mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 05:45:27 +00:00
Merge branch 'mbedtls-2.16' into baremetal
* mbedtls-2.16: test: Always use `make clean` by itself list-symbols.sh: if the build fails, print the build transcript Document "check-names.sh -v" all.sh: invoke check-names.sh in print-trace-on-exit mode Print a command trace if the check-names.sh exits unexpectedly Only use submodule if present Update change log Reword ssl_conf_max_frag_len documentation for clarity Ignore more generated files: seedfile, apidoc Improve .gitignore grouping and documentation Generate tags for Vi, for Emacs and with Global
This commit is contained in:
commit
f3c43dde54
29
.gitignore
vendored
29
.gitignore
vendored
|
@ -1,8 +1,20 @@
|
|||
# Random seed file created by test scripts and sample programs
|
||||
seedfile
|
||||
|
||||
# CMake build artifacts:
|
||||
CMakeCache.txt
|
||||
CMakeFiles
|
||||
CTestTestfile.cmake
|
||||
cmake_install.cmake
|
||||
Testing
|
||||
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
|
||||
*.dir/
|
||||
# MSVC files generated by CMake:
|
||||
/*.sln
|
||||
/*.vcxproj
|
||||
/*.filters
|
||||
|
||||
# Test coverage build artifacts:
|
||||
Coverage
|
||||
*.gcno
|
||||
*.gcda
|
||||
|
@ -10,11 +22,6 @@ Coverage
|
|||
# generated by scripts/memory.sh
|
||||
massif-*
|
||||
|
||||
# MSVC files generated by CMake:
|
||||
/*.sln
|
||||
/*.vcxproj
|
||||
/*.filters
|
||||
|
||||
# MSVC build artifacts:
|
||||
*.exe
|
||||
*.pdb
|
||||
|
@ -24,5 +31,13 @@ massif-*
|
|||
# Python build artifacts:
|
||||
*.pyc
|
||||
|
||||
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
|
||||
*.dir/
|
||||
# Generated documentation:
|
||||
/apidoc
|
||||
|
||||
# Editor navigation files:
|
||||
/GPATH
|
||||
/GRTAGS
|
||||
/GSYMS
|
||||
/GTAGS
|
||||
/TAGS
|
||||
/tags
|
||||
|
|
18
ChangeLog
18
ChangeLog
|
@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
= mbed TLS 2.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Make mbedtls_ecdh_get_params return an error if the second key
|
||||
belongs to a different group from the first. Before, if an application
|
||||
passed keys that belonged to different group, the first key's data was
|
||||
interpreted according to the second group, which could lead to either
|
||||
an error or a meaningless output from mbedtls_ecdh_get_params. In the
|
||||
latter case, this could expose at most 5 bits of the private key.
|
||||
|
||||
Features
|
||||
* Add support for draft-05 of the Connection ID extension, as specified
|
||||
in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
|
||||
|
@ -13,14 +21,6 @@ Features
|
|||
MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
|
||||
through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
|
||||
|
||||
Security
|
||||
* Make mbedtls_ecdh_get_params return an error if the second key
|
||||
belongs to a different group from the first. Before, if an application
|
||||
passed keys that belonged to different group, the first key's data was
|
||||
interpreted according to the second group, which could lead to either
|
||||
an error or a meaningless output from mbedtls_ecdh_get_params. In the
|
||||
latter case, this could expose at most 5 bits of the private key.
|
||||
|
||||
Bugfix
|
||||
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
|
||||
mbedTLS configuration only SHA-2 signed certificates are accepted.
|
||||
|
@ -57,6 +57,8 @@ Changes
|
|||
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
|
||||
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
|
||||
Contributed by Peter Kolbus (Garmin).
|
||||
* Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to
|
||||
improve clarity. Fixes #2258.
|
||||
|
||||
= mbed TLS 2.16.1 branch released 2019-03-19
|
||||
|
||||
|
|
9
Makefile
9
Makefile
|
@ -120,3 +120,12 @@ apidoc:
|
|||
apidoc_clean:
|
||||
rm -rf apidoc
|
||||
endif
|
||||
|
||||
## Editor navigation files
|
||||
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
|
||||
tags: $(C_SOURCE_FILES)
|
||||
ctags -o $@ $(C_SOURCE_FILES)
|
||||
TAGS: $(C_SOURCE_FILES)
|
||||
etags -o $@ $(C_SOURCE_FILES)
|
||||
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
|
||||
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
|
||||
|
|
|
@ -2764,22 +2764,28 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
|
|||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/**
|
||||
* \brief Set the maximum fragment length to emit and/or negotiate
|
||||
* (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and
|
||||
* MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes)
|
||||
* \brief Set the maximum fragment length to emit and/or negotiate.
|
||||
* (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
|
||||
* #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
|
||||
* (Server: set maximum fragment length to emit,
|
||||
* usually negotiated by the client during handshake
|
||||
* usually negotiated by the client during handshake)
|
||||
* (Client: set maximum fragment length to emit *and*
|
||||
* negotiate with the server during handshake)
|
||||
* (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
|
||||
*
|
||||
* \note With TLS, this currently only affects ApplicationData (sent
|
||||
* with \c mbedtls_ssl_read()), not handshake messages.
|
||||
* With DTLS, this affects both ApplicationData and handshake.
|
||||
* \note On the client side, the maximum fragment length extension
|
||||
* *will not* be used, unless the maximum fragment length has
|
||||
* been set via this function to a value different than
|
||||
* #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
|
||||
*
|
||||
* \note This sets the maximum length for a record's payload,
|
||||
* excluding record overhead that will be added to it, see
|
||||
* \c mbedtls_ssl_get_record_expansion().
|
||||
*
|
||||
* \note With TLS, this currently only affects ApplicationData (sent
|
||||
* with \c mbedtls_ssl_read()), not handshake messages.
|
||||
* With DTLS, this affects both ApplicationData and handshake.
|
||||
*
|
||||
* \note For DTLS, it is also possible to set a limit for the total
|
||||
* size of daragrams passed to the transport layer, including
|
||||
* record overhead, see \c mbedtls_ssl_set_mtu().
|
||||
|
|
|
@ -148,7 +148,8 @@ class AbiChecker(object):
|
|||
my_environment = os.environ.copy()
|
||||
my_environment["CFLAGS"] = "-g -Og"
|
||||
my_environment["SHARED"] = "1"
|
||||
my_environment["USE_CRYPTO_SUBMODULE"] = "1"
|
||||
if os.path.exists(os.path.join(git_worktree_path, "crypto")):
|
||||
my_environment["USE_CRYPTO_SUBMODULE"] = "1"
|
||||
make_output = subprocess.check_output(
|
||||
[self.make_command, "lib"],
|
||||
env=my_environment,
|
||||
|
|
|
@ -576,7 +576,7 @@ component_check_files () {
|
|||
|
||||
component_check_names () {
|
||||
msg "test/build: declared and exported names" # < 3s
|
||||
record_status tests/scripts/check-names.sh
|
||||
record_status tests/scripts/check-names.sh -v
|
||||
}
|
||||
|
||||
component_check_doxygen_warnings () {
|
||||
|
|
|
@ -2,26 +2,42 @@
|
|||
#
|
||||
# This file is part of mbed TLS (https://tls.mbed.org)
|
||||
#
|
||||
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
|
||||
#
|
||||
# Purpose
|
||||
#
|
||||
# This script confirms that the naming of all symbols and identifiers in mbed
|
||||
# TLS are consistent with the house style and are also self-consistent.
|
||||
#
|
||||
# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
|
||||
|
||||
set -eu
|
||||
|
||||
if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
|
||||
cat <<EOF
|
||||
$0 [-v]
|
||||
This script confirms that the naming of all symbols and identifiers in mbed
|
||||
TLS are consistent with the house style and are also self-consistent.
|
||||
|
||||
-v If the script fails unexpectedly, print a command trace.
|
||||
EOF
|
||||
exit
|
||||
fi
|
||||
|
||||
if grep --version|head -n1|grep GNU >/dev/null; then :; else
|
||||
echo "This script requires GNU grep.">&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trace=
|
||||
if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
|
||||
shift
|
||||
trace='-x'
|
||||
exec 2>check-names.err
|
||||
trap 'echo "FAILED UNEXPECTEDLY, status=$?";
|
||||
cat check-names.err' EXIT
|
||||
set -x
|
||||
fi
|
||||
|
||||
printf "Analysing source code...\n"
|
||||
|
||||
tests/scripts/list-macros.sh
|
||||
sh $trace tests/scripts/list-macros.sh
|
||||
tests/scripts/list-enum-consts.pl
|
||||
tests/scripts/list-identifiers.sh
|
||||
tests/scripts/list-symbols.sh
|
||||
sh $trace tests/scripts/list-identifiers.sh
|
||||
sh $trace tests/scripts/list-symbols.sh
|
||||
|
||||
FAIL=0
|
||||
|
||||
|
@ -89,6 +105,12 @@ else
|
|||
FAIL=1
|
||||
fi
|
||||
|
||||
if [ -n "$trace" ]; then
|
||||
set +x
|
||||
trap - EXIT
|
||||
rm check-names.err
|
||||
fi
|
||||
|
||||
printf "\nOverall: "
|
||||
if [ "$FAIL" -eq 0 ]; then
|
||||
rm macros actual-macros enum-consts identifiers exported-symbols undeclared
|
||||
|
|
|
@ -14,8 +14,21 @@ fi
|
|||
|
||||
cp include/mbedtls/config.h include/mbedtls/config.h.bak
|
||||
scripts/config.pl full
|
||||
CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1
|
||||
make clean
|
||||
make_ret=
|
||||
CFLAGS=-fno-asynchronous-unwind-tables make lib \
|
||||
>list-symbols.make.log 2>&1 ||
|
||||
{
|
||||
make_ret=$?
|
||||
echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib"
|
||||
cat list-symbols.make.log >&2
|
||||
}
|
||||
rm list-symbols.make.log
|
||||
mv include/mbedtls/config.h.bak include/mbedtls/config.h
|
||||
if [ -n "$make_ret" ]; then
|
||||
exit "$make_ret"
|
||||
fi
|
||||
|
||||
if uname | grep -F Darwin >/dev/null; then
|
||||
nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p'
|
||||
elif uname | grep -F Linux >/dev/null; then
|
||||
|
|
Loading…
Reference in a new issue