Merge branch 'mbedtls-2.16' into baremetal

* mbedtls-2.16:
  test: Always use `make clean` by itself
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
  Only use submodule if present
  Update change log
  Reword ssl_conf_max_frag_len documentation for clarity
  Ignore more generated files: seedfile, apidoc
  Improve .gitignore grouping and documentation
  Generate tags for Vi, for Emacs and with Global
This commit is contained in:
Manuel Pégourié-Gonnard 2019-06-04 09:39:51 +02:00
commit f3c43dde54
9 changed files with 106 additions and 35 deletions

29
.gitignore vendored
View file

@ -1,8 +1,20 @@
# Random seed file created by test scripts and sample programs
seedfile
# CMake build artifacts:
CMakeCache.txt
CMakeFiles
CTestTestfile.cmake
cmake_install.cmake
Testing
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
# MSVC files generated by CMake:
/*.sln
/*.vcxproj
/*.filters
# Test coverage build artifacts:
Coverage
*.gcno
*.gcda
@ -10,11 +22,6 @@ Coverage
# generated by scripts/memory.sh
massif-*
# MSVC files generated by CMake:
/*.sln
/*.vcxproj
/*.filters
# MSVC build artifacts:
*.exe
*.pdb
@ -24,5 +31,13 @@ massif-*
# Python build artifacts:
*.pyc
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
# Generated documentation:
/apidoc
# Editor navigation files:
/GPATH
/GRTAGS
/GSYMS
/GTAGS
/TAGS
/tags

3
.globalrc Normal file
View file

@ -0,0 +1,3 @@
default:\
:langmap=c\:.c.h.function:\

View file

@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx
Security
* Make mbedtls_ecdh_get_params return an error if the second key
belongs to a different group from the first. Before, if an application
passed keys that belonged to different group, the first key's data was
interpreted according to the second group, which could lead to either
an error or a meaningless output from mbedtls_ecdh_get_params. In the
latter case, this could expose at most 5 bits of the private key.
Features
* Add support for draft-05 of the Connection ID extension, as specified
in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
@ -13,14 +21,6 @@ Features
MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
Security
* Make mbedtls_ecdh_get_params return an error if the second key
belongs to a different group from the first. Before, if an application
passed keys that belonged to different group, the first key's data was
interpreted according to the second group, which could lead to either
an error or a meaningless output from mbedtls_ecdh_get_params. In the
latter case, this could expose at most 5 bits of the private key.
Bugfix
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
@ -57,6 +57,8 @@ Changes
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
Contributed by Peter Kolbus (Garmin).
* Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to
improve clarity. Fixes #2258.
= mbed TLS 2.16.1 branch released 2019-03-19

View file

@ -120,3 +120,12 @@ apidoc:
apidoc_clean:
rm -rf apidoc
endif
## Editor navigation files
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
tags: $(C_SOURCE_FILES)
ctags -o $@ $(C_SOURCE_FILES)
TAGS: $(C_SOURCE_FILES)
etags -o $@ $(C_SOURCE_FILES)
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc

View file

@ -2764,22 +2764,28 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Set the maximum fragment length to emit and/or negotiate
* (Default: the smaller of MBEDTLS_SSL_IN_CONTENT_LEN and
* MBEDTLS_SSL_OUT_CONTENT_LEN, usually 2^14 bytes)
* \brief Set the maximum fragment length to emit and/or negotiate.
* (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
* #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
* (Server: set maximum fragment length to emit,
* usually negotiated by the client during handshake
* usually negotiated by the client during handshake)
* (Client: set maximum fragment length to emit *and*
* negotiate with the server during handshake)
* (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
*
* \note With TLS, this currently only affects ApplicationData (sent
* with \c mbedtls_ssl_read()), not handshake messages.
* With DTLS, this affects both ApplicationData and handshake.
* \note On the client side, the maximum fragment length extension
* *will not* be used, unless the maximum fragment length has
* been set via this function to a value different than
* #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
*
* \note This sets the maximum length for a record's payload,
* excluding record overhead that will be added to it, see
* \c mbedtls_ssl_get_record_expansion().
*
* \note With TLS, this currently only affects ApplicationData (sent
* with \c mbedtls_ssl_read()), not handshake messages.
* With DTLS, this affects both ApplicationData and handshake.
*
* \note For DTLS, it is also possible to set a limit for the total
* size of daragrams passed to the transport layer, including
* record overhead, see \c mbedtls_ssl_set_mtu().

View file

@ -148,6 +148,7 @@ class AbiChecker(object):
my_environment = os.environ.copy()
my_environment["CFLAGS"] = "-g -Og"
my_environment["SHARED"] = "1"
if os.path.exists(os.path.join(git_worktree_path, "crypto")):
my_environment["USE_CRYPTO_SUBMODULE"] = "1"
make_output = subprocess.check_output(
[self.make_command, "lib"],

View file

@ -576,7 +576,7 @@ component_check_files () {
component_check_names () {
msg "test/build: declared and exported names" # < 3s
record_status tests/scripts/check-names.sh
record_status tests/scripts/check-names.sh -v
}
component_check_doxygen_warnings () {

View file

@ -2,26 +2,42 @@
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# This script confirms that the naming of all symbols and identifiers in mbed
# TLS are consistent with the house style and are also self-consistent.
#
# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
set -eu
if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
cat <<EOF
$0 [-v]
This script confirms that the naming of all symbols and identifiers in mbed
TLS are consistent with the house style and are also self-consistent.
-v If the script fails unexpectedly, print a command trace.
EOF
exit
fi
if grep --version|head -n1|grep GNU >/dev/null; then :; else
echo "This script requires GNU grep.">&2
exit 1
fi
trace=
if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
shift
trace='-x'
exec 2>check-names.err
trap 'echo "FAILED UNEXPECTEDLY, status=$?";
cat check-names.err' EXIT
set -x
fi
printf "Analysing source code...\n"
tests/scripts/list-macros.sh
sh $trace tests/scripts/list-macros.sh
tests/scripts/list-enum-consts.pl
tests/scripts/list-identifiers.sh
tests/scripts/list-symbols.sh
sh $trace tests/scripts/list-identifiers.sh
sh $trace tests/scripts/list-symbols.sh
FAIL=0
@ -89,6 +105,12 @@ else
FAIL=1
fi
if [ -n "$trace" ]; then
set +x
trap - EXIT
rm check-names.err
fi
printf "\nOverall: "
if [ "$FAIL" -eq 0 ]; then
rm macros actual-macros enum-consts identifiers exported-symbols undeclared

View file

@ -14,8 +14,21 @@ fi
cp include/mbedtls/config.h include/mbedtls/config.h.bak
scripts/config.pl full
CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1
make clean
make_ret=
CFLAGS=-fno-asynchronous-unwind-tables make lib \
>list-symbols.make.log 2>&1 ||
{
make_ret=$?
echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib"
cat list-symbols.make.log >&2
}
rm list-symbols.make.log
mv include/mbedtls/config.h.bak include/mbedtls/config.h
if [ -n "$make_ret" ]; then
exit "$make_ret"
fi
if uname | grep -F Darwin >/dev/null; then
nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p'
elif uname | grep -F Linux >/dev/null; then