updated to mbed 1.3.22 release and applied ssl_handshake() fix, fixe…

…s #3365: polarssl-1.3/ChangeLog modified: polarssl-1.3/README.rst modified: polarssl-1.3/include/polarssl/aes.h modified: polarssl-1.3/include/polarssl/aesni.h modified: polarssl-1.3/include/polarssl/arc4.h modified: polarssl-1.3/include/polarssl/asn1.h modified: polarssl-1.3/include/polarssl/asn1write.h modified: polarssl-1.3/include/polarssl/base64.h modified: polarssl-1.3/include/polarssl/bignum.h modified: polarssl-1.3/include/polarssl/blowfish.h modified: polarssl-1.3/include/polarssl/bn_mul.h modified: polarssl-1.3/include/polarssl/camellia.h modified: polarssl-1.3/include/polarssl/ccm.h modified: polarssl-1.3/include/polarssl/certs.h modified: polarssl-1.3/include/polarssl/check_config.h modified: polarssl-1.3/include/polarssl/cipher.h modified: polarssl-1.3/include/polarssl/cipher_wrap.h modified: polarssl-1.3/include/polarssl/compat-1.2.h modified: polarssl-1.3/include/polarssl/config.h modified: polarssl-1.3/include/polarssl/ctr_drbg.h modified: polarssl-1.3/include/polarssl/debug.h modified: polarssl-1.3/include/polarssl/des.h modified: polarssl-1.3/include/polarssl/dhm.h modified: polarssl-1.3/include/polarssl/ecdh.h modified: polarssl-1.3/include/polarssl/ecdsa.h modified: polarssl-1.3/include/polarssl/ecp.h modified: polarssl-1.3/include/polarssl/entropy.h modified: polarssl-1.3/include/polarssl/entropy_poll.h modified: polarssl-1.3/include/polarssl/error.h modified: polarssl-1.3/include/polarssl/gcm.h modified: polarssl-1.3/include/polarssl/havege.h modified: polarssl-1.3/include/polarssl/hmac_drbg.h modified: polarssl-1.3/include/polarssl/md.h modified: polarssl-1.3/include/polarssl/md2.h modified: polarssl-1.3/include/polarssl/md4.h modified: polarssl-1.3/include/polarssl/md5.h modified: polarssl-1.3/include/polarssl/md_wrap.h modified: polarssl-1.3/include/polarssl/memory.h modified: polarssl-1.3/include/polarssl/memory_buffer_alloc.h modified: polarssl-1.3/include/polarssl/net.h modified: polarssl-1.3/include/polarssl/oid.h modified: polarssl-1.3/include/polarssl/openssl.h modified: polarssl-1.3/include/polarssl/padlock.h modified: polarssl-1.3/include/polarssl/pbkdf2.h modified: polarssl-1.3/include/polarssl/pem.h modified: polarssl-1.3/include/polarssl/pk.h modified: polarssl-1.3/include/polarssl/pk_wrap.h modified: polarssl-1.3/include/polarssl/pkcs11.h modified: polarssl-1.3/include/polarssl/pkcs12.h modified: polarssl-1.3/include/polarssl/pkcs5.h modified: polarssl-1.3/include/polarssl/platform.h modified: polarssl-1.3/include/polarssl/ripemd160.h modified: polarssl-1.3/include/polarssl/rsa.h modified: polarssl-1.3/include/polarssl/sha1.h modified: polarssl-1.3/include/polarssl/sha256.h modified: polarssl-1.3/include/polarssl/sha512.h modified: polarssl-1.3/include/polarssl/ssl.h modified: polarssl-1.3/include/polarssl/ssl_cache.h modified: polarssl-1.3/include/polarssl/ssl_ciphersuites.h modified: polarssl-1.3/include/polarssl/threading.h modified: polarssl-1.3/include/polarssl/timing.h modified: polarssl-1.3/include/polarssl/version.h modified: polarssl-1.3/include/polarssl/x509.h modified: polarssl-1.3/include/polarssl/x509_crl.h modified: polarssl-1.3/include/polarssl/x509_crt.h modified: polarssl-1.3/include/polarssl/x509_csr.h modified: polarssl-1.3/include/polarssl/xtea.h modified: polarssl-1.3/library/aes.c modified: polarssl-1.3/library/aesni.c modified: polarssl-1.3/library/arc4.c modified: polarssl-1.3/library/asn1parse.c modified: polarssl-1.3/library/asn1write.c modified: polarssl-1.3/library/base64.c modified: polarssl-1.3/library/bignum.c modified: polarssl-1.3/library/blowfish.c modified: polarssl-1.3/library/camellia.c modified: polarssl-1.3/library/ccm.c modified: polarssl-1.3/library/certs.c modified: polarssl-1.3/library/cipher.c modified: polarssl-1.3/library/cipher_wrap.c modified: polarssl-1.3/library/ctr_drbg.c modified: polarssl-1.3/library/debug.c modified: polarssl-1.3/library/des.c modified: polarssl-1.3/library/dhm.c modified: polarssl-1.3/library/ecdh.c modified: polarssl-1.3/library/ecdsa.c modified: polarssl-1.3/library/ecp.c modified: polarssl-1.3/library/ecp_curves.c modified: polarssl-1.3/library/entropy.c modified: polarssl-1.3/library/entropy_poll.c modified: polarssl-1.3/library/error.c modified: polarssl-1.3/library/gcm.c modified: polarssl-1.3/library/havege.c modified: polarssl-1.3/library/hmac_drbg.c modified: polarssl-1.3/library/md.c modified: polarssl-1.3/library/md2.c modified: polarssl-1.3/library/md4.c modified: polarssl-1.3/library/md5.c modified: polarssl-1.3/library/md_wrap.c modified: polarssl-1.3/library/memory_buffer_alloc.c modified: polarssl-1.3/library/net.c modified: polarssl-1.3/library/oid.c modified: polarssl-1.3/library/padlock.c modified: polarssl-1.3/library/pbkdf2.c modified: polarssl-1.3/library/pem.c modified: polarssl-1.3/library/pk.c modified: polarssl-1.3/library/pk_wrap.c modified: polarssl-1.3/library/pkcs11.c modified: polarssl-1.3/library/pkcs12.c modified: polarssl-1.3/library/pkcs5.c modified: polarssl-1.3/library/pkparse.c modified: polarssl-1.3/library/pkwrite.c modified: polarssl-1.3/library/platform.c modified: polarssl-1.3/library/ripemd160.c modified: polarssl-1.3/library/rsa.c modified: polarssl-1.3/library/sha1.c modified: polarssl-1.3/library/sha256.c modified: polarssl-1.3/library/sha512.c modified: polarssl-1.3/library/ssl_cache.c modified: polarssl-1.3/library/ssl_ciphersuites.c modified: polarssl-1.3/library/ssl_cli.c modified: polarssl-1.3/library/ssl_srv.c modified: polarssl-1.3/library/ssl_tls.c modified: polarssl-1.3/library/threading.c modified: polarssl-1.3/library/timing.c modified: polarssl-1.3/library/version.c modified: polarssl-1.3/library/version_features.c modified: polarssl-1.3/library/x509.c modified: polarssl-1.3/library/x509_create.c modified: polarssl-1.3/library/x509_crl.c modified: polarssl-1.3/library/x509_crt.c modified: polarssl-1.3/library/x509_csr.c modified: polarssl-1.3/library/x509write_crt.c modified: polarssl-1.3/library/x509write_csr.c modified: polarssl-1.3/library/xtea.c
RuralHunter · Mar 21, 2018 · 73845eb · 73845eb
1 parent 3c92138
commit 73845eb
Show file tree

Hide file tree

Showing 135 changed files with 5,823 additions and 2,269 deletions.
diff --git a/ext/polarssl-1.3/ChangeLog b/ext/polarssl-1.3/ChangeLog
diff --git a/ext/polarssl-1.3/README.rst b/ext/polarssl-1.3/README.rst
@@ -35,7 +35,11 @@ In order to run the tests, enter::
 
     make check
 
-Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base <https://polarssl.org/kb>`_ for articles on your platform or issue.
+In order to build for a Windows platform, you should use WINDOWS_BUILD=1 if the target is Windows but the build environment is Unix-like (eg when cross-compiling, or compiling from an MSYS shell), and WINDOWS=1 if the build environment is a Windows shell.
+
+Setting the variable SHARED in your environment will build a shared library in addition to the static library. Setting DEBUG gives you a debug build.  You can override CFLAGS and LDFLAGS by setting them in your environment or on the make command line; if you do so, essential parts such as -I will still be preserved.  Warning options may be overridden separately using WARNING_CFLAGS.
+
+Depending on your platform, you might run into some issues. Please check the Makefiles in *library/*, *programs/* and *tests/* for options to manually add or remove for specific platforms. You can also check `the mbed TLS Knowledge Base <https://tls.mbed.org/kb>`_ for articles on your platform or issue.
 
 In case you find that you need to do something else as well, please let us know what, so we can add it to the KB.
 
@@ -59,18 +63,18 @@ There are many different build modes available within the CMake buildsystem. Mos
 - ASan.
   This instruments the code with AddressSanitizer to check for memory errors.
   (This includes LeakSanitizer, with recent version of gcc and clang.)
-  (With recent version of clang, this mode also intruments the code with
+  (With recent version of clang, this mode also instruments the code with
   UndefinedSanitizer to check for undefined behaviour.)
 - ASanDbg.
   Same as ASan but slower, with debug information and better stack traces.
 - MemSan.
-  This intruments the code with MemorySanitizer to check for uninitialised
+  This instruments the code with MemorySanitizer to check for uninitialised
   memory reads. Experimental, needs recent clang on Linux/x86_64.
 - MemSanDbg.
   Same as ASan but slower, with debug information, better stack traces and
   origin tracking.
 - Check.
-  This activates the compiler warnings that depend on optimisation and treats
+  This activates the compiler warnings that depend on optimization and treats
   all warnings as errors.
 
 Switching build modes in CMake is simple. For debug mode, enter at the command line:
@@ -103,7 +107,7 @@ Tests
 
 mbed TLS includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
 
-For machines with a Unix shell and OpenSSL (and optionnally GnuTLS) installed, additional test scripts are available:
+For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
 
 - *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
 - *tests/compat.sh* tests interoperability of every ciphersuite with other implementations.
@@ -126,10 +130,10 @@ For larger contributions, e.g. a new feature, the code possible falls under copy
 
 Process
 -------
-#. `Check for open issues <https://github.com/polarssl/polarssl/issues>`_ or
-   `start a discussion <https://polarssl.org/discussions>`_ around a feature
+#. `Check for open issues <https://github.com/ARMmbed/mbedtls/issues>`_ or
+   `start a discussion <https://tls.mbed.org/discussions>`_ around a feature
    idea or a bug.
-#. Fork the `mbed TLS repository on Github <https://github.com/polarssl/polarssl>`_
+#. Fork the `mbed TLS repository on Github <https://github.com/ARMmbed/mbedtls>`_
    to start making your changes.
 #. Write a test which shows that the bug was fixed or that the feature works
    as expected.

diff --git a/ext/polarssl-1.3/include/polarssl/aes.h b/ext/polarssl-1.3/include/polarssl/aes.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -30,7 +30,7 @@
 #include POLARSSL_CONFIG_FILE
 #endif
 
-#include <string.h>
+#include <stddef.h>
 
 #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
 #include <basetsd.h>

diff --git a/ext/polarssl-1.3/include/polarssl/aesni.h b/ext/polarssl-1.3/include/polarssl/aesni.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2013, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -37,6 +37,10 @@
 
 #if defined(POLARSSL_HAVE_X86_64)
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /**
  * \brief          AES-NI features detection routine
  *
@@ -99,6 +103,10 @@ int aesni_setkey_enc( unsigned char *rk,
                       const unsigned char *key,
                       size_t bits );
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* POLARSSL_HAVE_X86_64 */
 
 #endif /* POLARSSL_AESNI_H */
diff --git a/ext/polarssl-1.3/include/polarssl/arc4.h b/ext/polarssl-1.3/include/polarssl/arc4.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -20,6 +20,10 @@
  *  You should have received a copy of the GNU General Public License along
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * \warning   ARC4 is considered a weak cipher and its use constitutes a
+ *            security risk. We recommend considering stronger ciphers instead.
+ *
  */
 #ifndef POLARSSL_ARC4_H
 #define POLARSSL_ARC4_H
@@ -30,7 +34,7 @@
 #include POLARSSL_CONFIG_FILE
 #endif
 
-#include <string.h>
+#include <stddef.h>
 
 #if !defined(POLARSSL_ARC4_ALT)
 // Regular implementation
@@ -42,6 +46,11 @@ extern "C" {
 
 /**
  * \brief          ARC4 context structure
+ *
+ * \warning        ARC4 is considered a weak cipher and its use constitutes a
+ *                 security risk. We recommend considering stronger ciphers
+ *                 instead.
+ *
  */
 typedef struct
 {
@@ -55,13 +64,23 @@ arc4_context;
  * \brief          Initialize ARC4 context
  *
  * \param ctx      ARC4 context to be initialized
+ *
+ * \warning        ARC4 is considered a weak cipher and its use constitutes a
+ *                 security risk. We recommend considering stronger ciphers
+ *                 instead.
+ *
  */
 void arc4_init( arc4_context *ctx );
 
 /**
  * \brief          Clear ARC4 context
  *
  * \param ctx      ARC4 context to be cleared
+ *
+ * \warning        ARC4 is considered a weak cipher and its use constitutes a
+ *                 security risk. We recommend considering stronger ciphers
+ *                 instead.
+ *
  */
 void arc4_free( arc4_context *ctx );
 
@@ -71,6 +90,11 @@ void arc4_free( arc4_context *ctx );
  * \param ctx      ARC4 context to be setup
  * \param key      the secret key
  * \param keylen   length of the key, in bytes
+ *
+ * \warning        ARC4 is considered a weak cipher and its use constitutes a
+ *                 security risk. We recommend considering stronger ciphers
+ *                 instead.
+ *
  */
 void arc4_setup( arc4_context *ctx, const unsigned char *key,
                  unsigned int keylen );
@@ -84,6 +108,11 @@ void arc4_setup( arc4_context *ctx, const unsigned char *key,
  * \param output   buffer for the output data
  *
  * \return         0 if successful
+ *
+ * \warning        ARC4 is considered a weak cipher and its use constitutes a
+ *                 security risk. We recommend considering stronger ciphers
+ *                 instead.
+ *
  */
 int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
                 unsigned char *output );
@@ -104,6 +133,11 @@ extern "C" {
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if the test failed
+ *
+ * \warning        ARC4 is considered a weak cipher and its use constitutes a
+ *                 security risk. We recommend considering stronger ciphers
+ *                 instead.
+ *
  */
 int arc4_self_test( int verbose );
 

diff --git a/ext/polarssl-1.3/include/polarssl/asn1.h b/ext/polarssl-1.3/include/polarssl/asn1.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -30,12 +30,12 @@
 #include POLARSSL_CONFIG_FILE
 #endif
 
+#include <stddef.h>
+
 #if defined(POLARSSL_BIGNUM_C)
 #include "bignum.h"
 #endif
 
-#include <string.h>
-
 /**
  * \addtogroup asn1_module
  * \{
@@ -60,7 +60,7 @@
 
 /**
  * \name DER constants
- * These constants comply with DER encoded the ANS1 type tags.
+ * These constants comply with the DER encoded ASN.1 type tags.
  * DER encoding uses hexadecimal representation.
  * An example DER sequence is:\n
  * - 0x02 -- tag indicating INTEGER

diff --git a/ext/polarssl-1.3/include/polarssl/asn1write.h b/ext/polarssl-1.3/include/polarssl/asn1write.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by

diff --git a/ext/polarssl-1.3/include/polarssl/base64.h b/ext/polarssl-1.3/include/polarssl/base64.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -24,7 +24,7 @@
 #ifndef POLARSSL_BASE64_H
 #define POLARSSL_BASE64_H
 
-#include <string.h>
+#include <stddef.h>
 
 #define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
 #define POLARSSL_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
@@ -44,6 +44,8 @@ extern "C" {
  * \return         0 if successful, or POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL.
  *                 *dlen is always updated to reflect the amount
  *                 of data that has (or would have) been written.
+ *                 If that length cannot be represented, then no data is
+ *                 written to the buffer and *dlen is set to SIZE_T_MAX.
  *
  * \note           Call this function with *dlen = 0 to obtain the
  *                 required buffer size in *dlen

diff --git a/ext/polarssl-1.3/include/polarssl/bignum.h b/ext/polarssl-1.3/include/polarssl/bignum.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2006-2014, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -24,14 +24,14 @@
 #ifndef POLARSSL_BIGNUM_H
 #define POLARSSL_BIGNUM_H
 
-#include <string.h>
-
 #if !defined(POLARSSL_CONFIG_FILE)
 #include "config.h"
 #else
 #include POLARSSL_CONFIG_FILE
 #endif
 
+#include <stddef.h>
+
 #if defined(POLARSSL_FS_IO)
 #include <stdio.h>
 #endif
@@ -152,6 +152,7 @@ typedef uint32_t t_udbl;
        #define POLARSSL_HAVE_INT64
        typedef  int64_t t_sint;
        typedef uint64_t t_uint;
+       /* mbedtls_t_udbl defined as 128-bit unsigned int */
        typedef unsigned int t_udbl __attribute__((mode(TI)));
        #define POLARSSL_HAVE_UDBL
     #else
@@ -188,7 +189,9 @@ typedef struct
 mpi;
 
 /**
- * \brief           Initialize one MPI
+ * \brief           Initialize one MPI (make internal references valid)
+ *                  This just makes it ready to be set or freed,
+ *                  but does not define a value for the MPI.
  *
  * \param X         One MPI to initialize.
  */
@@ -374,7 +377,7 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
 
 #if defined(POLARSSL_FS_IO)
 /**
- * \brief          Read X from an opened file
+ * \brief          Read MPI from a line in an opened file
  *
  * \param X        Destination MPI
  * \param radix    Input numeric base
@@ -383,6 +386,14 @@ int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
  * \return         0 if successful, POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if
  *                 the file read buffer is too small or a
  *                 POLARSSL_ERR_MPI_XXX error code
+ *
+ * \note           On success, this function advances the file stream
+ *                 to the end of the current line or to EOF.
+ *
+ *                 The function returns 0 on an empty line.
+ *
+ *                 Leading whitespaces are ignored, as is a
+ *                 '0x' prefix for radix 16.
  */
 int mpi_read_file( mpi *X, int radix, FILE *fin );
 
@@ -688,6 +699,8 @@ int mpi_fill_random( mpi *X, size_t size,
  *
  * \return         0 if successful,
  *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is <= 1,
+ *                 POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N.
  */
 int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
 

diff --git a/ext/polarssl-1.3/include/polarssl/blowfish.h b/ext/polarssl-1.3/include/polarssl/blowfish.h
@@ -5,7 +5,7 @@
  *
  *  Copyright (C) 2012-2014, ARM Limited, All Rights Reserved
  *
- *  This file is part of mbed TLS (https://polarssl.org)
+ *  This file is part of mbed TLS (https://tls.mbed.org)
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -30,7 +30,7 @@
 #include POLARSSL_CONFIG_FILE
 #endif
 
-#include <string.h>
+#include <stddef.h>
 
 #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
 #include <basetsd.h>