Fix multiple quality issues in the source

This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code

ChangeLog

@@ -1449,7 +1449,7 @@ Features
      issuer_key_identifier, etc)
    * Optional blinding for RSA, DHM and EC
    * Support for multiple active certificate / key pairs in SSL servers for
-   	 the same host (Not to be confused with SNI!)
+     the same host (Not to be confused with SNI!)
 
 Changes
    * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
@@ -1680,7 +1680,7 @@ Changes
      PKCS#8 private key formats
    * Added mechanism to provide alternative implementations for all
      symmetric cipher and hash algorithms (e.g. POLARSSL_AES_ALT in
-	 config.h)
+     config.h)
    * PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
      old PBKDF2 module
 
@@ -1692,7 +1692,7 @@ Bugfix
    * x509parse_crt() now better handles PEM error situations
    * ssl_parse_certificate() now calls x509parse_crt_der() directly
      instead of the x509parse_crt() wrapper that can also parse PEM
-	 certificates
+     certificates
    * x509parse_crtpath() is now reentrant and uses more portable stat()
    * Fixed bignum.c and bn_mul.h to support Thumb2 and LLVM compiler
    * Fixed values for 2-key Triple DES in cipher layer
@@ -1850,7 +1850,7 @@ Bugfix
    * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
      #52)
    * Handle encryption with private key and decryption with public key as per
-   	 RFC 2313
+     RFC 2313
    * Handle empty certificate subject names
    * Prevent reading over buffer boundaries on X509 certificate parsing
    * mpi_add_abs() now correctly handles adding short numbers to long numbers
@@ -1881,7 +1881,7 @@ Bugfix
    * x509parse_crt() now better handles PEM error situations
    * ssl_parse_certificate() now calls x509parse_crt_der() directly
      instead of the x509parse_crt() wrapper that can also parse PEM
-	 certificates
+     certificates
    * Fixed values for 2-key Triple DES in cipher layer
    * ssl_write_certificate_request() can handle empty ca_chain
 
@@ -1962,16 +1962,16 @@ Bugfix
 Features
    * Added ssl_session_reset() to allow better multi-connection pools of
      SSL contexts without needing to set all non-connection-specific
-	 data and pointers again. Adapted ssl_server to use this functionality.
+     data and pointers again. Adapted ssl_server to use this functionality.
    * Added ssl_set_max_version() to allow clients to offer a lower maximum
      supported version to a server to help buggy server implementations.
-	 (Closes ticket #36)
+     (Closes ticket #36)
    * Added cipher_get_cipher_mode() and cipher_get_cipher_operation()
      introspection functions (Closes ticket #40)
    * Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator
    * Added a generic entropy accumulator that provides support for adding
      custom entropy sources and added some generic and platform dependent
-	 entropy sources
+     entropy sources
 
 Changes
    * Documentation for AES and Camellia in modes CTR and CFB128 clarified.
@@ -2104,7 +2104,7 @@ Bugfixes
    * Corrected parsing of UTCTime dates before 1990 and
      after 1950
    * Support more exotic OID's when parsing certificates
-   	 (found by Mads Kiilerich)
+     (found by Mads Kiilerich)
    * Support more exotic name representations when parsing
      certificates (found by Mads Kiilerich)
    * Replaced the expired test certificates
@@ -2134,7 +2134,7 @@ Note: Most of these features have been donated by Fox-IT
          status, objects and configuration
        + Added verification callback on certificate chain
          verification to allow external blacklisting
-	   + Additional example programs to show usage
+       + Additional example programs to show usage
    * Added support for PKCS#11 through the use of the
      libpkcs11-helper library
 

include/mbedtls/ssl.h

@@ -1587,7 +1587,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
  *
  * \param ssl      SSL context
  * \param hostname the server hostname, may be NULL to clear hostname
- 
+ *
  * \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
  *
  * \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on

library/asn1write.c

@@ -205,7 +205,6 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
     int ret;
     size_t len = 0;
 
-    // TODO negative values and values larger than 128
     // DER format assumes 2s complement for numbers, so the leftmost bit
     // should be 0 for positive numbers and 1 for negative numbers.
     //

library/ssl_cli.c

@@ -1890,8 +1890,6 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
     }
 
-    // TODO: Retrieve PSK identity hint and callback to app
-    //
     *p += len;
     ret = 0;
 
@@ -2464,9 +2462,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
         goto exit;
     }
 
-    // TODO: handshake_failure alert for an anonymous server to request
-    // client authentication
-
     /*
      *  struct {
      *      ClientCertificateType certificate_types<1..2^8-1>;
@@ -2538,7 +2533,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
     if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
     {
         /* Ignored, see comments about hash in write_certificate_verify */
-        // TODO: should check the signature part against our pk_key though
         size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
                              | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]       ) );
 #if defined(MBEDTLS_DEBUG_C)
@@ -2580,7 +2574,6 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
     /* Ignore certificate_authorities, we only have one cert anyway */
-    // TODO: should not send cert if no CA matches
     dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
              | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]       ) );
 

library/ssl_tls.c

@@ -3744,7 +3744,6 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
             return( ret );
         }
 
-        // TODO: what's the purpose of these lines? is in_len used?
         ssl->in_len[0] = (unsigned char)( ssl->in_msglen >> 8 );
         ssl->in_len[1] = (unsigned char)( ssl->in_msglen      );
     }
@@ -5170,7 +5169,6 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl )
 
     ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint );
 
-    // TODO TLS/1.2 Hash length is determined by cipher suite (Page 63)
     hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12;
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)

library/x509_crt.c

@@ -522,9 +522,6 @@ static int x509_get_subject_alt_name( unsigned char **p,
 /*
  * X.509 v3 extensions
  *
- * TODO: Perform all of the basic constraints tests required by the RFC
- * TODO: Set values for undetected extensions to a sane default?
- *
  */
 static int x509_get_crt_ext( unsigned char **p,
                              const unsigned char *end,
@@ -1638,12 +1635,6 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
     if( ca == NULL )
         return( flags );
 
-    /*
-     * TODO: What happens if no CRL is present?
-     * Suggestion: Revocation state should be unknown if no CRL is present.
-     * For backwards compatibility this is not yet implemented.
-     */
-
     while( crl_list != NULL )
     {
         if( crl_list->version == 0 ||

library/x509_csr.c

@@ -214,7 +214,6 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
         mbedtls_x509_csr_free( csr );
         return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
     }
-    // TODO Parse Attributes / extension requests
 
     p += len;
 

tests/suites/test_suite_ssl.function

@@ -53,3 +53,4 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
     mbedtls_ssl_free( &ssl );
 }
 /* END_CASE */
+

yotta/data/example-authcrypt/README.md

@@ -38,11 +38,11 @@ To build and run this example you must have:
 
 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. 
 
-	Use the following settings:
+    Use the following settings:
 
-	* 115200 baud (not 9600).
+    * 115200 baud (not 9600).
-	* 8N1.
+    * 8N1.
-	* No flow control. 
+    * No flow control. 
 
 7. Press the Reset button on the board.
 

yotta/data/example-benchmark/README.md

@@ -38,11 +38,11 @@ To build and run this example you must have:
 
 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. 
 
-	Use the following settings:
+    Use the following settings:
 
-	* 115200 baud (not 9600).
+    * 115200 baud (not 9600).
-	* 8N1.
+    * 8N1.
-	* No flow control. 
+    * No flow control. 
 
 7. Press the Reset button on the board.
 

yotta/data/example-hashing/README.md

@@ -38,11 +38,11 @@ To build and run this example you must have:
 
 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. 
 
-	Use the following settings:
+    Use the following settings:
 
-	* 115200 baud (not 9600).
+    * 115200 baud (not 9600).
-	* 8N1.
+    * 8N1.
-	* No flow control. 
+    * No flow control. 
 
 7. Press the Reset button on the board.
 

yotta/data/example-selftest/README.md

@@ -38,11 +38,11 @@ To build and run this example you must have:
 
 6. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. 
 
-	Use the following settings:
+    Use the following settings:
 
-	* 115200 baud (not 9600).
+    * 115200 baud (not 9600).
-	* 8N1.
+    * 8N1.
-	* No flow control. 
+    * No flow control. 
 
 7. Press the Reset button on the board.
 

yotta/data/example-tls-client/README.md

@@ -44,11 +44,11 @@ To build and run this example you must have:
 
 7. Start the serial terminal emulator and connect to the virtual serial port presented by FRDM-K64F. 
 
-	Use the following settings:
+    Use the following settings:
 
-	* 115200 baud (not 9600).
+    * 115200 baud (not 9600).
-	* 8N1.
+    * 8N1.
-	* No flow control. 
+    * No flow control. 
 
 8. Press the Reset button on the board.