* mbedtls-2.16: (32 commits)
A different approach of signed-to-unsigned comparison
Fix bug in redirection of unit test outputs
Don't forget to free G, P, Q, ctr_drbg, and entropy
Backport e2k support to mbedtls-2.7
compat.sh: stop using allow_sha1
compat.sh: quit using SHA-1 certificates
compat.sh: enable CBC-SHA-2 suites for GnuTLS
Fix license header in pre-commit hook
Update copyright notices to use Linux Foundation guidance
Fix building on NetBSD 9.0
Remove obsolete buildbot reference in compat.sh
Fix misuse of printf in shell script
Fix added proxy command when IPv6 is used
Simplify test syntax
Fix logic error in setting client port
ssl-opt.sh: include test name in log files
ssl-opt.sh: remove old buildbot-specific condition
ssl-opt.sh: add proxy to all DTLS tests
Log change as bugfix
Add changelog entry
...
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.
Also remove the now-redundant lines declaring that the files are part of
MbedTLS.
This commit was generated using the following script:
# ========================
#!/bin/sh
# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '
# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I
# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
In the next commit, we'll need to draw a second random value, in order to
blind modular inversion. Having a function for that will avoid repetition.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This will allow us to ship the LTS branches in a single archive
This commit was generated using the following script:
# ========================
#!/bin/sh
header1='\ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later\
*\
* This file is provided under the Apache License 2.0, or the\
* GNU General Public License v2.0 or later.\
*\
* **********\
* Apache License 2.0:\
*\
* Licensed under the Apache License, Version 2.0 (the "License"); you may\
* not use this file except in compliance with the License.\
* You may obtain a copy of the License at\
*\
* http://www.apache.org/licenses/LICENSE-2.0\
*\
* Unless required by applicable law or agreed to in writing, software\
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
* See the License for the specific language governing permissions and\
* limitations under the License.\
*\
* **********\
*\
* **********\
* GNU General Public License v2.0 or later:\
*\
* This program is free software; you can redistribute it and/or modify\
* it under the terms of the GNU General Public License as published by\
* the Free Software Foundation; either version 2 of the License, or\
* (at your option) any later version.\
*\
* This program is distributed in the hope that it will be useful,\
* but WITHOUT ANY WARRANTY; without even the implied warranty of\
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\
* GNU General Public License for more details.\
*\
* You should have received a copy of the GNU General Public License along\
* with this program; if not, write to the Free Software Foundation, Inc.,\
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\
*\
* **********'
find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i "
# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I s/\/\*/&\n */
# Insert new copyright header
/SPDX-License-Identifier/ i\
$header1
# Delete old copyright header
/SPDX-License-Identifier/,$ {
# Delete lines until the one preceding the mbedtls declaration
N
1,/This file is part of/ {
/This file is part of/! D
}
}
"
# Format copyright header for inclusion into scripts
header2=$(echo "$header1" | sed 's/^\\\? \* \?/#/')
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i "
# Insert new copyright header
/SPDX-License-Identifier/ i\
$header2
# Delete old copyright header
/SPDX-License-Identifier/,$ {
# Delete lines until the one preceding the mbedtls declaration
N
1,/This file is part of/ {
/This file is part of/! D
}
}
"
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
This commit removes all the static occurrencies of the function
mbedtls_zeroize() in each of the individual .c modules. Instead the
function has been moved to utils.h that is included in each of the
modules.
This commit returns to using constant macros instead of global variables for the DHM group constants. Further, macros
providing the binary encoding of the primes from RFC 3526 and RFC 7919 are added. The hex-string macros are deprecated.
Although the variable ret was initialised to an error, the
MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being
0 whenewer the bignum computation was successfull and stayed 0
independently of the actual check.
* commit '95f0089':
Update Changelog for DH params
Add test case for dh params with privateValueLength
accept PKCS#3 DH parameters with privateValueLength included
Conflicts:
library/dhm.c
library/dhm.c: accept (and ignore) optional privateValueLength for
PKCS#3 DH parameters.
PKCS#3 defines the ASN.1 encoding of a DH parameter set like this:
----------------
DHParameter ::= SEQUENCE {
prime INTEGER, -- p
base INTEGER, -- g
privateValueLength INTEGER OPTIONAL }
The fields of type DHParameter have the following meanings:
o prime is the prime p.
o base is the base g.
o privateValueLength is the optional private-value
length l.
----------------
See: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc
This optional parameter was added in PKCS#3 version 1.4, released
November 1, 1993.
dhm.c currently doesn't cope well with PKCS#3 files that have this
optional final parameter included. i see errors like:
------------
dhm_parse_dhmfile returned -0x33E6
Last error was: -0x33E6 - DHM - The ASN.1 data is not formatted correctly : ASN1 - Actual length differs from expected lengt
------------
You can generate PKCS#3 files with this final parameter with recent
versions of certtool from GnuTLS:
certtool --generate-dh-params > dh.pem
