PRODUCT_BUNDLE_IDENTIFIER = OpenVPNAdapter;
 				PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)";
@@ -1553,7 +1592,7 @@
 					"$(inherited)",
 					"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx",
 				);
-				MARKETING_VERSION = 0.6.0;
+				MARKETING_VERSION = 0.7.0;
 				OTHER_SWIFT_FLAGS = "$(inherited)";
 				PRODUCT_BUNDLE_IDENTIFIER = OpenVPNAdapter;
 				PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)";
@@ -1607,7 +1646,7 @@
 					"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx",
 				);
 				MACH_O_TYPE = staticlib;
-				MARKETING_VERSION = 3.5.4;
+				MARKETING_VERSION = 3.5.6;
 				OTHER_CFLAGS = "$(inherited)";
 				OTHER_LDFLAGS = "$(inherited)";
 				OTHER_SWIFT_FLAGS = "$(inherited)";
@@ -1638,7 +1677,7 @@
 					"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx",
 				);
 				MACH_O_TYPE = staticlib;
-				MARKETING_VERSION = 3.5.4;
+				MARKETING_VERSION = 3.5.6;
 				OTHER_CFLAGS = "$(inherited)";
 				OTHER_LDFLAGS = "$(inherited)";
 				OTHER_SWIFT_FLAGS = "$(inherited)";
@@ -1669,7 +1708,7 @@
 					"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx",
 				);
 				MACH_O_TYPE = staticlib;
-				MARKETING_VERSION = 2.7.12;
+				MARKETING_VERSION = 2.7.13;
 				OTHER_SWIFT_FLAGS = "$(inherited)";
 				PRODUCT_BUNDLE_IDENTIFIER = mbedTLS;
 				PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)";
@@ -1698,7 +1737,7 @@
 					"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx",
 				);
 				MACH_O_TYPE = staticlib;
-				MARKETING_VERSION = 2.7.12;
+				MARKETING_VERSION = 2.7.13;
 				OTHER_SWIFT_FLAGS = "$(inherited)";
 				PRODUCT_BUNDLE_IDENTIFIER = mbedTLS;
 				PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)";
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ To install OpenVPNAdapter with Cocoapods, add the following lines to your `Podfi
 ```ruby
 target 'Your Target Name' do
  use_frameworks!
-  pod 'OpenVPNAdapter', :git => 'https://github.com/ss-abramchuk/OpenVPNAdapter.git', :tag => '0.5.1'
+  pod 'OpenVPNAdapter', :git => 'https://github.com/ss-abramchuk/OpenVPNAdapter.git', :tag => '0.7.0'
 end
 ```
@@ -191,16 +191,16 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
        // configuration.tunPersist = true
        // Apply OpenVPN configuration
-        let properties: OpenVPNProperties
+        let evaluation: OpenVPNConfigurationEvaluation
        do {
-            properties = try vpnAdapter.apply(configuration: configuration)
+            evaluation = try vpnAdapter.apply(configuration: configuration)
        } catch {
            completionHandler(error)
            return
        }
        // Provide credentials if needed
-        if !properties.autologin {
+        if !evaluation.autologin {
            // If your VPN configuration requires user credentials you can provide them by
            // `protocolConfiguration.username` and `protocolConfiguration.passwordReference`
            // properties. It is recommended to use persistent keychain reference to a keychain
--- a/Sources/OpenVPN3/client/ovpncli.cpp
+++ b/Sources/OpenVPN3/client/ovpncli.cpp
@@ -663,6 +663,14 @@ namespace openvpn {
 	    se.friendlyName = i->friendlyName;
 	    eval.serverList.push_back(se);
 	  }
    // Added by Dener Araújo - 2020-09-06
    for (ParseClientConfig::DhcpOptionList::const_iterator i = cc.dhcpOptionList().begin(); i != cc.dhcpOptionList().end(); ++i)
      {
        DhcpOptionEntry de;
        de.type = i->type;
        de.address = i->address;
        eval.dhcpOptionList.push_back(de);
      }
      }
      catch (const std::exception& e)
 	{
--- a/Sources/OpenVPN3/client/ovpncli.hpp
+++ b/Sources/OpenVPN3/client/ovpncli.hpp
@@ -47,6 +47,15 @@ namespace openvpn {
      std::string friendlyName;
    };
    // Added by Dener Araújo - 2020-09-06
    // Represents an "dhcp-option" with its type (DNS, WINS, etc) and its address
    // (client reads)
    struct DhcpOptionEntry
    {
      std::string type;
      std::string address;
    };
    // return properties of config
    // (client reads)
    struct EvalConfig
@@ -91,6 +100,10 @@ namespace openvpn {
      // optional list of user-selectable VPN servers
      std::vector<ServerEntry> serverList;
      // Added by Dener Araújo - 2020-09-06
      // optional list of "dhcp-option"
      std::vector<DhcpOptionEntry> dhcpOptionList;
    };
    // used to pass credentials to VPN core
--- a/Sources/OpenVPN3/deps/lib-versions
+++ b/Sources/OpenVPN3/deps/lib-versions
@@ -4,8 +4,8 @@ export ASIO_CSUM=bdb01a649c24d73ca4a836662e7af442d935313ed6deef6b07f17f3bc5f78d7
 export LZ4_VERSION=lz4-1.8.3
 export LZ4_CSUM=33af5936ac06536805f9745e0b6d61da606a1f8b4cc5c04dd3cbaca3b9b4fc43
-export MBEDTLS_VERSION=mbedtls-2.7.12
+export MBEDTLS_VERSION=mbedtls-2.7.13
-export MBEDTLS_CSUM=d3a36dbc9f607747daa6875c1ab2e41f49eff5fc99d3436b4f3ac90c89f3c143
+export MBEDTLS_CSUM=6772fe21c7755dc513920e84adec629d39188b6451542ebaece428f0eba655c9
 export JSONCPP_VERSION=1.8.4
 export JSONCPP_CSUM=c49deac9e0933bcb7044f08516861a2d560988540b23de2ac1ad443b219afdb6
@@ -19,6 +19,7 @@ export CITYHASH_CSUM=f70368facd15735dffc77fe2b27ab505bfdd05be5e9166d94149a8744c2
 export LZO_VERSION=lzo-2.10
 export LZO_CSUM=c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b4221a072
-export OPENSSL_VERSION=openssl-1.1.1d
+export OPENSSL_VERSION=openssl-1.1.1g
-export OPENSSL_CSUM=1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
+export OPENSSL_CSUM=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
--- a/Sources/OpenVPN3/deps/openssl/build-openssl
+++ b/Sources/OpenVPN3/deps/openssl/build-openssl
@@ -38,7 +38,7 @@ fi
 # source helper functions
 . $O3/core/deps/functions.sh
-FNAME=openssl-${OPNESSL_VERSION}.tar.gz
+FNAME=openssl-${OPENSSL_VERSION}.tar.gz
 URL=https://www.openssl.org/source/${OPENSSL_VERSION}.tar.gz
 CSUM=${OPENSSL_CSUM}
--- a/Sources/OpenVPN3/openvpn/client/cliopthelper.hpp
+++ b/Sources/OpenVPN3/openvpn/client/cliopthelper.hpp
@@ -59,6 +59,17 @@ namespace openvpn {
    {
    };
    // Added by Dener Araújo - 2020-09-06
    struct DhcpOptionEntry {
      std::string type;
      std::string address;
    };
    // Added by Dener Araújo - 2020-09-06
    struct DhcpOptionList : public std::vector<DhcpOptionEntry>
    {
    };
    struct RemoteItem {
      std::string host;
      std::string port;
@@ -283,6 +294,30 @@ namespace openvpn {
 	  }
 	}
    // Added by Dener Araújo - 2020-09-06
    // dhpc-option
    {
      const OptionList::IndexList *dhcpList = options.get_index_ptr("dhcp-option");
      if (dhcpList)
      {
        for (OptionList::IndexList::const_iterator i = dhcpList->begin(); i != dhcpList->end(); ++i)
        {
          const Option& o = options[*i];
          o.touch();
          const std::string arg1 = o.get_optional(1, 256);
          const std::string arg2 = o.get_optional(2, 256);
          DhcpOptionEntry dhcp;
          dhcp.type = arg1;
          dhcp.address = arg2;
          dhcpOptionList_.push_back(std::move(dhcp));
        }
      }
    }
 	// protocol configuration
 	{
 	  protoConfig.reset(new ProtoContext::Config());
@@ -435,6 +470,10 @@ namespace openvpn {
    // return first remote directive in config
    const RemoteItem& firstRemoteListItem() const { return firstRemoteListItem_; }
    // Added by Dener Araújo - 2020-09-06
    // dhpc-option
    const DhcpOptionList& dhcpOptionList() const { return dhcpOptionList_; }
    std::string to_string() const
    {
@@ -524,6 +563,18 @@ namespace openvpn {
      root["mode"] = Json::Value("client");
      root["dev"] = Json::Value(dev);
      // Added by Dener Araújo - 2020-09-06
      root["dhcp-options"] = Json::Value(Json::arrayValue);
      for (size_t i = 0; i < dhcpOptionList_.size(); i++)
      {
    const DhcpOptionEntry& item = dhcpOptionList_[i];
    Json::Value el = Json::Value(Json::objectValue);
    el["type"] = Json::Value(item.type);
    el["address"] = Json::Value(item.address);
    root["dhcp-options"].append(el);
      }
      root["dev-type"] = Json::Value(protoConfig->layer.dev_type());
      root["remotes"] = Json::Value(Json::arrayValue);
      for (size_t i = 0; i < remoteList->size(); i++)
@@ -716,6 +767,7 @@ namespace openvpn {
    ProtoContext::Config::Ptr protoConfig;
    SSLLib::SSLAPI::Config::Ptr sslConfig;
    std::string dev;
    DhcpOptionList dhcpOptionList_; // Added by Dener Araújo - 2020-09-06
  };
 }
--- a/Sources/OpenVPN3/openvpn/common/version.hpp
+++ b/Sources/OpenVPN3/openvpn/common/version.hpp
@@ -24,5 +24,5 @@
 #pragma once
 #ifndef OPENVPN_VERSION
-#define OPENVPN_VERSION "3.5.4"
+#define OPENVPN_VERSION "3.5.6"
 #endif
--- a/Sources/OpenVPN3/openvpn/error/error.hpp
+++ b/Sources/OpenVPN3/openvpn/error/error.hpp
@@ -61,6 +61,9 @@ namespace openvpn {
      UDP_CONNECT_ERROR,   // client error on UDP connect
      SSL_ERROR,           // errors resulting from read/write on SSL object
      SSL_PARTIAL_WRITE,   // SSL object did not process all written cleartext
      SSL_CA_MD_TOO_WEAK,  // CA message digest is too weak
      SSL_CA_KEY_TOO_SMALL, // CA key is too small
      SSL_DH_KEY_TOO_SMALL, // DH key is too small
      ENCAPSULATION_ERROR, // exceptions thrown during packet encapsulation
      EPKI_CERT_ERROR,     // error obtaining certificate from External PKI provider
      EPKI_SIGN_ERROR,     // error obtaining RSA signature from External PKI provider
@@ -139,6 +142,9 @@ namespace openvpn {
 	"UDP_CONNECT_ERROR",
 	"SSL_ERROR",
 	"SSL_PARTIAL_WRITE",
 	"SSL_CA_MD_TOO_WEAK",
 	"SSL_CA_KEY_TOO_SMALL",
 	"SSL_DH_KEY_TOO_SMALL",
 	"ENCAPSULATION_ERROR",
 	"EPKI_CERT_ERROR",
 	"EPKI_SIGN_ERROR",
--- a/Sources/OpenVPN3/openvpn/http/reply.hpp
+++ b/Sources/OpenVPN3/openvpn/http/reply.hpp
@@ -245,7 +245,12 @@ namespace openvpn {
 		return fail;
 	      }
 	  case status_text_start:
-	    if (!Util::is_char(input) || Util::is_ctl(input) || Util::is_tspecial(input))
+	    if (input == '\r')
 	      {
 		state_ = expecting_newline_1;
 		return pending;
 	      }
 	    else if (!Util::is_char(input) || Util::is_ctl(input) || Util::is_tspecial(input))
 	      {
 		return fail;
 	      }
--- a/Sources/OpenVPN3/openvpn/openssl/util/error.hpp
+++ b/Sources/OpenVPN3/openvpn/openssl/util/error.hpp
@@ -144,6 +144,18 @@ namespace openvpn {
 	    case SSL_R_UNSUPPORTED_PROTOCOL:
 	      set_code(Error::TLS_VERSION_MIN, true);
 	      break;
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
            // These error codes are not available in older OpenSSL versions
 	    case SSL_R_CA_MD_TOO_WEAK:
 	      set_code(Error::SSL_CA_MD_TOO_WEAK, true);
 	      break;
 	    case SSL_R_CA_KEY_TOO_SMALL:
 	      set_code(Error::SSL_CA_KEY_TOO_SMALL, true);
 	      break;
 #endif // OpenSSL >= 1.1.0
 	    case SSL_R_DH_KEY_TOO_SMALL:
 	      set_code(Error::SSL_DH_KEY_TOO_SMALL, true);
 	      break;
 	    }
 	}
      errtxt = tmp.str();
--- a/Sources/OpenVPN3/openvpn/ssl/mssparms.hpp
+++ b/Sources/OpenVPN3/openvpn/ssl/mssparms.hpp
@@ -33,18 +33,41 @@ namespace openvpn {
    {
    }
-    void parse(const OptionList& opt)
+    void parse(const OptionList& opt, bool nothrow=false)
    {
      const Option *o = opt.get_ptr("mssfix");
      if (o)
 	{
-	  const bool status = parse_number_validate<decltype(mssfix)>(o->get(1, 16),
+	  const std::string* val = o->get_ptr(1, 16);
 	  if (val == nullptr)
 	    {
 	      if (nothrow)
 		{
 		  OPENVPN_LOG("Missing mssfix value, mssfix functionality disabled");
 		  return;
 		}
 	      else
 		throw option_error("mssfix must have a value");
 	    }
 	  const bool status = parse_number_validate<decltype(mssfix)>(*val,
 								      16,
 								      576,
 								      65535,
 								      &mssfix);
 	  if (!status)
-	    throw option_error("mssfix: parse/range issue");
+	    {
 	      if (nothrow)
 		{
 		  // no need to warn if mssfix is actually 0
 		  if (*val != "0")
 		    {
 		      OPENVPN_LOG("Invalid mssfix value " << *val << ", mssfix functionality disabled");
 		    }
 		}
 	      else
 		throw option_error("mssfix: parse/range issue");
 	    }
 	  mtu = (o->get_optional(2, 16) == "mtu");
 	}
    }
--- a/Sources/OpenVPN3/openvpn/ssl/proto.hpp
+++ b/Sources/OpenVPN3/openvpn/ssl/proto.hpp
@@ -561,7 +561,7 @@ namespace openvpn {
 	tun_mtu = parse_tun_mtu(opt, tun_mtu);
 	// mssfix
-	mss_parms.parse(opt);
+	mss_parms.parse(opt, true);
 	// load parameters that can be present in both config file or pushed options
 	load_common(opt, pco, server ? LOAD_COMMON_SERVER : LOAD_COMMON_CLIENT);
--- a/Sources/OpenVPN3/openvpn/tun/win/tunutil.hpp
+++ b/Sources/OpenVPN3/openvpn/tun/win/tunutil.hpp
@@ -288,15 +288,16 @@ namespace openvpn {
 		  continue;
 		wchar_t wbuf[256] = L"";
 		DWORD cbwbuf = sizeof(wbuf);
 		status = ::RegQueryValueExW(connection_key(),
 					    L"Name",
 					    nullptr,
 					    &data_type,
 					    (LPBYTE)wbuf,
-					    &len);
+					    &cbwbuf);
 		if (status != ERROR_SUCCESS || data_type != REG_SZ)
 		  continue;
-		wbuf[(sizeof(wbuf) / sizeof(wchar_t)) - 1] = L'\0';
+		wbuf[(cbwbuf / sizeof(wchar_t)) - 1] = L'\0';
 		// iterate through self and try to patch the name
 		{
--- a/Sources/OpenVPNAdapter/Umbrella-Header.h
+++ b/Sources/OpenVPNAdapter/Umbrella-Header.h
@@ -26,7 +26,8 @@ FOUNDATION_EXPORT const unsigned char OpenVPNAdapterVersionString[];
 #import <OpenVPNAdapter/OpenVPNConfiguration.h>
 #import <OpenVPNAdapter/OpenVPNCredentials.h>
 #import <OpenVPNAdapter/OpenVPNServerEntry.h>
-#import <OpenVPNAdapter/OpenVPNProperties.h>
+#import <OpenVPNAdapter/OpenVPNDhcpOptionEntry.h> // Added by Dener Araújo - 2020-09-06
 #import <OpenVPNAdapter/OpenVPNConfigurationEvaluation.h>
 #import <OpenVPNAdapter/OpenVPNConnectionInfo.h>
 #import <OpenVPNAdapter/OpenVPNSessionToken.h>
 #import <OpenVPNAdapter/OpenVPNTransportStats.h>
--- a/Sources/OpenVPNAdapter/include/OpenVPNConfigurationEvaluation.h
+++ b/Sources/OpenVPNAdapter/include/OpenVPNConfigurationEvaluation.h
@@ -0,0 +1 @@
 ../library/OpenVPNConfigurationEvaluation.h
--- a/Sources/OpenVPNAdapter/include/OpenVPNDhcpOptionEntry.h
+++ b/Sources/OpenVPNAdapter/include/OpenVPNDhcpOptionEntry.h
@@ -0,0 +1 @@
 ../library/OpenVPNDhcpOptionEntry.h
--- a/Sources/OpenVPNAdapter/include/OpenVPNProperties.h
+++ b/Sources/OpenVPNAdapter/include/OpenVPNProperties.h
@@ -1 +0,0 @@
 ../library/OpenVPNProperties.h
--- a/Sources/OpenVPNAdapter/library/NSError+OpenVPNError.m
+++ b/Sources/OpenVPNAdapter/library/NSError+OpenVPNError.m
@@ -67,6 +67,9 @@
        @"UDP_CONNECT_ERROR": @(OpenVPNAdapterErrorUDPConnectError),
        @"SSL_ERROR": @(OpenVPNAdapterErrorSSLError),
        @"SSL_PARTIAL_WRITE": @(OpenVPNAdapterErrorSSLPartialWrite),
        @"SSL_CA_MD_TOO_WEAK": @(OpenVPNAdapterErrorSSLCaMdTooWeak),
        @"SSL_CA_KEY_TOO_SMALL": @(OpenVPNAdapterErrorSSLCaKeyTooSmall),
        @"SSL_DH_KEY_TOO_SMALL": @(OpenVPNAdapterErrorSSLDhKeyTooSmall),
        @"ENCAPSULATION_ERROR": @(OpenVPNAdapterErrorEncapsulationError),
        @"EPKI_CERT_ERROR": @(OpenVPNAdapterErrorEPKICertError),
        @"EPKI_SIGN_ERROR": @(OpenVPNAdapterErrorEPKISignError),
@@ -146,6 +149,9 @@
        case OpenVPNAdapterErrorUDPConnectError: return @"Client error on UDP connect.";
        case OpenVPNAdapterErrorSSLError: return @"Errors resulting from read/write on SSL object.";
        case OpenVPNAdapterErrorSSLPartialWrite: return @"SSL object did not process all written cleartext.";
        case OpenVPNAdapterErrorSSLCaMdTooWeak: return @"CA message digest is too weak";
        case OpenVPNAdapterErrorSSLCaKeyTooSmall: return @"CA key is too small";
        case OpenVPNAdapterErrorSSLDhKeyTooSmall: return @"DH key is too small";
        case OpenVPNAdapterErrorEncapsulationError: return @"Exceptions thrown during packet encapsulation.";
        case OpenVPNAdapterErrorEPKICertError: return @"Error obtaining certificate from External PKI provider.";
        case OpenVPNAdapterErrorEPKISignError: return @"Error obtaining RSA signature from External PKI provider.";
--- a/Sources/OpenVPNAdapter/library/OpenVPNAdapter.h
+++ b/Sources/OpenVPNAdapter/library/OpenVPNAdapter.h
@@ -22,7 +22,7 @@ typedef NS_ENUM(NSInteger, OpenVPNAdapterEvent);
@class OpenVPNConnectionInfo;
@class OpenVPNCredentials;
@class OpenVPNInterfaceStats;
-@class OpenVPNProperties;
+@class OpenVPNConfigurationEvaluation;
@class OpenVPNTransportStats;
@class OpenVPNSessionToken;
@@ -126,15 +126,26 @@ NS_SWIFT_NAME(openVPNAdapter(_:handleEvent:message:));
 */
@property (nonatomic, readonly) OpenVPNTransportStats *transportStatistics;
 /**
 Evaluate the given configuration object and determine needed credentials.
 @param configuration The configuration object.
 @param error If there is an error applying the configuration, upon return contains an error object that describes the problem.
 @return An object describing the configuration which has been evaluated.
 */
 + (nullable OpenVPNConfigurationEvaluation *)evaluateConfiguration:(OpenVPNConfiguration *)configuration
                                                             error:(NSError **)error
 NS_SWIFT_NAME(evaluate(configuration:));
 /**
 Applies the given configuration object.
 Call this method prior to connecting, this method has no effect after calling connect.
 @param configuration The configuration object.
 @param error If there is an error applying the configuration, upon return contains an error object that describes the problem.
- @return A properties object describing the configuration which has been applied.
+ @return An object describing the configuration which has been applied.
 */
- (nullable OpenVPNProperties *)applyConfiguration:(OpenVPNConfiguration *)configuration
+- (nullable OpenVPNConfigurationEvaluation *)applyConfiguration:(OpenVPNConfiguration *)configuration
                                             error:(NSError **)error
 NS_SWIFT_NAME(apply(configuration:));
--- a/Sources/OpenVPNAdapter/library/OpenVPNAdapter.mm
+++ b/Sources/OpenVPNAdapter/library/OpenVPNAdapter.mm
@@ -24,7 +24,7 @@
 #import "OpenVPNConfiguration+Internal.h"
 #import "OpenVPNConnectionInfo+Internal.h"
 #import "OpenVPNInterfaceStats+Internal.h"
-#import "OpenVPNProperties+Internal.h"
+#import "OpenVPNConfigurationEvaluation+Internal.h"
 #import "OpenVPNSessionToken+Internal.h"
 #import "OpenVPNTransportStats+Internal.h"
 #import "NSError+OpenVPNError.h"
@@ -50,22 +50,40 @@
 #pragma mark - OpenVPNClient Lifecycle
- (OpenVPNProperties *)applyConfiguration:(OpenVPNConfiguration *)configuration error:(NSError * __autoreleasing *)error {
+ (nullable OpenVPNConfigurationEvaluation *)evaluateConfiguration:(OpenVPNConfiguration *)configuration error:(NSError **)error {
    ClientAPI::EvalConfig eval = OpenVPNClient::eval_config_static(configuration.config);
    if (eval.error) {
        if (error) {
            NSString *message = [NSString stringWithUTF8String:eval.message.c_str()];
            *error = [NSError ovpn_errorObjectForAdapterError:OpenVPNAdapterErrorConfigurationFailure
                                                  description:@"Failed to evaluate OpenVPN configuration."
                                                      message:message
                                                        fatal:YES];
        }
        return nil;
    }
    return [[OpenVPNConfigurationEvaluation alloc] initWithEvalConfig:eval];
 }
 - (OpenVPNConfigurationEvaluation *)applyConfiguration:(OpenVPNConfiguration *)configuration error:(NSError * __autoreleasing *)error {
    ClientAPI::EvalConfig eval = self.vpnClient->apply_config(configuration.config);
    if (eval.error) {
        if (error) {
            NSString *message = [NSString stringWithUTF8String:eval.message.c_str()];
            *error = [NSError ovpn_errorObjectForAdapterError:OpenVPNAdapterErrorConfigurationFailure
-                                          description:@"Failed to apply OpenVPN configuration."
+                                                  description:@"Failed to apply OpenVPN configuration."
-                                              message:message
+                                                      message:message
-                                                fatal:YES];
+                                                        fatal:YES];
        }
        return nil;
    }
-    return [[OpenVPNProperties alloc] initWithEvalConfig:eval];
+    return [[OpenVPNConfigurationEvaluation alloc] initWithEvalConfig:eval];
 }
 - (BOOL)provideCredentials:(OpenVPNCredentials *)credentials error:(NSError * __autoreleasing *)error {
--- a/Sources/OpenVPNAdapter/library/OpenVPNConfigurationEvaluation+Internal.h
+++ b/Sources/OpenVPNAdapter/library/OpenVPNConfigurationEvaluation+Internal.h
@@ -1,18 +1,18 @@
 //
-//  OpenVPNProperties+Internal.h
+//  OpenVPNConfigurationEvaluation+Internal.h
 //  OpenVPN Adapter
 //
 //  Created by Sergey Abramchuk on 26.04.17.
 //
 //
-#import "OpenVPNProperties.h"
+#import "OpenVPNConfigurationEvaluation.h"
 #include <ovpnapi.hpp>
 using namespace openvpn;
-@interface OpenVPNProperties (Internal)
+@interface OpenVPNConfigurationEvaluation (Internal)
 - (instancetype)initWithEvalConfig:(ClientAPI::EvalConfig)eval;
--- a/Sources/OpenVPNAdapter/library/OpenVPNConfigurationEvaluation.h
+++ b/Sources/OpenVPNAdapter/library/OpenVPNConfigurationEvaluation.h
@@ -1,5 +1,5 @@
 //
-//  OpenVPNProperties.h
+//  OpenVPNConfigurationEvaluation.h
 //  OpenVPN Adapter
 //
 //  Created by Sergey Abramchuk on 26.04.17.
@@ -10,8 +10,9 @@
 typedef NS_ENUM(NSInteger, OpenVPNTransportProtocol);
@class OpenVPNServerEntry;
@class OpenVPNDhcpOptionEntry; //Added by Dener Araújo - 2020-09-06
-@interface OpenVPNProperties : NSObject
+@interface OpenVPNConfigurationEvaluation : NSObject
 /**
 This username must be used with profile
@@ -33,6 +34,11 @@ typedef NS_ENUM(NSInteger, OpenVPNTransportProtocol);
 */
@property (readonly, nonatomic) BOOL autologin;
 /**
 If YES this is an External PKI profile (no cert or key directives)
 */
@property (readonly, nonatomic) BOOL externalPki;
 /**
 Static challenge, may be empty, ignored if autologin
 */
@@ -73,6 +79,12 @@ typedef NS_ENUM(NSInteger, OpenVPNTransportProtocol);
 */
@property (nullable, readonly, nonatomic) NSArray<OpenVPNServerEntry *> *servers;
 /**
 Added by Dener Araújo - 2020-09-06
 Optional list of "dhcp-option"
 */
@property (nullable, readonly, nonatomic) NSArray<OpenVPNDhcpOptionEntry *> *dhcpOptions;
 - (nonnull instancetype) init NS_UNAVAILABLE;
@end
--- a/Sources/OpenVPNAdapter/library/OpenVPNConfigurationEvaluation.mm
+++ b/Sources/OpenVPNAdapter/library/OpenVPNConfigurationEvaluation.mm
@@ -1,22 +1,23 @@
 //
-//  OpenVPNProperties.m
+//  OpenVPNConfigurationEvaluation.m
 //  OpenVPN Adapter
 //
 //  Created by Sergey Abramchuk on 26.04.17.
 //
 //
-#import "OpenVPNProperties.h"
+#import "OpenVPNConfigurationEvaluation.h"
-#import "OpenVPNProperties+Internal.h"
+#import "OpenVPNConfigurationEvaluation+Internal.h"
 #include <openvpn/common/number.hpp>
 #import "OpenVPNConfiguration+Internal.h"
 #import "OpenVPNServerEntry+Internal.h"
 #import "OpenVPNDhcpOptionEntry+Internal.h" //Added by Dener Araújo - 2020-09-06
 using namespace openvpn;
-@implementation OpenVPNProperties
+@implementation OpenVPNConfigurationEvaluation
 - (instancetype)initWithEvalConfig:(ClientAPI::EvalConfig)eval {
    if (self = [super init]) {
@@ -26,6 +27,7 @@ using namespace openvpn;
        _friendlyName = !eval.friendlyName.empty() ? [NSString stringWithUTF8String:eval.friendlyName.c_str()] : nil;
        _autologin = eval.autologin;
        _externalPki = eval.externalPki;
        _staticChallenge = !eval.staticChallenge.empty() ? [NSString stringWithUTF8String:eval.staticChallenge.c_str()] : nil;
        _staticChallengeEcho = eval.staticChallengeEcho;
@@ -55,6 +57,20 @@ using namespace openvpn;
            _servers = servers;
        }
        //Added by Dener Araújo - 2020-09-06
        _dhcpOptions = nil;
        if (!eval.dhcpOptionList.empty()) {
            NSMutableArray *dhcpOptions = [NSMutableArray new];
            for (ClientAPI::DhcpOptionEntry entry : eval.dhcpOptionList) {
                OpenVPNDhcpOptionEntry *dhcpOptionEntry = [[OpenVPNDhcpOptionEntry alloc] initWithDhcpOptionEntry:entry];
                [dhcpOptions addObject:dhcpOptionEntry];
            }
            _dhcpOptions = dhcpOptions;
        }
    }
    return self;
 }
--- a/Sources/OpenVPNAdapter/library/OpenVPNDhcpOptionEntry+Internal.h
+++ b/Sources/OpenVPNAdapter/library/OpenVPNDhcpOptionEntry+Internal.h
@@ -0,0 +1,18 @@
 //
 //  OpenVPNDhcpOptionEntry+Internal.h
 //  Pods
 //
 //  Created by Dener Araújo on 06/09/20.
 //
 #import "OpenVPNDhcpOptionEntry.h"
 #include <ovpnapi.hpp>
 using namespace openvpn;
@interface OpenVPNDhcpOptionEntry (Internal)
 - (instancetype)initWithDhcpOptionEntry:(ClientAPI::DhcpOptionEntry)entry;
@end
--- a/Sources/OpenVPNAdapter/library/OpenVPNDhcpOptionEntry.h
+++ b/Sources/OpenVPNAdapter/library/OpenVPNDhcpOptionEntry.h
@@ -0,0 +1,17 @@
 //
 //  OpenVPNDhcpOptionEntry.h
 //  Pods
 //
 //  Created by Dener Araújo on 06/09/20.
 //
 #import <Foundation/Foundation.h>
@interface OpenVPNDhcpOptionEntry : NSObject
@property (nullable, readonly, nonatomic) NSString *type;
@property (nullable, readonly, nonatomic) NSString *address;
 - (nonnull instancetype) init NS_UNAVAILABLE;
@end
--- a/Sources/OpenVPNAdapter/library/OpenVPNDhcpOptionEntry.mm
+++ b/Sources/OpenVPNAdapter/library/OpenVPNDhcpOptionEntry.mm
@@ -0,0 +1,21 @@
 //
 //  OpenVPNDhcpOptionEntry.mm
 //  OpenVPNAdapter
 //
 //  Created by Dener Araújo on 06/09/20.
 //
 #import "OpenVPNDhcpOptionEntry.h"
 #import "OpenVPNDhcpOptionEntry+Internal.h"
@implementation OpenVPNDhcpOptionEntry
 - (instancetype)initWithDhcpOptionEntry:(ClientAPI::DhcpOptionEntry)entry {
    if (self = [super init]) {
        _type = !entry.type.empty() ? [NSString stringWithUTF8String:entry.type.c_str()] : nil;
        _address = !entry.address.empty() ? [NSString stringWithUTF8String:entry.address.c_str()] : nil;
    }
    return self;
 }
@end
--- a/Sources/OpenVPNAdapter/library/OpenVPNError.h
+++ b/Sources/OpenVPNAdapter/library/OpenVPNError.h
@@ -55,6 +55,9 @@ typedef NS_ERROR_ENUM(OpenVPNAdapterErrorDomain, OpenVPNAdapterError) {
    OpenVPNAdapterErrorUDPConnectError,
    OpenVPNAdapterErrorSSLError,
    OpenVPNAdapterErrorSSLPartialWrite,
    OpenVPNAdapterErrorSSLCaMdTooWeak,
    OpenVPNAdapterErrorSSLCaKeyTooSmall,
    OpenVPNAdapterErrorSSLDhKeyTooSmall,
    OpenVPNAdapterErrorEncapsulationError,
    OpenVPNAdapterErrorEPKICertError,
    OpenVPNAdapterErrorEPKISignError,
--- a/Sources/OpenVPNClient/include/ovpnapi.hpp
+++ b/Sources/OpenVPNClient/include/ovpnapi.hpp
@@ -22,6 +22,6 @@
 #ifndef OVPNAPI_H
 #define OVPNAPI_H
-#include "ovpncli.hpp"
+#include <ovpncli.hpp>
 #endif
--- a/Sources/mbedTLS/ChangeLog
+++ b/Sources/mbedTLS/ChangeLog
@@ -1,5 +1,43 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 2.7.13 branch released 2020-01-15
 Security
   * Fix side channel vulnerability in ECDSA. Our bignum implementation is not
     constant time/constant trace, so side channel attacks can retrieve the
     blinded value, factor it (as it is smaller than RSA keys and not guaranteed
     to have only large prime factors), and then, by brute force, recover the
     key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
   * Zeroize local variables in mbedtls_internal_aes_encrypt() and
     mbedtls_internal_aes_decrypt() before exiting the function. The value of
     these variables can be used to recover the last round key. To follow best
     practice and to limit the impact of buffer overread vulnerabilities (like
     Heartbleed) we need to zeroize them before exiting the function.
     Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai,
     Grant Hernandez, and Kevin Butler (University of Florida) and
     Dave Tian (Purdue University).
   * Fix side channel vulnerability in ECDSA key generation. Obtaining precise
     timings on the comparison in the key generation enabled the attacker to
     learn leading bits of the ephemeral key used during ECDSA signatures and to
     recover the private key.
   * Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught
     failures could happen with alternative implementations of AES. Bug
     reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
     Sectra.
 Bugfix
   * Support mbedtls_hmac_drbg_set_entropy_len() and
     mbedtls_ctr_drbg_set_entropy_len() before the DRBG is seeded. Before,
     the initial seeding always reset the entropy length to the compile-time
     default.
 Changes
   * Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
     from the cipher abstraction layer. Fixes #2198.
   * Clarify how the interface of the CTR_DRBG and HMAC modules relates to
     NIST SP 800-90A. In particular CTR_DRBG requires an explicit nonce
     to achieve a 256-bit strength if MBEDTLS_ENTROPY_FORCE_SHA256 is set.
 = mbed TLS 2.7.12 branch released 2019-09-06
 Security
--- a/Sources/mbedTLS/include/mbedtls/bignum.h
+++ b/Sources/mbedTLS/include/mbedtls/bignum.h
@@ -179,7 +179,7 @@ extern "C" {
 */
 typedef struct
 {
-    int s;              /*!<  integer sign      */
+    int s;              /*!<  Sign: -1 if the mpi is negative, 1 otherwise */
    size_t n;           /*!<  total # of limbs  */
    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
 }
@@ -484,6 +484,24 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 */
 int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 /**
 * \brief          Check if an MPI is less than the other in constant time.
 *
 * \param X        The left-hand MPI. This must point to an initialized MPI
 *                 with the same allocated length as Y.
 * \param Y        The right-hand MPI. This must point to an initialized MPI
 *                 with the same allocated length as X.
 * \param ret      The result of the comparison:
 *                 \c 1 if \p X is less than \p Y.
 *                 \c 0 if \p X is greater than or equal to \p Y.
 *
 * \return         0 on success.
 * \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
 *                 the two input MPIs is not the same.
 */
 int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
        unsigned *ret );
 /**
 * \brief          Compare signed values
 *
--- a/Sources/mbedTLS/include/mbedtls/check_config.h
+++ b/Sources/mbedTLS/include/mbedtls/check_config.h
@@ -260,6 +260,14 @@
 #error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
 #endif
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
 #endif
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
 #error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
 #endif
--- a/Sources/mbedTLS/include/mbedtls/config.h
+++ b/Sources/mbedTLS/include/mbedtls/config.h
@@ -1884,6 +1884,10 @@
 *
 * Enable the CTR_DRBG AES-256-based random generator.
 *
 * \note This module only achieves a 256-bit security strength if
 *       the generator is seeded with sufficient entropy.
 *       See ctr_drbg.h for more details.
 *
 * Module:  library/ctr_drbg.c
 * Caller:
 *
--- a/Sources/mbedTLS/include/mbedtls/ctr_drbg.h
+++ b/Sources/mbedTLS/include/mbedtls/ctr_drbg.h
@@ -1,13 +1,38 @@
 /**
 * \file ctr_drbg.h
 *
- * \brief    CTR_DRBG is based on AES-256, as defined in <em>NIST SP 800-90A:
+ * \brief    The CTR_DRBG pseudorandom generator.
 *           Recommendation for Random Number Generation Using Deterministic
 *           Random Bit Generators</em>.
 *
 * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
 * in counter mode operation, as defined in <em>NIST SP 800-90A:
 * Recommendation for Random Number Generation Using Deterministic Random
 * Bit Generators</em>.
 *
 * The Mbed TLS implementation of CTR_DRBG uses AES-256
 * as the underlying block cipher, with a derivation function.
 * The initial seeding grabs #MBEDTLS_CTR_DRBG_ENTROPY_LEN bytes of entropy.
 * See the documentation of mbedtls_ctr_drbg_seed() for more details.
 *
 * Based on NIST SP 800-90A §10.2.1 table 3 and NIST SP 800-57 part 1 table 2,
 * here are the security strengths achieved in typical configuration:
 * - 256 bits under the default configuration of the library,
 *   with #MBEDTLS_CTR_DRBG_ENTROPY_LEN set to 48 or more.
 * - 256 bits if #MBEDTLS_CTR_DRBG_ENTROPY_LEN is set
 *   to 32 or more and the DRBG is initialized with an explicit
 *   nonce in the \c custom parameter to mbedtls_ctr_drbg_seed().
 * - 128 bits if #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
 *   between 24 and 47 and the DRBG is not initialized with an explicit
 *   nonce (see mbedtls_ctr_drbg_seed()).
 *
 * Note that the value of #MBEDTLS_CTR_DRBG_ENTROPY_LEN defaults to:
 * - \c 48 if the module \c MBEDTLS_SHA512_C is enabled and the symbol
 *   \c MBEDTLS_ENTROPY_FORCE_SHA256 is not enabled at compile time.
 *   This is the default configuration of the library.
 * - \c 32 if the module \c MBEDTLS_SHA512_C is disabled at compile time.
 * - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time.
 */
 /*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ *  Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -59,21 +84,29 @@
 * \{
 */
 /** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN
 *
 * \brief The amount of entropy used per seed by default, in bytes.
 */
 #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
 #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
 /** This is 48 bytes because the entropy module uses SHA-512
 * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is not set).
 */
 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48
-/**< The amount of entropy used per seed by default:
+
- * <ul><li>48 with SHA-512.</li>
+#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
- * <li>32 with SHA-256.</li></ul>
+
 /** This is 32 bytes because the entropy module uses SHA-256
 * (the SHA512 module is disabled or
 * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
 *
 * \warning To achieve a 256-bit security strength, you must pass a nonce
 *           to mbedtls_ctr_drbg_seed().
 */
 #else
 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32
-/**< Amount of entropy used per seed by default:
+#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
- * <ul><li>48 with SHA-512.</li>
+#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
 * <li>32 with SHA-256.</li></ul>
 */
 #endif
 #endif
 #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
 #define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000
@@ -92,7 +125,7 @@
 #if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
 #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384
-/**< The maximum size of seed or reseed buffer. */
+/**< The maximum size of seed or reseed buffer in bytes. */
 #endif
 /* \} name SECTION: Module settings */
@@ -150,17 +183,67 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 * \brief               This function seeds and sets up the CTR_DRBG
 *                      entropy source for future reseeds.
 *
- * \note Personalization data can be provided in addition to the more generic
+ * A typical choice for the \p f_entropy and \p p_entropy parameters is
- *       entropy source, to make this instantiation as unique as possible.
+ * to use the entropy module:
 * - \p f_entropy is mbedtls_entropy_func();
 * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
 *   with mbedtls_entropy_init() (which registers the platform's default
 *   entropy sources).
 *
 * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
 * You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
 *
 * You can provide a personalization string in addition to the
 * entropy source, to make this instantiation as unique as possible.
 *
 * \note                The _seed_material_ value passed to the derivation
 *                      function in the CTR_DRBG Instantiate Process
 *                      described in NIST SP 800-90A §10.2.1.3.2
 *                      is the concatenation of the string obtained from
 *                      calling \p f_entropy and the \p custom string.
 *                      The origin of the nonce depends on the value of
 *                      the entropy length relative to the security strength.
 *                      - If the entropy length is at least 1.5 times the
 *                        security strength then the nonce is taken from the
 *                        string obtained with \p f_entropy.
 *                      - If the entropy length is less than the security
 *                        strength, then the nonce is taken from \p custom.
 *                        In this case, for compliance with SP 800-90A,
 *                        you must pass a unique value of \p custom at
 *                        each invocation. See SP 800-90A §8.6.7 for more
 *                        details.
 */
 #if MBEDTLS_CTR_DRBG_ENTROPY_LEN < MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
 /** \warning            When #MBEDTLS_CTR_DRBG_ENTROPY_LEN is less than
 *                      48, to achieve a 256-bit security strength,
 *                      you must pass a value of \p custom that is a nonce:
 *                      this value must never be repeated in subsequent
 *                      runs of the same application or on a different
 *                      device.
 */
 #endif
 /**
 * \param ctx           The CTR_DRBG context to seed.
 *                      It must have been initialized with
 *                      mbedtls_ctr_drbg_init().
 *                      After a successful call to mbedtls_ctr_drbg_seed(),
 *                      you may not call mbedtls_ctr_drbg_seed() again on
 *                      the same context unless you call
 *                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
 *                      again first.
 * \param f_entropy     The entropy callback, taking as arguments the
 *                      \p p_entropy context, the buffer to fill, and the
-                        length of the buffer.
+ *                      length of the buffer.
- * \param p_entropy     The entropy context.
+ *                      \p f_entropy is always called with a buffer size
- * \param custom        Personalization data, that is device-specific
+ *                      equal to the entropy length.
-                        identifiers. Can be NULL.
+ * \param p_entropy     The entropy context to pass to \p f_entropy.
- * \param len           The length of the personalization data.
+ * \param custom        The personalization string.
 *                      This can be \c NULL, in which case the personalization
 *                      string is empty regardless of the value of \p len.
 * \param len           The length of the personalization string.
 *                      This must be at most
 *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
 *                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
 *
 * \return              \c 0 on success, or
 *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
@@ -183,7 +266,8 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
 *                      The default value is off.
 *
 * \note                If enabled, entropy is gathered at the beginning of
- *                      every call to mbedtls_ctr_drbg_random_with_add().
+ *                      every call to mbedtls_ctr_drbg_random_with_add()
 *                      or mbedtls_ctr_drbg_random().
 *                      Only use this if your entropy source has sufficient
 *                      throughput.
 *
@@ -195,18 +279,29 @@ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
 /**
 * \brief               This function sets the amount of entropy grabbed on each
- *                      seed or reseed. The default value is
+ *                      seed or reseed.
- *                      #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+ *
 * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
 *
 * \note                The security strength of CTR_DRBG is bounded by the
 *                      entropy length. Thus \p len must be at least
 *                      32 (in bytes) to achieve a 256-bit strength.
 *
 * \param ctx           The CTR_DRBG context.
- * \param len           The amount of entropy to grab.
+ * \param len           The amount of entropy to grab, in bytes.
 *                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
 */
 void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
                               size_t len );
 /**
 * \brief               This function sets the reseed interval.
- *                      The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
+ *
 * The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
 * or mbedtls_ctr_drbg_random_with_add() after which the entropy function
 * is called again.
 *
 * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
 *
 * \param ctx           The CTR_DRBG context.
 * \param interval      The reseed interval.
@@ -219,8 +314,12 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
 *                      extracts data from the entropy source.
 *
 * \param ctx           The CTR_DRBG context.
- * \param additional    Additional data to add to the state. Can be NULL.
+ * \param additional    Additional data to add to the state. Can be \c NULL.
 * \param len           The length of the additional data.
 *                      This must be less than
 *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
 *                      where \c entropy_len is the entropy length
 *                      configured for the context.
 *
 * \return   \c 0 on success, or
 *           #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
@@ -232,7 +331,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
 * \brief               This function updates the state of the CTR_DRBG context.
 *
 * \param ctx           The CTR_DRBG context.
- * \param additional    The data to update the state with.
+ * \param additional    The data to update the state with. This must not be
 *                      \c NULL unless \p add_len is \c 0.
 * \param add_len       Length of \p additional in bytes. This must be at
 *                      most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
 *
@@ -258,8 +358,10 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
 *                      The remaining Bytes are silently discarded.
 *
 * \param ctx           The CTR_DRBG context.
- * \param additional    The data to update the state with.
+ * \param additional    The data to update the state with. This must not be
- * \param add_len       Length of \p additional data.
+ *                      \c NULL unless \p add_len is \c 0.
 * \param add_len       Length of \p additional data. This must be at
 *                      most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
 */
 void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
                              const unsigned char *additional,
@@ -269,17 +371,26 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
 * \brief   This function updates a CTR_DRBG instance with additional
 *          data and uses it to generate random data.
 *
- * \note    The function automatically reseeds if the reseed counter is exceeded.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
- * \param output_len    The length of the buffer.
+ * \param output_len    The length of the buffer in bytes.
- * \param additional    Additional data to update. Can be NULL.
+ * \param additional    Additional data to update. Can be \c NULL, in which
- * \param add_len       The length of the additional data.
+ *                      case the additional data is empty regardless of
 *                      the value of \p add_len.
 * \param add_len       The length of the additional data
 *                      if \p additional is not \c NULL.
 *                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
 *                      and less than
 *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
 *                      where \c entropy_len is the entropy length
 *                      configured for the context.
 *
- * \return    \c 0 on success, or
+ * \return    \c 0 on success.
- *            #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
 *            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
 */
 int mbedtls_ctr_drbg_random_with_add( void *p_rng,
@@ -289,15 +400,17 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 /**
 * \brief   This function uses CTR_DRBG to generate random data.
 *
- * \note    The function automatically reseeds if the reseed counter is exceeded.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
- * \param output_len    The length of the buffer.
+ * \param output_len    The length of the buffer in bytes.
 *
- * \return              \c 0 on success, or
+ * \return              \c 0 on success.
- *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
 *                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
 */
 int mbedtls_ctr_drbg_random( void *p_rng,
@@ -310,9 +423,9 @@ int mbedtls_ctr_drbg_random( void *p_rng,
 * \param ctx           The CTR_DRBG context.
 * \param path          The name of the file.
 *
- * \return              \c 0 on success,
+ * \return              \c 0 on success.
- *                      #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
+ * \return              #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
+ * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
 *                      failure.
 */
 int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
@@ -324,10 +437,12 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
 * \param ctx           The CTR_DRBG context.
 * \param path          The name of the file.
 *
- * \return              \c 0 on success,
+ * \return              \c 0 on success.
- *                      #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
+ * \return              #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- *                      #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
- *                      #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
+ *                      reseed failure.
 * \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
 *                      seed file is too large.
 */
 int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
 #endif /* MBEDTLS_FS_IO */
--- a/Sources/mbedTLS/include/mbedtls/hmac_drbg.h
+++ b/Sources/mbedTLS/include/mbedtls/hmac_drbg.h
@@ -1,10 +1,14 @@
 /**
 * \file hmac_drbg.h
 *
- * \brief HMAC_DRBG (NIST SP 800-90A)
+ * \brief The HMAC_DRBG pseudorandom generator.
 *
 * This module implements the HMAC_DRBG pseudorandom generator described
 * in <em>NIST SP 800-90A: Recommendation for Random Number Generation Using
 * Deterministic Random Bit Generators</em>.
 */
 /*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -104,38 +108,72 @@ typedef struct
 } mbedtls_hmac_drbg_context;
 /**
- * \brief               HMAC_DRBG context initialization
+ * \brief               HMAC_DRBG context initialization.
 *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
 *                      mbedtls_hmac_drbg_seed_buf() or
 *                      mbedtls_hmac_drbg_free().
 *
- * \param ctx           HMAC_DRBG context to be initialized
+ * This function makes the context ready for mbedtls_hmac_drbg_seed(),
 * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
 *
 * \param ctx           HMAC_DRBG context to be initialized.
 */
 void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
 /**
- * \brief               HMAC_DRBG initial seeding
+ * \brief               HMAC_DRBG initial seeding.
 *                      Seed and setup entropy source for future reseeds.
 *
- * \param ctx           HMAC_DRBG context to be seeded
+ * Set the initial seed and set up the entropy source for future reseeds.
 * \param md_info       MD algorithm to use for HMAC_DRBG
 * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
 *                      length)
 * \param p_entropy     Entropy context
 * \param custom        Personalization data (Device specific identifiers)
 *                      (Can be NULL)
 * \param len           Length of personalization data
 *
- * \note                The "security strength" as defined by NIST is set to:
+ * A typical choice for the \p f_entropy and \p p_entropy parameters is
- *                      128 bits if md_alg is SHA-1,
+ * to use the entropy module:
- *                      192 bits if md_alg is SHA-224,
+ * - \p f_entropy is mbedtls_entropy_func();
- *                      256 bits if md_alg is SHA-256 or higher.
+ * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
 *   with mbedtls_entropy_init() (which registers the platform's default
 *   entropy sources).
 *
 * You can provide a personalization string in addition to the
 * entropy source, to make this instantiation as unique as possible.
 *
 * \note                By default, the security strength as defined by NIST is:
 *                      - 128 bits if \p md_info is SHA-1;
 *                      - 192 bits if \p md_info is SHA-224;
 *                      - 256 bits if \p md_info is SHA-256, SHA-384 or SHA-512.
 *                      Note that SHA-256 is just as efficient as SHA-224.
 *                      The security strength can be reduced if a smaller
 *                      entropy length is set with
 *                      mbedtls_hmac_drbg_set_entropy_len().
 *
- * \return              0 if successful, or
+ * \note                The default entropy length is the security strength
- *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      (converted from bits to bytes). You can override
- *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
+ *                      it by calling mbedtls_hmac_drbg_set_entropy_len().
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
+ *
 * \note                During the initial seeding, this function calls
 *                      the entropy source to obtain a nonce
 *                      whose length is half the entropy length.
 *
 * \param ctx           HMAC_DRBG context to be seeded.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param f_entropy     The entropy callback, taking as arguments the
 *                      \p p_entropy context, the buffer to fill, and the
 *                      length of the buffer.
 *                      \p f_entropy is always called with a length that is
 *                      less than or equal to the entropy length.
 * \param p_entropy     The entropy context to pass to \p f_entropy.
 * \param custom        The personalization string.
 *                      This can be \c NULL, in which case the personalization
 *                      string is empty regardless of the value of \p len.
 * \param len           The length of the personalization string.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
 *                      and also at most
 *                      #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2
 *                      where \p entropy_len is the entropy length
 *                      described above.
 *
 * \return              \c 0 if successful.
 * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
 *                      invalid.
 * \return              #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
 *                      memory to allocate context data.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
 *                      if the call to \p f_entropy failed.
 */
 int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                    const mbedtls_md_info_t * md_info,
@@ -146,66 +184,80 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
 /**
 * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
 *                      (For use with deterministic ECDSA.)
 *
- * \param ctx           HMAC_DRBG context to be initialised
+ * This function is meant for use in algorithms that need a pseudorandom
- * \param md_info       MD algorithm to use for HMAC_DRBG
+ * input such as deterministic ECDSA.
 * \param data          Concatenation of entropy string and additional data
 * \param data_len      Length of data in bytes
 *
- * \return              0 if successful, or
+ * \param ctx           HMAC_DRBG context to be initialised.
- *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ * \param md_info       MD algorithm to use for HMAC_DRBG.
- *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
+ * \param data          Concatenation of the initial entropy string and
 *                      the additional data.
 * \param data_len      Length of \p data in bytes.
 *
 * \return              \c 0 if successful. or
 * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
 *                      invalid.
 * \return              #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
 *                      memory to allocate context data.
 */
 int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
                        const mbedtls_md_info_t * md_info,
                        const unsigned char *data, size_t data_len );
 /**
- * \brief               Enable / disable prediction resistance (Default: Off)
+ * \brief               This function turns prediction resistance on or off.
 *                      The default value is off.
 *
- * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ * \note                If enabled, entropy is gathered at the beginning of
- *       Only use this if you have ample supply of good entropy!
+ *                      every call to mbedtls_hmac_drbg_random_with_add()
 *                      or mbedtls_hmac_drbg_random().
 *                      Only use this if your entropy source has sufficient
 *                      throughput.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
+ * \param resistance    #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
 */
 void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
                                          int resistance );
 /**
- * \brief               Set the amount of entropy grabbed on each reseed
+ * \brief               This function sets the amount of entropy grabbed on each
- *                      (Default: given by the security strength, which
+ *                      seed or reseed.
 *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
 *
- * \param ctx           HMAC_DRBG context
+ * See the documentation of mbedtls_hmac_drbg_seed() for the default value.
- * \param len           Amount of entropy to grab, in bytes
+ *
 * \param ctx           The HMAC_DRBG context.
 * \param len           The amount of entropy to grab, in bytes.
 */
 void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
                                size_t len );
 /**
- * \brief               Set the reseed interval
+ * \brief               Set the reseed interval.
 *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
 *
- * \param ctx           HMAC_DRBG context
+ * The reseed interval is the number of calls to mbedtls_hmac_drbg_random()
- * \param interval      Reseed interval
+ * or mbedtls_hmac_drbg_random_with_add() after which the entropy function
 * is called again.
 *
 * The default value is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL.
 *
 * \param ctx           The HMAC_DRBG context.
 * \param interval      The reseed interval.
 */
 void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
                                    int interval );
 /**
- * \brief               HMAC_DRBG update state
+ * \brief               This function updates the state of the HMAC_DRBG context.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param additional    Additional data to update state with, or NULL
+ * \param additional    The data to update the state with.
- * \param add_len       Length of additional data, or 0
+ *                      If this is \c NULL, there is no additional data.
 * \param add_len       Length of \p additional in bytes.
 *                      Unused if \p additional is \c NULL.
 *
 * \return              \c 0 on success, or an error from the underlying
 *                      hash calculation.
 *
 * \note                Additional data is optional, pass NULL and 0 as second
 *                      third argument if no additional data is being used.
 */
 int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
                       const unsigned char *additional, size_t add_len );
@@ -228,33 +280,52 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
                               size_t add_len );
 /**
- * \brief               HMAC_DRBG reseeding (extracts data from entropy source)
+ * \brief               This function reseeds the HMAC_DRBG context, that is
 *                      extracts data from the entropy source.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param additional    Additional data to add to state (Can be NULL)
+ * \param additional    Additional data to add to the state.
- * \param len           Length of additional data
+ *                      If this is \c NULL, there is no additional data
 *                      and \p len should be \c 0.
 * \param len           The length of the additional data.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
 *                      and also at most
 *                      #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len
 *                      where \p entropy_len is the entropy length
 *                      (see mbedtls_hmac_drbg_set_entropy_len()).
 *
- * \return              0 if successful, or
+ * \return              \c 0 if successful.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
 *                      if a call to the entropy function failed.
 */
 int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
                      const unsigned char *additional, size_t len );
 /**
- * \brief               HMAC_DRBG generate random with additional update input
+ * \brief   This function updates an HMAC_DRBG instance with additional
 *          data and uses it to generate random data.
 *
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
- * \param p_rng         HMAC_DRBG context
+ * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
- * \param output        Buffer to fill
+ *                      #mbedtls_hmac_drbg_context structure.
- * \param output_len    Length of the buffer
+ * \param output        The buffer to fill.
- * \param additional    Additional data to update with (can be NULL)
+ * \param output_len    The length of the buffer in bytes.
- * \param add_len       Length of additional data (can be 0)
+ *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 * \param additional    Additional data to update with.
 *                      If this is \c NULL, there is no additional data
 *                      and \p add_len should be \c 0.
 * \param add_len       The length of the additional data.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT.
 *
- * \return              0 if successful, or
+ * \return              \c 0 if successful.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
+ *                      if a call to the entropy source failed.
- *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
 *                      \p output_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
 *                      \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
 */
 int mbedtls_hmac_drbg_random_with_add( void *p_rng,
                               unsigned char *output, size_t output_len,
@@ -262,49 +333,59 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
                               size_t add_len );
 /**
- * \brief               HMAC_DRBG generate random
+ * \brief   This function uses HMAC_DRBG to generate random data.
 *
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
- * \param p_rng         HMAC_DRBG context
+ * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
- * \param output        Buffer to fill
+ *                      #mbedtls_hmac_drbg_context structure.
- * \param out_len       Length of the buffer
+ * \param output        The buffer to fill.
 * \param out_len       The length of the buffer in bytes.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 *
- * \return              0 if successful, or
+ * \return              \c 0 if successful.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ *                      if a call to the entropy source failed.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
 *                      \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 */
 int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
 /**
 * \brief               Free an HMAC_DRBG context
 *
- * \param ctx           HMAC_DRBG context to free.
+ * \param ctx           The HMAC_DRBG context to free.
 */
 void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
 #if defined(MBEDTLS_FS_IO)
 /**
- * \brief               Write a seed file
+ * \brief               This function writes a seed file.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param path          Name of the file
+ * \param path          The name of the file.
 *
- * \return              0 if successful, 1 on file error, or
+ * \return              \c 0 on success.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
 *                      failure.
 */
 int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
 /**
- * \brief               Read and update a seed file. Seed is added to this
+ * \brief               This function reads and updates a seed file. The seed
- *                      instance
+ *                      is added to this instance.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param path          Name of the file
+ * \param path          The name of the file.
 *
- * \return              0 if successful, 1 on file error,
+ * \return              \c 0 on success.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
- *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on
 *                      reseed failure.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
 *                      seed file is too large.
 */
 int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
 #endif /* MBEDTLS_FS_IO */
@@ -312,9 +393,10 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
 #if defined(MBEDTLS_SELF_TEST)
 /**
- * \brief               Checkup routine
+ * \brief               The HMAC_DRBG Checkup routine.
 *
- * \return              0 if successful, or 1 if the test failed
+ * \return              \c 0 if successful.
 * \return              \c 1 if the test failed.
 */
 int mbedtls_hmac_drbg_self_test( int verbose );
 #endif
--- a/Sources/mbedTLS/library/aes.c
+++ b/Sources/mbedTLS/library/aes.c
@@ -761,6 +761,18 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
    PUT_UINT32_LE( X2, output,  8 );
    PUT_UINT32_LE( X3, output, 12 );
    mbedtls_zeroize( &X0, sizeof( X0 ) );
    mbedtls_zeroize( &X1, sizeof( X1 ) );
    mbedtls_zeroize( &X2, sizeof( X2 ) );
    mbedtls_zeroize( &X3, sizeof( X3 ) );
    mbedtls_zeroize( &Y0, sizeof( Y0 ) );
    mbedtls_zeroize( &Y1, sizeof( Y1 ) );
    mbedtls_zeroize( &Y2, sizeof( Y2 ) );
    mbedtls_zeroize( &Y3, sizeof( Y3 ) );
    mbedtls_zeroize( &RK, sizeof( RK ) );
    return( 0 );
 }
 #endif /* !MBEDTLS_AES_ENCRYPT_ALT */
@@ -829,6 +841,18 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
    PUT_UINT32_LE( X2, output,  8 );
    PUT_UINT32_LE( X3, output, 12 );
    mbedtls_zeroize( &X0, sizeof( X0 ) );
    mbedtls_zeroize( &X1, sizeof( X1 ) );
    mbedtls_zeroize( &X2, sizeof( X2 ) );
    mbedtls_zeroize( &X3, sizeof( X3 ) );
    mbedtls_zeroize( &Y0, sizeof( Y0 ) );
    mbedtls_zeroize( &Y1, sizeof( Y1 ) );
    mbedtls_zeroize( &Y2, sizeof( Y2 ) );
    mbedtls_zeroize( &Y3, sizeof( Y3 ) );
    mbedtls_zeroize( &RK, sizeof( RK ) );
    return( 0 );
 }
 #endif /* !MBEDTLS_AES_DECRYPT_ALT */
--- a/Sources/mbedTLS/library/bignum.c
+++ b/Sources/mbedTLS/library/bignum.c
@@ -919,6 +919,103 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
    return( 0 );
 }
 /** Decide if an integer is less than the other, without branches.
 *
 * \param x         First integer.
 * \param y         Second integer.
 *
 * \return          1 if \p x is less than \p y, 0 otherwise
 */
 static unsigned ct_lt_mpi_uint( const mbedtls_mpi_uint x,
        const mbedtls_mpi_uint y )
 {
    mbedtls_mpi_uint ret;
    mbedtls_mpi_uint cond;
    /*
     * Check if the most significant bits (MSB) of the operands are different.
     */
    cond = ( x ^ y );
    /*
     * If the MSB are the same then the difference x-y will be negative (and
     * have its MSB set to 1 during conversion to unsigned) if and only if x<y.
     */
    ret = ( x - y ) & ~cond;
    /*
     * If the MSB are different, then the operand with the MSB of 1 is the
     * bigger. (That is if y has MSB of 1, then x<y is true and it is false if
     * the MSB of y is 0.)
     */
    ret |= y & cond;
    ret = ret >> ( biL - 1 );
    return (unsigned) ret;
 }
 /*
 * Compare signed values in constant time
 */
 int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
        unsigned *ret )
 {
    size_t i;
    /* The value of any of these variables is either 0 or 1 at all times. */
    unsigned cond, done, X_is_negative, Y_is_negative;
    if( X->n != Y->n )
        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
    /*
     * Set sign_N to 1 if N >= 0, 0 if N < 0.
     * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
     */
    X_is_negative = ( X->s & 2 ) >> 1;
    Y_is_negative = ( Y->s & 2 ) >> 1;
    /*
     * If the signs are different, then the positive operand is the bigger.
     * That is if X is negative (X_is_negative == 1), then X < Y is true and it
     * is false if X is positive (X_is_negative == 0).
     */
    cond = ( X_is_negative ^ Y_is_negative );
    *ret = cond & X_is_negative;
    /*
     * This is a constant-time function. We might have the result, but we still
     * need to go through the loop. Record if we have the result already.
     */
    done = cond;
    for( i = X->n; i > 0; i-- )
    {
        /*
         * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
         * X and Y are negative.
         *
         * Again even if we can make a decision, we just mark the result and
         * the fact that we are done and continue looping.
         */
        cond = ct_lt_mpi_uint( Y->p[i - 1], X->p[i - 1] );
        *ret |= cond & ( 1 - done ) & X_is_negative;
        done |= cond;
        /*
         * If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both
         * X and Y are positive.
         *
         * Again even if we can make a decision, we just mark the result and
         * the fact that we are done and continue looping.
         */
        cond = ct_lt_mpi_uint( X->p[i - 1], Y->p[i - 1] );
        *ret |= cond & ( 1 - done ) & ( 1 - X_is_negative );
        done |= cond;
    }
    return( 0 );
 }
 /*
 * Compare signed values
 */
--- a/Sources/mbedTLS/library/ctr_drbg.c
+++ b/Sources/mbedTLS/library/ctr_drbg.c
@@ -66,56 +66,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
 #endif
 }
 /*
 * Non-public function wrapped by mbedtls_ctr_drbg_seed(). Necessary to allow
 * NIST tests to succeed (which require known length fixed entropy)
 */
 int mbedtls_ctr_drbg_seed_entropy_len(
                   mbedtls_ctr_drbg_context *ctx,
                   int (*f_entropy)(void *, unsigned char *, size_t),
                   void *p_entropy,
                   const unsigned char *custom,
                   size_t len,
                   size_t entropy_len )
 {
    int ret;
    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
    memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
    mbedtls_aes_init( &ctx->aes_ctx );
    ctx->f_entropy = f_entropy;
    ctx->p_entropy = p_entropy;
    ctx->entropy_len = entropy_len;
    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
    /*
     * Initialize with an empty key
     */
    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
    {
        return( ret );
    }
    if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
    {
        return( ret );
    }
    return( 0 );
 }
 int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                   int (*f_entropy)(void *, unsigned char *, size_t),
                   void *p_entropy,
                   const unsigned char *custom,
                   size_t len )
 {
    return( mbedtls_ctr_drbg_seed_entropy_len( ctx, f_entropy, p_entropy, custom, len,
                                       MBEDTLS_CTR_DRBG_ENTROPY_LEN ) );
 }
 void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
 {
    if( ctx == NULL )
@@ -386,6 +336,52 @@ exit:
    return( ret );
 }
 int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                           int (*f_entropy)(void *, unsigned char *, size_t),
                           void *p_entropy,
                           const unsigned char *custom,
                           size_t len )
 {
    int ret;
    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
    memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
    mbedtls_aes_init( &ctx->aes_ctx );
    ctx->f_entropy = f_entropy;
    ctx->p_entropy = p_entropy;
    if( ctx->entropy_len == 0 )
        ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
    /*
     * Initialize with an empty key
     */
    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
    {
        return( ret );
    }
    if( ( ret = mbedtls_ctr_drbg_reseed( ctx, custom, len ) ) != 0 )
    {
        return( ret );
    }
    return( 0 );
 }
 /* Backward compatibility wrapper */
 int mbedtls_ctr_drbg_seed_entropy_len(
    mbedtls_ctr_drbg_context *ctx,
    int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy,
    const unsigned char *custom, size_t len,
    size_t entropy_len )
 {
    mbedtls_ctr_drbg_set_entropy_len( ctx, entropy_len );
    return( mbedtls_ctr_drbg_seed( ctx, f_entropy, p_entropy, custom, len ) );
 }
 int mbedtls_ctr_drbg_random_with_add( void *p_rng,
                              unsigned char *output, size_t output_len,
                              const unsigned char *additional, size_t add_len )
@@ -457,7 +453,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 exit:
    mbedtls_zeroize( add_input, sizeof( add_input ) );
    mbedtls_zeroize( tmp, sizeof( tmp ) );
-    return( 0 );
+    return( ret );
 }
 int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len )
@@ -617,8 +613,11 @@ int mbedtls_ctr_drbg_self_test( int verbose )
        mbedtls_printf( "  CTR_DRBG (PR = TRUE) : " );
    test_offset = 0;
-    CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
+    mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
-                                (void *) entropy_source_pr, nonce_pers_pr, 16, 32 ) );
+    CHK( mbedtls_ctr_drbg_seed( &ctx,
                                ctr_drbg_self_test_entropy,
                                (void *) entropy_source_pr,
                                nonce_pers_pr, 16 ) );
    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
    CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
    CHK( mbedtls_ctr_drbg_random( &ctx, buf, MBEDTLS_CTR_DRBG_BLOCKSIZE ) );
@@ -638,8 +637,11 @@ int mbedtls_ctr_drbg_self_test( int verbose )
    mbedtls_ctr_drbg_init( &ctx );
    test_offset = 0;
-    CHK( mbedtls_ctr_drbg_seed_entropy_len( &ctx, ctr_drbg_self_test_entropy,
+    mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
-                            (void *) entropy_source_nopr, nonce_pers_nopr, 16, 32 ) );
+    CHK( mbedtls_ctr_drbg_seed( &ctx,
                                ctr_drbg_self_test_entropy,
                                (void *) entropy_source_nopr,
                                nonce_pers_nopr, 16 ) );
    CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
    CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
    CHK( mbedtls_ctr_drbg_random( &ctx, buf, 16 ) );
--- a/Sources/mbedTLS/library/ecdsa.c
+++ b/Sources/mbedTLS/library/ecdsa.c
@@ -153,6 +153,7 @@ static int ecdsa_sign_internal( mbedtls_ecp_group *grp, mbedtls_mpi *r,
        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &k, &k, &t ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &k, &k, &grp->N ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, &k, &grp->N ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
--- a/Sources/mbedTLS/library/ecp.c
+++ b/Sources/mbedTLS/library/ecp.c
@@ -1957,6 +1957,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
    {
        /* SEC1 3.2.1: Generate d such that 1 <= n < N */
        int count = 0;
        unsigned cmp = 0;
        /*
         * Match the procedure given in RFC 6979 (deterministic ECDSA):
@@ -1981,9 +1982,14 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
             */
            if( ++count > 30 )
                return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
            ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp );
            if( ret != 0 )
            {
                goto cleanup;
            }
        }
-        while( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
+        while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp != 1 );
               mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 );
    }
 #endif /* ECP_SHORTWEIERSTRASS */
--- a/Sources/mbedTLS/library/entropy.c
+++ b/Sources/mbedTLS/library/entropy.c
@@ -262,7 +262,7 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
 */
 static int entropy_gather_internal( mbedtls_entropy_context *ctx )
 {
-    int ret, i, have_one_strong = 0;
+    int ret = 0, i, have_one_strong = 0; // Updated by Dener Araújo - 2020-09-06
    unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
    size_t olen;
--- a/Sources/mbedTLS/library/hmac_drbg.c
+++ b/Sources/mbedTLS/library/hmac_drbg.c
@@ -78,7 +78,7 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
    unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
    unsigned char sep[1];
    unsigned char K[MBEDTLS_MD_MAX_SIZE];
-    int ret;
+    int ret = 0; // Updated by Dener Araújo - 2020-09-06
    for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
    {
@@ -275,16 +275,19 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
    ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
-    /*
+    if( ctx->entropy_len == 0 )
-     * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
+    {
-     * each hash function, then according to SP800-90A rev1 10.1 table 2,
+        /*
-     * min_entropy_len (in bits) is security_strength.
+         * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
-     *
+         * each hash function, then according to SP800-90A rev1 10.1 table 2,
-     * (This also matches the sizes used in the NIST test vectors.)
+         * min_entropy_len (in bits) is security_strength.
-     */
+         *
-    ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
+         * (This also matches the sizes used in the NIST test vectors.)
-                       md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
+         */
-                       32;  /* better (256+) -> 256 bits */
+        ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
                           md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
                           32;  /* better (256+) -> 256 bits */
    }
    if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
                                       1 /* add nonce */ ) ) != 0 )
@@ -305,7 +308,7 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx
 }
 /*
- * Set entropy length grabbed for reseeds
+ * Set entropy length grabbed for seeding
 */
 void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
 {
--- a/Sources/mbedTLS/library/x509_crl.c
+++ b/Sources/mbedTLS/library/x509_crl.c
@@ -544,7 +544,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
 {
 #if defined(MBEDTLS_PEM_PARSE_C)
    int ret;
-    size_t use_len;
+    size_t use_len = 0; // Updated by Dener Araújo - 2020-09-06
    mbedtls_pem_context pem;
    int is_pem = 0;
--- a/Sources/mbedTLS/programs/test/benchmark.c
+++ b/Sources/mbedTLS/programs/test/benchmark.c
@@ -560,13 +560,14 @@ int main( int argc, char *argv[] )
        mbedtls_ctr_drbg_context ctr_drbg;
        mbedtls_ctr_drbg_init( &ctr_drbg );
        if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
            mbedtls_exit(1);
        TIME_AND_TSC( "CTR_DRBG (NOPR)",
                if( mbedtls_ctr_drbg_random( &ctr_drbg, buf, BUFSIZE ) != 0 )
                mbedtls_exit(1) );
        mbedtls_ctr_drbg_free( &ctr_drbg );
        mbedtls_ctr_drbg_init( &ctr_drbg );
        if( mbedtls_ctr_drbg_seed( &ctr_drbg, myrand, NULL, NULL, 0 ) != 0 )
            mbedtls_exit(1);
        mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );
--- a/Sources/mbedTLS/programs/test/selftest.c
+++ b/Sources/mbedTLS/programs/test/selftest.c
@@ -61,6 +61,8 @@
 #else
 #include <stdio.h>
 #include <stdlib.h>
 #define mbedtls_calloc     calloc
 #define mbedtls_free       free
 #define mbedtls_printf     printf
 #define mbedtls_snprintf   snprintf
 #define mbedtls_exit       exit
@@ -72,6 +74,87 @@
 #include "mbedtls/memory_buffer_alloc.h"
 #endif
 #if defined MBEDTLS_SELF_TEST
 /* Sanity check for malloc. This is not expected to fail, and is rather
 * intended to display potentially useful information about the platform,
 * in particular the behavior of malloc(0). */
 static int calloc_self_test( int verbose )
 {
    int failures = 0;
    void *empty1 = mbedtls_calloc( 0, 1 );
    void *empty2 = mbedtls_calloc( 0, 1 );
    void *buffer1 = mbedtls_calloc( 1, 1 );
    void *buffer2 = mbedtls_calloc( 1, 1 );
    uintptr_t old_buffer1;
    if( empty1 == NULL && empty2 == NULL )
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(0): passed (NULL)\n" );
    }
    else if( empty1 == NULL || empty2 == NULL )
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(0): failed (mix of NULL and non-NULL)\n" );
        ++failures;
    }
    else if( empty1 == empty2 )
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(0): passed (same non-null)\n" );
    }
    else
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(0): passed (distinct non-null)\n" );
    }
    if( buffer1 == NULL || buffer2 == NULL )
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(1): failed (NULL)\n" );
        ++failures;
    }
    else if( buffer1 == buffer2 )
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(1): failed (same buffer twice)\n" );
        ++failures;
    }
    else
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(1): passed\n" );
    }
    old_buffer1 = (uintptr_t) buffer1;
    mbedtls_free( buffer1 );
    buffer1 = mbedtls_calloc( 1, 1 );
    if( buffer1 == NULL )
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(1 again): failed (NULL)\n" );
        ++failures;
    }
    else
    {
        if( verbose )
            mbedtls_printf( "  CALLOC(1 again): passed (%s address)\n",
                            (uintptr_t) old_buffer1 == (uintptr_t) buffer1 ?
                            "same" : "different" );
    }
    if( verbose )
        mbedtls_printf( "\n" );
    mbedtls_free( empty1 );
    mbedtls_free( empty2 );
    mbedtls_free( buffer1 );
    mbedtls_free( buffer2 );
    return( failures );
 }
 #endif /* MBEDTLS_SELF_TEST */
 static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
 {
    int ret;
@@ -168,6 +251,7 @@ typedef struct
 const selftest_t selftests[] =
 {
    {"calloc", calloc_self_test},
 #if defined(MBEDTLS_MD2_C)
    {"md2", mbedtls_md2_self_test},
 #endif
--- a/Sources/mbedTLS/scripts/config.pl
+++ b/Sources/mbedTLS/scripts/config.pl
@@ -26,6 +26,8 @@
 #   MBEDTLS_ECP_DP_M221_ENABLED
 #   MBEDTLS_ECP_DP_M383_ENABLED
 #   MBEDTLS_ECP_DP_M511_ENABLED
 #   MBEDTLS_MEMORY_BACKTRACE
 #   MBEDTLS_MEMORY_BUFFER_ALLOC_C
 #   MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 #   MBEDTLS_NO_PLATFORM_ENTROPY
 #   MBEDTLS_REMOVE_ARC4_CIPHERSUITES
@@ -37,6 +39,8 @@
 #       - this could be enabled if the respective tests were adapted
 #   MBEDTLS_ZLIB_SUPPORT
 #   MBEDTLS_PKCS11_C
 #   MBEDTLS_NO_UDBL_DIVISION
 #   MBEDTLS_NO_64BIT_MULTIPLICATION
 #   and any symbol beginning _ALT
 #
@@ -86,6 +90,9 @@ MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
 MBEDTLS_ECP_DP_M221_ENABLED
 MBEDTLS_ECP_DP_M383_ENABLED
 MBEDTLS_ECP_DP_M511_ENABLED
 MBEDTLS_MEMORY_DEBUG
 MBEDTLS_MEMORY_BACKTRACE
 MBEDTLS_MEMORY_BUFFER_ALLOC_C
 MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 MBEDTLS_NO_PLATFORM_ENTROPY
 MBEDTLS_RSA_NO_CRT
--- a/Sources/mbedTLS/tests/configs/config-wrapper-malloc-0-null.h
+++ b/Sources/mbedTLS/tests/configs/config-wrapper-malloc-0-null.h
@@ -0,0 +1,39 @@
 /* config.h wrapper that forces calloc(0) to return NULL.
 * Used for testing.
 */
 /*
 *  Copyright (C) 2019, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_CONFIG_H
 /* Don't #define MBEDTLS_CONFIG_H, let config.h do it. */
 #include "mbedtls/config.h"
 #include <stdlib.h>
 static inline void *custom_calloc( size_t nmemb, size_t size )
 {
    if( nmemb == 0 || size == 0 )
        return( NULL );
    return( calloc( nmemb, size ) );
 }
 #define MBEDTLS_PLATFORM_MEMORY
 #define MBEDTLS_PLATFORM_STD_CALLOC custom_calloc
 #endif /* MBEDTLS_CONFIG_H */
--- a/Sources/mbedTLS/tests/scripts/all.sh
+++ b/Sources/mbedTLS/tests/scripts/all.sh
@@ -137,6 +137,9 @@ pre_initialize_variables () {
        export MAKEFLAGS="-j"
    fi
    # CFLAGS and LDFLAGS for Asan builds that don't use CMake
    ASAN_CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all'
    # Gather the list of available components. These are the functions
    # defined in this script whose name starts with "component_".
    # Parse the script with sed, because in sh there is no way to list
@@ -644,6 +647,22 @@ component_test_default_cmake_gcc_asan () {
    if_build_succeeded tests/compat.sh
 }
 component_test_full_cmake_gcc_asan () {
    msg "build: full config, cmake, gcc, ASan"
    scripts/config.pl full
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
    make
    msg "test: main suites (inc. selftests) (full config, ASan build)"
    make test
    msg "test: ssl-opt.sh (full config, ASan build)"
    if_build_succeeded tests/ssl-opt.sh
    msg "test: compat.sh (full config, ASan build)"
    if_build_succeeded tests/compat.sh
 }
 component_test_ref_configs () {
    msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
    CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -699,7 +718,6 @@ component_test_rsa_no_crt () {
 component_test_full_cmake_clang () {
    msg "build: cmake, full config, clang" # ~ 50s
    scripts/config.pl full
    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
    CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
    make
@@ -771,7 +789,6 @@ component_test_no_platform () {
    scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT
    scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
    scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
    scripts/config.pl unset MBEDTLS_FS_IO
    # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
    # to re-enable platform integration features otherwise disabled in C99 builds
@@ -812,6 +829,34 @@ component_build_no_sockets () {
    make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
 }
 component_test_memory_buffer_allocator_backtrace () {
    msg "build: default config with memory buffer allocator and backtrace enabled"
    scripts/config.pl set MBEDTLS_MEMORY_BUFFER_ALLOC_C
    scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
    scripts/config.pl set MBEDTLS_MEMORY_BACKTRACE
    scripts/config.pl set MBEDTLS_MEMORY_DEBUG
    CC=gcc cmake .
    make
    msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
    make test
 }
 component_test_memory_buffer_allocator () {
    msg "build: default config with memory buffer allocator"
    scripts/config.pl set MBEDTLS_MEMORY_BUFFER_ALLOC_C
    scripts/config.pl set MBEDTLS_PLATFORM_MEMORY
    CC=gcc cmake .
    make
    msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
    make test
    msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
    # MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
    if_build_succeeded tests/ssl-opt.sh -e '^DTLS proxy'
 }
 component_test_no_max_fragment_length () {
    msg "build: default config except MFL extension (ASan build)" # ~ 30s
    scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -849,6 +894,21 @@ component_test_platform_calloc_macro () {
    make test
 }
 component_test_malloc_0_null () {
    msg "build: malloc(0) returns NULL (ASan+UBSan build)"
    scripts/config.pl full
    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
    make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' -O -Werror -Wall -Wextra -fsanitize=address,undefined" LDFLAGS='-fsanitize=address,undefined'
    msg "test: malloc(0) returns NULL (ASan+UBSan build)"
    make test
    msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
    # Just the calloc selftest. "make test" ran the others as part of the
    # test suites.
    if_build_succeeded programs/test/selftest calloc
 }
 component_test_make_shared () {
    msg "build/test: make shared" # ~ 40s
    make SHARED=1 all check
@@ -878,7 +938,7 @@ component_test_m32_o0 () {
    # Build once with -O0, to compile out the i386 specific inline assembly
    msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
    scripts/config.pl full
-    make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32'
+    make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
    msg "test: i386, make, gcc -O0 (ASan build)"
    make test
@@ -894,10 +954,7 @@ component_test_m32_o1 () {
    # Build again with -O1, to compile in the i386 specific inline assembly
    msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
    scripts/config.pl full
-    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
+    make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O1" LDFLAGS="-m32 $ASAN_CFLAGS"
    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
    scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
    make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32'
    msg "test: i386, make, gcc -O1 (ASan build)"
    make test
--- a/Sources/mbedTLS/tests/scripts/run-test-suites.pl
+++ b/Sources/mbedTLS/tests/scripts/run-test-suites.pl
@@ -93,7 +93,7 @@ for my $suite (@suites)
    $suite_cases_failed = () = $result =~ /.. FAILED/g;
    $suite_cases_skipped = () = $result =~ /.. ----/g;
-    if( $result =~ /PASSED/ ) {
+    if( $? == 0 ) {
        print "PASS\n";
        if( $verbose > 2 ) {
            pad_print_center( 72, '-', "Begin $suite" );
--- a/Sources/mbedTLS/tests/suites/test_suite_cipher.gcm.data
+++ b/Sources/mbedTLS/tests/suites/test_suite_cipher.gcm.data
--- a/Sources/mbedTLS/tests/suites/test_suite_ctr_drbg.function
+++ b/Sources/mbedTLS/tests/suites/test_suite_ctr_drbg.function
@@ -72,7 +72,10 @@ void ctr_drbg_validate_pr( char *add_init_string, char *entropy_string,
    add2_len = unhexify( add2, add2_string );
    test_offset_idx = 0;
-    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
+    mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx,
                                        mbedtls_test_entropy_func, entropy,
                                        add_init, add_init_len ) == 0 );
    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
@@ -110,7 +113,10 @@ void ctr_drbg_validate_nopr( char *add_init_string, char *entropy_string,
    add2_len = unhexify( add2, add2_string );
    test_offset_idx = 0;
-    TEST_ASSERT( mbedtls_ctr_drbg_seed_entropy_len( &ctx, mbedtls_test_entropy_func, entropy, add_init, add_init_len, 32 ) == 0 );
+    mbedtls_ctr_drbg_set_entropy_len( &ctx, 32 );
    TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx,
                                        mbedtls_test_entropy_func, entropy,
                                        add_init, add_init_len ) == 0 );
    TEST_ASSERT( mbedtls_ctr_drbg_random_with_add( &ctx, buf, 16, add1, add1_len ) == 0 );
    TEST_ASSERT( mbedtls_ctr_drbg_reseed( &ctx, add_reseed, add_reseed_len ) == 0 );
--- a/Sources/mbedTLS/tests/suites/test_suite_memory_buffer_alloc.data
+++ b/Sources/mbedTLS/tests/suites/test_suite_memory_buffer_alloc.data
@@ -16,8 +16,8 @@ memory_buffer_alloc_free_alloc:100:64:100:100:0:0:0:1:200:0
 Memory buffer alloc - Out of Memory test
 memory_buffer_alloc_oom_test:
-Memory buffer small buffer
+Memory buffer: heap too small (header verification should fail)
-memory_buffer_small_buffer:
+memory_buffer_heap_too_small:
-Memory buffer underalloc
+Memory buffer: attempt to allocate SIZE_MAX
 memory_buffer_underalloc:
--- a/Sources/mbedTLS/tests/suites/test_suite_memory_buffer_alloc.function
+++ b/Sources/mbedTLS/tests/suites/test_suite_memory_buffer_alloc.function
@@ -29,7 +29,7 @@ void mbedtls_memory_buffer_alloc_self_test( )
 }
 /* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+/* BEGIN_CASE */
 void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
                                        int d_bytes,
                                     int free_a, int free_b, int free_c,
@@ -40,8 +40,11 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
    unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL, *ptr_d = NULL,
                    *ptr_e = NULL, *ptr_f = NULL;
 #if defined(MBEDTLS_MEMORY_DEBUG)
    size_t reported_blocks;
-    size_t allocated_bytes = 0, reported_bytes;
+    size_t reported_bytes;
 #endif
    size_t allocated_bytes = 0;
    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
@@ -79,8 +82,10 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
        allocated_bytes += d_bytes * sizeof(char);
    }
 #if defined(MBEDTLS_MEMORY_DEBUG)
    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
    TEST_ASSERT( reported_bytes == allocated_bytes );
 #endif
    if( free_a )
    {
@@ -118,8 +123,10 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
        allocated_bytes -= d_bytes * sizeof(char);
    }
 #if defined(MBEDTLS_MEMORY_DEBUG)
    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
    TEST_ASSERT( reported_bytes == allocated_bytes );
 #endif
    if( e_bytes > 0 )
    {
@@ -179,8 +186,10 @@ void memory_buffer_alloc_free_alloc( int a_bytes, int b_bytes, int c_bytes,
        ptr_f = NULL;
    }
 #if defined(MBEDTLS_MEMORY_DEBUG)
    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
    TEST_ASSERT( reported_bytes == 0 );
 #endif
    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
@@ -189,12 +198,14 @@ exit:
 }
 /* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+/* BEGIN_CASE */
-void memory_buffer_alloc_oom_test()
+void memory_buffer_alloc_oom_test(  )
 {
    unsigned char buf[1024];
    unsigned char *ptr_a = NULL, *ptr_b = NULL, *ptr_c = NULL;
 #if defined(MBEDTLS_MEMORY_DEBUG)
    size_t reported_blocks, reported_bytes;
 #endif
    (void)ptr_c;
@@ -211,8 +222,10 @@ void memory_buffer_alloc_oom_test()
    ptr_c = mbedtls_calloc( 431, sizeof(char) );
    TEST_ASSERT( ptr_c == NULL );
 #if defined(MBEDTLS_MEMORY_DEBUG)
    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
    TEST_ASSERT( reported_bytes >= 864 && reported_bytes <= sizeof(buf) );
 #endif
    mbedtls_free( ptr_a );
    ptr_a = NULL;
@@ -222,8 +235,10 @@ void memory_buffer_alloc_oom_test()
    ptr_b = NULL;
    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
 #if defined(MBEDTLS_MEMORY_DEBUG)
    mbedtls_memory_buffer_alloc_cur_get( &reported_bytes, &reported_blocks );
    TEST_ASSERT( reported_bytes == 0 );
 #endif
    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() == 0 );
@@ -232,17 +247,20 @@ exit:
 }
 /* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+/* BEGIN_CASE */
-void memory_buffer_small_buffer( )
+void memory_buffer_heap_too_small( )
 {
    unsigned char buf[1];
    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
    /* With MBEDTLS_MEMORY_DEBUG enabled, this prints a message
     * "FATAL: verification of first header failed".
     */
    TEST_ASSERT( mbedtls_memory_buffer_alloc_verify() != 0 );
 }
 /* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_MEMORY_DEBUG */
+/* BEGIN_CASE */
 void memory_buffer_underalloc( )
 {
    unsigned char buf[100];
--- a/Sources/mbedTLS/tests/suites/test_suite_mpi.data
+++ b/Sources/mbedTLS/tests/suites/test_suite_mpi.data
@@ -157,6 +157,93 @@ mbedtls_mpi_cmp_mpi:10:"2":10:"-3":1
 Base test mbedtls_mpi_cmp_mpi (Mixed values) #6
 mbedtls_mpi_cmp_mpi:10:"-2":10:"31231231289798":-1
 Base test mbedtls_mpi_lt_mpi_ct #1
 mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0
 Base test mbedtls_mpi_lt_mpi_ct #2
 mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B4":0:0
 Base test mbedtls_mpi_lt_mpi_ct #3
 mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B6":1:0
 Base test mbedtls_mpi_lt_mpi_ct (Negative values) #1
 mbedtls_mpi_lt_mpi_ct:1:"-2":1:"-2":0:0
 Base test mbedtls_mpi_lt_mpi_ct (Negative values) #2
 mbedtls_mpi_lt_mpi_ct:1:"-2":1:"-3":0:0
 Base test mbedtls_mpi_lt_mpi_ct (Negative values) #3
 mbedtls_mpi_lt_mpi_ct:1:"-2":1:"-1":1:0
 Base test mbedtls_mpi_lt_mpi_ct (Mixed values) #1
 mbedtls_mpi_lt_mpi_ct:1:"-3":1:"2":1:0
 Base test mbedtls_mpi_lt_mpi_ct (Mixed values) #2
 mbedtls_mpi_lt_mpi_ct:1:"2":1:"-3":0:0
 Base test mbedtls_mpi_lt_mpi_ct (Mixed values) #3
 mbedtls_mpi_lt_mpi_ct:2:"-2":2:"1C67967269C6":1:0
 Base test mbedtls_mpi_lt_mpi_ct (X is longer in storage)
 mbedtls_mpi_lt_mpi_ct:3:"2B5":2:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 Base test mbedtls_mpi_lt_mpi_ct (Y is longer in storage)
 mbedtls_mpi_lt_mpi_ct:3:"2B5":4:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #1
 mbedtls_mpi_lt_mpi_ct:2:"7FFFFFFFFFFFFFFF":2:"FF":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #2
 mbedtls_mpi_lt_mpi_ct:2:"8000000000000000":2:"7FFFFFFFFFFFFFFF":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #3
 mbedtls_mpi_lt_mpi_ct:2:"8000000000000000":2:"1":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #4
 mbedtls_mpi_lt_mpi_ct:2:"8000000000000000":2:"0":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #5
 mbedtls_mpi_lt_mpi_ct:2:"FFFFFFFFFFFFFFFF":2:"FF":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #1
 mbedtls_mpi_lt_mpi_ct:1:"7FFFFFFF":1:"FF":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #2
 mbedtls_mpi_lt_mpi_ct:1:"80000000":1:"7FFFFFFF":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #3
 mbedtls_mpi_lt_mpi_ct:1:"80000000":1:"1":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #4
 mbedtls_mpi_lt_mpi_ct:1:"80000000":1:"0":0:0
 Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #5
 mbedtls_mpi_lt_mpi_ct:1:"FFFFFFFF":1:"FF":0:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (X<Y, zero vs non-zero MS limb)
 mbedtls_mpi_lt_mpi_ct:2:"0FFFFFFFFFFFFFFFF":2:"1FFFFFFFFFFFFFFFF":1:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (X>Y, equal MS limbs)
 mbedtls_mpi_lt_mpi_ct:2:"-EEFFFFFFFFFFFFFFF1":2:"-EEFFFFFFFFFFFFFFFF":0:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (X=Y)
 mbedtls_mpi_lt_mpi_ct:2:"EEFFFFFFFFFFFFFFFF":2:"EEFFFFFFFFFFFFFFFF":0:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (X=-Y)
 mbedtls_mpi_lt_mpi_ct:2:"-EEFFFFFFFFFFFFFFFF":2:"EEFFFFFFFFFFFFFFFF":1:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #1
 mbedtls_mpi_lt_mpi_ct:2:"11FFFFFFFFFFFFFFFF":2:"FF1111111111111111":1:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #2
 mbedtls_mpi_lt_mpi_ct:2:"FF1111111111111111":2:"11FFFFFFFFFFFFFFFF":0:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #3
 mbedtls_mpi_lt_mpi_ct:2:"-11FFFFFFFFFFFFFFFF":2:"-FF1111111111111111":0:0
 Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #4
 mbedtls_mpi_lt_mpi_ct:2:"-FF1111111111111111":2:"-11FFFFFFFFFFFFFFFF":1:0
 Base test mbedtls_mpi_cmp_abs #1
 mbedtls_mpi_cmp_abs:10:"693":10:"693":0
--- a/Sources/mbedTLS/tests/suites/test_suite_mpi.function
+++ b/Sources/mbedTLS/tests/suites/test_suite_mpi.function
@@ -332,6 +332,31 @@ exit:
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X,
                            int size_Y, char * input_Y,
                            int input_ret, int input_err )
 {
    unsigned ret;
    unsigned input_uret = input_ret;
    mbedtls_mpi X, Y;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
    TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 );
    mbedtls_mpi_grow( &X, size_X );
    mbedtls_mpi_grow( &Y, size_Y );
    TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
    if( input_err == 0 )
        TEST_ASSERT( ret == input_uret );
 exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void mbedtls_mpi_cmp_abs( int radix_X, char *input_X, int radix_Y, char *input_Y,
                  int input_A )
--- a/Sources/mbedTLS/tests/suites/test_suite_pk.function
+++ b/Sources/mbedTLS/tests/suites/test_suite_pk.function
@@ -125,18 +125,18 @@ void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
                       int mod, int radix_N, char *input_N, int radix_E,
                       char *input_E, char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[128];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char result_str[1000];
+    unsigned char result_str[128];
    mbedtls_rsa_context *rsa;
    mbedtls_pk_context pk;
    int msg_len;
    mbedtls_pk_init( &pk );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( result_str, 0x00, 1000 );
+    memset( result_str, 0x00, sizeof(result_str ) );
    TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
    rsa = mbedtls_pk_rsa( pk );
@@ -166,9 +166,9 @@ void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest,
                       int pk_type, int mgf1_hash_id, int salt_len,
                       int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[128];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char result_str[1000];
+    unsigned char result_str[128];
    mbedtls_rsa_context *rsa;
    mbedtls_pk_context pk;
    mbedtls_pk_rsassa_pss_options pss_opts;
@@ -178,9 +178,9 @@ void pk_rsa_verify_ext_test_vec( char *message_hex_string, int digest,
    mbedtls_pk_init( &pk );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( result_str, 0x00, 1000 );
+    memset( result_str, 0x00, sizeof( result_str ) );
    TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
    rsa = mbedtls_pk_rsa( pk );
@@ -289,9 +289,9 @@ void pk_rsa_encrypt_test_vec( char *message_hex, int mod,
                            int radix_E, char *input_E,
                            char *result_hex, int ret )
 {
-    unsigned char message[1000];
+    unsigned char message[16];
-    unsigned char output[1000];
+    unsigned char output[300];
-    unsigned char result[1000];
+    unsigned char result[256];
    size_t msg_len, olen, res_len;
    rnd_pseudo_info rnd_info;
    mbedtls_rsa_context *rsa;
@@ -332,9 +332,9 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod,
                            int radix_E, char *input_E,
                            char *clear_hex, int ret )
 {
-    unsigned char clear[1000];
+    unsigned char clear[16];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char cipher[1000];
+    unsigned char cipher[256];
    size_t clear_len, olen, cipher_len;
    rnd_pseudo_info rnd_info;
    mbedtls_mpi N, P, Q, E;
@@ -463,8 +463,8 @@ void pk_rsa_alt( )
    mbedtls_rsa_context raw;
    mbedtls_pk_context rsa, alt;
    mbedtls_pk_debug_item dbg_items[10];
-    unsigned char hash[50], sig[1000];
+    unsigned char hash[50], sig[64];
-    unsigned char msg[50], ciph[1000], test[1000];
+    unsigned char msg[50], ciph[64], test[50];
    size_t sig_len, ciph_len, test_len;
    int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
--- a/Sources/mbedTLS/tests/suites/test_suite_pkcs1_v15.function
+++ b/Sources/mbedTLS/tests/suites/test_suite_pkcs1_v15.function
@@ -14,10 +14,10 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E,
                               char *message_hex_string, char *seed,
                               char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[125];
-    unsigned char output[1000];
+    unsigned char output[128];
-    unsigned char output_str[1000];
+    unsigned char output_str[257];
-    unsigned char rnd_buf[1000];
+    unsigned char rnd_buf[109];
    mbedtls_rsa_context ctx;
    size_t msg_len;
    rnd_buf_info info;
@@ -28,9 +28,9 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -61,9 +61,9 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
                               int hash, char *result_hex_str, char *seed,
                               char *message_hex_string, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[128];
-    unsigned char output[1000];
+    unsigned char output[128];
-    unsigned char output_str[1000];
+    unsigned char output_str[257];
    mbedtls_rsa_context ctx;
    size_t output_len;
    rnd_pseudo_info rnd_info;
@@ -74,9 +74,9 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
    mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -91,7 +91,9 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P,
    unhexify( message_str, message_hex_string );
-    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
                                            MBEDTLS_RSA_PRIVATE, &output_len,
                                            message_str, output, sizeof( output ) ) == result );
    if( result == 0 )
    {
        hexify( output_str, output, ctx.len );
@@ -261,11 +263,11 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
                            char *message_hex_string, char *salt,
                            char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[114];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char output[1000];
+    unsigned char output[128];
-    unsigned char output_str[1000];
+    unsigned char output_str[257];
-    unsigned char rnd_buf[1000];
+    unsigned char rnd_buf[20];
    mbedtls_rsa_context ctx;
    mbedtls_mpi N, P, Q, E;
    size_t msg_len;
@@ -277,11 +279,10 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
    mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
-
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( message_str, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    memset( output_str, 0x00, 1000 );
    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -319,9 +320,9 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E,
                              char *message_hex_string, char *salt,
                              char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[114];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char result_str[1000];
+    unsigned char result_str[128];
    mbedtls_rsa_context ctx;
    size_t msg_len;
    mbedtls_mpi N, E;
@@ -329,9 +330,9 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( result_str, 0x00, 1000 );
+    memset( result_str, 0x00, sizeof( result_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
--- a/Sources/mbedTLS/tests/suites/test_suite_pkcs1_v21.function
+++ b/Sources/mbedTLS/tests/suites/test_suite_pkcs1_v21.function
@@ -14,10 +14,10 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E,
                               char *message_hex_string, char *seed,
                               char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[87];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
-    unsigned char rnd_buf[1000];
+    unsigned char rnd_buf[20];
    mbedtls_rsa_context ctx;
    size_t msg_len;
    rnd_buf_info info;
@@ -28,9 +28,9 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -61,9 +61,9 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P,
                               int hash, char *result_hex_str, char *seed,
                               char *message_hex_string, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[256];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx;
    size_t output_len;
    rnd_pseudo_info rnd_info;
@@ -75,9 +75,9 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P,
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str) );
    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -92,11 +92,12 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P,
    unhexify( message_str, message_hex_string );
-    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str, output, 1000 ) == result );
+    TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
                                            MBEDTLS_RSA_PRIVATE, &output_len,
                                            message_str, output, sizeof( output ) ) == result );
    if( result == 0 )
    {
        hexify( output_str, output, ctx.len );
        TEST_ASSERT( strncasecmp( (char *) output_str, result_hex_str, strlen( result_hex_str ) ) == 0 );
    }
@@ -114,11 +115,11 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q,
                            char *message_hex_string, char *salt,
                            char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[255];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
-    unsigned char rnd_buf[1000];
+    unsigned char rnd_buf[20];
    mbedtls_rsa_context ctx;
    size_t msg_len;
    rnd_buf_info info;
@@ -131,10 +132,10 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q,
    mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -174,9 +175,9 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E,
                              char *message_hex_string, char *salt,
                              char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[255];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char result_str[1000];
+    unsigned char result_str[256];
    mbedtls_rsa_context ctx;
    size_t msg_len;
    mbedtls_mpi N, E;
@@ -184,9 +185,9 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( result_str, 0x00, 1000 );
+    memset( result_str, 0x00, sizeof( result_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -222,19 +223,18 @@ void pkcs1_rsassa_pss_verify_ext( int mod,
                                  int result_simple,
                                  int result_full )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[163];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char result_str[1000];
+    unsigned char result_str[256];
    mbedtls_rsa_context ctx;
    size_t msg_len, hash_len;
    mbedtls_mpi N, E;
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( result_str, 0x00, 1000 );
+    memset( result_str, 0x00, sizeof( result_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
--- a/Sources/mbedTLS/tests/suites/test_suite_rsa.data
+++ b/Sources/mbedTLS/tests/suites/test_suite_rsa.data
@@ -267,7 +267,7 @@ mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V1
 RSA PKCS1 Decrypt #1 (Verify)
 depends_on:MBEDTLS_PKCS1_V15
-mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":0
+mbedtls_rsa_pkcs1_decrypt:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":32:"4E636AF98E40F3ADCFCCB698F4E80B9F":0
 RSA PKCS1 Encrypt #2 (Data too large)
 depends_on:MBEDTLS_PKCS1_V15
@@ -275,7 +275,7 @@ mbedtls_rsa_pkcs1_encrypt:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c
 RSA PKCS1 Decrypt #2 (Data too small)
 depends_on:MBEDTLS_PKCS1_V15
-mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":1000:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_rsa_pkcs1_decrypt:"deadbeafcafedeadbeeffedcba9876":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":32:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
 RSA PKCS1 Encrypt #3 (Invalid padding mode)
 mbedtls_rsa_pkcs1_encrypt:"4E636AF98E40F3ADCFCCB698F4E80B9F":2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_INVALID_PADDING
--- a/Sources/mbedTLS/tests/suites/test_suite_rsa.function
+++ b/Sources/mbedTLS/tests/suites/test_suite_rsa.function
@@ -23,10 +23,11 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
                     char *input_Q, int radix_N, char *input_N, int radix_E,
                     char *input_E, char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[128];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx;
    mbedtls_mpi N, P, Q, E;
    int msg_len;
@@ -36,10 +37,10 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig
    mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -80,9 +81,9 @@ void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int d
                       int mod, int radix_N, char *input_N, int radix_E,
                       char *input_E, char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[128];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char result_str[1000];
+    unsigned char result_str[256];
    mbedtls_rsa_context ctx;
    int msg_len;
@@ -90,9 +91,9 @@ void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int d
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( result_str, 0x00, 1000 );
+    memset( result_str, 0x00, sizeof( result_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -122,10 +123,10 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
                         char *input_N, int radix_E, char *input_E,
                         char *result_hex_str )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[128];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx;
    mbedtls_mpi N, P, Q, E;
    int hash_len;
@@ -135,10 +136,10 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
    mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -167,8 +168,8 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string,
    if( padding_mode == MBEDTLS_RSA_PKCS_V15 )
    {
        int res;
-        memset( output, 0x00, 1000 );
+        memset( output, 0x00, sizeof( output ) );
-        memset( output_str, 0x00, 1000 );
+        memset( output_str, 0x00, sizeof( output_str ) );
        res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
                    &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
@@ -203,10 +204,10 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
                           char *input_N, int radix_E, char *input_E,
                           char *result_hex_str, int correct )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[128];
-    unsigned char hash_result[1000];
+    unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char result_str[1000];
+    unsigned char result_str[256];
-    unsigned char output[1000];
+    unsigned char output[256];
    mbedtls_rsa_context ctx;
    size_t hash_len;
@@ -214,11 +215,10 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( hash_result, 0x00, 1000 );
+    memset( hash_result, 0x00, sizeof( hash_result ) );
-    memset( result_str, 0x00, 1000 );
+    memset( result_str, 0x00, sizeof( result_str ) );
    memset( output, 0x00, sizeof( output ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -276,9 +276,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int
                        int radix_N, char *input_N, int radix_E, char *input_E,
                        char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[256];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx;
    size_t msg_len;
    rnd_pseudo_info rnd_info;
@@ -289,9 +289,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int
    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -324,9 +324,9 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
                                int radix_E, char *input_E,
                                char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[16];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx;
    size_t msg_len;
@@ -334,9 +334,9 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode,
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, padding_mode, 0 );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -369,9 +369,9 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int
                        int radix_N, char *input_N, int radix_E, char *input_E,
                        int max_output, char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[256];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx;
    size_t output_len;
    rnd_pseudo_info rnd_info;
@@ -381,10 +381,9 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int
    mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, padding_mode, 0 );
-
+    memset( message_str, 0x00,  sizeof( message_str ) );
-    memset( message_str, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output, 0x00, 1000 );
+    memset( output_str, 0x00,  sizeof( output_str ) );
    memset( output_str, 0x00, 1000 );
    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
@@ -420,19 +419,18 @@ exit:
 void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *input_N,
                 int radix_E, char *input_E, char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[256];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
    mbedtls_mpi N, E;
    mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
    mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
@@ -458,8 +456,8 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i
    TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx2 ) == 0 );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    TEST_ASSERT( mbedtls_rsa_public( &ctx2, message_str, output ) == result );
    if( result == 0 )
    {
@@ -480,9 +478,9 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
                  int radix_Q, char *input_Q, int radix_N, char *input_N,
                  int radix_E, char *input_E, char *result_hex_str, int result )
 {
-    unsigned char message_str[1000];
+    unsigned char message_str[256];
-    unsigned char output[1000];
+    unsigned char output[256];
-    unsigned char output_str[1000];
+    unsigned char output_str[513];
    mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
    mbedtls_mpi N, P, Q, E;
    rnd_pseudo_info rnd_info;
@@ -493,7 +491,7 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
    mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
    mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
-    memset( message_str, 0x00, 1000 );
+    memset( message_str, 0x00, sizeof( message_str ) );
    memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
    TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -511,8 +509,8 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
    /* repeat three times to test updating of blinding values */
    for( i = 0; i < 3; i++ )
    {
-        memset( output, 0x00, 1000 );
+        memset( output, 0x00, sizeof( output ) );
-        memset( output_str, 0x00, 1000 );
+        memset( output_str, 0x00, sizeof( output_str ) );
        TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
                                  message_str, output ) == result );
        if( result == 0 )
@@ -531,8 +529,8 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char *
    TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
-    memset( output, 0x00, 1000 );
+    memset( output, 0x00, sizeof( output ) );
-    memset( output_str, 0x00, 1000 );
+    memset( output_str, 0x00, sizeof( output_str ) );
    TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
                              message_str, output ) == result );
    if( result == 0 )
@@ -1197,11 +1195,11 @@ void mbedtls_rsa_export_raw( char *input_N, char *input_P,
                             int successive )
 {
    /* Original raw buffers with which we set up the RSA context */
-    unsigned char bufN[1000];
+    unsigned char bufN[256];
-    unsigned char bufP[1000];
+    unsigned char bufP[128];
-    unsigned char bufQ[1000];
+    unsigned char bufQ[128];
-    unsigned char bufD[1000];
+    unsigned char bufD[256];
-    unsigned char bufE[1000];
+    unsigned char bufE[1];
    size_t lenN = 0;
    size_t lenP = 0;
@@ -1329,11 +1327,11 @@ void mbedtls_rsa_import_raw( char *input_N,
                             int res_check,
                             int res_complete )
 {
-    unsigned char bufN[1000];
+    unsigned char bufN[256];
-    unsigned char bufP[1000];
+    unsigned char bufP[128];
-    unsigned char bufQ[1000];
+    unsigned char bufQ[128];
-    unsigned char bufD[1000];
+    unsigned char bufD[256];
-    unsigned char bufE[1000];
+    unsigned char bufE[1];
    /* Buffers used for encryption-decryption test */
    unsigned char *buf_orig = NULL;
--- a/Tests/OpenVPNAdapter/CustomFlow.swift
+++ b/Tests/OpenVPNAdapter/CustomFlow.swift
@@ -1,21 +0,0 @@
 //
 //  CustomFlow.swift
 //  OpenVPN Adapter
 //
 //  Created by Sergey Abramchuk on 28.10.2017.
 //
 import NetworkExtension
@testable import OpenVPNAdapter
 class CustomFlow: NSObject, OpenVPNAdapterPacketFlow {
    func readPackets(completionHandler: @escaping ([Data], [NSNumber]) -> Void) {
    }
    func writePackets(_ packets: [Data], withProtocols protocols: [NSNumber]) -> Bool {
        return true
    }
 }
--- a/Tests/OpenVPNAdapter/OpenVPNAdapterTests.swift
+++ b/Tests/OpenVPNAdapter/OpenVPNAdapterTests.swift
@@ -12,82 +12,124 @@ import NetworkExtension
 class OpenVPNAdapterTests: XCTestCase {
-    enum ExpectationsType {
+    private class CustomFlow: NSObject, OpenVPNAdapterPacketFlow {
-        case connection
+        
        func readPackets(completionHandler: @escaping ([Data], [NSNumber]) -> Void) {
        }
        func writePackets(_ packets: [Data], withProtocols protocols: [NSNumber]) -> Bool {
            return true
        }
    }
-    let customFlow = CustomFlow()
+    private class AdapterDelegate: NSObject, OpenVPNAdapterDelegate {
        let settingsHandler: (NEPacketTunnelNetworkSettings?) -> Void
        let errorHandler: (Error) -> Void
        let eventHandler: (OpenVPNAdapterEvent) -> Void
        init(
            settingsHandler: @escaping (NEPacketTunnelNetworkSettings?) -> Void,
            errorHandler: @escaping (Error) -> Void,
            eventHandler: @escaping (OpenVPNAdapterEvent) -> Void
        ) {
            self.settingsHandler = settingsHandler
            self.errorHandler = errorHandler
            self.eventHandler = eventHandler
            super.init()
        }
        func openVPNAdapter(
            _ openVPNAdapter: OpenVPNAdapter,
            configureTunnelWithNetworkSettings networkSettings: NEPacketTunnelNetworkSettings?,
            completionHandler: @escaping (Error?) -> Void
        ) {
            settingsHandler(networkSettings)
            completionHandler(nil)
        }
        func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleError error: Error) {
            errorHandler(error)
        }
        func openVPNAdapter(
            _ openVPNAdapter: OpenVPNAdapter, handleEvent event: OpenVPNAdapterEvent, message: String?
        ) {
            eventHandler(event)
        }
        func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleLogMessage logMessage: String) {
            print(logMessage)
        }
    }
-    var expectations = [ExpectationsType : XCTestExpectation]()
+    private let customFlow = CustomFlow()
    override func setUp() {
        super.setUp()
        expectations.removeAll()
    }
    override func tearDown() {
        super.tearDown()
    }
-    func testApplyConfiguration() {
+    func testVPNConnection() {
        guard let vpnConfiguration = VPNProfile.configuration.data(using: .utf8) else { fatalError() }
        let adapter = OpenVPNAdapter()
        let configuration = OpenVPNConfiguration()
-        configuration.fileContent = vpnConfiguration
+        configuration.fileContent = VPNProfile.live.configuration.data(using: .utf8)
-        configuration.settings = ["auth-user-pass": ""]
+         
-
+        var settings = VPNProfile.live.settings ?? [:]
-        let result: OpenVPNProperties
+        
        if let key = VPNProfile.live.key, let cert = VPNProfile.live.cert {
            settings["cert"] = cert.replacingOccurrences(of: "\n", with: "\\n")
            settings["key"] = key.replacingOccurrences(of: "\n", with: "\\n")
        }
        configuration.settings = settings
        let preEvaluation: OpenVPNConfigurationEvaluation
        do {
-            result = try adapter.apply(configuration: configuration)
+            preEvaluation = try OpenVPNAdapter.evaluate(configuration: configuration)
        } catch {
-            XCTFail("Failed to configure OpenVPN adapted due to error: \(error)")
+            XCTFail("Evaluation failed due to error: \(error)")
            return
        }
-
+        
-        XCTAssert(result.remoteHost == VPNProfile.remoteHost)
+        guard !preEvaluation.externalPki else {
-        XCTAssert(result.remotePort == VPNProfile.remotePort)
+            XCTFail("Currently profile cannot be External PKI as it is not imlemented yet.")
-        XCTAssert(result.autologin == false)
+            return
-    }
+        }
-    
+        
-    func testProvideCredentials() {
+        if preEvaluation.isPrivateKeyPasswordRequired {
            guard let keyPassword = VPNProfile.live.keyPassword else {
                XCTFail("Private key password required.")
                return
            }
            configuration.privateKeyPassword = keyPassword
        }
        let adapter = OpenVPNAdapter()
-        let credentials = OpenVPNCredentials()
+        let finalEvaluation: OpenVPNConfigurationEvaluation
        credentials.username = "username"
        credentials.password = "password"
        do {
-            try adapter.provide(credentials: credentials)
+            finalEvaluation = try adapter.apply(configuration: configuration)
        } catch {
-            XCTFail("Failed to provide credentials. \(error)")
+            XCTFail("Failed to apply OpenVPN configuration due to error: \(error)")
            return
        }
    }
    // Test connection to the VPN server
    func testConnection() {
        guard let vpnConfiguration = VPNProfile.configuration.data(using: .utf8) else { fatalError() }
        let adapter = OpenVPNAdapter()
        let configuration = OpenVPNConfiguration()
        configuration.fileContent = vpnConfiguration
        let result: OpenVPNProperties
        do {
            result = try adapter.apply(configuration: configuration)
        } catch {
            XCTFail("Failed to configure OpenVPN adapted due to error: \(error)")
            return
        }
-        if !result.autologin {
+        if !finalEvaluation.autologin {
            guard let username = VPNProfile.live.username, let password = VPNProfile.live.password else {
                XCTFail("If unable to autologin, username and password must be provided.")
                return
            }
            let credentials = OpenVPNCredentials()
-            credentials.username = VPNProfile.username
+            credentials.username = username
-            credentials.password = VPNProfile.password
+            credentials.password = password
            do {
                try adapter.provide(credentials: credentials)
@@ -97,48 +139,28 @@ class OpenVPNAdapterTests: XCTestCase {
            }
        }
-        expectations[.connection] = expectation(description: "me.ss-abramchuk.openvpn-adapter.connection")
+        let connectionExpectation = XCTestExpectation(
-
+            description: "Establish connection using \(VPNProfile.live.profileName)"
-        adapter.delegate = self
+        )
        adapter.connect(using: customFlow)
        waitForExpectations(timeout: 30.0) { (error) in
            adapter.disconnect()
        }
    }
 }
 extension OpenVPNAdapterTests: OpenVPNAdapterDelegate {
    func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, configureTunnelWithNetworkSettings networkSettings: NEPacketTunnelNetworkSettings?, completionHandler: @escaping (Error?) -> Void) {
        completionHandler(nil)
    }
    func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleEvent event: OpenVPNAdapterEvent, message: String?) {
        switch event {
        case .connected:
            guard let connectionExpectation = expectations[.connection] else { return }
            connectionExpectation.fulfill()
        case .disconnected:
            break
        default:
            break
        }
    }
    func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleError error: Error) {
        if let connectionExpectation = expectations[.connection] {
            XCTFail("Failed to establish conection.")
            connectionExpectation.fulfill()
        }
-        dump(error)
+        let adapterDelegate = AdapterDelegate(
            settingsHandler: { (settings) in
            },
            errorHandler: { (error) in
                XCTFail("Failed to establish conection due to error: \(error)")
            },
            eventHandler: { (event) in
                guard event == .connected else { return }
                connectionExpectation.fulfill()
                adapter.disconnect()
            }
        )
        adapter.delegate = adapterDelegate
        adapter.connect(using: customFlow)
        wait(for: [connectionExpectation], timeout: 15.0)
    }
    func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleLogMessage logMessage: String) {
        print(logMessage)
    }
 }
--- a/Tests/OpenVPNAdapter/OpenVPNConfigurationTests.swift
+++ b/Tests/OpenVPNAdapter/OpenVPNConfigurationTests.swift
@@ -9,8 +9,6 @@
 import XCTest
@testable import OpenVPNAdapter
 // TODO: Test getting/setting of all properties of OpenVPNConfiguration
 class OpenVPNConfigurationTests: XCTestCase {
    override func setUp() {
@@ -23,135 +21,148 @@ class OpenVPNConfigurationTests: XCTestCase {
        super.tearDown()
    }
-    func testGetSetProfile() {
+    func testEvaluateEmptyConfig() {
        guard let originalProfile = VPNProfile.configuration.data(using: .utf8) else { fatalError() }
        let configuration = OpenVPNConfiguration()
-        guard configuration.fileContent == nil else {
+        do {
-            XCTFail("Empty file content should return nil")
+            let _ = try OpenVPNAdapter.evaluate(configuration: configuration)
-            return
+            XCTFail("We shouldn't be here, evaluation should fail.")
        } catch {
            guard let fatal = (error as NSError).userInfo[OpenVPNAdapterErrorFatalKey] as? Bool else {
                XCTFail("Error should contain OpenVPNAdapterErrorFatalKey.")
                return
            }
            XCTAssert(fatal)
        }
        configuration.fileContent = originalProfile
        guard let returnedProfile = configuration.fileContent else {
            XCTFail("Returned file content should not be nil")
            return
        }
        XCTAssert(originalProfile.elementsEqual(returnedProfile))
        configuration.fileContent = nil
        XCTAssert(configuration.fileContent == nil, "Empty file content should return nil")
        configuration.fileContent = Data()
        XCTAssert(configuration.fileContent == nil, "Empty file content should return nil")
    }
-    func testGetSetSettings() {
+    func testEvaluateManuallyPopulatedConfig() {
-        let originalSettings = [
+        let configuration = OpenVPNConfiguration()
        guard let caURL = Bundle.current.url(forResource: "ca", withExtension: "crt"),
            let caContent = try? String(contentsOf: caURL, encoding: .utf8)
        else {
            fatalError("Failed to get ca.crt, check its existance in the Resources folder.")
        }
        guard let certURL = Bundle.current.url(forResource: "client", withExtension: "crt"),
            let certContent = try? String(contentsOf: certURL, encoding: .utf8)
        else {
            fatalError("Failed to get client.crt, check its existance in the Resources folder.")
        }
        guard let keyURL = Bundle.current.url(forResource: "client", withExtension: "key"),
            let keyContent = try? String(contentsOf: keyURL, encoding: .utf8)
        else {
            fatalError("Failed to get client.key, check its existance in the Resources folder.")
        }
        configuration.settings = [
            "client": "",
            "dev": "tun",
-            "remote-cert-tls" : "server"
+            "proto": "udp",
            "remote": "my-server.com 1194",
            "resolv-retry": "infinite",
            "nobind": "",
            "auth-user-pass": "",
            "cipher": "AES-256-CBC",
            "comp-lzo": "",
            "verb": "3",
            "ca": caContent.replacingOccurrences(of: "\n", with: "\\n"),
            "cert": certContent.replacingOccurrences(of: "\n", with: "\\n"),
            "key": keyContent.replacingOccurrences(of: "\n", with: "\\n")
        ]
        let evaluation: OpenVPNConfigurationEvaluation
        do {
            evaluation = try OpenVPNAdapter.evaluate(configuration: configuration)
        } catch {
            XCTFail("Evaluation failed due to error: \(error)")
            return
        }
        XCTAssert(evaluation.remoteHost == "my-server.com")
        XCTAssert(evaluation.remotePort == 1194)
        XCTAssert(
            !evaluation.autologin, "Username and password are required so autologin should be false."
        )
        XCTAssert(
            !evaluation.externalPki,
            "Key and cert were provided to the configuration so it shouldn't be External PKI profile."
        )
    }
    func testEvaluateConfigFromFile() {
        let configuration = OpenVPNConfiguration()
-        guard configuration.settings == nil else {
+        guard let configURL = Bundle.current.url(forResource: "client", withExtension: "ovpn"),
-            XCTFail("Empty settings should return nil")
+            let configContent = try? Data(contentsOf: configURL)
        else {
            fatalError("Failed to get client.ovpn, check its existance in the Resources folder.")
        }
        configuration.fileContent = configContent
        let evaluation: OpenVPNConfigurationEvaluation
        do {
            evaluation = try OpenVPNAdapter.evaluate(configuration: configuration)
        } catch {
            XCTFail("Evaluation failed due to error: \(error)")
            return
        }
-        configuration.settings = originalSettings
+        XCTAssert(evaluation.remoteHost == "my-server.com")
        XCTAssert(evaluation.remotePort == 1194)
-        guard let returnedSettings = configuration.settings else {
+        XCTAssert(
-            XCTFail("Returned settings should not be nil")
+            !evaluation.autologin, "Username and password required so autologin should be false."
-            return
+        )
        }
-        let equals = originalSettings.allSatisfy { (key, value) in
+        XCTAssert(
-            returnedSettings[key] == value
+            evaluation.externalPki,
-        }
+            "Key and cert were not provided to the configuration so it should be External PKI profile."
-        
+        )
        XCTAssert(equals)
        configuration.settings = [:]
        XCTAssert(configuration.settings == nil, "Empty settings should return nil")
        configuration.settings = nil
        XCTAssert(configuration.settings == nil, "Empty settings should return nil")
    }
-    func testGetSetRemote() {
+    func testSetConfigurationProperties() {
        guard let originalProfile = VPNProfile.configuration.data(using: .utf8) else { fatalError() }
        let originalServer = "192.168.1.200"
        let originalPort: UInt = 12000
        let configuration = OpenVPNConfiguration()        
        configuration.fileContent = originalProfile
        XCTAssertNil(configuration.server)
        XCTAssertEqual(configuration.port, 0)
        configuration.server = originalServer
        configuration.port = originalPort
        XCTAssertNotNil(configuration.server)
        XCTAssertEqual(configuration.server, originalServer)
        XCTAssertEqual(configuration.port, originalPort)
    }
    func testGetSetProto() {
        let originalOption: OpenVPNTransportProtocol = .UDP
        let configuration = OpenVPNConfiguration()
-        guard configuration.proto == .default else {
+        guard let configURL = Bundle.current.url(forResource: "client", withExtension: "ovpn"),
-            XCTFail("proto option should return default value")
+            let configContent = try? Data(contentsOf: configURL)
-            return
+        else {
            fatalError("Failed to get client.ovpn, check its existance in the Resources folder.")
        }
-        configuration.proto = originalOption
+        configuration.fileContent = configContent
-        guard configuration.proto == originalOption else {
+        configuration.settings = [
-            XCTFail("proto option should be equal to original value (enabled)")
+            "persist-key": "",
-            return
+            "persist-tun": ""
-        }
+        ]
        configuration.server = "another-server.com"
        configuration.port = 5000
        XCTAssert(configuration.proto == .default)
        configuration.proto = .adaptive
        configuration.tlsCertProfile = .preferred
        XCTAssert(configuration.fileContent?.elementsEqual(configContent) == true)
        XCTAssert(configuration.settings?["persist-key"] != nil)
        XCTAssert(configuration.settings?["persist-tun"] != nil)
        XCTAssert(configuration.server == "another-server.com")
        XCTAssert(configuration.port == 5000)
        XCTAssert(configuration.proto == .adaptive)
        XCTAssert(configuration.tlsCertProfile == .preferred)
        XCTAssert(configuration.ipv6 == .default)
        configuration.ipv6 = .enabled
        XCTAssert(configuration.ipv6 == .enabled)
    }
    func testGetSetIPv6() {  
        let originalOption: OpenVPNIPv6Preference = .enabled
        let configuration = OpenVPNConfiguration()
        guard configuration.ipv6 == .default else {
            XCTFail("IPv6 option should return default value")
            return
        }
        configuration.ipv6 = originalOption
        guard configuration.ipv6 == originalOption else {
            XCTFail("IPv6 option should be equal to original value (enabled)")
            return
        }
    }
    func testGetSetTLSCertProfile() {
        let originalOption: OpenVPNTLSCertProfile = .preferred
        let configuration = OpenVPNConfiguration()
        guard configuration.tlsCertProfile == .default else {
            XCTFail("TLS Cert Profile option should return default value")
            return
        }
        configuration.tlsCertProfile = originalOption
        guard configuration.tlsCertProfile == originalOption else {
            XCTFail("TLS Cert Profile option should be equal to original value (preferred)")
            return
        }
    }
 }
--- a/Tests/OpenVPNAdapter/OpenVPNReachabilityTests.swift
+++ b/Tests/OpenVPNAdapter/OpenVPNReachabilityTests.swift
@@ -7,7 +7,11 @@
 //
 import XCTest
 #if os(macOS)
 import CoreWLAN
 #endif
@testable import OpenVPNAdapter
 class OpenVPNReachabilityTests: XCTestCase {
@@ -22,6 +26,7 @@ class OpenVPNReachabilityTests: XCTestCase {
        super.tearDown()
    }
    #if os(macOS)
    func testReachability() {
        let wifiClient = CWWiFiClient.shared()
        guard let interface = wifiClient.interface() else {
@@ -62,4 +67,5 @@ class OpenVPNReachabilityTests: XCTestCase {
        waitForExpectations(timeout: 30.0, handler: nil)
    }
    #endif
 }
--- a/Tests/OpenVPNAdapter/VPNProfile.swift
+++ b/Tests/OpenVPNAdapter/VPNProfile.swift
@@ -9,11 +9,41 @@
 import Foundation
 struct VPNProfile {
-    static let username: String = <#OPENVPN_USERNAME#>
+    let profileName: String
    static let password: String = <#OPENVPN_PASSWORD#>
-    static let configuration: String = <#OPENVPN_CONFIGURATION#>
+    let configuration: String
-    static let remoteHost: String = <#OPENVPN_REMOTE_HOST#>
+    let cert: String?
-    static let remotePort: Int = <#OPENVPN_REMOTE_PORT#>
+    let key: String?
    let keyPassword: String?
    let username: String?
    let password: String?
    let settings: [String: String]?
 }
 extension VPNProfile {
    static let live: VPNProfile = {
        let profileName: String = <#OPENVPN_PROFILE_NAME#>
        let configuration: String = <#OPENVPN_CONFIGURATION#>
        let cert: String? = <#OPENVPN_CERT#>
        let key: String? = <#OPENVPN_KEY#>
        let keyPassword: String? = <#PRIVATE_KEY_PASSWORD#>
        let username: String? = <#OPENVPN_USERNAME#>
        let password: String? = <#OPENVPN_PASSWORD#>
        let settings: [String: String]? = <#OPENVPN_ADDITIONAL_SETTINGS#>
        return VPNProfile(
            profileName: profileName, configuration: configuration, cert: cert, key: key, keyPassword: keyPassword,
            username: username, password: password, settings: settings
        )
    }()
 }
--- a/Tests/Resources/ca.crt
+++ b/Tests/Resources/ca.crt
@@ -0,0 +1,35 @@
 -----BEGIN CERTIFICATE-----
 MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
 BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM
 T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w
 HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL
 MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
 VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq
 hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88
 8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb
 GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF
 qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5
 CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG
 KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy
 n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS
 rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF
 YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV
 HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow
 4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y
 YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO
 BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ
 BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE
 ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h
 aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
 9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj
 Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth
 rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I
 AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P
 ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J
 kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR
 9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu
 5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+
 65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV
 y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa
 hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw=
 -----END CERTIFICATE-----
--- a/Tests/Resources/client.crt
+++ b/Tests/Resources/client.crt
@@ -0,0 +1,103 @@
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Oct 22 21:59:53 2014 GMT
            Not After : Oct 19 21:59:53 2024 GMT
        Subject: C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ec:65:8f:e9:12:c2:1a:5b:e6:56:2a:08:a9:82:
                    3a:2d:44:78:a3:00:3b:b0:9f:e7:27:10:40:93:ef:
                    f1:cc:3e:a0:aa:04:a2:80:1b:13:a9:e6:fe:81:d6:
                    70:90:a8:d8:d4:de:30:d8:35:00:d2:be:62:f0:48:
                    da:fc:15:8d:c4:c6:6d:0b:99:f1:2b:83:00:0a:d3:
                    2a:23:0b:e5:cd:f9:35:df:43:61:15:72:ad:95:98:
                    f6:73:21:41:5e:a0:dd:47:27:a0:d5:9a:d4:41:a8:
                    1c:1d:57:20:71:17:8f:f7:28:9e:3e:07:ce:ec:d5:
                    0e:42:4f:1e:74:47:8e:47:9d:d2:14:28:27:2c:14:
                    10:f5:d1:96:b5:93:74:84:ef:f9:04:de:8d:4a:6f:
                    df:77:ab:ea:d1:58:d3:44:fe:5a:04:01:ff:06:7a:
                    97:f7:fd:e3:57:48:e1:f0:df:40:13:9f:66:23:5a:
                    e3:55:54:3d:54:39:ee:00:f9:12:f1:d2:df:74:2e:
                    ba:d7:f0:8d:c6:dd:18:58:1c:93:22:0b:75:fa:a8:
                    d6:e0:b5:2f:2d:b9:d4:fe:b9:4f:86:e2:75:48:16:
                    60:fb:3f:c9:b4:30:42:29:fb:3b:b3:2b:b9:59:81:
                    6a:46:f3:45:83:bf:fd:d5:1a:ff:37:0c:6f:5b:fd:
                    61:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                D2:B4:36:0F:B1:FC:DD:A5:EA:2A:F7:C7:23:89:FA:E3:FA:7A:44:1D
            X509v3 Authority Key Identifier: 
                keyid:2B:40:E5:C9:7D:F5:F4:96:38:E9:2F:E3:2F:D9:40:64:C9:8E:05:9B
                DirName:/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain
                serial:A1:4E:DE:FA:90:F2:AE:81
    Signature Algorithm: sha256WithRSAEncryption
         7f:e0:fe:84:a7:ec:df:62:a5:cd:3c:c1:e6:42:b1:31:12:f0:
         b9:da:a7:9e:3f:bd:96:52:b6:fc:55:74:64:3e:e4:ff:7e:aa:
         f7:3e:06:18:5f:73:85:f8:c8:e0:67:1b:4d:97:ca:05:d0:37:
         07:33:64:9b:e6:78:77:14:9a:55:bb:2a:ac:c3:7f:c9:15:08:
         83:5c:c8:c2:61:d3:71:4c:05:0b:2b:cb:a3:87:6d:a0:32:ed:
         b0:b3:27:97:4a:55:8d:01:2a:30:56:68:ab:f2:da:5c:10:73:
         c9:aa:0a:9c:4b:4c:a0:5b:51:6e:0a:7e:6c:53:80:b0:00:e1:
         1e:9a:4c:0a:37:9e:20:89:bc:c5:e5:79:58:b7:45:ff:d3:c4:
         a1:fd:d9:78:3d:45:16:74:df:82:44:1d:1d:81:50:5a:b9:32:
         4c:e2:4f:3f:0e:3a:65:5a:64:83:3b:29:31:c4:99:88:bc:c5:
         84:39:f2:19:12:e1:66:d0:ea:fb:75:b1:d2:27:be:91:59:a3:
         2b:09:d5:5c:bf:46:8e:d6:67:d6:0b:ec:da:ab:f0:80:19:87:
         64:07:a9:77:b1:5e:0c:e2:c5:1d:6a:ac:5d:23:f3:30:75:36:
         4e:ca:c3:4e:b0:4d:8c:2c:ce:52:61:63:de:d5:f5:ef:ef:0a:
         6b:23:25:26:3c:3a:f2:c3:c2:16:19:3f:a9:32:ba:68:f9:c9:
         12:3c:3e:c6:1f:ff:9b:4e:f4:90:b0:63:f5:d1:33:00:30:5a:
         e8:24:fa:35:44:9b:6a:80:f3:a6:cc:7b:3c:73:5f:50:c4:30:
         71:d8:74:90:27:0a:01:4e:a5:5e:b1:f8:da:c2:61:81:11:ae:
         29:a3:8f:fa:7e:4c:4e:62:b1:00:de:92:e3:8f:6a:2e:da:d9:
         38:5d:6b:7c:0d:e4:01:aa:c8:c6:6d:8b:cd:c0:c8:6e:e4:57:
         21:8a:f6:46:30:d9:ad:51:a1:87:96:a6:53:c9:1e:c6:bb:c3:
         eb:55:fe:8c:d6:5c:d5:c6:f3:ca:b0:60:d2:d4:2a:1f:88:94:
         d3:4c:1a:da:0c:94:fe:c1:5d:0d:2a:db:99:29:5d:f6:dd:16:
         c4:c8:4d:74:9e:80:d9:d0:aa:ed:7b:e3:30:e4:47:d8:f5:15:
         c1:71:b8:c6:fd:ee:fc:9e:b2:5f:b5:b7:92:ed:ff:ca:37:f6:
         c7:82:b4:54:13:9b:83:cd:87:8b:7e:64:f6:2e:54:3a:22:b1:
         c5:c1:f4:a5:25:53:9a:4d:a8:0f:e7:35:4b:89:df:19:83:66:
         64:d9:db:d1:61:2b:24:1b:1d:44:44:fb:49:30:87:b7:49:23:
         08:02:8a:e0:25:f3:f4:43
 -----BEGIN CERTIFICATE-----
 MIIFFDCCAvygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJLRzEL
 MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
 VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE0MTAy
 MjIxNTk1M1oXDTI0MTAxOTIxNTk1M1owajELMAkGA1UEBhMCS0cxCzAJBgNVBAgT
 Ak5BMRUwEwYDVQQKEwxPcGVuVlBOLVRFU1QxFDASBgNVBAMTC1Rlc3QtQ2xpZW50
 MSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqGSIb3
 DQEBAQUAA4IBDwAwggEKAoIBAQDsZY/pEsIaW+ZWKgipgjotRHijADuwn+cnEECT
 7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLwSNr8FY3Exm0LmfErgwAK0yoj
 C+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwdVyBxF4/3KJ4+B87s1Q5CTx50
 R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rRWNNE/loEAf8Gepf3/eNXSOHw
 30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhYHJMiC3X6qNbgtS8tudT+uU+G
 4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83DG9b/WHxAgMBAAGjgcgwgcUw
 CQYDVR0TBAIwADAdBgNVHQ4EFgQU0rQ2D7H83aXqKvfHI4n64/p6RB0wgZgGA1Ud
 IwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJBgNVBAYTAktH
 MQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMMT3BlblZQ
 Ti1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQChTt76
 kPKugTANBgkqhkiG9w0BAQsFAAOCAgEAf+D+hKfs32KlzTzB5kKxMRLwudqnnj+9
 llK2/FV0ZD7k/36q9z4GGF9zhfjI4GcbTZfKBdA3BzNkm+Z4dxSaVbsqrMN/yRUI
 g1zIwmHTcUwFCyvLo4dtoDLtsLMnl0pVjQEqMFZoq/LaXBBzyaoKnEtMoFtRbgp+
 bFOAsADhHppMCjeeIIm8xeV5WLdF/9PEof3ZeD1FFnTfgkQdHYFQWrkyTOJPPw46
 ZVpkgzspMcSZiLzFhDnyGRLhZtDq+3Wx0ie+kVmjKwnVXL9GjtZn1gvs2qvwgBmH
 ZAepd7FeDOLFHWqsXSPzMHU2TsrDTrBNjCzOUmFj3tX17+8KayMlJjw68sPCFhk/
 qTK6aPnJEjw+xh//m070kLBj9dEzADBa6CT6NUSbaoDzpsx7PHNfUMQwcdh0kCcK
 AU6lXrH42sJhgRGuKaOP+n5MTmKxAN6S449qLtrZOF1rfA3kAarIxm2LzcDIbuRX
 IYr2RjDZrVGhh5amU8kexrvD61X+jNZc1cbzyrBg0tQqH4iU00wa2gyU/sFdDSrb
 mSld9t0WxMhNdJ6A2dCq7XvjMORH2PUVwXG4xv3u/J6yX7W3ku3/yjf2x4K0VBOb
 g82Hi35k9i5UOiKxxcH0pSVTmk2oD+c1S4nfGYNmZNnb0WErJBsdRET7STCHt0kj
 CAKK4CXz9EM=
 -----END CERTIFICATE-----
--- a/Tests/Resources/client.key
+++ b/Tests/Resources/client.key
@@ -0,0 +1,28 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsZY/pEsIaW+ZW
 KgipgjotRHijADuwn+cnEECT7/HMPqCqBKKAGxOp5v6B1nCQqNjU3jDYNQDSvmLw
 SNr8FY3Exm0LmfErgwAK0yojC+XN+TXfQ2EVcq2VmPZzIUFeoN1HJ6DVmtRBqBwd
 VyBxF4/3KJ4+B87s1Q5CTx50R45HndIUKCcsFBD10Za1k3SE7/kE3o1Kb993q+rR
 WNNE/loEAf8Gepf3/eNXSOHw30ATn2YjWuNVVD1UOe4A+RLx0t90LrrX8I3G3RhY
 HJMiC3X6qNbgtS8tudT+uU+G4nVIFmD7P8m0MEIp+zuzK7lZgWpG80WDv/3VGv83
 DG9b/WHxAgMBAAECggEBAIOdaCpUD02trOh8LqZxowJhBOl7z7/ex0uweMPk67LT
 i5AdVHwOlzwZJ8oSIknoOBEMRBWcLQEojt1JMuL2/R95emzjIKshHHzqZKNulFvB
 TIUpdnwChTKtH0mqUkLlPU3Ienty4IpNlpmfUKimfbkWHERdBJBHbtDsTABhdo3X
 9pCF/yRKqJS2Fy/Mkl3gv1y/NB1OL4Jhl7vQbf+kmgfQN2qdOVe2BOKQ8NlPUDmE
 /1XNIDaE3s6uvUaoFfwowzsCCwN2/8QrRMMKkjvV+lEVtNmQdYxj5Xj5IwS0vkK0
 6icsngW87cpZxxc1zsRWcSTloy5ohub4FgKhlolmigECgYEA+cBlxzLvaMzMlBQY
 kCac9KQMvVL+DIFHlZA5i5L/9pRVp4JJwj3GUoehFJoFhsxnKr8HZyLwBKlCmUVm
 VxnshRWiAU18emUmeAtSGawlAS3QXhikVZDdd/L20YusLT+DXV81wlKR97/r9+17
 klQOLkSdPm9wcMDOWMNHX8bUg8kCgYEA8k+hQv6+TR/+Beao2IIctFtw/EauaJiJ
 wW5ql1cpCLPMAOQUvjs0Km3zqctfBF8mUjdkcyJ4uhL9FZtfywY22EtRIXOJ/8VR
 we65mVo6RLR8YVM54sihanuFOnlyF9LIBWB+9pUfh1/Y7DSebh7W73uxhAxQhi3Y
 QwfIQIFd8OkCgYBalH4VXhLYhpaYCiXSej6ot6rrK2N6c5Tb2MAWMA1nh+r84tMP
 gMoh+pDgYPAqMI4mQbxUmqZEeoLuBe6VHpDav7rPECRaW781AJ4ZM4cEQ3Jz/inz
 4qOAMn10CF081/Ez9ykPPlU0bsYNWHNd4eB2xWnmUBKOwk7UgJatVPaUiQKBgQCI
 f18CVGpzG9CHFnaK8FCnMNOm6VIaTcNcGY0mD81nv5Dt943P054BQMsAHTY7SjZW
 HioRyZtkhonXAB2oSqnekh7zzxgv4sG5k3ct8evdBCcE1FNJc2eqikZ0uDETRoOy
 s7cRxNNr+QxDkyikM+80HOPU1PMPgwfOSrX90GJQ8QKBgEBKohGMV/sNa4t14Iau
 qO8aagoqh/68K9GFXljsl3/iCSa964HIEREtW09Qz1w3dotEgp2w8bsDa+OwWrLy
 0SY7T5jRViM3cDWRlUBLrGGiL0FiwsfqiRiji60y19erJgrgyGVIb1kIgIBRkgFM
 2MMweASzTmZcri4PA/5C0HYb
 -----END PRIVATE KEY-----
--- a/Tests/Resources/client.ovpn
+++ b/Tests/Resources/client.ovpn
@@ -0,0 +1,47 @@
 client
 dev tun
 proto udp
 remote my-server.com 1194
 resolv-retry infinite
 nobind
 auth-user-pass
 cipher AES-256-CBC
 comp-lzo
 verb 3
 <ca>
 -----BEGIN CERTIFICATE-----
 MIIGKDCCBBCgAwIBAgIJAKFO3vqQ8q6BMA0GCSqGSIb3DQEBCwUAMGYxCzAJBgNV
 BAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UEChMM
 T3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4w
 HhcNMTQxMDIyMjE1OTUyWhcNMjQxMDE5MjE1OTUyWjBmMQswCQYDVQQGEwJLRzEL
 MAkGA1UECBMCTkExEDAOBgNVBAcTB0JJU0hLRUsxFTATBgNVBAoTDE9wZW5WUE4t
 VEVTVDEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIICIjANBgkq
 hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsJVPCqt3vtoDW2U0DII1QIh2Qs0dqh88
 8nivxAIm2LTq93e9fJhsq3P/UVYAYSeCIrekXypR0EQgSgcNTvGBMe20BoHO5yvb
 GjKPmjfLj6XRotCOGy8EDl/hLgRY9efiA8wsVfuvF2q/FblyJQPR/gPiDtTmUiqF
 qXa7AJmMrqFsnWppOuGd7Qc6aTsae4TF1e/gUTCTraa7NeHowDaKhdyFmEEnCYR5
 CeUsx2JlFWAH8PCrxBpHYbmGyvS0kH3+rQkaSM/Pzc2bS4ayHaOYRK5XsGq8XiNG
 KTTLnSaCdPeHsI+3xMHmEh+u5Og2DFGgvyD22gde6W2ezvEKCUDrzR7bsnYqqyUy
 n7LxnkPXGyvR52T06G8KzLKQRmDlPIXhzKMO07qkHmIonXTdF7YI1azwHpAtN4dS
 rUe1bvjiTSoEsQPfOAyvD0RMK/CBfgEZUzAB50e/IlbZ84c0DJfUMOm4xCyft1HF
 YpYeyCf5dxoIjweCPOoP426+aTXM7kqq0ieIr6YxnKV6OGGLKEY+VNZh1DS7enqV
 HP5i8eimyuUYPoQhbK9xtDGMgghnc6Hn8BldPMcvz98HdTEH4rBfA3yNuCxLSNow
 4jJuLjNXh2QeiUtWtkXja7ec+P7VqKTduJoRaX7cs+8E3ImigiRnvmK+npk7Nt1y
 YE9hBRhSoLsCAwEAAaOB2DCB1TAdBgNVHQ4EFgQUK0DlyX319JY46S/jL9lAZMmO
 BZswgZgGA1UdIwSBkDCBjYAUK0DlyX319JY46S/jL9lAZMmOBZuhaqRoMGYxCzAJ
 BgNVBAYTAktHMQswCQYDVQQIEwJOQTEQMA4GA1UEBxMHQklTSEtFSzEVMBMGA1UE
 ChMMT3BlblZQTi1URVNUMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21h
 aW6CCQChTt76kPKugTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
 9w0BAQsFAAOCAgEABc77f4C4P8fIS+V8qCJmVNSDU44UZBc+D+J6ZTgW8JeOHUIj
 Bh++XDg3gwat7pIWQ8AU5R7h+fpBI9n3dadyIsMHGwSogHY9Gw7di2RVtSFajEth
 rvrq0JbzpwoYedMh84sJ2qI/DGKW9/Is9+O52fR+3z3dY3gNRDPQ5675BQ5CQW9I
 AJgLOqzD8Q0qrXYi7HaEqzNx6p7RDTuhFgvTd+vS5d5+28Z5fm2umnq+GKHF8W5P
 ylp2Js119FTVO7brusAMKPe5emc7tC2ov8OFFemQvfHR41PLryap2VD81IOgmt/J
 kX/j/y5KGux5HZ3lxXqdJbKcAq4NKYQT0mCkRD4l6szaCEJ+k0SiM9DdTcBDefhR
 9q+pCOyMh7d8QjQ1075mF7T+PGkZQUW1DUjEfrZhICnKgq+iEoUmM0Ee5WtRqcnu
 5BTGQ2mSfc6rV+Vr+eYXqcg7Nxb3vFXYSTod1UhefonVqwdmyJ2sC79zp36Tbo2+
 65NW2WJK7KzPUyOJU0U9bcu0utvDOvGWmG+aHbymJgcoFzvZmlXqMXn97pSFn4jV
 y3SLRgJXOw1QLXL2Y5abcuoBVr4gCOxxk2vBeVxOMRXNqSWZOFIF1bu/PxuDA+Sa
 hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw=
 -----END CERTIFICATE-----
 </ca>
Author	SHA1	Message	Date
Dener Araújo	f4db4b0b16	Merge pull request #8 from deneraraujo/develop Fix quotes warning on ovpnapi header	2020-09-20 00:13:29 -03:00
Dener Araújo	7f8dc34742	Merge pull request #7 from deneraraujo/hotfix/syntax_warning Fix quotes warning on ovpnapi header	2020-09-20 00:09:57 -03:00
Dener Araújo	fe65f6e8dc	Fix quotes warning on ovpnapi header	2020-09-20 00:07:13 -03:00
Dener Araújo	01e05a6b0b	Merge pull request #6 from deneraraujo/develop Fix weird linker error, re-adding file references	2020-09-19 23:31:22 -03:00
Dener Araújo	c017621fe5	Merge pull request #5 from deneraraujo/hotfix/linker_error Fix weird linker error, re-adding file references	2020-09-19 23:30:33 -03:00
Dener Araújo	faa20d9006	Fix weird linker error, re-adding file references	2020-09-19 23:26:26 -03:00
Dener Araújo	9b48f3b650	Merge pull request #4 from deneraraujo/develop Develop	2020-09-07 05:23:29 -03:00
Dener Araújo	a633990923	Merge pull request #3 from deneraraujo/feature/dhcp-option Add links to new files in the "include" folder	2020-09-07 05:21:25 -03:00
Dener Araújo	266fab991e	Add links to new files in the "include" folder	2020-09-07 05:10:35 -03:00
Dener Araújo	fa98daeac9	Merge pull request #2 from deneraraujo/develop Develop	2020-09-06 15:29:00 -03:00
Dener Araújo	580c8f3684	Merge pull request #1 from deneraraujo/feature/dhcp-option Feature/dhcp option	2020-09-06 15:27:59 -03:00
Dener Araújo	50a9e535d3	Update umbrella header with new files	2020-09-06 15:13:02 -03:00
Dener Araújo	865f56794f	Add support to option "dhcp-option" in ovpn file	2020-09-06 15:03:47 -03:00
Sergey Abramchuk	efc584cc41	Merge branch 'release/0.7.0'	2020-08-19 20:14:48 +03:00
Sergey Abramchuk	c50ec0a6af	Merge tag '0.7.0' into develop	2020-08-19 20:14:48 +03:00
Sergey Abramchuk	9dd3ca3bf5	Update changelog	2020-08-18 14:31:44 +03:00
Sergey Abramchuk	d9346d7622	Update readme file	2020-08-18 14:31:30 +03:00
Sergey Abramchuk	1843ebfb1d	Update podspec file	2020-08-18 14:31:03 +03:00
Sergey Abramchuk	de616fc406	Bump OpenVPNAdapter version	2020-08-18 14:22:11 +03:00
Sergey Abramchuk	37296b6b98	Bump OpenVPNClient version	2020-08-18 14:21:37 +03:00
Sergey Abramchuk	779353fc97	Bump mbedTLS version	2020-08-18 14:21:07 +03:00
Sergey Abramchuk	062a7a1f9b	Merge branch 'feature/update-dependencies' into develop	2020-08-18 14:19:59 +03:00
Sergey Abramchuk	c04cfe5d00	Add new errors and their description	2020-08-18 14:15:15 +03:00
Sergey Abramchuk	7b1f143822	Apply patches	2020-08-18 13:54:37 +03:00
Sergey Abramchuk	a559b32781	Merge commit '029ba813cd7ac6f9f807e61521f003017fdb5805' into feature/update-dependencies	2020-08-18 13:51:43 +03:00
Sergey Abramchuk	029ba813cd	Squashed 'Sources/mbedTLS/' changes from 14c6762351..f8199650a9 d8180f8d84 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted db649896e6 Merge pull request #2895 from gilles-peskine-arm/drbg-set_entropy_len-2.7 373a7097eb Merge pull request #673 from gilles-peskine-arm/ctr_drbg-aes_fail-2.7 b2be1fca2c Catch AES failure in mbedtls_ctr_drbg_random df1b3e54c7 Merge pull request #2937 from gilles-peskine-arm/memory_buffer_alloc-fatal-pass-2.7 02fbc08d2e Enable more test cases without MBEDTLS_MEMORY_DEBUG 786f068ec0 More accurate test case description 04d45c98e8 Clarify that the "FATAL" message is expected c5a016dde1 Merge remote-tracking branch 'restricted/pr/666' into mbedtls-2.7-restricted e70059df85 Merge remote-tracking branch 'restricted/pr/668' into mbedtls-2.7-restricted 10fcdd25d4 Merge pull request #664 from ARMmbed/dev/yanesca/iotcrypt-958-ecdsa-side-channel-fix-2.7 07597365cd Zeroize local AES variables before exiting the function dfa4d71873 Add ChangeLog entry b4edac5616 mpi_lt_mpi_ct: fix condition handling f4482aaccc mpi_lt_mpi_ct: Add further tests a776aea91a mpi_lt_mpi_ct: Fix test numbering 1b86eeb06b mpi_lt_mpi_ct perform tests for both limb size 5823961558 ct_lt_mpi_uint: cast the return value explicitely 6adff06e50 mbedtls_mpi_lt_mpi_ct: add tests for 32 bit limbs cff9e6e03d mbedtls_mpi_lt_mpi_ct: simplify condition 8ec2a953af Rename variable for better readability a2b9a96fb8 mbedtls_mpi_lt_mpi_ct: Improve documentation 51ed14e20f Make mbedtls_mpi_lt_mpi_ct more portable 9741fa6e2b Bignum: Document assumptions about the sign field 9332ecefc8 Add more tests for mbedtls_mpi_lt_mpi_ct aaa3f22b76 mpi_lt_mpi_ct test: hardcode base 16 3173a53fe9 Document ct_lt_mpi_uint 782cbe592d mpi_lt_mpi_ct: make use of unsigned consistent db9f449409 ct_lt_mpi_uint: make use of biL c3b376e2f2 Change mbedtls_mpi_cmp_mpi_ct to check less than 8461c0e2a8 mbedtls_mpi_cmp_mpi_ct: remove multiplications 8de2d45cd7 Remove excess vertical space c587a32a9c Remove declaration after statement 5f3019b298 Fix side channel vulnerability in ECDSA 883801d3ec Add tests to constant time mpi comparison e0187b95f0 Add new, constant time mpi comparison 4c575c0270 Note that mbedtls_ctr_drbg_seed() must not be called twice eab4d701ca Fix CTR_DRBG benchmark 5cf41f80a4 Add ChangeLog entry 82debf8332 ECDSA: Fix side channel vulnerability 093aa517c4 Changelog entry for xxx_drbg_set_entropy_len before xxx_drbg_seed b729e1b9ba CTR_DRBG: support set_entropy_len() before seed() 845ac103a9 CTR_DRBG: Don't use functions before they're defined 9c742249cf HMAC_DRBG: support set_entropy_len() before seed() c87a54683b Merge pull request #2900 from gilles-peskine-arm/asan-test-fail-2.7 cc656ac96b Merge pull request #2872 from gilles-peskine-arm/test_malloc_0_null-2.7 5ee14d70d2 'make test' must fail if Asan fails 4c2697f43f Asan make builds: avoid sanitizer recovery 260921d3f2 Use UBsan in addition to Asan with 'make test' c20a4053c3 Unify ASan options in make builds 395d8c1222 Merge remote-tracking branch 'origin/pr/2878' into mbedtls-2.7 55e120b9b2 mbedtls_hmac_drbg_set_entropy_len() only matters when reseeding dff3682477 mbedtls_ctr_drbg_set_entropy_len() only matters when reseeding 2abefefec2 mbedtls_ctr_drbg_seed: correct maximum for len 406d25878c Add a note about CTR_DRBG security strength to config.h f0b3dcb14b CTR_DRBG: more consistent formatting and wording b9cfe58180 DRBG documentation: Relate f_entropy arguments to the entropy module 97edf5e1e2 Add ChangeLog entry for the DRBG documentation improvements 5cc748e58f Merge remote-tracking branch 'origin/pr/2866' into mbedtls-2.7 d89173066c HMAC_DRBG documentation improvements 2fc6cf5da7 Merge remote-tracking branch 'origin/pr/2704' into mbedtls-2.7 eb99c1028f CTR_DRBG: explain the security strength and the entropy input length 25e1945321 CTR_DRBG documentation improvements 0ab4092e2d Reduce stack usage of test_suite_pkcs1_v15 dd4277f70d Reduce stack usage of test_suite_pkcs1_v21 b3d3973264 Reduce stack usage of test_suite_rsa 6827d1c588 Reduce stack usage of test_suite_pk 0981a5d7ab Add a test component with malloc(0) returning NULL ea5d3571b0 Add a calloc self-test d28b9b3c5d Merge remote-tracking branch 'origin/pr/2828' into mbedtls-2.7 9b1c248209 Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh 7eb7f8db8b Remove unnecessary memory buffer alloc unsets 6addfdd190 Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test 9a461a1cd7 all.sh: restructure memory allocator tests 7aad93c9da Add missing dependency in memory buffer alloc set in all.sh 19aa89ad47 Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full` 8561115cb8 Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C 167ae43852 Add all.sh run with full config and ASan enabled f5baaaaf89 Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled e1c62e6641 Update documentation of exceptions for `config.pl full` c7f97f1c8d Adapt all.sh to removal of buffer allocator from full config 26c333ac01 Disable memory buffer allocator in full config 76ef31116b Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h 9bf1509ef3 Adapt auth_crypt_tv usage to 2.7 dd91b24764 Add missing dependencies in test_suite_cipher.gcm d62577fa74 Adapt ChangeLog 311276c871 Add NIST AES GCM test vectors to single-step cipher API test suite git-subtree-dir: Sources/mbedTLS git-subtree-split: f8199650a9d49b3982a7b7f3d448899b67b09571	2020-08-18 13:51:43 +03:00
Sergey Abramchuk	464f948769	Merge commit 'f81b84d64d895cc87ecb7e3b4d9b9b2ce73bef4b' into feature/update-dependencies	2020-08-18 13:48:40 +03:00
Sergey Abramchuk	f81b84d64d	Squashed 'Sources/OpenVPN3/' changes from 1f92c424e1..407fc5fdb3 3e56f9a644 Finalizing OpenVPN 3 Core library release v3.5.6 a290b87d1a mssparms: do not fail on invalid mssfix values 59f201be90 Finalizing OpenVPN 3 Core library release v3.5.5 bbcf90171f Upgrade OpenSSL to 1.1.1g a88f2379c3 win/tunutil.hpp: fix TAP adapter name query abb7857452 Bump openssl version to 1.1.1f 89a3283944 Fix variable name typo in build-openssl 34435cbf65 Support optional HTTP Status Code reason d5471e1846 Increase OpenSSL version to 1.1.1e 6daf928edb Merge branch 'hotfix/3.4' into released 40f1419b38 Merge branch 'hotfix/3.3' into hotfix/3.4 f225fcd058 Finalizing OpenVPN 3 release v3.3.4 44e8dd8c01 Fix build issues against OpenSSL 1.0.x 65a5e959bc Fix typo in OpenSSL error mapping 042502c932 Additional mappings for OpenSSL errors to OpenVPN error codes c824c032b1 deps: Update to mbedtls-2.7.13 8b302a01c8 Finalizing OpenVPN 3 release v3.4.2 85bd50a577 Finalizing OpenVPN 3 release v3.3.3 git-subtree-dir: Sources/OpenVPN3 git-subtree-split: 407fc5fdb3bc73cf99dcd85a7fb3c1cbef833f0e	2020-08-18 13:48:40 +03:00
Sergey Abramchuk	ec718ccc57	Revert patches	2020-08-18 13:46:07 +03:00
Sergey Abramchuk	a3f8df48a8	Merge branch 'feature/improve-testing' into develop	2020-08-18 13:42:14 +03:00
Sergey Abramchuk	efaebb7ff1	Move CustomFlow to the OpenVPNAdapterTests	2020-08-18 13:23:40 +03:00
Sergey Abramchuk	cb924a0445	Improve connection testing	2020-08-18 13:23:15 +03:00
Sergey Abramchuk	c6cd9c68d9	Rename name to profileName and remove ca property	2020-08-18 13:03:31 +03:00
Sergey Abramchuk	17e7a8d60f	Update configuration tests	2020-08-18 11:42:49 +03:00
Sergey Abramchuk	71de4fe664	Add test resources to the test target	2020-08-18 11:41:15 +03:00
Sergey Abramchuk	d671af614b	Add externalPki property representing External PKI profile	2020-08-18 11:12:16 +03:00
Sergey Abramchuk	78b203ec87	Implement evaluation of the configuration	2020-08-18 10:24:25 +03:00
Sergey Abramchuk	ec1477b8a3	Rename OpenVPNProperties to OpenVPNPConfigurationEvaluation	2020-08-18 10:18:04 +03:00
Sergey Abramchuk	f95da0256a	Run these test only on macOS	2020-08-18 09:54:27 +03:00
Sergey Abramchuk	dd0e2f809d	Add OpenVPNReachabilityTests to the test target	2020-08-18 09:54:10 +03:00
Sergey Abramchuk	cd40d43983	Add profile name property to the VPN profile	2020-08-17 21:32:15 +03:00
Sergey Abramchuk	7c656884a2	Add new properties to the VPN profile and declare profile collection	2020-08-17 21:23:19 +03:00
Sergey Abramchuk	ccc3492009	Test connection without credentials	2020-06-16 13:06:35 +03:00
Sergey Abramchuk	5fe66b144a	Use general profile to test configurations	2020-06-16 13:06:22 +03:00
Sergey Abramchuk	f2d598f646	Add a few more static profiles	2020-06-16 12:59:00 +03:00
Sergey Abramchuk	54458439c3	Test connection with ca only and test connection with cert and key	2020-06-16 12:39:50 +03:00
Sergey Abramchuk	de7d4418f1	Rename profiles	2020-06-16 12:33:12 +03:00
Sergey Abramchuk	5b4e7eeb17	Declare additional settings dictionary	2020-06-16 12:03:10 +03:00
Sergey Abramchuk	e6c8bd457a	Declare additional static profiles	2020-06-16 11:58:46 +03:00
Sergey Abramchuk	75cca77033	Merge branch 'develop'	2020-06-10 10:48:34 +03:00
Sergey Abramchuk	d683b45480	Update version in the readme	2020-06-10 10:48:21 +03:00
Sergey Abramchuk	5a5b603c47	Merge tag '0.6.0' into develop	2020-06-10 10:41:58 +03:00
		`@@ -0,0 +1 @@`
							`../library/OpenVPNConfigurationEvaluation.h`