Merge branch 'development' into development-restricted
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1aa86bf..3b7c85b 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2566,6 +2566,9 @@
/* \} name SECTION: Customisation configuration options */
+/* Target and application specific configurations */
+//#define YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE "target_config.h"
+
/*
* Allow user to override any previous default.
*
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 0c1365c..82c0760 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1781,10 +1781,11 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
- * \brief Set hostname for ServerName TLS extension
+ * \brief Set the hostname to check against the received server
+ * certificate. It sets the ServerName TLS extension too,
+ * if the extension is enabled.
* (client-side only)
*
- *
* \param ssl SSL context
* \param hostname the server hostname
*
diff --git a/library/aes.c b/library/aes.c
index 3666030..a186dee 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1222,7 +1222,9 @@
int ret = 0, i, j, u, v;
unsigned char key[32];
unsigned char buf[64];
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
unsigned char iv[16];
+#endif
#if defined(MBEDTLS_CIPHER_MODE_CBC)
unsigned char prv[16];
#endif
diff --git a/library/rsa.c b/library/rsa.c
index 423a9b1..7a33689 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -556,7 +556,11 @@
memcpy( p, input, ilen );
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
/* maskedDB: Apply dbMask to DB */
mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
@@ -728,7 +732,12 @@
* Unmask data and generate lHash
*/
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
+
/* Generate lHash */
mbedtls_md( md_info, label, label_len, lhash );
@@ -971,7 +980,11 @@
p += slen;
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
/* Generate H = Hash( M' ) */
mbedtls_md_starts( &md_ctx );
@@ -1240,7 +1253,11 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
mbedtls_md_init( &md_ctx );
- mbedtls_md_setup( &md_ctx, md_info, 0 );
+ if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
+ {
+ mbedtls_md_free( &md_ctx );
+ return( ret );
+ }
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 00aa5c6..6923453 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -26,6 +26,7 @@
#endif
#include "mbedtls/entropy.h"
+#include "mbedtls/entropy_poll.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/dhm.h"
@@ -100,6 +101,40 @@
test_snprintf( 5, "123", 3 ) != 0 );
}
+/*
+ * Check if a seed file is present, and if not create one for the entropy
+ * self-test. If this fails, we attempt the test anyway, so no error is passed
+ * back.
+ */
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && \
+ !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+static void create_entropy_seed_file( void )
+{
+ int result;
+ size_t output_len = 0;
+ unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+ /* Attempt to read the entropy seed file. If this fails - attempt to write
+ * to the file to ensure one is present. */
+ result = mbedtls_platform_std_nv_seed_read( seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE );
+ if( 0 == result )
+ return;
+
+ result = mbedtls_platform_entropy_poll( NULL,
+ seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ &output_len );
+ if( 0 != result )
+ return;
+
+ if( MBEDTLS_ENTROPY_BLOCK_SIZE != output_len )
+ return;
+
+ mbedtls_platform_std_nv_seed_write( seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE );
+}
+#endif
+
int main( int argc, char *argv[] )
{
int v, suites_tested = 0, suites_failed = 0;
@@ -331,6 +366,11 @@
#endif
#if defined(MBEDTLS_ENTROPY_C)
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+ create_entropy_seed_file();
+#endif
+
if( mbedtls_entropy_self_test( v ) != 0 )
{
suites_failed++;
diff --git a/scripts/rename.pl b/scripts/rename.pl
index c169078..c29519e 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -1,12 +1,25 @@
#!/usr/bin/perl
-
-# rename identifiers (functions, types, enum constant, etc)
-# on upgrades of major version according to a list
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# This script migrates application source code from the mbed TLS 1.3 API to the
+# mbed TLS 2.0 API.
+#
+# The script processes the given source code and renames identifiers - functions
+# types, enums etc, as
+#
+# Usage: rename.pl [-f datafile] [-s] [--] [filenames...]
+#
use warnings;
use strict;
use utf8;
+use Path::Class;
use open qw(:std utf8);
my $usage = "Usage: $0 [-f datafile] [-s] [--] [filenames...]\n";
@@ -45,15 +58,28 @@
my $idnum = qr/[a-zA-Z0-9_]+/;
my $symbols = qr/[-!#\$%&'()*+,.\/:;<=>?@[\\\]^_`{|}~]+|"/;
+my $lib_include_dir = dir($0)->parent->parent->subdir('include', 'mbedtls');
+my $lib_source_dir = dir($0)->parent->parent->subdir('library');
+
# if we replace inside strings, we don't consider them a token
my $token = $do_strings ? qr/$space|$idnum|$symbols/
: qr/$string|$space|$idnum|$symbols/;
my %warnings;
+# If no files were passed, exit...
+if ( not defined($ARGV[0]) ){ die $usage; }
+
while( my $filename = shift )
{
print STDERR "$filename... ";
+
+ if( dir($filename)->parent eq $lib_include_dir ||
+ dir($filename)->parent eq $lib_source_dir )
+ {
+ die "Script cannot be executed on the mbed TLS library itself.";
+ }
+
if( -d $filename ) { print STDERR "skip (directory)\n"; next }
open my $rfh, '<', $filename or die;
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index 7e67cef..191594c 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -1,7 +1,23 @@
#!/bin/sh
-
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# This script confirms that the naming of all symbols and identifiers in mbed
+# TLS are consistent with the house style and are also self-consistent.
+#
set -eu
+if grep --version|head -n1|grep GNU >/dev/null; then :; else
+ echo "This script requires GNU grep."
+ exit 1
+fi
+
+printf "Analysing source code...\n"
+
tests/scripts/list-macros.sh
tests/scripts/list-enum-consts.pl
tests/scripts/list-identifiers.sh
@@ -9,7 +25,7 @@
FAIL=0
-printf "Exported symbols declared in header: "
+printf "\nExported symbols declared in header: "
UNDECLARED=$( diff exported-symbols identifiers | sed -n -e 's/^< //p' )
if [ "x$UNDECLARED" = "x" ]; then
echo "PASS"
@@ -24,7 +40,7 @@
for THING in actual-macros enum-consts; do
printf "Names of $THING: "
test -r $THING
- BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
+ BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
if [ "x$BAD" = "x" ]; then
echo "PASS"
else
@@ -66,6 +82,7 @@
FAIL=1
fi
+printf "\nOverall: "
if [ "$FAIL" -eq 0 ]; then
rm macros actual-macros enum-consts identifiers exported-symbols
echo "PASSED"
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index bf16248..7c989d6 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -19,7 +19,7 @@
pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
PBES2 Decrypt (OK)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad params tag)
@@ -47,7 +47,7 @@
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300D06092A864886F70D01050C3001":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"300E06092A864886F70D01050C30010500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
PBES2 Decrypt (bad PBKDF2 params salt: overlong)
@@ -63,7 +63,7 @@
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301906092A864886F70D01050C300C04082ED7F24A1D516DD70201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit keylen)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301E06092A864886F70D01050C301104082ED7F24A1D516DD702020800020118301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)
@@ -71,7 +71,7 @@
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301D06092A864886F70D01050C301004082ED7F24A1D516DD7020208000201":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301A04082ED7F24A1D516DD702020800300A06082A864886F70D0207301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)
@@ -103,7 +103,7 @@
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300A06082A864886F70D03FF":"":"":MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE:""
PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070500":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad enc_scheme_alg params: overlong)
@@ -111,13 +111,13 @@
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800300C06082A864886F70D03070401":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301306082A864886F70D030704078A4FCC9DCC3949":"":"":MBEDTLS_ERR_PKCS5_INVALID_FORMAT:""
PBES2 Decrypt (bad password)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"F0617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
PBES2 Decrypt (bad iter value)
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
mbedtls_pkcs5_pbes2:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020801301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060606"
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index 68ab543..e294a9b 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -59,7 +59,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void xtea_encrypt_cbc( char *hex_key_string, char *hex_iv_string,
char *hex_src_string, char *hex_dst_string )
{
@@ -90,7 +90,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void xtea_decrypt_cbc( char *hex_key_string, char *hex_iv_string,
char *hex_src_string, char *hex_dst_string )
{
diff --git a/yotta/data/adjust-config.sh b/yotta/data/adjust-config.sh
index 170d307..6580c09 100755
--- a/yotta/data/adjust-config.sh
+++ b/yotta/data/adjust-config.sh
@@ -14,6 +14,10 @@
$SCRIPT -f $FILE $@
}
+
+# Set the target specific header
+conf set YOTTA_CFG_MBEDTLS_USER_CONFIG_FILE \"target_config.h\"
+
# not supported on mbed OS, nor used by mbed Client
conf unset MBEDTLS_NET_C
conf unset MBEDTLS_TIMING_C